Page 1 Dell Configuration Guide for the S6100–ON System 9.10(0.2)
Page 2 A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.
Page 3: Table Of Contents
Save the Running-Configuration..........................50 Configure the Overload Bit for a Startup Scenario....................51 Viewing Files................................51 Managing the File System.............................. 52 View Command History..............................52 Upgrading Dell Networking OS............................53 Using HTTP for File Transfers............................53 Verify Software Images Before Installation........................54 Contents...
Page 4 4 Management............................... 56 Configuring Privilege Levels............................56 Creating a Custom Privilege Level...........................56 Removing a Command from EXEC Mode......................57 Moving a Command from EXEC Privilege Mode to EXEC Mode................57 Allowing Access to CONFIGURATION Mode Commands..................57 Allowing Access to Different Modes........................57 Applying a Privilege Level to a Username.......................
Page 5 Dynamic CoS with 802.1X.............................. 101 6 Access Control Lists (ACLs)........................103 IP Access Control Lists (ACLs).............................104 CAM Usage................................104 Implementing ACLs on Dell Networking OS......................105 Important Points to Remember............................ 107 Configuration Task List for Route Maps........................ 107 Configuring Match Routes............................109 Configuring Set Conditions............................110...
Page 6 IP Fragments ACL Examples............................113 Layer 4 ACL Rules Examples........................... 113 Configure a Standard IP ACL............................114 Configuring a Standard IP ACL Filter........................115 Configure an Extended IP ACL............................116 Configuring Filters with a Sequence Number......................116 Configuring Filters Without a Sequence Number....................117 Configure Layer 2 and Layer 3 ACLs..........................118 Assign an IP ACL to an Interface...........................118 Applying an IP ACL................................119 Counting ACL Hits..............................
Page 7 Multi-Exit Discriminators (MEDs)...........................170 Origin...................................171 AS Path..................................172 Next Hop................................... 172 Multiprotocol BGP................................172 Implement BGP with Dell Networking OS........................173 Additional Path (Add-Path) Support........................173 Advertise IGP Cost as MED for Redistributed Routes..................173 Ignore Router-ID in Best-Path Calculation......................174 Four-Byte AS Numbers............................174 AS4 Number Representation...........................174...
Page 8 Filtering BGP Routes Using Route Maps......................203 Filtering BGP Routes Using AS-PATH Information....................203 Configuring BGP Route Reflectors........................204 Aggregating Routes..............................205 Configuring BGP Confederations.......................... 205 Enabling Route Flap Dampening..........................206 Changing BGP Timers.............................208 Enabling BGP Neighbor Soft-Reconfiguration.....................208 Route Map Continue............................... 209 Enabling MBGP Configurations............................ 210 BGP Regular Expression Optimization..........................211 Debugging BGP................................
Page 9 Configuring Priority-Based Flow Control........................241 Configuring Lossless Queues..........................242 Configuring PFC in a DCB Map........................... 243 PFC Configuration Notes............................243 PFC Prerequisites and Restrictions........................244 Applying a DCB Map on a Port............................ 244 Configuring PFC without a DCB Map.........................245 Priority-Based Flow Control Using Dynamic Buffer Method..................245 Pause and Resume of Traffic..........................245 Buffer Sizes for Lossless or PFC Packets......................246 Behavior of Tagged Packets............................246...
Page 10 Configure a Method of Hostname Resolution...................... 277 Using DNS for Address Resolution........................277 Using NetBIOS WINS for Address Resolution......................278 Creating Manual Binding Entries..........................278 Debugging the DHCP Server..........................278 Using DHCP Clear Commands..........................279 Configure the System to be a DHCP Client....................... 279 Configuring the DHCP Client System........................
Page 11 Configure the FC-MAP Value..........................306 Configure a Port for a Bridge-to-Bridge Link.......................306 Configure a Port for a Bridge-to-FCF Link......................306 Impact on Other Software Features........................307 FIP Snooping Restrictions............................307 Configuring FIP Snooping............................307 Displaying FIP Snooping Information...........................308 FCoE Transit Configuration Example........................... 313 15 Flex Hash and Optimized Boot-Up......................
Page 12 Sample Configuration and Topology..........................330 17 GARP VLAN Registration Protocol (GVRP)....................332 Important Points to Remember............................332 Configure GVRP................................333 Related Configuration Tasks........................... 333 Enabling GVRP Globally..............................334 Enabling GVRP on a Layer 2 Interface........................334 Configure GVRP Registration............................334 Configure a GARP Timer.............................. 335 18 Internet Group Management Protocol (IGMP)..................
Page 13 Basic Interface Configuration............................355 Advanced Interface Configuration..........................355 Interface Types................................356 View Basic Interface Information..........................356 Resetting an Interface to its Factory Default State....................358 Enabling a Physical Interface............................359 Physical Interfaces.................................359 Configuration Task List for Physical Interfaces....................359 Overview of Layer Modes............................360 Configuring Layer 2 (Data Link) Mode........................360 Configuring Layer 2 (Interface) Mode........................
Page 14 Split 40G Ports on a 16X40G QSFP+ Module......................379 Splitting 100G Ports..............................380 Link Dampening................................381 Important Points to Remember..........................381 Enabling Link Dampening............................381 Link Bundle Monitoring..............................383 Using Ethernet Pause Frames for Flow Control......................383 Enabling Pause Frames............................384 Configure the MTU Size on an Interface........................384 Port-Pipes..................................385 CR4 Auto-Negotiation..............................
Page 15 Longest Prefix Match (LPM) Table and IPv6 /65 – /128 support..............413 IPv6 Header Fields..............................414 Extension Header Fields............................416 Addressing................................. 417 Implementing IPv6 with Dell Networking OS......................418 ICMPv6....................................418 Path MTU Discovery..............................418 IPv6 Neighbor Discovery...............................419 IPv6 Neighbor Discovery of MTU Packets......................419 Configuring the IPv6 Recursive DNS Server......................
Page 16 Application of Quality of Service to iSCSI Traffic Flows..................433 Information Monitored in iSCSI Traffic Flows....................... 433 Detection and Auto-Configuration for Dell EqualLogic Arrays................434 Configuring Detection and Ports for Dell Compellent Arrays................434 Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer..............435 Enable and Disable iSCSI Optimization......................... 435 Default iSCSI Optimization Values..........................436...
Page 17 LACP Configuration Tasks............................466 Creating a LAG.................................466 Configuring the LAG Interfaces as Dynamic......................466 Setting the LACP Long Timeout..........................467 Monitoring and Debugging LACP.......................... 467 Shared LAG State Tracking............................468 Configuring Shared LAG State Tracking....................... 468 Important Points about Shared LAG State Tracking................... 470 LACP Basic Configuration Example..........................470 Configure a LAG on ALPHA...........................
Page 18 LLDP Compatibility..............................500 CONFIGURATION versus INTERFACE Configurations.................... 500 Enabling LLDP................................501 Disabling and Undoing LLDP...........................501 Enabling LLDP on Management Ports........................502 Disabling and Undoing LLDP on Management Ports..................502 Advertising TLVs................................502 Viewing the LLDP Configuration..........................503 Viewing Information Advertised by Adjacent LLDP Agents..................504 Configuring LLDPDU Intervals.............................505 Configuring Transmit and Receive Mode........................
Page 19 Enable Multiple Spanning Tree Globally........................541 Adding and Removing Interfaces..........................541 Creating Multiple Spanning Tree Instances........................ 542 Influencing MSTP Root Selection..........................542 Interoperate with Non-Dell Bridges..........................543 Changing the Region Name or Revision........................543 Modifying Global Parameters............................544 Modifying the Interface Parameters........................... 545 Configuring an EdgePort..............................
Page 20 Router Types................................573 Designated and Backup Designated Routers....................... 575 Link-State Advertisements (LSAs)........................575 Router Priority and Cost............................576 OSPF with Dell Networking OS........................... 577 Graceful Restart...............................578 Fast Convergence (OSPFv2, IPv4 Only)......................579 Multi-Process OSPFv2 with VRF.......................... 579 RFC-2328 Compliant OSPF Flooding........................579 OSPF ACK Packing..............................
Page 21 Displaying Remote-Port Mirroring Configurations....................638 Configuring the Sample Remote Port Mirroring....................639 Encapsulated Remote Port Monitoring........................642 ERPM Behavior on a typical Dell Networking OS ....................644 Decapsulation of ERPM packets at the Destination IP/ Analyzer..............644 37 Private VLANs (PVLAN).......................... 646 Private VLAN Concepts..............................646 Using the Private VLAN Commands...........................
Page 22 Creating a Community VLAN..........................650 Creating an Isolated VLAN............................. 650 Private VLAN Configuration Example......................... 652 Inspecting the Private VLAN Configuration....................... 653 38 Per-VLAN Spanning Tree Plus (PVST+)....................655 Protocol Overview.................................655 Implementation Information............................656 Configure Per-VLAN Spanning Tree Plus........................656 Related Configuration Tasks...........................656 Enabling PVST+................................
Page 23 Configuring Weights and ECN for WRED ......................... 688 Global Service Pools With WRED and ECN Settings..................689 Configuring WRED and ECN Attributes........................690 Guidelines for Configuring ECN for Classifying and Color-Marking Packets............690 Sample configuration to mark non-ecn packets as “yellow” with Multiple traffic class........691 Classifying Incoming Packets Using ECN and Color-Marking................
Page 24 44 Security..............................724 AAA Accounting................................724 Configuration Task List for AAA Accounting......................724 AAA Authentication............................... 726 Configuration Task List for AAA Authentication....................727 Obscuring Passwords and Keys........................... 729 AAA Authorization................................. 729 Privilege Levels Overview............................730 Configuration Task List for Privilege Levels......................730 RADIUS...................................
Page 25 Configuring Dell Networking OS Options for Trunk Ports.................. 765 Debugging VLAN Stacking............................. 766 VLAN Stacking in Multi-Vendor Networks......................766 VLAN Stacking Packet Drop Precedence........................770 Enabling Drop Eligibility............................770 Honoring the Incoming DEI Value........................... 771 Marking Egress Packets with a DEI Value......................772 Dynamic Mode CoS for VLAN Stacking........................
Page 26 Writing Managed Object Values...........................792 Configuring Contact and Location Information using SNMP................... 792 Subscribing to Managed Object Value Updates using SNMP..................793 Enabling a Subset of SNMP Traps..........................794 Enabling an SNMP Agent to Notify Syslog Server Failure..................794 Copy Configuration Files Using SNMP........................795 Copying a Configuration File...........................796 Copying Configuration Files via SNMP.........................
Page 27 Configuring a Source IP Address for NTP Packets..................... 839 Configuring NTP Authentication..........................839 Configuring a Custom-defined Period for NTP time Synchronization.............. 842 Dell Networking OS Time and Date..........................842 Configuration Task List ............................842 Setting the Time and Date for the Switch Software Clock................842 Setting the Timezone..............................
Page 28 Important Points to Remember........................... 848 Configuring Uplink Failure Detection........................... 849 Clearing a UFD-Disabled Interface..........................850 Displaying Uplink Failure Detection..........................851 Sample Configuration: Uplink Failure Detection......................853 53 Tunneling..............................854 Configuring a Tunnel..............................854 Configuring Tunnel Keepalive Settings........................855 Configuring a Tunnel Interface.............................856 Configuring Tunnel Allow-Remote Decapsulation......................856 Configuring Tunnel source anylocal Decapsulation....................857 Guidelines for Configuring Multipoint Receive-Only Tunnels...................
Page 29 Configuration Notes..............................878 Primary and Secondary VLT Peers.........................881 RSTP and VLT................................881 VLT Bandwidth Monitoring............................881 VLT and IGMP Snooping............................882 VLT IPv6..................................882 VLT Port Delayed Restoration..........................882 PIM-Sparse Mode Support on VLT........................882 VLT Routing ................................884 Non-VLT ARP Sync..............................886 RSTP Configuration...............................886 Preventing Forwarding Loops in a VLT Domain....................887 Sample RSTP Configuration...........................
Page 30 Configuring VxLAN Gateway............................924 Connecting to an NVP Controller.......................... 924 Advertising VXLAN Access Ports to Controller....................925 Displaying VXLAN Configurations..........................926 VXLAN Service nodes for BFD............................ 927 Examples of the show bfd neighbors command....................928 59 Virtual Routing and Forwarding (VRF)..................... 929 VRF Overview................................929 VRF Configuration Notes..............................930 DHCP..................................
Page 31 Enabling Environmental Monitoring..........................973 Recognize an Overtemperature Condition......................974 Troubleshoot an Over-temperature Condition......................975 Recognize an Under-Voltage Condition........................ 976 Troubleshoot an Under-Voltage Condition......................976 Buffer Tuning.................................. 976 ....................................977 Deciding to Tune Buffers............................977 Using a Pre-Defined Buffer Profile........................979 Sample Buffer Profile Configuration........................980 Troubleshooting Packet Loss............................
Page 32: About This Guide
This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. For complete information about all the CLI commands, see the Dell Command Line Reference Guide for your system.
Page 33: Configuration Fundamentals
In the Dell Networking OS, after you enter a command, the command is added to the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration, copy the running configuration to another location.
Page 34 You can set user access rights to commands and command modes using privilege levels. The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information.
Page 35: Navigating Cli Modes
GRUB Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level.
Page 36 BGP ADDRESS-FAMILY Dell(conf-router_bgp_af)# (for address-family {ipv4 multicast | ipv6 unicast} (ROUTER BGP IPv4) Mode) Dell(conf-routerZ_bgpv6_af)# (for IPv6) ROUTER ISIS Dell(conf-router_isis)# router isis ISIS ADDRESS-FAMILY Dell(conf-router_isis-af_ipv6)# address-family ipv6 unicast (ROUTER ISIS Mode) ROUTER OSPF Dell(conf-router_ospf)# router ospf Configuration Fundamentals...
Page 37 ECMP Dell(conf-ecmp-group-ecmp- ecmp-group group-id)# Dell(conf-mgmt-eis)# management egress-interface- selection FRRP Dell(conf-frrp-ring-id)# protocol frrp LLDP Dell(conf-lldp)# or Dell(conf-if protocol lldp (CONFIGURATION or —interface-lldp)# INTERFACE Modes) LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE Dell(config-line-console) or line console orline vty Dell(config-line-vty) MONITOR SESSION...
Page 38: The Do Command
You can enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, and so on.) without having to return to EXEC mode by preceding the EXEC mode command with the do command. The following example shows the output of the do command. Dell(conf)#do show system brief Stack MAC : 4c:76:25:f5:06:80...
Page 39: Obtaining Help
Dell(conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 no ip address no shutdown Layer 2 protocols are disabled by default. To enable Layer 2 protocols, use the no disable command. For example, in PROTOCOL SPANNING TREE mode, enter no disable to enable Spanning Tree.
Page 40: Command History
The variable specified_text is the text for which you are filtering and it IS case sensitive unless you use the ignore-case sub- option. Starting with Dell Networking OS version 7.8.1.0, the grep command accepts an ignore-case sub-option that forces the search to case-insensitive. For example, the commands: •...
Page 41: Example Of The Grep Keyword
Dell# NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks. The except keyword displays text that does not match the specified text. The following example shows this command used in combination with the show system brief command.
Page 42 If either of these messages appears, Dell Networking recommends coordinating with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes. Configuration Fundamentals...
Page 43: Getting Started
This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
Page 44: Console Access
Accessing the RJ-45 Console Port with a DB-9 Adapter. Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the S6100–ON console port to a terminal server. Connect the other end of the cable to the DTE terminal server.
Page 45: Micro Usb-B Access
Connect the micro USB-B end of cable into the micro USB-B console port on the system. Power on the system. Install the necessary USB device drivers. (To download the drivers, go to http://www.dell.com/support.) For assistance, contact Dell Networking Technical Support.
Page 46: Default Configuration
Default Configuration Although a version of Dell Networking OS is pre-loaded onto the system, the system is not configured when you power up the system first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
Page 47: Configure A Management Route
MD5 encryption method. • enable sha256-password is stored in the running/startup configuration using sha256-based encryption method (PBKDF2). Dell Networking recommends using the enable sha256-password password. To configure an enable password, use the following command. •...
Page 48: Configuration File Management
To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location. • To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination syntax for a local file location. Table 3. Forming a copy Command...
Page 49: Mounting An Nfs File System
Example of Importing a File to the Local System Dell#copy ftp://myusername:mypassword@192.168.1.1/file_path/FTOS-S6100-ON-9.10.0.0.bin flash:// FTOS-S6100-ON-9.10.0.0.bin !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 54238335 bytes successfully copied Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands.
Page 50: Save The Running-Configuration
225 bytes successfully copied Dell# Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration. The commands in this section follow the same format as those commands in the Copy Files to and from the System section but use the filenames startup-configuration and running-configuration.
Page 51: Configure The Overload Bit For A Startup Scenario
For information about setting the router overload bit for a specific period of time after a switch reload is implemented, see the Intermediate System to Intermediate System (IS-IS) section in the Dell Command Line Reference Guide for your system. Viewing Files You can only view file information and content on local file systems.
Page 52: Managing The File System
10.16.200.254 Managing the File System The Dell Networking system can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default but can be configured to store files elsewhere.
Page 53: Upgrading Dell Networking Os
To copy a file on the USB device, enter usbflash:// followed by the filename. In the Dell Networking OS release 9.8(0.0), HTTP services support the VRF-aware functionality. If you want the HTTP server to use a VRF table that is attached to an interface, configure that HTTP server to use a specific routing table. You can use the ip http vrf command to inform the HTTP server to use a specific routing table.
Page 54: Verify Software Images Before Installation
To validate a software image: Download Dell Networking OS software image file from the iSupport page to the local (FTP or TFTP) server. The published hash for that file displays next to the software image file on the iSupport page.
Page 55 SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 SHA256 hash VERIFIED for FTOS-SE-9.5.0.0.bin Getting Started...
Page 56: Management
Management This chapter describes the different protocols or services used to manage the Dell Networking system. Topics: • Configuring Privilege Levels • Configuring Logging • Log Messages in the Internal Buffer • Disabling System Logging • Sending System Messages to a Syslog Server •...
Page 57: Removing A Command From Exec Mode
• restricting access to an EXEC mode command • moving commands from EXEC Privilege to EXEC mode • restricting access A user can access all commands at his privilege level and below. Removing a Command from EXEC Mode To remove a command from the list of available commands in EXEC mode for a specific privilege level, use the privilege exec command from CONFIGURATION mode.
Page 58 CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level {command ||...|| command} Example of EXEC Privilege Commands Dell#show running-config privilege privilege exec level 3 configure privilege exec level 4 resequence privilege configure level 3 line privilege configure level 3 interface tengigabitethernet Dell#telnet 10.11.80.201...
Page 59: Applying A Privilege Level To A Username
When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: •...
Page 60: Audit And Security Logs
• The network administrator and network operator user roles can view system events. NOTE: If extended logging is disabled, you can only view system events, regardless of RBAC user role. Example of Enabling Audit and Security Logs Dell(conf)#logging extended Management...
Page 61: Configuring Logging Format
May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98) Example of the show logging Command for Security...
Page 62 On the switch, enable the SSH server Dell(conf)#ip ssh server enable On the syslog server, create a reverse SSH tunnel from the syslog server to the Dell OS switch, using following syntax: ssh -R <remote port>:<syslog server>:<syslog server listen port> user@remote_host -nNf In the following example the syslog server IP address is 10.156.166.48 and the listening port is 5141.
Page 63: Log Messages In The Internal Buffer
Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer. For example, %BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enabled Configuration Task List for System Log Management There are two configuration tasks for system log management: •...
Page 64: Track Login Activity
Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events. When you log in using the console or VTY line, the system displays the last successful login details of the current user and the number of unsuccessful login attempts since your last successful login to the system, and whether the current user’s permissions have changed since...
Page 65: Display Login Statistics
Example of the show login statistics all command The show login statistics all command displays the successful and failed login details of all users in the last 30 days or the custom defined time period. Dell#show login statistics all ------------------------------------------------------------------ User: admin Last login time: 08:54:28 UTC Wed Mar 23 2016 Last login location: Line vty0 ( 10.16.127.145 )
Page 66: Limit Concurrent Login Sessions
Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, auxiliary, and console lines. You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions.
Page 67: Enabling The System To Clear Existing Sessions
Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this procedure: •...
Page 68: Changing System Logging Settings
CONFIGURATION mode logging buffered size NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. • Specify the number of messages that Dell Networking OS saves to its logging history table.
Page 69: Display The Logging Buffer And The Logging Configuration
When RBAC is enabled, the security logs are filtered based on the user roles. Only the security administrator and system administrator can view the security logs. Example of the show logging Command Dell#show logging Syslog logging: enabled Console logging: level debugging...
Page 70: Synchronizing Log Messages
Dell# Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
Page 71: Enabling Timestamp On Syslog Messages
File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces.
Page 72: Configuring Ftp Server Parameters
• Enable FTP on the system. CONFIGURATION mode ftp-server enable Example of Viewing FTP Configuration Dell#show running ftp ftp-server enable ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters.
Page 73: Terminal Lines
(aux) connects secondary devices such as modems. Denying and Permitting Access to a Terminal Line Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines. • Layer 3 ACLs deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny traffic.
Page 74: Configuring Login Authentication For Terminal Lines
You can use any combination of up to six authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication method, Dell Networking OS prompts the next method until all methods are exhausted, at which point the connection is terminated.
Page 75: Setting Timeout For Exec Privilege Mode
Dell(config-line-vty)# Setting Timeout for EXEC Privilege Mode EXEC timeout is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set timeout, use the following commands. •...
Page 76: Lock Configuration Mode
Dell# Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message 2). You can set two types of lockst: auto and manual.
Page 77: Restoring The Factory Default Settings
• After the restore is complete, the units power cycle immediately. The following example illustrates the restore factory-defaults command to restore the factory default settings. Dell#restore factory-defaults stack-unit 1 nvram *********************************************************************** Warning - Restoring factory defaults will delete the existing persistent settings (stacking, fanout, etc.)
Page 78 You enter BLI immediately, as indicated by the BOOT_USER # prompt. press any key Assign the new location of the Dell Networking OS image to be used when the system reloads. To boot from flash partition A: BOOT_USER # boot change primary...
Page 79: Reloading The System
The following example shows how to reload the system: Dell# reload Proceed with reload [confirm yes/no]: yes The following example shows how to reload the system into Dell diagnostics mode: Dell#reload dell-diag Proceed with reload [confirm yes/no]: yes The following example shows how to reload the system into ONIE mode:...
Page 80: 802.1X
802.1X employs Extensible Authentication Protocol (EAP) to transfer a device’s credentials to an authentication server (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over-RADIUS to communicate with the server.
Page 81 The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network. It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator. •...
Page 82: Port-Authentication Process
• Re-Authenticating a Port • Configuring Dynamic VLAN Assignment with Port Authentication • Guest and Authentication-Fail VLANs • Multi-Host Authentication • Multi-Supplicant Authentication • MAC Authentication Bypass • Dynamic CoS with 802.1X Port-Authentication Process The authentication process begins when the authenticator senses that a link status has changed from down to up: When the authenticator senses a link state change, it requests that the supplicant identify itself using an EAP Identity Request frame.
Page 83: Eap Over Radius
79. Figure 6. EAP Over RADIUS RADIUS Attributes for 802.1X Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server. Attribute 41 NAS-Port-Type: NAS-port physical port type.
Page 84: Important Points To Remember
Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
Page 85: Configuring Dot1X Profile
Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication [output omitted]...
Page 86: Configuring Mac Addresses For A Do1X Profile
Eenter a name to configure the static MAB profile name. The profile name length is limited to a maximum of 32 characters. Example of Static MAB and MAB Profile for an Interface Dell(conf-if-Te-2/1)#dot1x static-mab profile sample Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 21...
Page 87: Configuring Critical Vlan
Dell(conf-if-Te 2/1))#show dot1x interface TenGigabitEthernet 2/1 802.1x information on Te 2/1: ----------------------------- Dot1x Status: Enable Port Control: Auto Port Auth Status: AUTHORIZED(STATIC-MAB) Re-Authentication: Disable Untagged VLAN id: None Guest VLAN: Enable Guest VLAN id: Auth-Fail VLAN: Enable Auth-Fail VLAN id:...
Page 88: Configuring Request Identity Re-Transmissions
Guest VLAN: Enable Guest VLAN id: Auth-Fail VLAN: Disable Auth-Fail VLAN id: NONE Auth-Fail Max-Attempts: NONE Mac-Auth-Bypass: Enable Mac-Auth-Bypass Only: Enable Tx Period: 3 seconds Quiet Period: 60 seconds ReAuth Max: Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: Host Mode:...
Page 89: Configuring A Quiet Period After A Failed Authentication
EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-1/1/1/1)#dot1x tx-period 90 Dell(conf-if-range-Te-1/1/1/1)#dot1x max-eap-req 10 Dell(conf-if-range-Te-1/1/1/1)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 1/1/1/1 802.1x information on Te 1/1/1/1: ----------------------------- Dot1x Status: Enable...
Page 90: Forcibly Authorizing Or Unauthorizing A Port
EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. Dell(conf-if-range-Te-1/1/1/1)#dot1x tx-period 90 Dell(conf-if-range-Te-1/1/1/1)#dot1x max-eap-req 10 Dell(conf-if-range-Te-1/1/1/1)#dot1x quiet-period 120 Dell#show dot1x interface TenGigabitEthernet 1/1/1/1 802.1x information on Te 1/1/1/1: ----------------------------- Dot1x Status: Enable...
Page 91: Re-Authenticating A Port
Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-1/1/1/1)#dot1x reauthentication interval 7200 Dell(conf-if-Te-1/1/1/1)#dot1x reauth-max 10 Dell(conf-if-Te-1/1/1/1)#do show dot1x interface TenGigabitEthernet 1/1/1/1 802.1x information on Te 1/1/1/1: ----------------------------- Dot1x Status:...
Page 92: Configuring Dynamic Vlan Assignment With Port Authentication
Private-Group-ID The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.
Page 93: Guest And Authentication-Fail Vlans
Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data.
Page 94: Configuring Timeouts
Dell(conf-if-Te-1/1/1/1)#dot1x guest-vlan 200 Dell(conf-if-Te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-1/1/1/1)# Dell(conf-if-Te-1/1/1/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown...
Page 95: Multi-Host Authentication
The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-1/1/1/1)#dot1x port-control force-authorized Dell(conf-if-Te-1/1/1/1)#do show dot1x interface TenGigabitEthernet 1/1/1/1 802.1x information on Te 1/1/1/1: ----------------------------- Dot1x Status:...
Page 96 When multiple end users are connected to a single authenticator port, single-host mode authentication does not authenticate all end users, and all but one are denied access to the network. For these cases, the Dell Networking OS supports multi-host mode authentication.
Page 97: Configuring Multi-Host Authenticationconfiguring Single-Host Authentication
To verify the currently configured authentication mode, enter the show dot1x interface command. Dell(conf-if-te-2/1)# dot1x host-mode multi-host Dell(conf-if-te-2/1)# do show dot1x interface tengigabitethernet 2/1 802.1x information on Te 2/1: -----------------------------...
Page 98: Multi-Supplicant Authentication
To verify the currently configured authentication mode, enter the show dot1x interface command. Dell(conf-if-te-1/3)# dot1x host-mode multi-auth Dell(conf-if-te-1/3)# do show dot1x interface tengigabitethernet 1/3 802.1x information on Te 1/3: -----------------------------...
Page 99: Mac Authentication Bypass
To restrict the number of devices that 802.1X can authenticate on a port in multi-supplicant (multi-auth) mode, enter the dot1x max- supplicants number command in Interface mode. By default, the maximum number of multi-supplicant devices is 128. Dell(conf-if-te-2/1)# dot1x max-supplicants 4 MAC Authentication Bypass MAC authentication bypass (MAB) enables you to provide MAC-based security by allowing only known MAC addresses within the network using a RADIUS server.
Page 100: Mab In Single-Host And Multi-Host Mode
If MAB times out or MAC authentication fails, the port is placed into the guest VLAN. If both MAB and re-authentication are enabled, when the re-auth period finishes and whether the previous authentication was through MAB or 802.1X, 802.1X authentication is tried first. If 802.1X times out, MAB authentication is tried. The port remains authorized throughout the reauthentication process.
Page 101: Dynamic Cos With 802.1X
ACL, and DSCP). Once traffic is classified, you can use Quality of Service (QoS) traffic management to control the level of service for a class in terms of bandwidth and delivery time. For incoming traffic, the Dell Networking OS allows you to set a static priority value on a per-port basis or dynamically set a priority on a per-port basis by leveraging 802.1X.
Page 102 If multi-supplicant authentication mode is enabled on a port, you can configure a CoS mapping table for specified MAC addresses in the RADIUS server. Dell Networking OS then maintains a per-MAC CoS table for each port, and marks the priority of all traffic originating from a configured MAC address with the corresponding table value.
Page 103: Access Control Lists (Acls)
Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer An ACL is essentially a filter containing some criteria to match (examine IP, transmission control protocol [TCP], or user datagram protocol [UDP] packets) and an action to take (permit or deny).
Page 104: Ip Access Control Lists (Acls)
When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created. The sequence numbers are listed in the display output of the show config and show ip accounting access-list commands.
Page 105: Implementing Acls On Dell Networking Os
The status column indicates whether you can enable the policy. Example of the Command test cam-usage Dell#test cam-usage service-policy input asd stack-unit 1 port-set 0 Stack-unit|Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status -------------------------------------------------------------------------- IPv4Flow|...
Page 106 In cases where class-maps with overlapping ACL rules are applied to different queues, use the order keyword to specify the order in which you want to apply ACL rules. The order can range from 0 to 254. Dell Networking OS writes to the CAM ACL rules with lower-order numbers (order numbers closer to 0) before rules with higher-order numbers so that packets are matched as you intended.
Page 107: Important Points To Remember
You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. Dell Networking OS processes the route maps with the lowest sequence number first. When a configured route map is applied to a...
Page 108 When there are multiple match commands with the same parameter under one instance of route-map, Dell Networking OS does a match between all of those match commands. If there are multiple match commands with different parameters, Dell Networking OS does a match ONLY if there is a match among ALL the match commands.
Page 109: Configuring Match Routes
In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement. If there is a match anywhere, the route is permitted.
Page 110: Configuring Set Conditions
CONFIG-ROUTE-MAP mode match ip address prefix-list-name • Match destination routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 address prefix-list-name • Match next-hop routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip next-hop {access-list-name | prefix-list prefix-list-name} •...
Page 111: Configure A Route Map For Route Redistribution
Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins. The metric value is the most common attribute that is changed to properly redistribute other routes into a routing protocol.
Page 112: Configure A Route Map For Route Tagging
In the following example, the redistribute command calls the route map static ospf to redistribute only certain static routes into OSPF. According to the route map static ospf, only routes that have a next hop of Tengigabitethernet interface 1/1/1/1 and that have a metric of 255 are redistributed into the OSPF backbone area.
Page 113: Ip Fragment Handling
For IP ACL, Dell Networking OS always applies implicit deny. You do not have to configure it. • For IP ACL, Dell Networking OS applies implicit permit for second and subsequent fragment just prior to the implicit deny. • If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments.
Page 114: Configure A Standard Ip Acl
To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
Page 115: Configuring A Standard Ip Acl Filter
Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of five.
Page 116: Configure An Extended Ip Acl
To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. The following examples shows how to view a standard ACL filter sequence for an interface. Dell#show ip accounting access example interface gig 4/12 Extended IP access list example...
Page 117: Configuring Filters Without A Sequence Number
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five.
Page 118: Configure Layer 2 And Layer 3 Acls
If both L2 and L3 ACLs are applied to an interface, the following rules apply: • When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When Dell Networking OS switches the packets, first the L3 ACL filters them, then the L2 ACL filters them.
Page 119: Applying An Ip Acl
To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show running- config command in EXEC mode. Example of Viewing ACLs Applied to an Interface Dell(conf-if)#show conf interface TenGigabitEthernet 1/1/1/1 ip address 10.2.1.100 255.255.255.0...
Page 120: Configure Ingress Acls
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface tengigabitethernet 1/1/1/1 Dell(conf-if-te1/1/1/1)#ip access-group abcd in Dell(conf-if-te1/1/1/1)#show config tengogabitethernet 1/1/1/1 no ip address...
Page 121: Applying Egress Layer 3 Acls (Control-Plane)
Dell Networking OS Behavior: Virtual router redundancy protocol (VRRP) hellos and internet group management protocol (IGMP) packets are not affected when you enable egress ACL filtering for CPU traffic. Packets sent by the CPU with the source address as the VRRP virtual IP address have the interface MAC address instead of VRRP virtual MAC address.
Page 122: Ip Prefix Lists
(permit or deny) to process routes. The filters are processed in sequence so that if a route prefix does not match the criterion in the first filter, the second filter (if configured) is applied. When the route prefix matches a filter, Dell Networking OS drops or forwards the packet based on the filter’s designated action.
Page 123 To delete a filter, use the no seq sequence-number command in PREFIX LIST mode.If you are creating a standard prefix list with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The Dell Networking OS assigns filters in multiples of five.
Page 124 Example of Creating a Filter with Dell Networking OS-Assigned Sequence Numbers The example shows a prefix list in which the sequence numbers were assigned by the software. The filters were assigned sequence numbers based on the order in which they were configured (for example, the first filter was given the lowest sequence number). The show config command in PREFIX LIST mode displays two filters with the sequence numbers 5 and 10.
Page 125 Dell(conf-router_rip)#show config router rip distribute-list prefix juba out network 10.0.0.0 Dell(conf-router_rip)#router ospf 34 Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode.
Page 126: Acl Resequencing
Example of Viewing Configured Prefix Lists (ROUTER OSPF mode) To view the configuration, use the show config command in ROUTER OSPF mode, or the show running-config ospf command in EXEC mode. Dell(conf-router_ospf)#show config router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1...
Page 127: Route Maps
10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1...
Page 128: Implementation Information
Implementation Information ACLs and prefix lists can only drop or forward the packet or traffic. Route maps process routes for route redistribution. For example, a route map can be called to filter only specific routes and to add a metric. Route maps also have an “implicit deny.”...
Page 129: Enabling Flow-Based Monitoring
The show monitor session session-id command has been enhanced to display the Type field in the output, which indicates whether a particular session is enabled for flow-monitoring. Example Output of the show Command Dell# show monitor session 1 SessID Source...
Page 130 MONITOR SESSION mode flow-based enable Define access-list rules that include the keyword monitor. Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor. CONFIGURATION mode ip access-list For more information, see Access Control Lists (ACLs).
Page 131: Bidirectional Forwarding Detection (Bfd)
BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, BFD agents maintain sessions that reside on the line card, which frees resources on the route processor.
Page 132: Bfd Packet Format
The poll and final bits are used during the handshake and in Demand mode (refer to Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Bidirectional Forwarding Detection (BFD)
Page 133: Bfd Sessions
Authentication Type, An optional method for authenticating control packets. Authentication NOTE: Dell Networking OS does not currently support the BFD authentication function. Length, Authentication Data Two important parameters are calculated using the values contained in the control packet. Transmit Interval Transmit interval is the agreed-upon rate at which a system sends control packets.
Page 134: Bfd Three-Way Handshake
Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up. State...
Page 135 Figure 12. BFD Three-Way Handshake State Changes Bidirectional Forwarding Detection (BFD)
Page 136: Session State Changes
Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4.
Page 137: Configure Bfd For Physical Ports
• Configure BFD for OSPFv3 • Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol.
Page 138 Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 14. Establishing a BFD Session on Physical Ports Enter interface mode.
Page 139 2.2.2.2 on interface Te 1/1/4/1 (diag: 0) Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role (active). Dell Networking recommends maintaining the default values. To view session parameters, use the show bfd neighbors detail command.
Page 140: Configure Bfd For Static Routes
Disabling and Re-Enabling BFD BFD is enabled on all interfaces by default, though sessions are not created unless explicitly configured. If you disable BFD, all of the sessions on that interface are placed in an Administratively Down state ( the first message example), and the remote systems are notified of the session state change (the second message example).
Page 141 Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 15. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd [prefix-list prefix-list-name] [interval interval min_rx min_rx multiplier value role {active | passive}]...
Page 142: Configure Bfd For Ospf
CONFIGURATION mode ip route bfd [prefix-list prefix-list-name] interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information Disabling BFD for Static Routes If you disable BFD, all static route BFD sessions are torn down.
Page 143 Establishing Sessions with OSPF Neighbors for the Default VRF BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 16.
Page 144 INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS...
Page 145 - BGP - CLI - ISIS - OSPF - OSPFv3 - Static Route (RTM) - MPLS - VRRP - Vxlan Tunnel LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 5.1.1.1 5.1.1.2 Po 30 * 6.1.1.1 6.1.1.2 Vl 30 * 7.1.1.1 7.1.1.2 Te 1/1/1/1 The following example shows the show bfd vrf neighbors command output showing the nondefault VRF.
Page 146 Number of packets sent to neighbor: 73 Number of state changes: 1 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 4 Dell# show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 10.1.3.2 Local MAC Addr: 00:01:e8:02:15:0e Remote Addr: 10.1.3.1...
Page 147: Configure Bfd For Ospfv3
Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 6 Dell# Changing OSPF Session Parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: desired tx interval, required min rx interval, detection multiplier, and system role.
Page 148 Enable BFD globally. Establish sessions with OSPFv3 neighbors. NOTE: BFD for OSPFv3 with ECMP is not supported. Related Configuration Tasks • Changing OSPFv3 Session Parameters • Disabling BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all OSPFv3 neighbors at once or with all neighbors out of a specific interface. Sessions are only established when the OSPFv3 adjacency is in the Full state.
Page 149: Configure Bfd For Is-Is
Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state. Disabling BFD does not trigger a change in BFD clients;...
Page 150 Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 17. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands. •...
Page 151: Configure Bfd For Bgp
Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.2 2.2.2.1 Te 2/1/1 Changing IS-IS Session Parameters BFD sessions are configured with default intervals and a default role. The parameters that you can configure are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role.
Page 152 Prerequisites Before configuring BFD for BGP, you must first configure the following settings: Configure BGP on the routers that you want to interconnect, as described in Border Gateway Protocol IPv4 (BGPv4). Enable fast fall-over for BGP neighbors to reduce convergence time (the neighbor fall-over command), as described in Fast Fall-Over.
Page 153 BFD notifies BGP of any failure conditions that it detects on the link. Recovery actions are initiated by BGP. BFD for BGP is supported only on directly-connected BGP neighbors and only in BGP IPv4 networks. Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up and BGP maintains its adjacencies.
Page 154 The BGP link with the neighbor returns to normal operation and uses the BFD session parameters globally configured with the bfd all- neighbors command or configured for the peer group to which the neighbor belongs. • Disable a BFD for BGP session with a specified neighbor. ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable •...
Page 155 EXEC Privilege mode show ip bgp neighbors [ip-address] Examples of Verifying BGP Information The following example shows verifying a BGP configuration. R2# show running-config bgp router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown...
Page 156 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 1/1/2/1 State: Up Configured parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active...
Page 157 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 1.1.1.2 00:38:12 2.2.2.2 04:32:26 3.3.3.2 00:38:12...
Page 158: Configure Bfd For Vrrp
R2# show ip bgp neighbors 2.2.2.4 BGP neighbor is 2.2.2.4, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 Neighbor is using BGP peer-group mode BFD configuration Peer active in peer-group outbound optimization Configure BFD for VRRP When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM).
Page 159 Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 19. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. •...
Page 160 The bold line shows that VRRP BFD sessions are enabled. Dell(conf-if-te-1/1/1/1)#vrrp bfd all-neighbors Dell(conf-if-te-1/1/1/1)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.5.1...
Page 161: Configuring Protocol Liveness
To disable all VRRP sessions on an interface, sessions for a particular VRRP group, or for a particular VRRP session on an interface, use the following commands. • Disable all VRRP sessions on an interface. INTERFACE mode no vrrp bfd all-neighbors •...
Page 162 00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Up for neighbor 2.2.2.2 on interface Te 4/24/1 (diag: 0) The following example shows hexadecimal output from the debug bfd packet command. RX packet dump: 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00:34:13 : Sent packet for session with neighbor 2.2.2.2 on Te 4/24/1 TX packet dump:...
Page 163: Border Gateway Protocol Ipv4 (Bgpv4)
Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). The primary function of the BGP is to exchange network reachability information with other BGP systems.
Page 164 IBGP provides routers inside the AS with the knowledge to reach routers external to the AS. EBGP routers exchange information with other EBGP routers as well as IBGP routers to maintain connectivity and accessibility. Figure 20. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network.
Page 165: Sessions And Peers
Figure 21. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor.
Page 166: Route Reflectors
State Description Idle BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. Connect In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not successful, BGP resets the ConnectRetry timer and transitions to the Active state when the timer expires.
Page 167: Bgp Attributes
Figure 22. BGP Router Rules Router B receives an advertisement from Router A through eBGP. Because the route is learned through eBGP, Router B advertises it to all its iBGP peers: Routers C and D. Router C receives the advertisement but does not advertise it to any peer because its only other peer is Router D, an iBGP peer, and Router D has already learned it through iBGP from Router B.
Page 168 In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Page 169: Weight
In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Page 170: Multi-Exit Discriminators (Meds)
Figure 24. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria.
Page 171: Origin
BGP. In Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold). The lower case letter (i) indicates an origin code of IGP (shown in bold).
Page 172: As Path
Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold). Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address...
Page 173: Implement Bgp With Dell Networking Os
BGP. Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones.
Page 174: Ignore Router-Id In Best-Path Calculation
Configure 4-byte AS numbers with the four-octet-support command. AS4 Number Representation Dell Networking OS supports multiple representations of 4-byte AS numbers: asplain, asdot+, and asdot. NOTE: The ASDOT and ASDOT+ representations are supported only with the 4-Byte AS numbers feature. If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported.
Page 175 65526 and the AS number 65546 appears as 1.10. Dynamic AS Number Notation Application Dell Networking OS applies the ASN notation type change dynamically to the running-config statements. When you apply or change an notation, the type selected is reflected immediately in the running-configuration and the show commands (refer to the following two examples).
Page 176: As Number Migration
Dell(conf-router_bgp)#sho conf router bgp 100 neighbor 172.30.1.250 local-as 65057 Dell(conf-router_bgp)#do show ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress.
Page 177: Bgp4 Management Information Base (Mib)
• To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5.
Page 178: Configuration Information
To enable the BGP process and begin exchanging information, assign an AS number and use commands in ROUTER BGP mode to configure a BGP neighbor. By default, BGP is disabled. By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare- med command is not enabled). NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled.
Page 179: Enabling Bgp
Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer.
Page 180 Disable 4-Byte support and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. Disabling 4-Byte AS numbers also disables ASDOT and ASDOT+ number representation. All AS numbers are displayed in ASPLAIN format.
Page 181 Active For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID.
Page 182: Configuring As4 Number Representations
Connections established 0; dropped 0 Last reset never No active TCP connection Dell# The following example shows verifying the BGP configuration using the show running-config bgp command.. Dell#show running-config bgp router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24...
Page 183 • Enable ASPLAIN AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asplain NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot •...
Page 184: Configuring Peer Groups
Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy.
Page 185 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes...
Page 186: Configuring Bgp Fast Fall-Over
To verify that you enabled fast fall-over on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fall- over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors Border Gateway Protocol IPv4 (BGPv4)
Page 187 Local host: 200.200.200.200, Local port: 65519 Foreign host: 100.100.100.100, Foreign port: 179 Dell# To verify that fast fall-over is enabled on a peer-group, use the show ip bgp peer-group command (shown in bold). Dell#sh ip bgp peer-group Peer-group test fall-over enabled BGP version 4...
Page 188: Configuring Passive Peering
If you enable passive peering for the peer group, the software does not send an OPEN message, but it responds to an OPEN message. When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor.
Page 189: Allowing An As Number To Appear In Its Own As Path
• No Prepend: specifies that local AS values are not prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number.
Page 190: Enabling Graceful Restart
Speeds convergence by advertising a special update packet known as an end-of-RIB marker. This marker indicates the peer has been updated with all routes in the local RIB. If you configure your system to do so, Dell Networking OS can perform the following actions during a hot failover: •...
Page 191: Enabling Neighbor Graceful Restart
This option provides support for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 192 If you assign an non-existent or empty AS-PATH ACL, the software allows all routes. Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode. Dell#show ip bgp paths Total 30655 Paths Address...
Page 193: Regular Expressions As Filters
For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in Dell Networking OS. Regular...
Page 194: Redistributing Routes
Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in Dell(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 filter-list 1 in neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#ex...
Page 195: Enabling Additional Paths
One attribute you can manipulate is the COMMUNITY attribute. This attribute is an optional attribute that is defined for a group of destinations. In Dell Networking OS, you can assign a COMMUNITY attribute to BGP routers by using an IP community list. After you create an IP community list, you can apply routing decisions to all routers meeting the criteria in the IP community list.
Page 196: Configuring An Ip Extended Community List
Example of the show ip community-lists Command To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20...
Page 197: Filtering Routes With Community Lists
704:666 deny 705:666 deny 14551:666 Dell# Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group.
Page 198: Manipulating The Community Attribute
In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, Dell Networking OS does not send the COMMUNITY attribute. To send the COMMUNITY attribute to BGP neighbors, use the following command.
Page 199: Changing Med Attributes
--More-- Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands. •...
Page 200: Configuring The Local System Or A Different System To Be The Next Hop For Bgp-Learned Routes
• Change the LOCAL_PREF value. CONFIG-ROUTER-BGP mode bgp default local-preference value • value: the range is from 0 to 4294967295. The default is 100. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running- config bgp command in EXEC Privilege mode.
Page 201: Changing The Weight Attribute
By default, the software allows one path to a destination. You can enable multipath to allow up to 64 parallel paths to a destination. not using multipath and add path simultaneously in a route reflector. NOTE: Dell Networking recommends To allow more than one path, use the following command. The show ip bgp network command includes multipath information for that network.
Page 202 You can create inbound and outbound policies. Each of the commands used for filtering has in and out parameters that you must apply. In Dell Networking OS, the order of preference varies depending on whether the attributes are applied for inbound updates or outbound updates.
Page 203: Filtering Bgp Routes Using Route Maps
• If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes. For example, you could have the following filter as the last filter in your prefix list permit 0.0.0.0/0 le 32).
Page 204: Configuring Bgp Route Reflectors
{ip-address | peer-group-name} route-reflector-client When you enable a route reflector, Dell Networking OS automatically enables route reflection to all clients. To disable route reflection between all clients in this reflector, use the no bgp client-to-client reflection command in CONFIGURATION ROUTER BGP mode.
Page 205: Aggregating Routes
EXEC Privilege mode. Aggregating Routes Dell Networking OS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active.
Page 206: Enabling Route Flap Dampening
(a numeric value) for routes that flap. When that penalty value reaches a configured limit, the route is not advertised, even if the route is up. In Dell Networking OS, that penalty value is 1024. As time passes and the route does not flap, the penalty value decrements or is decayed.
Page 207 By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival. You can change the path selection method to non-deterministic, that is, paths are compared in the order in which they arrived (starting with the most recent).
Page 208: Changing Bgp Timers
25069 780266 20 00:38:50 102759 Dell> To view which routes are dampened (non-active), use the show ip bgp dampened-routes command in EXEC Privilege mode. Changing BGP Timers To configure BGP timers, use either or both of the following commands. Timer values configured with the neighbor timers command override the timer values configured with the timers bgp command.
Page 209: Route Map Continue
The example enables inbound soft reconfiguration for the neighbor 10.108.1.1. All updates received from this neighbor are stored unmodified, regardless of the inbound policy. When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates. Dell>router bgp 100 neighbor 10.108.1.1 remote-as 200 neighbor 10.108.1.1 soft-reconfiguration inbound...
Page 210: Enabling Mbgp Configurations
If the peer has not been activated in any AFI/SAFI, the peer remains in Idle state. Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 211: Bgp Regular Expression Optimization
In-BGP is shown using the show ip protocols command. Dell Networking OS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
Page 212: Storing Last And Bad Pdus
Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is the one that causes a notification to be issued.
Page 213: Capturing Pdus
The following example shows how to view space requirements for storing all the PDUs. With full internet feed (205K) captured, approximately 11.8MB is required to store all of the PDUs. Dell(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 Incoming packet capture enabled for BGP neighbor 172.30.1.250 Available buffer size 29165743, 192991 packet(s) captured using 11794257 bytes [.
Page 214: Pdu Counters
313511 0 00:12:46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the show ip bgp neighbor command. Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions.
Page 215 Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/1/2/1 R1(conf-if-te-1/1/2/1)#ip address 10.0.1.21/24 R1(conf-if-te-1/1/2/1)#no shutdown R1(conf-if-te-1/1/2/1)#show config interface TengigabitEthernet 1/1/2/1 ip address 10.0.1.21/24 no shutdown R1(conf-if-te-1/21/1)#int te 1/1/3/1 R1(conf-if-te-1/1/3/1)#ip address 10.0.3.31/24...
Page 216 R1(conf-router_bgp)#neighbor 192.168.128.3 no shut R1(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 R1(conf-router_bgp)#show config router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192 168 128 3 no shutdown Example of Enabling BGP (Router 2) R2# conf R2(conf)#int loop 0...
Page 217 interface TengigabitEthernet 1/1/4/1 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int te 3/21/1 R3(conf-if-te-3/21/1)#ip address 10.0.2.3/24 R3(conf-if-te-3/21/1)#no shutdown R3(conf-if-te-3/21/1)#show config interface TengigabitEthernet 3/21/1 ip address 10.0.2.3/24 no shutdown R3(conf-if-te-3/21/1)# R3(conf-if-te-3/21/1)#router bgp 100 R3(conf-router_bgp)#show config router bgp 100 R3(conf-router_bgp)#network 192.168.128.0/24 R3(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R3(conf-router_bgp)#neighbor 192.168.128.1 no shut R3(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 R3(conf-router_bgp)#neighbor 192.168.128.2 remote 99...
Page 218 MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 2;...
Page 219 2 neighbor(s) using 9216 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.1 99 140 136 2 0 (0) 00:11:24 1 192.168.128.3 100 138 140 2 0 (0) 00:18:31 1 Example of Enabling Peer Groups (Router 3) R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor AAA peer-group...
Page 220 Last read 00:00:45, last write 00:00:44 Hold time is 180, keepalive interval is 60 seconds Received 138 messages, 0 in queue 7 opens, 2 notifications, 7 updates 122 keepalives, 0 route refresh requests Sent 140 messages, 0 in queue Border Gateway Protocol IPv4 (BGPv4)
Page 221: Content Addressable Memory (Cam)
Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies.
Page 222 To allocate the space for egress L2, IPV4, and IPV6 ACL, use the cam-acl-egress command. The total number of available FP blocks is 4. Allocate at least one group of L2ACL and IPV4 ACL. Dell(conf)#do show cam-acl-egress -- Chassis Egress Cam ACL --...
Page 223: Test Cam Usage
The Status column in the command output indicates whether or not you can enable the policy. Example of the test cam-usage Command Dell#test cam-usage service-policy input test-cam-usage stack-unit 2 po 0 Stack-Unit| Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status ------------------------------------------------------------------------------------...
Page 224: View Cam Usage
NOTE: If you change the cam-acl setting from CONFIGURATION mode, the output of this command does not reflect any changes until you save the running-configuration and reload the chassis. Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes)
Page 225: Cam Optimization
Syslog Error When the Table is Full In the Dell Networking OS, the table full condition is displayed as CAM full only for LPM. But now the LPM is split into two tables. There are two syslog errors that are displayed: /65 to /128 Table full.
Page 226: Syslog Warning Upon 90 Percent Utilization Of Cam
Prefix Match — LPM]) into a single flexible resource. Dell Networking OS supports several UFT modes to extract the forwarding tables, as required. By default, Dell Networking OS initializes the table sizes to UFT mode 2 profile, since it provides a reasonable shared memory for all the tables.
Page 227 EXEC Privilege show hardware forwarding-table mode Dell#show hardware forwarding-table mode Current Settings Next Boot Settings Mode Default scaled-l3-hosts L2 MAC Entries L3 Host Entries 136K L3 Route Entries Content Addressable Memory (CAM)
Page 228: Control Plane Policing (Copp)
Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Page 229: Configure Control Plane Policing
Figure 29. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The system can process a maximum of 8500 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied. This happens because queue-based rate limiting is applied first.
Page 230: Configuring Copp For Protocols
CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. Configuring CoPP for Protocols This section lists the commands necessary to create and enable the service-policies for CoPP. For complete information about creating ACLs and QoS rules, refer to Access Control Lists (ACLs) Quality of Service...
Page 231 Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit The following example shows creating the QoS input policy. Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos...
Page 232: Configuring Copp For Cpu Queues
Examples of Configuring CoPP for CPU Queues The following example shows creating the QoS policy. Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit The following example shows assigning the QoS policy to the queues.
Page 233: Displaying Copp Configuration
Other show commands display statistical information for trouble shooting CoPP operation. To view the rates for each queue, use the show cpu-queue rate cp command. Viewing Queue Rates Example of Viewing Queue Rates Dell#show cpu-queue rate cp Service-Queue Rate (PPS) Burst (Packets)
Page 234 GVRP 01:80:c2:00:00:21 01:80:c2:00:00:00 ISIS 01:80:c2:00:00:14/15 09:00:2b:00:00:04/05 To view the queue mapping for IPv6 protocols, use the show ipv6 protocol-queue-mapping command. Example of Viewing Queue Mapping for IPv6 Protocols Dell#show ipv6 protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) --------...
Page 235: Data Center Bridging (Dcb)
Data Center Bridging (DCB) Data center bridging (DCB) refers to a set of enhancements to Ethernet local area networks used in data center environments, particularly with clustering and storage area networks. Topics: • Ethernet Enhancements in Data Center Bridging • Enabling Data Center Bridging •...
Page 236: Priority-Based Flow Control
DCB-enabled network is required in a data center. The Dell Networking switches that support a unified fabric and consolidate multiple network infrastructures use a single input/output (I/O) device called a converged network adapter (CNA). A CNA is a computer input/output device that combines the functionality of a host bus adapter (HBA) with a network interface controller (NIC).
Page 237: Enhanced Transmission Selection
• iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface. However, only lossless queues are supported on an interface: one for Fibre Channel over Ethernet (FCoE) converged traffic and one for Internet Small Computer System Interface (iSCSI) storage traffic.
Page 238: Data Center Bridging Exchange Protocol (Dcbx)
Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: •...
Page 239: Data Center Bridging In A Traffic Flow
To enable DCB, enable either the iSCSI optimization configuration or the FCoE configuration. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For more information, refer to Ethernet Pause Frames.
Page 240: Dcb Maps And Its Attributes
DCB Maps and its Attributes This topic contains the following sections that describe how to configure a DCB map, apply the configured DCB map to a port, configure PFC without a DCB map, and configure lossless queues. DCB Map: Configuration Procedure A DCB map consists of PFC and ETS parameters.
Page 241: Configuring Priority-Based Flow Control
5, 6, and 7. Dell Networking OS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBx starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE, and CIN versions of PFC Type, Length, Value (TLV) are supported. DCBx also validates PFC configurations that are received in TLVs from peer devices.
Page 242: Configuring Lossless Queues
NOTE: You cannot enable PFC and link-level flow control at the same time on an interface. Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off. Prerequisite: A DCB with PFC configuration is applied to the interface with the following conditions: •...
Page 243: Configuring Pfc In A Dcb Map
NOTE: Dell Networking OS Behavior: By default, no lossless queues are configured on a port. A limit of two lossless queues is supported on a port. If the amount of priority traffic that you configure to be paused exceeds the two lossless queues, an error message displays.
Page 244: Pfc Prerequisites And Restrictions
In a switch stack, configure all stacked ports with the same PFC configuration. • Dell Networking OS allows you to change the default dot1p priority-queue assignments only if the change satisfies the following requirements in DCB maps already applied to the interfaces: •...
Page 245: Configuring Pfc Without A Dcb Map
Step Task Command Command Mode Dell# interface tengigabitEthernet 1/1/1 Dell(config-if-te-1/1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port. You cannot apply a DCB map on an interface that has been already configured for PFC using thepfc priority command or which is already configured for lossless queues (pfc no-drop queues command).
Page 246: Buffer Sizes For Lossless Or Pfc Packets
When a device sends a pause frame to another device, the time for which the sending of packets from the other device must be stopped is contained in the pause frame. The device that sent the pause frame empties the buffer to be less than the threshold value and restarts the acceptance of data packets.
Page 247: Snmp Support For Pfc And Buffer Statistics Tracking
Bits Priority based Flow Control (PFC) is currently supported on Dell Networking OS for tagged packets based on the packet Dot1p. In certain data center deployments, VLAN configuration is avoided on the servers and all packets from the servers are untagged. These packets will carry IP header and can be differentiated based on the DSCP fields they carry on the server facing switch ports.
Page 248: Configuration Example For Dscp And Pfc Priorities
Dell Networking OS Releases 9.3(0.0) and earlier provide CLI support to specify the priorities for which PFC is enabled on each port. This feature is applicable only for the tagged packets based on the incoming packet Dot1p and Dot1p based queue classification. This document will discuss the configurations required to support PFC for untagged packets based on incoming packet DSCP.
Page 249: Using Pfc To Manage Converged Ethernet Traffic
Apply PFC Priority configuration. Configure priorities on which PFC is enabled. Using PFC to Manage Converged Ethernet Traffic To use PFC for managing converged Ethernet traffic, use the following command: dcb-map stack-unit all dcb-map-name Generation of PFC for a Priority for Untagged Packets In order to generate PFC for a particular priority for untagged packets, and configuring PFC for that priority, you should find the queue number associated with priority from TABLE 1 and Associate a DCB map to forward the matched DSCP packet to that queue.
Page 250: Ets Operation With Dcbx
5, 6, and 7. Dell Networking OS Behavior: A priority group consists of 802.1p priority values that are grouped for similar bandwidth allocation and scheduling, and that share latency and loss requirements. All 802.1p priorities mapped to the same queue must be in the same priority group.
Page 251: Configuring Ets In A Dcb Map
• Dell Networking OS supports hierarchical scheduling on an interface. The control traffic on Dell Networking OS is redirected to control queues as higher priority traffic with strict priority scheduling. After the control queues drain out, the remaining data traffic is scheduled to queues according to the bandwidth and scheduler configuration in the DCB map.
Page 252: Hierarchical Scheduling In Ets Output Policies
you can apply a QoS output policy with WRED and/or rate shaping on a DCBx CIN-enabled interface. In this case, the WRED or rate shaping configuration in the QoS output policy must take into account the bandwidth allocation or queue scheduler configured in the DCB map.
Page 253: Applying Dcb Policies In A Switch Stack
Applying DCB Policies in a Switch Stack You can apply DCB policies with PFC and ETS configurations to all stacked ports in a switch stack or on a stacked switch. To apply DCB policies in a switch stack, follow this step. •...
Page 254 On a DCBx port in a manual role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. When making a configuration change to a DCBx port in a Manual role, Dell Networking recommends shutting down the interface using the shutdown command, change the configuration, then re-activate the interface using the no shutdown command.
Page 255: Dcb Configuration Exchange
NOTE: On a DCBx port, application priority TLV advertisements are handled as follows: • The application priority TLV is transmitted only if the priorities in the advertisement match the configured PFC priorities on the port. • On auto-upstream and auto-downstream ports: •...
Page 256: Propagation Of Dcb Information
Propagation of DCB Information When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port acts as a DCBx client and checks if a DCBx configuration source exists on the switch. • If a configuration source is found, the received configuration is checked against the currently configured values that are internally propagated by the configuration source.
Page 257: Dcbx Prerequisites And Restrictions
Figure 33. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, enable LLDP in both Send (TX) and Receive (RX) mode (the protocol lldp mode command; refer to the example in in the chapter).
Page 258 [no] DCBx version {auto | cee | cin | ieee-v2.5} • cee: configures the port to use CEE (Intel 1.01). • cin: configures the port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5: configures the port to use IEEE 802.1Qaz (Draft 2.5). The default is Auto.
Page 259 Configuring DCBx Globally on the Switch To globally configure the DCBx operation on a switch, follow these steps. Enter Global Configuration mode. EXEC PRIVILEGE mode configure Enter LLDP Configuration mode to enable DCBx operation. CONFIGURATION mode [no] protocol lldp Configure the DCBx version used on all interfaces not already configured to exchange DCB information. PROTOCOL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.5} •...
Page 260 Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF.
Page 261: Verifying The Dcb Configuration
PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# show interfaces tengigabitethernet 1/1/1/4 pfc summary Interface TenGigabitEthernet 1/1/1/4 Data Center Bridging (DCB)
Page 262 Application Priority TLV Parameters : -------------------------------------- FCOE TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Remote FCOE PriorityMap is 0x8 Dell# show interfaces tengigabitethernet 1/1/1/4 pfc detail Interface TenGigabitEthernet 1/1/1/4 Admin mode is on Admin is enabled Remote is enabled...
Page 263 Number of PFC pause frames transmitted. PFC TLV Statistics: Pause Rx pkts Number of PFC pause frames received The following example shows the show interface pfc statistics command. Dell#show interface hundredGigE 1/1/1 pfc statistics Interface hundredGigE 1/1/1 Interface Priority Rx XOFF Frames...
Page 264 The following example shows the show interface ets summary command. Dell(conf)#do show interfaces te 1/1/1 ets summary Interface TenGigabitEthernet 1/1/1 Max Supported TC is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------ Admin is enabled...
Page 265 Priority# Bandwidth TSA Remote Parameters: ------------------- Remote is disabled Local Parameters : ------------------ Local is enabled TC-grp Priority# Bandwidth 0,1,2,3,4,5,6,7 100% Priority# Bandwidth Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts, 0 Error Traffic Class TLV Pkts The following table describes the show interface ets detail command fields.
Page 266 ETS TLV Statistic: Error Conf TLV pkts Number of ETS Error Configuration TLVs received. The following example shows the show interface DCBx detail command (IEEE). Dell(conf-if-te-1/1/1/1-lldp)#do sho int te 1/1/1/2 dc d E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled...
Page 267 ----------------------------------------------------------------------- Interface TenGigabitEthernet 1/1/4/1 Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Auto-Upstream DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx Compatibility mode is CEE Local DCBx Configured mode is CEE Peer Operating version is CEE Local DCBx TLVs Transmitted: ErPFi Local DCBx Status ----------------- DCBx Operational Version is 0...
Page 268: Qos Dot1P Traffic Classification And Queue Assignment
NOTE: Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS. However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces. If you use L2 class maps to map dot1p priority traffic to egress queues, take into...
Page 269: Sample Dcb Configuration
dcb enable Configure the shared PFC buffer size and the total buffer size. A maximum of 4 lossless queues are supported. CONFIGURATION mode dcb pfc-shared-buffer-size value dcb pfc-total-buffer-size value The buffer size range is from 0 to 3399. Default is 3088. Configure the number of PFC queues.
Page 270 Figure 34. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
Page 271: Pfc And Ets Configuration Command Examples
PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center traffic. Enabling DCB Dell(conf)#dcb enable Configure DCB map and enable PFC, and ETS Apply DCB map to relevant interface dcb-map test...
Page 272: Dynamic Host Configuration Protocol (Dhcp)
Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error-prone process when hosts often join, leave, and change locations on the network and it reclaims IP addresses that are no longer in use to prevent address exhaustion.
Page 273 The following table lists common DHCP options. Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Option 6 Server Specifies the domain name servers (DNSs) that are available to the client.
Page 274: Assign An Ip Address Using Dhcp
Option Number and Description User Port Stacking Option 230 Set the stacking option variable to provide DHCP server stack-port detail when the DHCP offer is set. Option 255 Signals the last option in the DHCP packet. Assign an IP Address using DHCP The following section describes DHCP and the client in a network.
Page 275: Implementation Information
ACLs to an interface which has IP source address validation. If you configure IP source address validation on a member port of a virtual local area network (VLAN) and then to apply an access list to the VLAN, Dell Networking OS displays the first line in the following message.
Page 276: Configuring The Server For Automatic Address Allocation
After an IP address is leased to a client, only that client may release the address. Dell Networking OS performs a IP + MAC source address validation to ensure that no client can release another clients address. This validation is a default behavior and is separate from IP+MAC source address validation.
Page 277: Specifying A Default Gateway
DHCP <POOL> default-router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Using DNS for Address Resolution A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses.
Page 278: Using Netbios Wins For Address Resolution
NOTE: Dell Networking OS does not prevent you from using a network IP as a host IP; be sure to not use a network IP as a host Create an address pool.
Page 279: Using Dhcp Clear Commands
Layer 3 mode and pre-configured with no shutdown and no ip address. For this reason, you cannot enter configuration commands to set up the switch. To interrupt a BMP process, prevent a loop from occurring, and apply the Dell Networking OS image and startup configuration stored in the local flash, enter the stop bmp command from the console.
Page 280: Ip Address Dhcp
Use the no ip address dhcp command to: • Release the IP address dynamically acquired from a DHCP server from the interface. • Disable the DHCP client on the interface so it cannot acquire a dynamic IP address from a DHCP server. •...
Page 281: Dhcp Client On A Management Interface
DHCP Client Operation with Other Features The DHCP client operates with other Dell Networking OS features, as the following describes. Stacking The DHCP client daemon runs only on the master unit and handles all DHCP packet transactions. It periodically synchronizes the lease file with the standby unit.
Page 282: Configure The System For User Port Stacking (Option 230)
DHCP Snooping A DHCP client can run on a switch simultaneously with the DHCP snooping feature as follows: • If you enable DHCP snooping globally on a switch and you enable a DHCP client on an interface, the trust port, source MAC address, and snooping table validations are not performed on the interface by DHCP snooping for packets destined to the DHCP client daemon.
Page 283: Option 82
• Source Address Validation Option 82 RFC 3046 (the relay agent information option, or Option 82) is used for class-based IP address assignment. The code for the relay agent information option is 82, and is comprised of two sub-options, circuit ID and remote ID. Circuit ID This is the interface on which the client-originated message is received.
Page 284: Enabling Dhcp Snooping
DHCP snooping is supported on Layer 2 and Layer 3 traffic. DHCP snooping on Layer 2 interfaces does require a relay agent. Binding table entries are deleted when a lease expires or when the relay agent encounters a DHCPRELEASE. Line cards maintain a list of snooped VLANs.
Page 285 Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command.
Page 286: Drop Dhcp Packets On Snooped Vlans Only
Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic IPv6 Address...
Page 287: Dynamic Arp Inspection
To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Dell#show ip dhcp snooping binding Codes : S - Static D - Dynamic...
Page 288: Configuring Dynamic Arp Inspection
Validate ARP frames against the DHCP snooping binding table. INTERFACE VLAN mode arp inspection Examples of Viewing the ARP Information To view entries in the ARP database, use the show arp inspection database command. Dell#show arp inspection database Protocol Address Age(min) Hardware Address Interface VLAN...
Page 289: Source Address Validation
Dynamic ARP inspection is supported on Layer 2 and Layer 3. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 23. Three Types of Source Address Validation Source Address Validation...
Page 290: Dhcp Mac Source Address Validation
INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface. To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-address- validation [interface] command in EXEC Privilege mode.
Page 291: Viewing The Number Of Sav Dropped Packets
Dell>clear ip dhcp snooping source-address-validation discard-counters To clear the number of SAV dropped packets on a particular interface, use the clear ip dhcp snooping source-address- validation discard-counters interface interface command. Dell>clear ip dhcp snooping source-address-validation discard-counters interface TenGigabitEthernet 1/1/1/1 Dynamic Host Configuration Protocol (DHCP)
Page 292: Equal Cost Multi-Path (Ecmp)
This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops. Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same.
Page 293: Managing Ecmp Group Paths
These two ecmp-groups are not related in any way. Example of Viewing Link Bundle Monitoring Dell# show link-bundle-distribution ecmp-group 1 Link-bundle trigger threshold - 60 ECMP bundle - 1 Utilization[In Percent] - 44 Alarm State - Active...
Page 294: Modifying The Ecmp Group Threshold
You can configure ecmp-group with id 2 for link bundle monitoring. This ecmp-group is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Dell(conf-ecmp-group-5)#show config ecmp-group 5...
Page 295: Support For Ecmp In Host Table
Dell Networking OS releases earlier than Release 9.3(0.1) stores IPv6 /128 entries in Host table since it cannot be written in LPM table, and IPv4 0/32 route entries are written in LPM table itself to support the ECMP since ECMP was not supported in Host table. On the system, unified forwarding table (UFT) is enabled, and the host table size is bigger compared to the LPM.
Page 296: Flow-Based Hashing For Ecmp
The second portion comes from static physical configuration such as ingress and egress port numbers. • RTAG7 hashing also provides options to select between multiple hash algorithms that would result in balanced traffic distribution for various traffic patterns. Dell(conf)#hash-algorithm ecmp ? crc16 CRC16_BISYNC - 16 bit CRC16-bisync polynomial crc16cc...
Page 297 Polarization Multipath routing is a method that is often used to address data forwarding issues during network failures so that the network traffic reaches its desired destination. Multipath routing in IP networks is typically implemented using Equal-Cost Multipath (ECMP) routing, which employs load balancing algorithms to distribute the traffic over multiple paths towards its destination.
Page 298 CRC16_BISYNC_AND_XOR8 - Upper 8 bits of CRC16-BISYNC and lower 8 bits of xor8 xor16 CR16 - 16 bit XOR] Example to view show hash-algorithm: Dell(conf)#hash-algorithm ecmp flow-based-hashing crc16 Dell(conf)#end Dell#show hash-algorithm Hash-Algorithm linecard 0 Port-Set 0 Seed 185270328 Hg-Seed 185282673...
Page 299 Figure 38. After Polarization Effect Traffic flow after enabling flow-based hashing When the flow-based hashing is enabled at all the nodes in the multi-tier network, traffic distribution is balanced at all tiers of the network nullifying the polarization effect. Traffic occurs by the randomness for the flow-based hashing algorithm across multiple nodes in a given network.
Page 300: Fip Snooping
FIP Snooping The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a switch stack. Topics: •...
Page 301 FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received between FCoE end-devices (ENodes) and the FCF. FIP uses its own EtherType and frame format. The following illustration shows the communication that occurs between an ENode server and an FCoE switch (FCF).
Page 302: Fip Snooping On Ethernet Bridges
FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB).
Page 303 Figure 40. FIP Snooping on a Dell Networking Switch The following sections describe how to configure the FIP snooping feature on a switch: • Allocate CAM resources for FCoE. • Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis.
Page 304: Using Fip Snooping
Example. Statistical information is available for FIP Snooping-related information. For available commands, refer to the FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure FIP snooping on a switch, ensure that certain conditions are met.
Page 305: Enabling The Fcoe Transit Feature
You must apply the CAM-ACL space for the FCoE region before enabling the FIP-Snooping feature. If you do not apply CAM-ACL space, the following error message is displayed: Dell(conf)#feature fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe.
Page 306: Enable Fip Snooping On Vlans
configurations are synchronized. By default, all FCoE and FIP frames are dropped unless specifically permitted by existing FIP snooping- generated ACLs. You can reconfigure any of the FIP snooping settings. If you disable FCoE transit, FIP and FCoE traffic are handled as normal Ethernet frames and no FIP snooping ACLs are generated. The VLAN-specific and FIP snooping configuration is disabled and stored until you re-enable FCoE transit and the configurations are re-applied.
Page 307: Impact On Other Software Features
Impact on Other Software Features When you enable FIP snooping on a switch, other software features are impacted. The following table lists the impact of FIP snooping. Table 25. Impact of Enabling FIP Snooping Impact Description MAC address learning MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically created by FIP snooping on server-facing ports in ENode mode.
Page 308: Displaying Fip Snooping Information
Displays information on the FCoE VLANs on which FIP snooping is enabled. Examples of the show fip-snooping Commands The following example shows the show fip-snooping sessions command. Dell#show fip-snooping sessions Enode MAC Enode Intf FCF MAC FCF Intf...
Page 309 Worldwide port name of the CNA port. Port WWNN Worldwide node name of the CNA port. The following example shows the show fip-snooping config command. Dell# show fip-snooping config FIP Snooping Feature enabled Status: Enabled FIP Snooping Global enabled Status: Enabled Global FC-MAP Value: 0X0EFC00...
Page 310 FC-ID Fibre Channel session ID assigned by the FCF. The following example shows the show fip-snooping statistics interface vlan command (VLAN and port). Dell# show fip-snooping statistics interface vlan 100 Number of Vlan Requests Number of Vlan Notifications Number of Multicast Discovery Solicits...
Page 311 Number of VN Port Session Timeouts Number of Session failures due to Hardware Config :0 The following example shows the show fip-snooping statistics port-channel command. Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests Number of Vlan Notifications...
Page 312 Number of Session failures due to Hardware Config Number of session failures due to hardware configuration that occurred on the interface. The following example shows the show fip-snooping system command. Dell# show fip-snooping system Global Mode : Enabled FCOE VLAN List (Operational) : 1, 100...
Page 313: Fcoe Transit Configuration Example
Example of Enabling the FIP Snooping Feature on the Switch (FIP Snooping Bridge) Dell(conf)# feature fip-snooping Example of Enabling FIP Snooping on the FCoE VLAN Dell(conf)# interface vlan 10 Dell(conf-if-vl-10)# fip-snooping enable Example of Enabling an FC-MAP Value on a VLAN...
Page 314 Example of Configuring the ENode Server-Facing Port Dell(conf)# interface tengigabitethernet 1/1/1/1 Dell(conf-if-te-1/1/1/1)# portmode hybrid Dell(conf-if-te-1/1/1/1)# switchport Dell(conf-if-te-1/1/1/1)# protocol lldp Dell(conf-if-te-1/1/1/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for bridge-ENode links. Example of Configuring the FCF-Facing Port Dell(conf)# interface tengigabitethernet 1/1/5/1...
Page 315: Flex Hash And Optimized Boot-Up
RTAG7 hash computation. You must specify the offset of hash fields from the start of the L4 header, which contains a flow identification field. In Dell Networking OS Release 9.3(0.0), you can enable bins 2 and 3 by using the load-balance ingress-port enable command in Global Configuration mode. To configure the flex hash functionality, you must enable these bins.
Page 316: Configuring Fast Boot And Lacp Fast Switchover
Enabled When device running Dell Networking OS earlier than Release 9.3(0.0) is reloaded, the CPU and other components on the board are reset at the same time. Therefore, the control plane and the forwarding plane are impacted immediately. After the system boots up and re-...
Page 317: Guidelines For Configuring Optimized Booting Mechanism
Fast boot is supported only when you perform an expected, stipulated reload by using the reload-type normal-reload command in Global Configuration mode or by using the reset command in uBoot mode on a switch that is running Dell Networking OS Release 9.3(0.0) or later, or when you perform a planned upgrade (and not an abrupt or unexpected shutdown) from an older release of Dell Networking OS to Release 9.3(0.0) or later.
Page 318: Interoperation Of Applications With Fast Boot And System States
• The system saves all the dynamic ND cache entries to a database on the flash card. After the system comes back online, and the Dell Networking OS image is loaded and the corresponding software applications on the system are also activated, the following processes specific to IPv6 are performed: •...
Page 319: Bgp Graceful Restart
BGP Graceful Restart When the system contains one or more BGP peerings configured for BGP graceful restart, fast boot performs the following actions: • A closure of the TCP sessions is performed on all sockets corresponding to BGP sessions on which Graceful Restart has been negotiated.
Page 320: Changes To Bgp Multipath
Delayed Installation of ECMP Routes Into BGP The current FIB component of Dell Networking OS has some inherent inefficiencies when handling a large number of ECMP routes (i.e., routes with multiple equal-cost next hops). To circumvent this for the configuration of fast boot, changes are made in BGP to delay the installation of ECMP routes.
Page 321: Preserving 802.1Q Vlan Tag Value For Lite Subinterfaces
enabled, the packets comprise TCP and UDP packets and they can be marked with DSCP code points. Multicast is not supported in that network. RRoCE packets are received and transmitted on specific interfaces called lite-subinterfaces. These interfaces are similar to the normal Layer 3 physical interfaces except for the extra provisioning that they offer to enable the VLAN ID for encapsulation.
Page 322: Force10 Resilient Ring Protocol (Frrp)
Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) and may require 4 to 5 seconds to reconverge.
Page 323: Ring Status
Ring Status The ring failure notification and the ring status checks provide two ways to ensure the ring remains up and active in the event of a switch or port failure. Ring Checking At specified intervals, the Master node sends a ring health frame (RHF) through the ring. If the ring is complete, the frame is received on its secondary port and the Master node resets its fail-period timer and continues normal operation.
Page 324: Important Frrp Points
In the following example, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups. Switch R3 has two instances of FRRP running on it: one for each ring.
Page 325: Important Frrp Concepts
• STP disabled on ring interfaces. • Master node secondary port is in blocking state during Normal operation. • Ring health frames (RHF) • Hello RHF: sent at 500ms (hello interval); Only the Master node transmits and processes these. • Topology Change RHF: triggered updates;...
Page 326: Implementing Frrp
FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP.
Page 327 Be sure to follow these guidelines: • All VLANS must be in Layer 2 mode. • You can only add ring nodes to the VLAN. • A control VLAN can belong to one FRRP group only. • Tag control VLAN ports. •...
Page 328: Configuring And Adding The Member Vlans
CONFIG-FRRP mode. no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to the Layer 2 chapter.
Page 329: Setting The Frrp Timers
CONFIG-FRRP mode. member-vlan vlan-id {range} VLAN-ID, Range: VLAN IDs for the ring’s Member VLANs. Enable this FRRP group on this switch. CONFIG-FRRP mode. no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. •...
Page 330: Troubleshooting Frrp
• Show the information for the identified FRRP group. EXEC or EXEC PRIVELEGED mode. show frrp ring-id Ring ID: the range is from 1 to 255. • Show the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255.
Page 331 mode master no disable Example of R2 TRANSIT interface TenGigabitEthernet 1/1/2/1 no ip address switchport no shutdown interface TenGigabitEthernet 1/1/2/2 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 1/1/2/1,1/1/2/2 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 1/1/2/1, 1/1/2/2 no shutdown...
Page 332: Garp Vlan Registration Protocol (Gvrp)
Dynamic VLANs are aged out after the LeaveAll timer expires three times without receipt of a Join message. To display status, use the show gvrp statistics {interface interface | summary} command. Dell(conf)#protocol spanning-tree pvst Dell(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST.
Page 333: Configure Gvrp
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, GVRP is configured on VLAN trunk ports.
Page 334: Enabling Gvrp Globally
To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command.
Page 335: Configure A Garp Timer
GARP devices can re-register all relevant attribute information. The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The Dell Networking OS default is 10000ms.
Page 336: Internet Group Management Protocol (Igmp)
IGMP Implementation Information • Dell Networking Operating System (OS) supports IGMP versions 1, 2, and 3 based on RFCs 1112, 2236, and 3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet.
Page 337: Leaving A Multicast Group
leaves a multicast group by sending an IGMP message to its IGMP Querier. The querier is the router that surveys a subnet for multicast receivers and processes survey responses to populate the multicast routing table. IGMP messages are encapsulated in IP packets, as shown in the following illustration. Figure 44.
Page 338: Igmp Version 3
Any remaining hosts respond to the query according to the delay timer mechanism (refer to Adjusting Query and Response Timers). If no hosts respond (because there are none remaining in the group), the querier waits a specified period and sends another query. If it still receives no response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet.
Page 339 Figure 46. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
Page 340 Figure 47. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
Page 341: Configure Igmp
Figure 48. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. Enable multicast routing using the ip multicast-routing command. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP Version •...
Page 342: Viewing Igmp Enabled Interfaces
Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3.
Page 343: Adjusting Timers
EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell#show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode Uptime Expires Last Reporter 225.1.1.1 TenGigabitEthernet 1/1/1/1 IGMPV2...
Page 344: Enabling Igmp Immediate-Leave
If IGMP snooping is enabled on a PIM-enabled VLAN interface, data packets using the router as an Layer 2 hop may be dropped. To avoid this scenario, Dell Networking recommends that users enable IGMP snooping on server-facing end-point VLANs only.
Page 345: Removing A Group-Port Association
• Specifying a Port as Connected to a Multicast Router • Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell(conf)#ip igmp snooping enable Dell(conf)#do show running-config igmp ip igmp snooping enable Dell(conf)# Removing a Group-Port Association To configure or view the remove a group-port association feature, use the following commands.
Page 346: Configuring The Switch As Querier
Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
Page 347: Egress Interface Selection (Eis) For Http And Igmp Applications
Egress Interface Selection (EIS) for HTTP and IGMP Applications You can use the Egress Interface Selection (EIS) feature to isolate the management and front-end port domains for HTTP and IGMP traffic. Also, EIS enables you to configure the responses to switch-destined traffic by using the management port IP address as the source IP address.
Page 348: Enabling And Disabling Management Egress Interface Selection
Application Name Port Number Client Server 20/21 Supported Supported Syslog Supported Telnet Supported Supported TFTP Supported Radius 1812,1813 Supported Tacacs Supported HTTP 80 for httpd Supported 443 for secure httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application If you configure a source interface is for any EIS management application, EIS might not coexist with that interface and the behavior is undefined in such a case.
Page 349: Handling Of Management Route Configuration
• For management applications, route lookup is preferentially done in the management EIS routing table for all traffic. management port is the preferred egress port. For example, if SSH is a management application, an SSH session to a front-panel port IP on the peer box is initiated via management port only, if the management port is UP and management route is available.
Page 350: Handling Of Switch-Destined Traffic
• To ensure that protocol separation is done only for switch initiated traffic where the application acts as client, only the destination TCP/UDP port is compared and not the source TCP/UDP port. The source TCP/UDP port becomes a known port number when the box acts as server.
Page 351: Handling Of Transit Traffic (Traffic Separation)
EIS routing table fails, ip2 is the source IP and the front-panel port is used to reach the destination. The fallback route between the management and data networks is used in such a case. At any given time, end users can access Dell Networking OS applications using either ip1 or ip2.
Page 352: Behavior Of Various Applications For Switch-Initiated Traffic
This phenomenon occurs where traffic is transiting the switch. Traffic has not originated from the switch and is not terminating on the switch. • Drop the packets that are received on the front-end data port with destination on the management port. •...
Page 353: Behavior Of Various Applications For Switch-Destined Traffic
Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled Snmp (SNMP Mib response and SNMP EIS Behavior Default Behavior Traps) EIS Behavior Default Behavior syslog EIS Behavior Default Behavior tacacs EIS Behavior Default Behavior telnet EIS Behavior Default Behavior tftp EIS Behavior Default Behavior...
Page 354: Interworking Of Eis With Various Applications
To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address. All IGMP control packets and IP multicast data traffic originating from receivers is forwarded to multicast router interfaces.
Page 355: Interfaces
Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10–Gigabit, 25–Gigabit, 40–Gigbit, 50–Gigabit, and 100–Gigabit QSFP 28 interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell optics for 40–Gigbit, 25–Gigabit, 50–Gigabit, and 100–Gigabit are set to error-disabled state.
Page 356: Interface Types
• Null Interfaces • Port Channel Interfaces • Bulk Configuration • Defining Interface Range Macros • Monitoring and Maintaining Interfaces • Split 40G Ports on a 16X40G QSFP+ Module • Splitting 100G Ports • Link Dampening • Link Bundle Monitoring •...
Page 357 NOTE: To end output from the system, such as the output from the show interfaces command, enter CTRL+C and Dell Networking OS returns to the command prompt. NOTE: The CLI output may be incorrectly displayed as 0 (zero) for the Rx/Tx power values. To obtain the correct power information, perform a simple network management protocol (SNMP) query.
Page 358: Resetting An Interface To Its Factory Default State
TenGigabitEthernet 1/1/5/1 no ip address portmode hybrid switchport rate-interval 8 mac learning-limit 10 no-station-move no shutdown Reset an interface to its factory default state. CONFIGURATION mode default interface interface-type] Dell(conf)#default interface tengigabitethernet 1/1/5/1 Verify the configuration. INTERFACE mode Interfaces...
Page 359: Enabling A Physical Interface
Configuration. For more information on port channels, refer to Port Channel Interfaces. Dell Networking OS Behavior: The system uses a single MAC address for all physical interfaces. Configuration Task List for Physical Interfaces By default, all interfaces are operationally disabled and traffic does not pass through them.
Page 360: Overview Of Layer Modes
Clearing Interface Counters Overview of Layer Modes On all systems running Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode. Table 36. Layer Modes...
Page 361: Configuring Layer 2 (Interface) Mode
Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Te 1/1/2/1. Dell(conf-if)# To determine the configuration of an interface, use the show config command in INTERFACE mode or the various show interface commands in EXEC mode.
Page 362: Egress Interface Selection (Eis)
View Basic Interface Information. To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode. Dell>show ip interface vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49.1/24 Broadcast address is 1.1.49.255...
Page 363: Management Interfaces
You can configure this interface using the CLI, but the configuration options on this interface are limited. You cannot configure Gateway addresses and IP addresses if it appears in the main routing table of Dell Networking OS. In addition, proxy ARP is not supported on this interface.
Page 364: Configuring A Management Interface On An Ethernet Port
To display the configuration for a given port, use the show interface command in EXEC Privilege mode, as shown in the following example. To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int TenGigabitEthernet 1/1/1/1 TenGigabitEthernet 1/1/1/1 is up, line protocol is up...
Page 365: Vlan Interfaces
You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol.
Page 366: Loopback Interfaces
Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Because this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place Loopback interfaces in default Layer 3 mode.
Page 367: Port Channel Definition And Standards
(LAG) or port channel. A LAG is “a group of links that appear to a MAC client as if they were a single link” according to IEEE 802.3ad. In Dell Networking OS, a LAG is referred to as a port channel interface.
Page 368: Interfaces In Port Channels
Port channels can contain a mix of 1G/10G/25G/40G/50G/100G. The interface speed that the port channel uses is determined by the first port channel member that is physically up. Dell Networking OS disables the interfaces that do not match the interface speed that the first channel member sets.
Page 369: Adding A Physical Interface To A Port Channel
The physical interfaces in a port channel can be on any line card in the chassis, but must be the same physical type. NOTE: Port channels can contain a mix of Ethernet interfaces, but Dell Networking OS disables the interfaces that are not the same speed of the first channel member in the port channel (refer to 10/100/1000 Mbps Interfaces in Port Channels).
Page 370: Reassigning An Interface To A New Port Channel
Dell> When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief command indicates the primary port.
Page 371: Configuring The Minimum Oper Up Links In A Port Channel
The following example shows moving an interface from port channel 4 to port channel 3. Dell(conf-if-po-4)#show config interface Port-channel 4 no ip address channel-member TenGigabitEthernet 1/1/8/1 no shutdown Dell(conf-if-po-4)#no chann tengi 1/1/8/1 Dell(conf-if-po-4)#int port 3 Dell(conf-if-po-3)#channel tengi 1/1/8/1 Dell(conf-if-po-3)#sho conf interface Port-channel 3 no ip address...
Page 372: Assigning An Ip Address To A Port Channel
EXEC mode Dell(conf)# interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)#switchport Dell(conf-if-te-1/1/1)# vlan tagged 2-5,100,4010 Dell#show interfaces switchport te 1/1/1 Codes: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Trunk, H - VSN tagged...
Page 373: Deleting Or Disabling A Port Channel
Dell Networking OS allows you to modify the hashing algorithms used for flows and for fragments. The load-balance and hash-algorithm commands are available for modifying the distribution algorithms.
Page 374: Changing The Hash Algorithm
Change the default (0) to another algorithm and apply it to ECMP, LAG hashing, or a particular line card. CONFIGURATION mode For more information about algorithm choices, refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide.
Page 375: Bulk Configuration
• xor4 —Upper 8 bits of CRC16-BISYNC and lower 8 bits of xor4 • xor8 — Upper 8 bits of CRC16-BISYNC and lower 8 bits of xor8 • xor16 — uses 16 bit XOR. Bulk Configuration Bulk configuration allows you to determine if interfaces are present for physical interfaces or configured for logical interfaces. Interface Range An interface range is a set of interfaces to which other commands may be applied and may be created if there is at least one valid interface within the range.
Page 376 The following is an example showing how duplicate entries are omitted from the interface-range prompt. Example of the Interface-Range Prompt for Duplicate Interfaces Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)#interface range tengigabitethernet 1/1/2/1 - 1/1/3/4 , tengigabitethernet 1/1/2/1 -...
Page 377: Defining Interface Range Macros
The following example shows how to use commas to add VLAN and port-channel interfaces to the range. Example of Adding VLAN and Port-Channel Interface Ranges Dell(config-if-range-te-1/1/1/1-1/1/2/1)# interface range Vlan 2 – 100 , Port 1 – 25 Dell(config-if-range-te-1/1/1/1-1/1/2/1-vl-2-100-po-1-25)# no shutdown Dell(config-if-range-hu-1/1/1-1/1/6)# interface range Vlan 2 –...
Page 378: Monitoring And Maintaining Interfaces
— Page down • q — Quit Dell#monitor interface Te 1/1/1/1 Dell uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.: 2s Interface: Te 1/1/1/1, Disabled, Link is Down, Linespeed is 1000 Mbit Traffic statistics: Current...
Page 379: Split 40G Ports On A 16X40G Qsfp+ Module
The following example shows that when you split an interface on a 16X40G module, the subsequent even numbered interface is removed from the configuration. Dell(conf)# stack-unit [stack-unit number] module [module number] port [port number] portmode quad speed 10G Warning: Enabling Quad mode on stack-unit 1 module 3 port 1. Please verify whether the configs related to interface Fo 1/3/1 Fo 1/3/2 are cleaned up before proceeding further.
Page 380: Splitting 100G Ports
Splitting 100G Ports The platform supports splitting a single 100G QSFP 28 port into any of the following ports: • Two 50G ports • Four 25G ports • One 40G port • Four 10G ports NOTE: You can use the supported breakout cables (for a list of supported cables, refer to the Installation Guide or the Release Notes).
Page 381: Link Dampening
TenGigabitEthernet 1/1/1/1 ip address 10.10.19.1/24 dampening 1 2 3 4 no shutdown To view dampening information on all or specific dampened interfaces, use the show interfaces dampening command from EXEC Privilege mode. Dell#show interfaces dampening Interface Supp Flaps Penalty Half-Life Reuse...
Page 382 The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, Dell Networking OS divides the packet into fragments no bigger than the size set in the ip mtu command.
Page 383: Link Bundle Monitoring
Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it.
Page 384: Enabling Pause Frames
For example, for VLAN packets, if the IP MTU is 1400, the Link MTU must be no less than 1422: 1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The following table lists the various Layer 2 overheads found in the Dell Networking OS and the number of bytes. Table 37. Layer 2 Overhead...
Page 385: Port-Pipes
Port-Pipes A port pipe is a Dell Networking-specific term for the hardware packet-processing elements that handle network traffic to and from a set of front-end I/O ports. The physical, front-end I/O ports are referred to as a port-set. In the command-line interface, a port pipe is entered as port-set port-pipe-number.
Page 386: Fec Configuration
Example of the fec enable Command Dell(conf-if-hu-1/1/1)#fec enable Disable autoneg before enabling/disabling FEC on 100G port Dell(conf-if-hu-1/1/1)#no fec enable Disable autoneg before enabling/disabling FEC on 100G port Dell(conf-if-hu-1/1/1)#no intf-type cr4 autoneg Dell(conf-if-hu-1/1/1)#show config interface hundredGigE 1/1/1 no ip address shutdown...
Page 387: Setting The Speed Of Ethernet Interfaces
• To view CR4 auto-negotiation and FEC configurations for 25–Gigabit, 50–Gigabit and 100–Gigabit Ethernet interfaces, use the show interfaces command. Dell#show interfaces hundredGigE 1/1/1 hundredGigE 1/1/1 is up, line protocol is up Hardware is DellEth, address is 00:12:32:12:42:13 Current address is 00:12:32:12:42:13...
Page 388 Example of the show interfaces status Command to View Link Status NOTE: The show interfaces status command displays link status, but not administrative status. For both link and administrative status, use the show ip interface command. Dell#show interfaces status Port Description Status Speed...
Page 389: Adjusting The Keepalive Timer
Dell#show ip interface tengigabitEthernet 1 configured Dell#show ip interface hundredGigE 1 configured Dell#show ip interface br configured Dell#show ip interface br stack-unit 1 configured Dell#show ip interface br tengigabitEthernet 1 configured Dell#show running-config interfaces configured Dell#show running-config interface tengigabitEthernet 1 configured...
Page 390: Configuring The Interface Sampling Size
Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h40m Dell(conf)#interface tengigabitethernet 1/1/1/1 Dell(conf-if-te-1/1/1/1)#rate-interval 100 Dell#show interfaces TenGigabitEthernet 1/1/1/1 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:01:9e:d9...
Page 391: Dynamic Counters
Time since last interface status change: 1d23h42m Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, Dell Networking OS automatically turns on counting when you enable the application, and is turned off when you disable the application. NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance.
Page 392: Enhanced Validation Of Interface Ranges
Example of the clear counters Command When you enter this command, confirm that you want Dell Networking OS to clear the interface counters for that interface. Dell#clear counters te 1/1/1/1 Clear counters on TenGigabitEthernet 1/1/1/1 [confirm]...
Page 393 2.1.1.1/16 switchport shut shut shut shut shut shut Dell# show running-config Dell# show running-config compressed <snip> <snip> interface TenGigabitEthernet 1/1/1/1 interface TenGigabitEthernet 1/1/1/1 no ip address no ip address switchport switchport shutdown shutdown interface TenGigabitEthernet 1/1/1/2 Interface group TenGigabitEthernet 1/1/2/1 –...
Page 394 The write memory compressed CLI will write the operating configuration to the startup-config file in the compressed mode. In stacking scenario, it will also take care of syncing it to all the standby and member units. The following is the sample output: Dell#write memory compressed Jul 30 08:50:26: %STKUNIT0-M:CP %FILEMGR-5-FILESAVED: Copied running-config to startup-config Interfaces...
Page 395 Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field). Interfaces...
Page 396: Ipv4 Routing
IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS. IP Feature...
Page 397: Ip Addresses
NOTE: Even though Dell Networking OS listens to all ports, you can only use the ports starting from 35001 for IPv4 traffic. Ports starting from 0 to 35000 are reserved for internal use and you cannot use them for IPv4 traffic.
Page 398: Configuring Static Routes
Example the show config Command To view the configuration, use the show config command in INTERFACE mode or use the show ip interface command in EXEC privilege mode, as shown in the second example. Dell(conf-if)#show conf interface TenGigabitEthernet 1/1/1/1 ip address 10.11.1.1/24...
Page 399: Configure Static Routes For The Management Interface
Dell Networking OS installs a next hop that is on the directly connected subnet of current IP address on the interface. Dell Networking OS also installs a next hop that is not on the directly connected subnet but which recursively resolves to a next hop on the interface's configured subnet.
Page 400: Using The Configured Source Ip Address In Icmp Messages
Define the wait duration in seconds for the TCP connection to be established. CONFIGURATION mode Dell(conf)#ip tcp reduced-syn-ack-wait <9-75> You can use the no ip tcp reduced-syn-ack-wait command to restore the default behavior, which causes the wait period to be set as 8 seconds.
Page 401: Enabling Directed Broadcast
Dell>show ip tcp reduced-syn-ack-wait Enabling Directed Broadcast By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive directed broadcasts, use the following command.
Page 402: Specifying The Local System Domain And A List Of Domains
If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches the host table first to resolve the partial domain.
Page 403: Arp
For more information about ARP, refer to RFC 826, An Ethernet Address Resolution Protocol. In Dell Networking OS, Proxy ARP enables hosts with knowledge of the network to accept and forward packets from hosts that contain no knowledge of the network. Proxy ARP makes it possible for hosts to be ignorant of the network, including subnetting.
Page 404: Enabling Proxy Arp
Gratuitous ARP can mean an ARP request or reply. In the context of ARP learning via gratuitous ARP on Dell Networking OS, the gratuitous ARP is a request. A gratuitous ARP request is an ARP request that is not needed according to the ARP specification, but one that hosts may send to: •...
Page 405: Enabling Arp Learning Via Gratuitous Arp
ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address.
Page 406: Configuring Arp Retries
The following lists the configuration tasks for ICMP. • Enabling ICMP Unreachable Messages For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled.
Page 407: Udp Helper
IP address of packets to match those addresses. Configure UDP Helper To configure Dell Networking OS to direct UDP broadcast, enable UDP helper and specify the UDP ports for which traffic is forwarded. See Enabling UDP Helper Important Points to Remember •...
Page 408: Configurations Using Udp Helper
UDP Helper with No Configured Broadcast Addresses UDP Helper with Broadcast-All Addresses When the destination IP address of an incoming packet is the IP broadcast address, Dell Networking OS rewrites the address to match the configured broadcast address. In the following illustration: Packet 1 is dropped at ingress if you did not configure UDP helper address.
Page 409: Udp Helper With Subnet Broadcast Addresses
Figure 51. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching interface. In the following illustration, Packet 1 has the destination IP address 1.1.1.255, which matches the subnet broadcast address of VLAN 101.
Page 410: Udp Helper With No Configured Broadcast Addresses
To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Te 5/1/1 with IP DA (0xffffffff) will be sent on Te 5/1/2 Te 5/1/3 Vlan 3 01:44:54: Pkt rcvd on Te 7/1/1 is handed over for DHCP processing.
Page 411: Ipv6 Routing
IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
Page 412: Extended Address Space
Router Solicitations (RS). By default, RA response messages are sent when an RS message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised so the neighbor can use this information to auto-configure its address. However, received ND messages are not used to create an IPv6 address.
Page 413: Longest Prefix Match (Lpm) Table And Ipv6 /65 - /128 Support
A command has been introduced to partition the LPM to support provisioning of IPv6 /65 to /128 route prefixes. To support /65 – /128 IPv6 route prefix entries, Dell Networking OS needs to be programmed with /65 - /128 bit IPv6 support. The number of entries as well needs to be explicitly programmed.
Page 414: Ipv6 Header Fields
The platforms uses only IPv6 /0 – 0/64 prefix route entries. Support for /0 – /128 IPv6 prefix route entries is available, although they are not utilized. A total of eight pools or regions are present with each region containing 1024 210-bit entries (supports up to 0/64 prefix). To support up to /128 prefixes, you must use 2 banks (410-bit entries).
Page 415 Next Header (8 bits) The Next Header field identifies the next header’s type. If an Extension header is used, this field contains the type of Extension header (as shown in the following table). If the next header is a transmission control protocol (TCP) or user datagram protocol (UDP) header, the value in this field is the same as for IPv4.
Page 416: Extension Header Fields
Source Address (128 bits) The Source Address field contains the IPv6 address for the packet originator. Destination Address (128 bits) The Destination Address field contains the intended recipient’s IPv6 address. This can be either the ultimate destination or the address of the next hop router.
Page 417: Addressing
Discard the packet and send an ICMP Parameter Problem Code 2 message to the packet’s Source IP Address identifying the unknown option type. Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet’s Source IP Address only if the Destination IP Address is not a multicast address.
Page 418: Implementing Ipv6 With Dell Networking Os
ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 4443.
Page 419: Ipv6 Neighbor Discovery
NOTE: To avoid problems with network discovery, Dell Networking recommends configuring the static route last or assigning an IPv6 address to the interface and assigning an address to the peer (the forwarding router’s address) less than 10 seconds apart.
Page 420: Debugging Ipv6 Rdnss Information Sent To The Host
Dell(conf-if-te-1/1/1/1)#do debug ipv6 nd tengigabitethernet 1/1/1/1 ICMPv6 Neighbor Discovery packet debugging is on for tengigabitethernet 1/1/1/1 Dell(conf-if-te-1/1/1/1)#00:13:02 : : cp-ICMPV6-ND: Sending RA on Te 1/1/1/1 current hop limit=64, flags: M-, O-, router lifetime=1800 sec, reachable time=0 ms, retransmit time=0 ms...
Page 421: Displaying Ipv6 Rdnss Information
Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. IPv6 Routing...
Page 422: Configuration Tasks For Ipv6
Configuration Tasks for IPv6 The following are configuration tasks for the IPv6 protocol. • Adjusting Your CAM-Profile • Assigning an IPv6 Address to an Interface • Assigning a Static IPv6 Route • Configuring Telnet with IPv6 • SNMP over IPv6 •...
Page 423: Assigning An Ipv6 Address To An Interface
Assigning an IPv6 Address to an Interface Essentially, IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully. To assign an IPv6 address to an interface, use the ipv6 address command.
Page 424: Configuring Telnet With Ipv6
Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router.
Page 425: Displaying An Ipv6 Interface Information
• For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Example of the show ipv6 interface Command Dell#show ipv6 int ManagementEthernet 1/1 ManagementEthernet 1/1 is up, line protocol is up IPV6 is enabled Stateless address autoconfiguration is enabled...
Page 426: Showing Ipv6 Routes
To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command. Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0...
Page 427: Showing The Running-Configuration For An Interface
For a 100-Gigabit Ethernet interface, enter the keyword hundredGigE then the stack/slot/port information. • For the Management interface on the stack-unit, enter the keyword ManagementEthernet then the slot/port information. Example of the show running-config interface Command Dell#show run int Te 1/1/1/1 interface TenGigabitEthernet 1/1/1/1 no ip address ipv6 address 3:4:5:6::8/24...
Page 428: Configuring Ipv6 Ra Guard
Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted router advertisement guard messages that arrive at the network device platform. To configure the IPv6 RA guard, perform the following steps: Configure the terminal to enter the Global Configuration mode. EXEC Privilege mode configure terminal Enable the IPv6 RA guard.
Page 429: Configuring Ipv6 Ra Guard On An Interface
The retransmission time range is from 100 to 4,294,967,295 milliseconds. Display the configurations applied on the RA guard policy mode. POLICY LIST CONFIGURATION mode show config Example of the show config Command Dell(conf-ra_guard_policy_list)#show config ipv6 nd ra-guard policy test device-role router hop-limit maximum 251 mtu 1350...
Page 430: Monitoring Ipv6 Ra Guard
[interface slot/port[/subport] | count value] The count range is from 1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, see the Dell Networking OS Command Line Reference Guide. IPv6 Routing...
Page 431: Iscsi Optimization
In a data center network, Dell EqualLogic and Compellent iSCSI storage arrays are connected to a converged Ethernet network using the data center bridging exchange protocol (DCBx) through stacked and/or non-stacked Ethernet switches.
Page 432 • iSCSI QoS — A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used to direct the iSCSI data traffic to queues that can be given preferential QoS treatment over other data passing through the switch. Preferential treatment helps to avoid session interruptions during times of congestion that would otherwise cause dropped iSCSI packets.
Page 433: Monitoring Iscsi Traffic Flows
QoS dot1p-priority command (refer to QoS dot1p Traffic Classification and Queue Assignment). Dell Networking recommends setting the CoS dot1p priority-queue to 0 (zero). You can configure whether iSCSI frames are re-marked to contain the configured VLAN priority tag or IP DSCP when forwarded through the switch.
Page 434: Detection And Auto-Configuration For Dell Equallogic Arrays
The switch uses the link layer discovery protocol (LLDP) to discover Dell EqualLogic devices on the network. LLDP is enabled by default. For more information about LLDP, refer to Link Layer Discovery Protocol (LLDP).
Page 435: Synchronizing Iscsi Sessions Learned On Vlt-Lags With Vlt-Peer
• Unicast storm control is disabled on the interface. Enter the iscsi profile-compellent command in INTERFACE Configuration mode; for example: Dell(conf-if-te-o/50# iscsi profile-compellent Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT- Peer The following behavior occurs during synchronization of iSCSI sessions.
Page 436: Default Iscsi Optimization Values
NOTE: By default, CAM allocation for iSCSI is set to 0. This disables session monitoring. Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 39. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Disabled.
Page 437: Iscsi Enable
NOTE: Content addressable memory (CAM) allocation is optional. If CAM is not allocated, the following features are disabled: • session monitoring • aging • class of service You can enable iSCSI even when allocated with zero (0) CAM blocks. However, if no CAM blocks are allocated, session monitoring is disabled and this information the show iscsi command displays this information.
Page 438: Displaying Iscsi Optimization Information
ID. show iscsi sessions detailed [session isid] • Display all globally configured non-default iSCSI settings in the current Dell Networking OS session. show run iscsi Examples of the show iscsi Commands The following example shows the show iscsi command.
Page 439 VLT PEER2 Session 0: ------------------------------------------------------------------------------------ Target: iqn.2001-05.com.equallogic:0-8a0906-0f60c2002-0360018428d48c94-iom011 iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 The following example shows the show iscsi session detailed command. VLT PEER1 Dell# show iscsi session detailed Session 0: ------------------------------------------------------------ Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 33345 10.10.0.101 3260 0...
Page 440: Intermediate System To Intermediate System
Intermediate System to Intermediate System The intermediate system to intermediate system (IS-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. Topics: • IS-IS Protocol Overview • IS-IS Addressing • Multi-Topology IS-IS •...
Page 441: Multi-Topology Is-Is
• area address — within your routing domain or area, each area must have a unique area value. The first byte is called the authority and format indicator (AFI). • system address — the router’s MAC address. • N-selector — this is always 0. The following illustration is an example of the ISO-style address to show the address format IS-IS uses.
Page 442: Interface Support
Interface Support MT IS-IS is supported on physical Ethernet interfaces, physical synchronous optical network technologies (SONET) interfaces, port- channel interfaces (static and dynamic using LACP), and virtual local area network (VLAN) interfaces. Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement MT extensions. If a local router does not participate in certain MTs, it does not advertise those MT IDs in its IS-IS hellos (IIHs) and so does not include that neighbor within its LSPs.
Page 443: Configuration Information
By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing;...
Page 444: Configuration Tasks For Is-Is
Configuration Tasks for IS-IS The following describes the configuration tasks for IS-IS. • Enabling IS-IS • Configure Multi-Topology IS-IS (MT IS-IS) • Configuring IS-IS Graceful Restart • Changing LSP Attributes • Configuring the IS-IS Metric Style • Configuring IS-IS Cost •...
Page 445 The default IS type is level-1-2. To change the IS type to Level 1 only or Level 2 only, use the is-type command in ROUTER ISIS mode. To view the IS-IS configuration, enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 446 IS-IS: LSP checksum errors received : 0 IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: •...
Page 447 Use this command for IPv6 route computation only when you enable multi-topology. If using single-topology mode, to apply to both IPv4 and IPv6 route computations, use the spf-interval command in CONFIG ROUTER ISIS mode. Implement a wide metric-style globally. ROUTER ISIS AF IPV6 mode isis ipv6 metric metric-value [level-1 | level-2 | level-1-2] To configure wide or wide transition metric style, the cost can be between 0 and 16,777,215.
Page 448 Example of the show isis interface Command To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode. Dell#show isis interface TenGigabitEthernet 1/1/1/4 TenGigabitEthernet 1/1/1/4 is up, line protocol is up MTU 1497, Encapsulation SAP...
Page 449 Example of Viewing IS-IS Configuration (ROUTER ISIS Mode) To view the configuration, use the show config command in ROUTER ISIS mode or the show running-config isis command in EXEC Privilege mode. Dell#show running-config isis router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00...
Page 450 If you configure narrow, transition, or narrow transition metric style, the cost can be a number between 0 and 63. If you configure wide or wide transition metric style, the cost can be a number between 0 and 16,777,215. Dell Networking OS supports five different metric styles: narrow, wide, transition, narrow transition, and wide transition.
Page 451: Configuring The Distance Of A Route
Accept wide metrics: none Dell# Configuring the IS-IS Cost When you change from one IS-IS metric style to another, the IS-IS metric value could be affected. For each interface with IS-IS enabled, you can assign a cost or metric that is used in the link state calculation.
Page 452: Changing The Is-Type
The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level. To view the Link State databases, use the show isis database command. Dell#show isis database IS-IS Level-1 Link State Database...
Page 453 Another method of controlling routing information is to filter the information through a prefix list. Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS.
Page 454: Redistributing Ipv4 Routes
Applying IPv6 Routes To apply prefix lists to incoming or outgoing IPv6 routes, use the following commands. NOTE: These commands apply to IPv6 IS-IS only. To apply prefix lists to IPv4 routes, use ROUTER ISIS mode, previously shown. • Apply a configured prefix list to all incoming IPv6 IS-IS routes. ROUTER ISIS-AF IPV6 mode distribute-list prefix-list-name in [interface] Enter the type of interface and the interface information:...
Page 455: Redistributing Ipv6 Routes
ROUTER ISIS mode redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: • level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. •...
Page 456: Configuring Authentication Passwords
Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system.
Page 457: Debugging Is-Is
When the bit is set, a 1 is placed in the OL column in the show isis database command output. The overload bit is set in both the Level-1 and Level-2 database because the IS type for the router is Level-1-2. Dell#show isis database IS-IS Level-1 Link State Database...
Page 458: Is-Is Metric Styles
Enter the type of interface and slot/port information to view IS-IS information on that interface only. Dell Networking OS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
Page 459: Maximum Values In The Routing Table
Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all other metric styles support a range of 0 to 0xFE000000. Change the IS-IS Metric Style in One Level Only By default, the IS-IS metric style is narrow.
Page 460: Leaks From One Level To Another
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value narrow transition transition original value wide transition wide original value wide transition narrow default value (10) if the original value is greater than 63. A message is sent to the console.
Page 461: Sample Configurations
Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of the following three different methods: • Congruent Topology — You must configure both IPv4 and IPv6 addresses on the interface. Enable the ip router isis and ipv6 router isis commands on the interface.
Page 462 TenGigabitEthernet 1/1/1/1 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-1/1/1/1)# Dell (conf-router_isis)#show config router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf-router_isis)# Dell (conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1...
Page 463 Dell (conf-router_isis)# Dell (conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-1/1/1/1)# Dell (conf-router_isis)#show config router isis net 34.0000.0000.AAAA.00 address-family ipv6 unicast multi-topology transition exit-address-family Dell (conf-router_isis)# Intermediate System to Intermediate System...
Page 464: Link Aggregation Control Protocol (Lacp)
Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards.
Page 465: Lacp Modes
LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state.
Page 466: Lacp Configuration Tasks
Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface TenGigabitethernet 1/1/1/1 Dell(conf-if-te-1/1/1/1)#no shutdown Dell(conf-if-te-1/1/1/1)#port-channel-protocol lacp Dell(conf-if-te-1/1/1/1-lacp)#port-channel 32 mode active Dell(conf)#interface TenGigabitethernet 1/1/1/2 Dell(conf-if-te-1/1/1/2)#no shutdown Dell(conf-if-te-1/1/1/2)#port-channel-protocol lacp Dell(conf-if-te-1/1/1/2-lacp)#port-channel 32 mode active Link Aggregation Control Protocol (LACP)
Page 467: Setting The Lacp Long Timeout
Dell(conf)#interface TenGigabitethernet 1/1/1/2 Dell(conf-if-te-1/1/1/2)#no shutdown Dell(conf-if-te-1/1/1/2)#port-channel-protocol lacp Dell(conf-if-te-1/1/1/2-lacp)#port-channel 32 mode active Dell(conf)#interface TenGigabitethernet 1/1/1/3 Dell(conf-if-te-1/1/1/3)#no shutdown Dell(conf-if-te-1/1/1/3)#port-channel-protocol lacp Dell(conf-if-te-1/1/1/3-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing static channel-member configuration in LAG 32.
Page 468: Shared Lag State Tracking
Figure 60. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking. To achieve this functionality, you must group LAG 1 and LAG 2 into a single entity, called a failover group.
Page 469 Example of LAGs in the Same Failover Group Dell#config Dell(conf)#port-channel failover-group Dell(conf-po-failover-grp)#group 1 port-channel 1 port-channel 2 To view the failover group configuration, use the show running-configuration po-failover-group command. Dell#show running-config po-failover-group port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group.
Page 470: Important Points About Shared Lag State Tracking
Important Points about Shared LAG State Tracking The following is more information about shared LAG state tracking. • This feature is available for static and dynamic LAGs. • Only a LAG can be a member of a failover group. • You can configure shared LAG state tracking on one side of a link or on both sides.
Page 471 Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface Index is 109101113 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10000 Mbit, Mode full duplex, Slave Flowcontrol rx on tx on ARP type: ARPA, ARP Timeout 04:00:00...
Page 472 Figure 63. Inspecting the LAG Configuration Link Aggregation Control Protocol (LACP)
Page 473 Figure 64. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP)
Page 474 Figure 65. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int tengig 1/1/1/2 Alpha(conf-if-te-1/1/1/2)#no ip address Alpha(conf-if-te-1/1/1/2)#no switchport Alpha(conf-if-te-1/1/1/2)#shutdown Alpha(conf-if-te-1/1/1/2)#port-channel-protocol lacp Alpha(conf-if-te-1/1/1/2-lacp)#port-channel 10 mode active Alpha(conf-if-te-1/1/1/2-lacp)#no shut Alpha(conf-if-te-1/1/1/2)#show config interface GigabitEthernet 1/1/1/2 no ip address port-channel-protocol LACP port-channel 10 mode active...
Page 475 Summary of the LAG Configuration on Bravo Bravo(conf-if-te-1/1/1/3)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config interface Port-channel 10 no ip address switchport no shutdown Bravo(conf-if-po-10)#exit Bravo(conf)#int tengig 1/1/1/3 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-te-1/1/1/3)#port-channel-protocol lacp Bravo(conf-if-te-1/1/1/3-lacp)#port-channel 10 mode active Bravo(conf-if-te-1/1/1/3-lacp)#no shut Bravo(conf-if-te-1/1/1/3)#end interface TenGigabitEthernet 1/1/1/3...
Page 476 Figure 66. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP)
Page 477 Figure 67. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP)
Page 478 Figure 68. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection.
Page 479: Layer 2
Layer 2 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries •...
Page 480: Configuring A Static Mac Address
Recovering from Learning Limit and Station Move Violations Dell Networking OS Behavior: When configuring the MAC learning limit on a port or VLAN, the configuration is accepted (becomes part of running-config and show mac learning-limit interface) before the system verifies that sufficient CAM space exists. If...
Page 481: Setting The Mac Learning Limit
Entries created before this option is set are not affected. Dell Networking OS Behavior: If you do not configure the dynamic option, the system does not detect station moves in which a MAC address learned from a MAC-limited port is learned on another port on the same system.
Page 482: Mac Learning-Limit Station-Move
EXEC Privilege mode show mac learning-limit Dell Networking OS Behavior: The systems do not generate a station-move violation log entry for physical interfaces or port-channels when you configure mac learning-limit or when you configure mac learning-limit station-move-violation log. Dell Networking OS detects a station-move violation only when you configure mac learning-limit dynamic and logs the violation only when you configure the mac learning-limit station-move-violation log, as shown in the following example.
Page 483: Setting Station Move Violation Actions
Setting Station Move Violation Actions no-station-move is the default behavior. You can configure the system to take an action if a station move occurs using one the following options with the mac learning-limit command. To display a list of interfaces configured with MAC learning limit or station move violation actions, use the following commands. •...
Page 484: Disabling Mac Address Learning On The System
ARP is resolved (in the previous example, this location is Port 0/5 of the switch). To ensure that the MAC address is disassociated with one port and reassociated with another port in the ARP table, the no mac-address-table station-move refresh-arp command should not be configured on the Dell Networking switch at the time that NIC teaming is being configured on the server. Layer 2...
Page 485: Configure Redundant Pairs
Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces.
Page 486 Figure 71. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command. Initially, the primary interface is active and transmits traffic and the backup interface remains down. If the primary fails for any reason, the backup transitions to an active Up state.
Page 487: Important Points About Configuring Redundant Pairs
TenGigabitEthernet 1/1/1/2 no shutdown interface TenGigabitEthernet 1/1/1/2 no ip address switchport no shutdown Dell(conf-if-range-te-1/1/1/1-1/1/1/2)# Dell(conf-if-range-te-1/1/1/1-1/1/1/2)#do show ip int brief | find 1/1/1/2 TenGigabitEthernet 1/1/1/1 unassigned YES Manual up TenGigabitEthernet 1/1/1/1 unassigned NO Manual up down [output omitted]...
Page 488: Far-End Failure Detection
Port-channel 2 Standby Port-channel 1 Active Dell# Dell(conf-if-po-1)#switchport backup interface tengigabitethernet 1/2/1 Apr 9 00:16:29: %STKUNIT0-M:CP %IFMGR-5-L2BKUP_WARN: Do not run any Layer2 protocols on Po 1 and Te 1/1/1/2 Dell(conf-if-po-1)# Far-End Failure Detection Far-end failure detection (FEFD) is a protocol that senses remote data link errors in a network. FEFD responds by sending a unidirectional report that triggers an echoed response after a specified time interval.
Page 489: Fefd State Changes
You can enable FEFD globally or on a per-interface basis. Interface FEFD configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. • FEFD is not supported on Fibre Channel and copper Ethernet ports.
Page 490: Configuring Fefd
Te 1/3/1 Normal 3 Admin Shutdown Te 1/4/1 Normal 3 Admin Shutdown Dell#show run fefd fefd-global mode normal fefd-global interval 3 Enabling FEFD on an Interface To enable, change, or disable FEFD on an interface, use the following commands. •...
Page 491: Debugging Fefd
Dell(conf-if-te-1/1/1)#shutdown 2w1d22h: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Te 1/1/1 Dell(conf-if-te-1/1/1)#2w1d22h : FEFD state on Te 1/1/1 changed from ANY to Unknown 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 1/1/1 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 4/1/1...
Page 492 2w1d22h: %RPM0-P:CP %IFMGR-5-INACTIVE: Changed Vlan interface state to inactive: Vl 1 2w1d22h : FEFD state on Te 4/1/1 changed from Bi-directional to Unknown Dell#debug fefd packets Dell#2w1d22h : FEFD packet sent via interface Te 1/1/1 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port-Subport(Te 1/1/1)
Page 493: Link Layer Discovery Protocol (Lldp)
Link Layer Discovery Protocol (LLDP) This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Page 494: Optional Tlvs
Organizationally Specific TLVs. Figure 74. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Management TLVs A management TLV is an optional TLVs sub-type. This kind of TLV contains essential management information about the sender.
Page 495 Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs.
Page 496: Tia-1057 (Lldp-Med) Overview
• LLDP-MED Network Connectivity Device — any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: •...
Page 497 The value of the LLDP-MED capabilities field in the TLV is a 2–octet bitmap, each bit represents an LLDP-MED capability (as shown in the following table). • The possible values of the LLDP-MED device type are shown in the following. The Dell Networking system is a network connectivity device, which is Type 4. Link Layer Discovery Protocol (LLDP)
Page 498 When you enable LLDP-MED in Dell Networking OS (using the advertise med command), the system begins transmitting this TLV. Figure 76. LLDP-MED Capabilities TLV Table 49. Dell Networking OS LLDP-MED Capabilities Bit Position Dell Networking OS Support LLDP-MED Capabilities Network Policy...
Page 499 Advertise the extended power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • Power Type — there are two possible power types: power source entity (PSE) or power device (PD). The Dell Networking system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification.
Page 500: Configure Lldp
• Power Value — Dell Networking advertises the maximum amount of power that can be supplied on the port. By default the power is 15.4W, which corresponds to a power value of 130, based on the TIA-1057 specification. You can advertise a different power value using the max-milliwatts option with the power inline auto | static command.
Page 501: Enabling Lldp
LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuration Negate a command or set its defaults show Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/1/3/1 Dell(conf-if-te-1/1/3/1)#protocol lldp Dell(conf-if-te-1/1/3/1-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol on this interface...
Page 502: Enabling Lldp On Management Ports
Enabling LLDP on Management Ports LLDP on management ports is enabled by default. To enable LLDP on management ports, use the following command. Enter Protocol LLDP mode. CONFIGURATION mode protocol lldp Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode management-interface Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP on Management Ports...
Page 503: Viewing The Lldp Configuration
To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Examples of Viewing LLDP Configurations The following example shows viewing an LLDP global configuration. Dell(conf)#protocol lldp Dell(conf-lldp)#show config protocol lldp Link Layer Discovery Protocol (LLDP)
Page 504: Viewing Information Advertised By Adjacent Lldp Agents
TenGigabitEthernet 1/1/3/1 00:01:e8:05:40:46 Te 1/1/2/1 TenGigabitEthernet 1/1/4/1 00:01:e8:05:40:46 Example of Viewing Details Advertised by Neighbors Dell#show lldp neighbors detail ======================================================================== Local Interface Te 1/1/4/1 has 1 neighbor Total Frames Out: 6547 Total Frames In: 4136 Total Neighbor information Age outs: 0...
Page 505: Configuring Lldpdu Intervals
Remote MTU: 1554 Remote System Desc: Dell Networks Real Time Operating System Software Dell Operating System Version: 1.0. Dell Application Software Version: 9.8(1.0). Copyright (c) 1999-2014 Build Time: Thu Aug 9 01:05:51 PDT 1999-2015 Existing System Capabilities: Repeater Bridge Router...
Page 506: Configuring The Time To Live Value
• Receive only. CONFIGURATION mode or INTERFACE mode mode rx • Return to the default setting. CONFIGURATION mode or INTERFACE mode no mode Example of Configuring a Single Mode R1(conf)#protocol lldp R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ?
Page 507: Debugging Lldp
R1(conf-lldp)#multiplier ? <2-10> Multiplier (default=4) R1(conf-lldp)#multiplier 5 R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description multiplier 5 no disable R1(conf-lldp)#no multiplier R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Debugging LLDP...
Page 508: Relevant Management Objects
Figure 80. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on the local agent •...
Page 509 MIB Object LLDP Variable LLDP MIB Object Description Category Basic TLV mibBasicTLVsTxEnable lldpPortConfigTLVsTxEnable Indicates which management TLVs Selection are enabled for system ports. mibMgmtAddrInstanceTxEnable lldpManAddrPortsTxEnable The management addresses defined for the system and the ports through which they are enabled for transmission.
Page 510 TLV Type TLV Name TLV Variable System LLDP MIB Object System Capabilities system capabilities Local lldpLocSysCapSupported Remote lldpRemSysCapSupported Management Address enabled capabilities Local lldpLocSysCapEnabled Remote lldpRemSysCapEnabled management address Local lldpLocManAddrLen length Remote lldpRemManAddrLen management address Local lldpLocManAddrSubtype subtype Remote lldpRemManAddrSubtype management address Local lldpLocManAddr...
Page 511 TLV Type TLV Name TLV Variable System LLDP MIB Object VLAN name Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName Table 55. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object lldpXMedPortCapSupporte LLDP-MED Capabilities LLDP-MED Capabilities Local lldpXMedPortConfigTLVsTx Enable lldpXMedRemCapSupporte Remote lldpXMedRemConfigTLVsTx...
Page 512 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Remote lldpXMedRemLocationSubt Location ID Data Local lldpXMedLocLocationInfo Remote lldpXMedRemLocationInfo Link Layer Discovery Protocol (LLDP)
Page 513: Microsoft Network Load Balancing
Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
Page 514: Limitations Of The Nlb Feature
ARP request is sent to a server cluster, either the active server or all the servers send a reply, depending on the cluster configuration. If the active server sends a reply, the Dell switch learns the active server’s MAC address. If all servers reply, the switch registers only the last received ARP reply and the switch learns one server’s actual MAC address;...
Page 515: Enabling A Switch For Multicast Nlb
NOTE: When you use the mac-address-table static multicast-mac-address command in a VLT setup, Dell Networking OS recommends to add VLTi as one of the egress interfaces along with other cluster facing interfaces. Microsoft Network Load Balancing...
Page 516: Multicast Source Discovery Protocol (Msdp)
Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Page 517: Anycast Rp
RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 82.
Page 518: Implementation Information
New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell Networking OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446. Configure Multicast Source Discovery Protocol Configuring MSDP is a four-step process.
Page 519 Figure 83. Configuring Interfaces for MSDP Multicast Source Discovery Protocol (MSDP)
Page 520 Figure 84. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP)
Page 521 Figure 85. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP)
Page 522: Enable Msdp
Figure 86. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. Enable MSDP. CONFIGURATION mode ip multicast-msdp Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 Multicast Source Discovery Protocol (MSDP)
Page 523: Manage The Source-Active Cache
Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking OS caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the reverse path forwarding (RPF) and policy check.
Page 524: Clearing The Source-Active Cache
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries.
Page 525 Figure 87. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP)
Page 526 Figure 88. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP)
Page 527: Specifying Source-Active Messages
If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check. Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50...
Page 528: Limiting The Source-Active Messages From A Peer
24.0.50.2 200.0.0.50 10.0.50.2 00:13:49 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 00:13:49 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 00:13:49 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 10.0.50.2 Rpf-Fail 00:33:18 229.0.50.65...
Page 529: Preventing Msdp From Caching A Remote Source
R1_E600(conf)#do show ip msdp sa-cache R1_E600(conf)#do show ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands.
Page 530: Logging Changes In Peership States
Example of Verifying the System is not Advertising Local Sources In the following example, R1 stops advertising source 10.11.4.2. Because it is already in the SA cache of R3, the entry remains there until it expires. [Router 1] R1(conf)#do show run msdp ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter...
Page 531: Clearing Peer Statistics
Output (S,G) filter: none [Router 1] R1(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command.
Page 532: Msdp With Anycast Rp
03:17:10 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:17:27 : MSDP-0: Peer 192.168.0.3, sent Source Active msg Input (S,G) filter: none Output (S,G) filter: none MSDP with Anycast RP Anycast RP uses MSDP with PIM-SM to allow more than one active group to use RP mapping. PIM-SM allows only active groups to use RP mapping, which has several implications: •...
Page 533: Configuring Anycast Rp
Figure 90. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address.
Page 534: Reducing Source-Active Message Flooding
Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect-source. CONFIGURATION mode ip msdp peer Advertise the network of each of the unique Loopback addresses throughout the network. ROUTER OSPF mode network Reducing Source-Active Message Flooding RPs flood source-active messages to all of their peers away from the RP.
Page 535 interface Loopback 1 ip address 192.168.0.11/32 no shutdown router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.11/32 area 0 ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.22 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.22 ip msdp originator-id Loopback 1! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4...
Page 536: Msdp Sample Configurations
The following example shows an R3 configuration for MSDP with Anycast RP. ip multicast-routing interface TenGigabitEthernet 1/1/4/1 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface TenGigabitEthernet 1/1/5/1 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown router ospf 1...
Page 537 interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 MSDP Sample Configuration: R2 Running-Config ip multicast-routing interface TenGigabitEthernet 1/1/1/1...
Page 538 ip address 10.11.6.34/24 no shutdown interface ManagementEthernet 1/1 ip address 10.11.80.3/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100...
Page 539: Multiple Spanning Tree Protocol (Mstp)
Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
Page 540: Spanning Tree Variations
Implementation Information MSTP is implemented as follows in Dell Networking OS: • The Dell Networking OS MSTP implementation is based on IEEE 802.1Q-2003 and interoperates only with bridges that also use this standard implementation. • MSTP is compatible with STP and RSTP.
Page 541: Related Configuration Tasks
• Creating Multiple Spanning Tree Instances • Adding and Removing Interfaces • Influencing MSTP Root Selection • Interoperate with Non-Dell Networking OS Bridges • Changing the Region Name or Revision • Modifying Global Parameters • Modifying the Interface Parameters •...
Page 542: Creating Multiple Spanning Tree Instances
All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID...
Page 543: Interoperate With Non-Dell Bridges
For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for the name and revision number must match on all Dell Networking OS devices. If there are non-Dell devices that participate in MSTP, ensure these values match on all devices.
Page 544: Modifying Global Parameters
Max-hops — the maximum number of hops a BPDU can travel before a receiving switch discards it. NOTE: Dell Networking recommends that only experienced network administrators change MSTP parameters. Poorly planned modification of MSTP parameters can negatively affect network performance.
Page 545: Modifying The Interface Parameters
Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode. Dell(conf-mstp)#forward-delay 16 Dell(conf-mstp)#exit Dell(conf)#do show running-config spanning-tree mstp protocol spanning-tree mstp no disable name my-mstp-region MSTI 1 VLAN 100...
Page 546: Configuring An Edgeport
Enable EdgePort on an interface. INTERFACE mode spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Page 547: Flush Mac Addresses After A Topology Change
Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes. However, you may activate the flushing mechanism defined by 802.1Q-2003 using the tc-flush-standard command, which flushes MAC addresses after every topology change notification.
Page 548 no ip address switchport no shutdown interface TenGigabitEthernet 1/1/1/2 no ip address switchport no shutdown (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 1/1/1/1,1/1/1/2 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 1/1/1/1,1/1/1/2 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 1/1/1/1,1/1/1/2 no shutdown...
Page 549: Debugging And Verifying Mstp Configurations
(Step 2) interface 1/0/31 no shutdown spanning-tree port mode enable switchport protected 0 exit interface 1/0/32 no shutdown spanning-tree port mode enable switchport protected 0 exit (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300...
Page 550 Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp protocol spanning-tree mstp name Tahiti...
Page 551: Multicast Features
Because protocol control traffic in the Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, the Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic.
Page 552: Multicast Policies
IGMP and MLD to resume. • If you decrease the limit after it is reached, the Dell Networking OS does not clear the existing sessions. Entries are cleared after a timeout (you may also clear entries using the clear ip mroute command).
Page 553 Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, the Dell Networking OS clears the multicast routing table and re-learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists.
Page 554 Figure 93. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 58. Preventing a Host from Joining a Group — Description Location Description 1/21/1 • Interface TenGigabitEthernet 1/21/1 •...
Page 555 Location Description • no shutdown 2/1/1 • Interface TenGigabitEthernet 2/1/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11/1 • Interface TenGigabitEthernet 2/11/1 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31/1 • Interface TenGigabitEthernet 2/31/1 •...
Page 556 Preventing a PIM Router from Forming an Adjacency To prevent a router from participating in PIM (for example, to configure stub multicast routing), use the following command. • Prevent a router from participating in PIM. INTERFACE mode ip pim neighbor-filter Setting a Threshold for Switching to the SPT The functionality to specify a threshold for switchover to the shortest path trees (SPTs) is available on the system.
Page 557 Figure 94. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 60. Preventing a Source from Transmitting to a Group — Description Location Description 1/21/1 • Interface TenGigabitEthernet 1/21/1 •...
Page 558 Location Description • no shutdown 2/1/1 • Interface TenGigabitEthernet 2/1/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown 2/11/1 • Interface TenGigabitEthernet 2/11/1 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown 2/31/1 • Interface TenGigabitEthernet 2/31 •...
Page 559 To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
Page 560: Object Tracking
IPv4 or IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking OS client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes.
Page 561: Track Layer 2 Interfaces
Figure 95. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. •...
Page 562: Track Ipv4 And Ipv6 Routes
For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. • The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes. •...
Page 563: Set Tracking Delays
Track Layer 3 Interfaces • Track an IPv4/IPv6 Route For a complete listing of all commands related to object tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that tracks the line-protocol state of a Layer 2 interface and monitors its operational status (UP or DOWN).
Page 564: Tracking A Layer 3 Interface
The text string can be up to 80 characters. (Optional) Display the tracking configuration and the tracked object’s status. EXEC Privilege mode show track object-id Example of Configuring Object Tracking Dell(conf)#track 100 interface tengigabitethernet 1/1/1/1 line-protocol Dell(conf-track-100)#delay up 20 Dell(conf-track-100)#description San Jose data center Dell(conf-track-100)#end Dell#show track 100...
Page 565 Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface The following is an example of configuring object tracking for an IPv4 interface: Dell(conf)#track 101 interface tengigabitethernet 1/1/1/1 ip routing Dell(conf-track-101)#delay up 20 Dell(conf-track-101)#description NYC metro...
Page 566: Track An Ipv4/Ipv6 Route
For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. • The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes.
Page 567 Dell(conf-track-104)#delay up 20 down 10 Dell(conf-track-104)#end Dell#show track 104 Track 104 IP route 10.0.0.0/8 reachability Reachability is Down (route not in route table) 2 changes, last change 00:02:49 Tracked by: Dell#configure Dell(conf)#track 4 ip route 3.1.1.0/24 reachability vrf vrf1 Object Tracking...
Page 568 The following example configures object tracking on the reachability of an IPv6 route: Dell(conf)#track 105 ipv6 route 1234::/64 reachability Dell(conf-track-105)#delay down 5 Dell(conf-track-105)#description Headquarters Dell(conf-track-105)#end Dell#show track 105 Track 105 IPv6 route 1234::/64 reachability Description: Headquarters Reachability is Down (route not in route table)
Page 569: Displaying Tracked Objects
Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv4 route: Dell(conf)#track 6 ip route 2.1.1.0/24 metric threshold Dell(conf-track-6)#delay down 20 Dell(conf-track-6)#delay up 20 Dell(conf-track-6)#description track ip route metric...
Page 570 IP Route Resolution ISIS OSPF IPv6 Route Resolution ISIS Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 1/1/4/1...
Page 571: Open Shortest Path First (Ospfv2 And Ospfv3)
Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS).
Page 572: Area Types
Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers. An area within the AS may not see the details of another area’s topology.
Page 573: Networks And Neighbors
Each router has a unique ID, written in decimal format (A.B.C.D). You do not have to associate the router ID with a valid IP address. However, to make troubleshooting easier, Dell Networking recommends that the router ID and the router’s IP address reflect each other.
Page 574 Figure 97. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example.
Page 575: Designated And Backup Designated Routers
OSPF routers on the network segment are listening on. These router designations are not the same ad the router IDs described earlier. The DRs and BDRs are configurable in Dell Networking OS. If you do not define DR or BDR, the system assigns them. OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR.
Page 576: Router Priority And Cost
• Type 7: External LSA — Routers in an NSSA do not receive external LSAs from ABRs, but are allowed to send external routing information for redistribution. They use Type 7 LSAs to tell the ABRs about these external routes, which the ABR then translates to Type 5 external LSAs and floods as normal to the rest of the OSPF network.
Page 577: Ospf With Dell Networking Os
OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF. OSPFv2 and OSPFv3 can co-exist but you must configure them individually. Dell Networking OS supports stub areas, totally stub (no summary) and not so stubby areas (NSSAs) and supports the following LSAs, as described earlier.
Page 578: Graceful Restart
When the restarting router completes its restart, it flushes the Type 9 and 11 LSAs, notifying its neighbors that the restart is complete. This notification happens before the grace period expires. Dell Networking routers support the following OSPF graceful restart functionality: •...
Page 579: Fast Convergence (Ospfv2, Ipv4 Only)
Fast convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. Dell Networking OS allows you to accept and originate LSAs as soon as they are available to speed up route information propagation. NOTE: The faster the convergence, the more frequent the route calculations and updates.
Page 580: Ospf Ack Packing
In Dell Networking OS, the OSPF dead interval value is, by default, set to 40 seconds, and is independent of the OSPF hello interval. Configuring a hello interval does not change the dead interval in Dell Networking OS. In contrast, the OSPF dead interval on a Cisco router is, by default, four times as long as the hello interval.
Page 581: Configuration Information
In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell (conf-if-te-1/1/1/1)#ip ospf dead-interval 20 Dell (conf-if-te-1/1/1/1)#do show ip os int tengigabitethernet 1/1/1/3 TenGigabitEthernet 1/1/1/1 is up, line protocol is up Internet Address 20.0.0.1/24, Area 0 Process ID 10, Router ID 1.1.1.2, Network Type BROADCAST, Cost: 1...
Page 582: Router Ospf
Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#end Dell# For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback). By default, OSPF, similar to all routing protocols, is disabled.
Page 583 In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described.
Page 584 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out to all physical interfaces assigned an IP address that is a subset of a network on which OSPF is enabled.
Page 585 Loopback interfaces also help the OSPF process. OSPF picks the highest interface address as the router-id and a Loopback interface address has a higher precedence than other interface addresses. Example of Viewing OSPF Status on a Loopback Interface Dell#show ip ospf 1 int TenGigabitEthernet 1/1/3/1 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.2, Network Type BROADCAST, Cost: 1...
Page 586 Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID Router Network S-Net S-ASBR Type-7 Subtotal 2.2.2.2...
Page 587 When disabled, the parameter is set at 0. NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support. Examples of the fast-converge Command In the following examples, Convergence Level shows the fast-converge parameter setting and Min LSA origination shows the LSA parameters (shown in bold).
Page 588: Ip Ospf Cost
Dell# Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors.
Page 589 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface TenGigabitEthernet 1/1/1/1 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.2.100...
Page 590 Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • grace period — the length of time the graceful restart process can last before OSPF terminates it.
Page 591 After you enable restart mode the router advertises the neighbor as fully adjacent during a restart. For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to the following.
Page 592 Example of Viewing OSPF Configuration after Redistributing Routes To view the current OSPF configuration, use the show running-config ospf command in EXEC mode or the show config command in ROUTER OSPF mode. Dell(conf-router_ospf)#show config router ospf 34 network 10.1.2.32 0.0.0.255 area 2.2.2.2 network 10.1.3.24 0.0.0.255 area 3.3.3.3...
Page 593: Show Ip Route Summary
• Have you enabled OSPF globally? • Is the OSPF process active on the interface? • Are adjacencies established correctly? • Are the interfaces configured for Layer 3 correctly? • Is the router in the correct area type? • Have the routes been included in the OSPF database? •...
Page 594 Example of Viewing OSPF Configuration Dell#show run ospf router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 ipv6 router ospf 999 default-information originate always router-id 10.10.10.10 Dell# Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations.
Page 595: Configuration Task List For Ospfv3 (Ospf For Ipv6)
interface Loopback 10 ip address 192.168.100.100/24 no shutdown OSPF Area 0 — Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.0/24 area 0 interface Loopback 30 ip address 192.168.100.100/24 no shutdown interface TenGigabitEthernet 1/1/1/1 ip address 10.1.13.3/24 no shutdown interface TenGigabitEthernet 1/1/2/1...
Page 596: Enabling Ipv6 Unicast Routing
Set the time interval between when the switch receives a topology change and starts a shortest path first (SPF) calculation. timers spf delay holdtime Example Dell#conf Dell(conf)#ipv6 router ospf 1 Dell(conf-ipv6-router_ospf)#timer spf 2 5 msec Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#show config ipv6 router ospf 1 timers spf 2 5 msec...
Page 597: Assigning Area Id On An Interface
Assigning Area ID on an Interface To assign the OSPFv3 process to an interface, use the following command. The ipv6 ospf area command enables OSPFv3 on an interface and places the interface in the specified area. Additionally, the command creates the OSPFv3 process with ID on the router. OSPFv2 requires two commands to accomplish the same tasks — the router ospf command to create the OSPF process, then the network area command to enable OSPFv2 on an interface.
Page 598: Assigning Ospfv3 Process Id And Router Id To A Vrf
Assigning OSPFv3 Process ID and Router ID to a VRF To assign, disable, or reset OSPFv3 on a non-default VRF, use the following commands. • Enable the OSPFv3 process on a non-default VRF and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf {process ID}} The process ID range is from 0 to 65535.
Page 599: Configuring Stub Areas
Configuring Stub Areas To configure IPv6 stub areas, use the following command. • Configure the area as a stub area. CONF-IPV6-ROUTER-OSPF mode area area-id stub [no-summary] • no-summary: use these keywords to prevent transmission in to the area of summary ASBR LSAs. •...
Page 600: Configuring A Default Route
Configure the following required and optional parameters: • bgp | connected | static: enter one of the keywords to redistribute those routes. • metric metric-value: The range is from 0 to 4294967295. • metric-type metric-type: enter 1 for OSPFv3 external route type 1 OR 2 for OSPFv3 external route type 2. •...
Page 601 By default, OSPFv3 graceful restart is disabled and functions only in a helper role to help restarting neighbor routers in their graceful restarts when it receives a Grace LSA. To enable OSPFv3 graceful restart, enter the ipv6 router ospf process-id command to enter OSPFv3 configuration mode. Then configure a grace period using the graceful-restart grace-period command.
Page 602 30.1.1.0/24 area 0 ipv6 router ospf 1 log-adjacency-changes graceful-restart grace-period 180 The following example shows the show ipv6 ospf database database-summary command. Dell#show ipv6 ospf database database-summary OSPFv3 Router with ID (200.1.1.1) (Process ID 1) Process 1 database summary Type Count/Status...
Page 603: Ospfv3 Authentication Using Ipsec
ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
Page 604 • Manual key configuration is supported in an authentication or encryption policy (dynamic key configuration using the internet key exchange [IKE] protocol is not supported). • In an OSPFv3 authentication policy: • AH is used to authenticate OSPFv3 headers and certain fields in IPv6 headers and extension headers. •...
Page 605 show crypto ipsec policy • Display the security associations set up for OSPFv3 interfaces in authentication policies. show crypto ipsec sa ipv6 Configuring IPsec Encryption on an Interface To configure, remove, or display IPsec encryption on an interface, use the following commands. Prerequisite: Before you enable IPsec encryption on an OSPFv3 interface, first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List for OSPFv3 (OSPF for...
Page 606 If you have enabled IPSec encryption in an OSPFv3 area using the area encryption command, you cannot use the area authentication command in the area at the same time. The configuration of IPSec authentication on an interface-level takes precedence over an area-level configuration. If you remove an interface configuration, an area authentication policy that has been configured is applied to the interface.
Page 607 In the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted (shown in bold). The following example shows the show crypto ipsec policy command. Dell#show crypto ipsec policy Crypto IPSec client security policy data...
Page 608 Outbound ESP Cipher Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set : esp-128-aes esp-sha1-hmac The following example shows the show crypto ipsec sa ipv6 command. Dell#show crypto ipsec sa ipv6 Interface: TenGigabitEthernet 1/1/1/1 Link Local address: fe80::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 inbound ah sas...
Page 609: Troubleshooting Ospfv3
outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE Troubleshooting OSPFv3 The system provides several tools to troubleshoot OSPFv3 operation on the switch. This section describes typical, OSPFv3 troubleshooting scenarios.
Page 610 • For a 25-Gigabit Ethernet interface, enter the keyword twentyFiveGigE then the stack/slot/port/subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the stack/slot/port[/subport] information. • For a 50-Gigabit Ethernet interface, enter the keyword fiftyGigE then the stack/slot/port/subport information. •...
Page 611: Policy-Based Routing (Pbr)
Policy-based Routing (PBR) Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look up an entry in a routing table.
Page 612: Implementing Pbr
• If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: You can provide a tunnel ID for a redirect rule.
Page 613: Pbr Exceptions (Permit)
The Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Because the order of rules is important, ensure that you configure any necessary sequence numbers.
Page 614 Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 ? Mask A.B.C.D or /nn Mask in dotted decimal or in slash format Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 ? Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 Dell(conf-redirect-list)#do show ip redirect-list IP redirect-list xyz: Defined as: seq 5 redirect 3.3.3.3 ip host 222.1.1.1 host 77.1.1.1...
Page 615: Apply A Redirect-List To An Interface Using A Redirect-Group
Dell(conf-redirect-list)# NOTE: Starting with the Dell Networking OS version 9.4(0.0), the use of multiple recursive routes with the same source-address and destination-address combination in a redirect policy on an router. A recursive route is a route for which the immediate next-hop address is learned dynamically through a routing protocol and acquired through a route lookup in the routing table.
Page 616 In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration, use the following commands.
Page 617: Sample Configuration
Example: Showing CAM PBR Configuration Dell(conf)#cam-acl l2acl 2 ipv4acl 2 ipv6acl 0 ipv4qos 0 l2qos 0 l2pt 0 ipmacacl 1 vman-qos 0 ipv4Pbr 4 Dell#show cam pbr stack-unit 1 port-set 0...
Page 618: Create The Redirect-List Goldassign Redirect-List Gold To Interface 2/11View Redirect-List Gold
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23/1)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD. seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any seq 15 permit ip any any...
Page 619 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 tcp any any Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp any host 144.144.144.144 Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the Status of the Track Objects (Up/Down):...
Page 620 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp any any Dell(conf-redirect-list)#redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp any any...
Page 621 Dell(conf-if-te-2/28)#ip redirect-group explicit_tunnel Dell(conf-if-te-2/28)#exit Dell(conf)#end Verify the Applied Redirect Rules: Dell#show ip redirect-list explicit_tunnel IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144, Track 1 [up], Next-...
Page 622: Pim Sparse-Mode (Pim-Sm)
The SPT-Threshold is zero, which means that the last-hop designated router (DR) joins the shortest path tree (SPT) to the source after receiving the first multicast packet. • Dell Networking OS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. •...
Page 623: Refuse Multicast Traffic
SPT to the source with a Prune message. Dell Networking OS Behavior: When the router creates an SPT to the source, there are then two paths between the receiver and the source, the SPT and the RPT. Until the router can prune itself from the RPT, the receiver receives duplicate multicast packets which may cause disruption.
Page 624: Related Configuration Tasks
Enable PIM-Sparse mode. INTERFACE mode ip pim sparse-mode Examples of Viewing PIM-SM Information To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface Ver/ Query Mode...
Page 625: Configuring S,G Expiry Timers
5 permit ip 10.1.2.0/24 225.1.1.0/24 seq 10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf)#ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer To display the expiry time configuration, use the show running-configuration pim command from EXEC Privilege mode. PIM Sparse-Mode (PIM-SM)
Page 626: Configuring A Static Rendezvous Point
226.1.1.1 165.87.50.5 To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configuring a Designated Router Multiple PIM-SM routers might be connected to a single local area network (LAN) segment.
Page 627: Creating Multicast Boundaries And Domains
• Change the interval at which a router sends hello messages. INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs).
Page 628: Pim Source-Specific Mode (Pim-Ssm)
SPT. PIM-SSM uses IGMPv3. Because receivers subscribe to a source and group, the RP and shared tree is unnecessary; only SPTs are used. On Dell Networking systems, it is possible to use PIM-SM with IGMPv3 to achieve the same result, but PIM-SSM eliminates the unnecessary protocol overhead.
Page 629: Related Configuration Tasks
Then, specify the multicast source. • When an SSM map is in place and Dell Networking OS cannot find any matching access lists for a group, it continues to create (*,G) entries because there is an implicit deny for unspecified groups in the ACL.
Page 630: Configuring Pim-Ssm With Igmpv2
Configuring PIM-SSM with IGMPv2 R1(conf)#do show run pim ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ip access-list standard map seq 5 permit host 239.0.0.2 ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2...
Page 631: Port Monitoring
• In general, a monitoring port should have no ip address and no shutdown as the only configuration; Dell Networking OS permits a limited set of commands for monitoring ports. You can display these commands using the ? command. A monitoring port also may not be a member of a VLAN.
Page 632: Port Monitoring
TenGigabitEthernet 1/1/1/4 destination TenGigabitEthernet 1/1/4/4 direction rx Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs.
Page 633: Configuring Port Monitoring
VLAN ID 4095. This behavior might result in a difference between the number of egress packets on the MD port and monitored packets on the MG port. Dell Networking OS Behavior: The platform continues to mirror outgoing traffic even after an MD participating in spanning tree protocol (STP) transitions from the forwarding to blocking.
Page 634: Configuring Monitor Multicast Queue
Dell(conf)#do show monitor session SessID Source Destination Mode Source IP Dest IP DSCP Drop Rate Gre-Protocol FcMonitor ------ ------ ----------- ---- --------- -------- ---- ---- ---- ----------- --------- Te 1/1/1/1 Te 1/1/1/2 Port 0.0.0.0 0.0.0.0 Po 10 Te 1/1/1/2 Port 0.0.0.0...
Page 635: Enabling Flow-Based Monitoring
Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define IP access-list rules that include the keyword monitor. For port monitoring, Dell Networking OS only considers traffic matching rules with the keyword monitor. CONFIGURATION mode ip access-list Refer to .
Page 636: Remote Port Mirroring Example
Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN. Monitored links are configured in two source sessions shown with orange and green circles.
Page 637 • You can configure any switch in the network with source ports and destination ports, and allow it to function in an intermediate transport session for a reserved VLAN at the same time for multiple remote-port mirroring sessions. You can enable and disable individual mirroring sessions.
Page 638: Displaying Remote-Port Mirroring Configurations
Port-channel 10 destination remote-vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode. Dell(conf)#do show monitor session SessID Source Destination...
Page 639: Configuring The Sample Remote Port Mirroring
Configuring the sample Source Remote Port Mirroring Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#mode remote-port-mirroring Dell(conf-if-vl-10)#tagged te 1/1/4/1 Dell(conf-if-vl-10)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source te 1/1/5/1 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Dell(conf-mon-sess-1)#exit Dell(conf)#inte vlan 100 Dell(conf-if-vl-100)#tagged te 1/1/7/1 Dell(conf-if-vl-100)#exit Dell(conf)#interface vlan 20...
Page 640 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/1/3/1 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/1/8/1 - 1/1/8/2 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir both Dell(conf-mon-sess-3)#no disable Dell(conf-mon-sess-3)# Dell(conf-mon-sess-3)#exit Dell(conf)#end Dell# Dell#show monitor session SessID...
Page 641 Create Source RPM session as follows (port-channel 1 and port-channel 2 are LACP). Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source port-channel 1 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Show the output for the LACP. Dell#show interfaces port-channel brief...
Page 642: Encapsulated Remote Port Monitoring
NOTE: When configuring ERPM, follow these guidelines • The Dell Networking OS supports ERPM source session only. Encapsulated packets terminate at the destination IP address or at the analyzer. • You can configure up to four ERPM source sessions on switch.
Page 643 The following example shows an ERPM configuration: Dell(conf)#monitor session 0 type erpm Dell(conf-mon-sess-0)#source tengigabitethernet 1/1/1/1 direction rx Dell(conf-mon-sess-0)#source port-channel 1 direction tx Dell(conf-mon-sess-0)#erpm source-ip 1.1.1.1 dest-ip 7.1.1.2 gre-protocol 111 Dell(conf-mon-sess-0)#no disable Dell(conf)#monitor session 1 type erpm Dell(conf-mon-sess-1)#source vlan 11 direction rx Dell(conf-mon-sess-1)#erpm source-ip 5.1.1.1 dest-ip 3.1.1.2 gre-protocol 139...
Page 644: Erpm Behavior On A Typical Dell Networking Os
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported.
Page 645 GRE header ends. Basically all the bits after 0x88BE need to be removed from the packet and sent out through another interface. • This script erpm.zip is available for download at the following location: http://en.community.dell.com/techcenter/ networking/m/force10_networking_scripts/20438882.aspx • Unzip the erpm.zip and copy the erpm.py file to the Linux server.
Page 646: Private Vlans (Pvlan)
Private VLANs (PVLAN) The private VLAN (PVLAN) feature is supported on Dell Networking OS. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide.
Page 647: Using The Private Vlan Commands
• A switch can have one or more primary VLANs, and it can have none. • A primary VLAN has one or more secondary VLANs. • A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. •...
Page 648: Configuration Task List
Secondary VLANs are Layer 2 VLANs, so even if they are operationally down while primary VLANs are operationally up, Layer 3 traffic is still transmitted across secondary VLANs. Dell NOTE: The outputs of the show arp and show vlan commands provide PVLAN data. For more information, refer to the Networking OS Command Line Reference Guide .
Page 649: Creating A Primary Vlan
(ports not configured as PVLAN ports) to PVLANs. The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)#interface TenGigabitEthernet 2/1/1 Dell(conf-if-te-2/1/1)#switchport mode private-vlan promiscuous Dell(conf)#interface TenGigabitEthernet 2/2/1 Dell(conf-if-te-2/2/1)#switchport mode private-vlan host Dell(conf)#interface TenGigabitEthernet 2/3/1...
Page 650: Creating A Community Vlan
Add PVLAN trunk ports to the VLAN only as tagged interfaces. You can enter interfaces in numeric or in range format, either comma-delimited (slot/port,port,port) or hyphenated (slot/ port-port). You can only add promiscuous ports or PVLAN trunk ports to the PVLAN (no host or regular ports). (OPTIONAL) Assign an IP address to the VLAN.
Page 651 The following example shows the use of the PVLAN commands that are used in VLAN INTERFACE mode to configure the PVLAN member VLANs (primary, community, and isolated VLANs). Dell#conf Dell(conf)# interface vlan 10 Dell(conf-vlan-10)# private-vlan mode primary Dell(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 Dell(conf-vlan-10)# untagged Te 2/1/1 Dell(conf-vlan-10)# tagged Te 2/3/1 Dell(conf)# interface vlan 101 Dell(conf-vlan-101)# private-vlan mode community...
Page 652: Private Vlan Configuration Example
Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 103. Sample Private VLAN Topology The following configuration is based on the example diagram for the Z9500: • Te 1/1 and Te 1/23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000. •...
Page 653: Inspecting The Private Vlan Configuration
[interface interface] This command is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. • Display the configured PVLANs or interfaces that are part of a PVLAN.
Page 654 The following example shows using the show vlan private-vlan mapping command. S50-1#show vlan private-vlan mapping Private Vlan: Primary : 4000 Isolated : 4003 Community : 4001 NOTE: In the following example, notice the addition of the PVLAN codes – P, I, and C – in the left column. The following example shows viewing the VLAN status.
Page 655: Per-Vlan Spanning Tree Plus (Pvst+)
For more information about spanning tree, refer to the Spanning Tree Protocol (STP) chapter. Figure 104. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Per-VLAN Spanning Tree Plus (PVST+)
Page 656: Implementation Information
• The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multivendor network, verify that the costs are values you intended.
Page 657: Disabling Pvst
no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode.
Page 658 Figure 105. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority.
Page 659: Modifying Global Pvst+ Parameters
• Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter.
Page 660: Modifying Interface Pvst+ Parameters
The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multi-vendor network, verify that the costs are values you intended.
Page 661: Configuring An Edgeport
There is no data loop in this scenario; however, you can employ PVST+ to avoid potential misconfigurations. If you enable PVST+ on the Dell Networking switch in this network, P1 and P2 receive BPDUs from each other. Ordinarily, the Bridge ID in the frame matches the Root ID, a loop is detected, and the rules of convergence require that P2 move to blocking state because it has the lowest port ID.
Page 662: Pvst+ Sample Configurations
Augment the bridge ID with the VLAN ID. PROTOCOL PVST mode extend system-id Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.73f7...
Page 663 no ip address tagged TenGigabitEthernet 1/1/1/1,1/1/1/2 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 1/1/1/1,1/1/1/2 no shutdown protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configuration (R2) interface TenGigabitEthernet 1/1/1/1 no ip address switchport no shutdown interface TenGigabitEthernet 1/1/2/1 no ip address...
Page 664 protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096 Per-VLAN Spanning Tree Plus (PVST+)
Page 665: Quality Of Service (Qos)
This chapter describes how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 65. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features Feature...
Page 666 Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict-Priority Queueing Egress Weighted Random Early Detection Create WRED Profiles Egress Figure 107. Dell Networking QoS Architecture Topics: Quality of Service (QoS)
Page 667: Implementation Information
Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value. You cannot assign a dot1p value to an individual interface in a port-channel.
Page 668: Honoring Dot1P Priorities On Ingress Traffic
Honoring dot1p Priorities on Ingress Traffic By default, Dell Networking OS does not honor dot1p priorities on ingress traffic. You can configure this feature on physical interfaces and port-channels, but you cannot configure it on individual interfaces in a port channel.
Page 669: Configuring Port-Based Rate Policing
Dell Networking OS Behavior: Rate shaping is effectively rate limiting because of its smaller buffer size. Rate shaping on tagged ports is slightly greater than the configured rate and rate shaping on untagged ports is slightly less than configured rate.
Page 670: Policy-Based Qos Configurations
Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them.
Page 671 CLASS MAP mode match {ip | ipv6 | ip-any} After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. Link the class-map to a queue.
Page 672 To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. In the following example, traffic is classified in two Queues, 1 and 2.
Page 673: Dot1P To Queue Mapping Requirement
(as in TABLE 1). If a custom dot1p to queue mapping is present it should be reconfigured to the default dot1p to queue mapping. • Currently Dell Networking OS supports matching only the following TCP flags: • •...
Page 674: Create A Qos Policy
In the existing software, ECE/CWR TCP flag qualifiers are not supported. • Because this functionality forcibly marks all the packets matching the specific match criteria as ‘yellow’, Dell Networking OS does not support Policer based coloring and this feature concurrently.
Page 675 Setting a dot1p Value for Egress Packets Configuring Policy-Based Rate Policing To configure policy-based rate policing, use the following command. • Configure rate police ingress traffic. QOS-POLICY-IN mode rate-police Setting a dot1p Value for Egress Packets To set a dot1p value for egress packets, use the following command. •...
Page 676: Dscp Color Maps
When you assign a percentage to one queue, note that this change also affects the amount of bandwidth that is allocated to other queues. Therefore, whenever you are allocating bandwidth to one queue, Dell Networking recommends evaluating your bandwidth requirements for all other queues as well.
Page 677 The following example creates a DSCP color map profile, color-awareness policy, and applies it to interface te 1/11. Create the DSCP color map profile, bat-enclave-map, with a yellow drop precedence , and set the DSCP values to 9,10,11,13,15,16 Dell(conf)# qos dscp-color-map bat-enclave-map Dell(conf-dscp-color-map)# dscp yellow 9,10,11,13,15,16 Dell (conf-dscp-color-map)# exit Assign the color map, bat-enclave-map to interface .
Page 678: Create Policy Maps
20,30 Dscp-color-map mapTWO yellow 16,55 Display a specific DSCP color map. Dell# show qos dscp-color-map mapTWO Dscp-color-map mapTWO yellow 16,55 Displaying a DSCP Color Policy Configuration To display the DSCP color policy configuration for one or all interfaces, use the show qos dscp-color-policy {summary [interface] | detail {interface}} command in EXEC mode.
Page 679 Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP values. When you configure trust DSCP, the matched packets and matched bytes counters are not incremented in the show qos statistics.
Page 680 Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature. The following table specifies the queue to which the classified traffic is sent based on the dot1p value. Table 69. Default dot1p to Queue Mapping...
Page 681 • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior detects when an ACL exists in the CAM rather than writing it to the CAM multiple times.
Page 682: Enabling Qos Rate Adjustment
Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations.
Page 683: Queue Classification Requirements For Pfc Functionality
2 which will be honored in switch A. You will not get the below CLI errors after adding this support: Dell(conf)#qos-policy-input qos-input Dell(conf-qos-policy-in)#set mac-dot1p 5 % Error: Dot1p marking is not allowed on L3 Input Qos Policy. Quality of Service (QoS)
Page 684: Weighted Random Early Detection
Dell(conf-qos-policy-in)# You will also be able to mark both DSCP and Dot1p in the L3 Input Qos Policy: Dell(conf)#qos-policy-input qos-input Dell(conf-qos-policy-in)#set mac-dot1p 2 Dell(conf-qos-policy-in)#set ip-dscp 5 Dell Dell(conf-qos-policy-in)# Weighted Random Early Detection Weighted random early detection (WRED) is a congestion avoidance mechanism that drops packets to prevent buffering resources from being consumed.
Page 685: Applying A Wred Profile To Traffic
After you create a WRED profile, you must specify to which traffic Dell Networking OS should apply the profile. Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it.
Page 686: Displaying Egress-Queue Statistics
Pre-Calculating Available QoS CAM Space Before Dell Networking OS version 7.3.1, there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable; from 1 to 16 entries might be used per rule depending upon its complexity).
Page 687: Specifying Policy-Based Rate Shaping In Packets Per Second
In releases of Dell Networking OS earlier than Release 9.3(0.0), you can configure only the maximum shaping attributes, such as the peak rate and the peak burst settings. You can now specify the committed or minimum burst and committed rate attributes. The committed burst and committed rate values can be defined either in bytes or pps.
Page 688: Configuring Policy-Based Rate Shaping
Dell(config-qos-policy-out)# rate shape Kbps peak-rate burst-KB Configure the committed rate and committed burst size in pps. QOS-POLICY-OUT mode Dell(config-qos-policy-out)# rate shape pps peak-rate burst-packets committed pps committed- rate burst-packets Alternatively, configure the committed rate and committed burst size in bytes.
Page 689: Global Service Pools With Wred And Ecn Settings
The weight factor is set to zero by default, which causes the same behavior as dropping of packets by WRED during network loads or also called instantaneous ECN marking. In a topology in which congestion of the network varies over time, you can specify a weight to enable a smooth, seamless averaging of packets to handle the sudden overload of packets based on the previous time sampling performed.
Page 690: Configuring Wred And Ecn Attributes
Color-Marking Packets Keep the following points in mind while configuring the marking and mapping of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: • Quality of Service (QoS)
Page 691: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Multiple Traffic Class
In the existing software, ECE/CWR TCP flag qualifiers are not supported. • Because this functionality forcibly marks all the packets matching the specific match criteria as ‘yellow’, Dell Networking OS does not support Policer based coloring and this feature concurrently.
Page 692 • You can now use the ‘ecn’ match qualifier along with the above TCP flag for classification. The following combination of match qualifiers is acceptable to be configured for the Dell Networking OS software through L3 ACL command: Quality of Service (QoS)
Page 693: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Single Traffic Class
By default, all packets are considered as ‘green’ (without the rate-policer and trust-diffserve configuration) and hence support would be provided to mark the packets as ‘yellow’ alone will be provided. By default Dell Networking OS drops all the ‘RED’ or ‘violate’ packets. The following combination of marking actions to be specified match sequence of the class-map command: •...
Page 694: Applying Layer 2 Match Criteria On A Layer 3 Interface
To apply a Layer 2 policy on a Layer 3 interface: Configure an interface with an IP address or a VLAN sub-interface CONFIGURATION mode Dell(conf)# interface fo 1/4 INTERFACE mode Dell(conf-if-fo-1/4)# ip address 90.1.1.1/16 Configure a Layer 2 QoS policy with Layer 2 (Dot1p or source MAC-based) match criteria.
Page 695: Managing Hardware Buffer Statistics
The trigger can either be software-based or based on a predetermined threshold event. Software- based triggers are supported, which are the values derived from the show command output in the Max Use count mode. In Dell Networking OS Release 9.3(0.0), only the Max Use count mode of operation is supported for the computation of maximum counter values.
Page 696 } | queue { ucast{id | all}{ mcast {id | all} | all} to view buffer statistics tracking resource information for a specific interface. EXEC/EXEC Privilege mode Dell# show hardware buffer-stats-snapshot resource interface fortyGigE 0/0 queue all Unit 0 unit: 0 port: 1 (interface Fo 0/0) ---------------------------------------...
Page 697: Routing Information Protocol (Rip)
Routing Information Protocol (RIP) The Routing Information Protocol (RIP) tracks distances or hop counts to nearby routers when establishing network connections and is based on a distance-vector algorithm. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter.
Page 698: Implementation Information
Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the defaults for RIP in Dell Networking OS.
Page 699 After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode.
Page 700 RIP updates from other sources. To control the source of RIP route information, use the following commands. • Define a specific router to exchange RIP information between it and the Dell Networking system. ROUTER RIP mode Routing Information Protocol (RIP)
Page 701 Those routes must meet the conditions of the prefix list; if not, Dell Networking OS drops the route. Prefix lists are globally applied on all interfaces running RIP. Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process.
Page 702 Default routes are not enabled in RIP unless specified. Use the default-information originate command in ROUTER RIP mode to generate a default route into RIP. In Dell Networking OS, default routes received in RIP updates from other routes are advertised if you configure the default-information originate command.
Page 703 • always: Enter the keyword always to always generate a default route. • value The range is from 1 to 16. • route-map-name: The name of a configured route map. To confirm that the default route configuration is completed, use the show config command in ROUTER RIP mode. Summarize Routes Routes in the RIPv2 routing table are summarized by default, thus reducing the size of the routing table and improving routing efficiency in large networks.
Page 704: Rip Configuration Example
Enable debugging of RIP. Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function. Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command.
Page 705 RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-te-1/1/2/1)# Core2(conf-if-te-1/1/2/1)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config router rip network 10.0.0.0 version 2 Core2(conf-router_rip)#...
Page 706 Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- 10.11.10.0/24 Direct, Te 2/11/1 00:02:26 10.11.20.0/24 Direct, Te 2/3/1 00:02:02 10.11.30.0/24 via 10.11.20.1, Te 1/1/1/1 120/1 00:01:20 10.200.10.0/24 Direct, Te 2/4/1 00:03:03 10.300.10.0/24 Direct, Te 2/5/1 00:02:42 192.168.1.0/24 via 10.11.20.1, Te 1/1/1/1 120/1 00:01:20 192.168.2.0/24 via 10.11.20.1, Te 1/1/1/1...
Page 707 Core 3 RIP Output The examples in this section show the core 2 RIP output. • To display Core 3 RIP database, use the show ip rip database command. • To display Core 3 RIP setup, use the show ip route command. •...
Page 708 Default version control: receive version 2, send version 2 Interface Recv Send TenGigabitEthernet 1/1/1/1 2 2 TenGigabitEthernet 1/1/1/2 2 2 TenGigabitEthernet 1/1/1/3 2 2 TenGigabitEthernet 1/1/1/4 2 2 Routing for Networks: 10.11.20.0 10.11.30.0 192.168.2.0 192.168.1.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.2 00:00:22...
Page 709 ip address 192.168.2.1/24 no shutdown router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.168.1.0 network 192.168.2.0 Routing Information Protocol (RIP)
Page 710: Remote Monitoring (Rmon)
RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment.
Page 711: Setting The Rmon Alarm
1, which is configured with the RMON event command. Possible events include a log entry or an SNMP trap. If the 1.3.6.1.2.1.2.2.1.20.1 value changes to 0 (falling-threshold 0), the alarm is reset and can be triggered again. Dell(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 1 owner nms1 Configuring an RMON Event To add an event in the RMON event table, use the rmon event command in GLOBAL CONFIGURATION mode.
Page 712: Configuring Rmon Collection Statistics
The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface, use the RMON collection statistics command in INTERFACE CONFIGURATION mode.
Page 713 The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john, both the sampling interval and the number of buckets use their respective defaults. Dell(conf-if-mgmt)#rmon collection history controlEntry 20 owner john Remote Monitoring (RMON)
Page 714: Rapid Spanning Tree Protocol (Rstp)
STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 72. Spanning Tree Variations Dell Networking OS Supports...
Page 715: Rstp And Vlt
Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs.
Page 716: Enabling Rapid Spanning Tree Protocol Globally
To disable RSTP globally for all Layer 2 interfaces, enter the disable command from PROTOCOL SPANNING TREE RSTP mode. To verify that RSTP is enabled, use the show config command from PROTOCOL SPANNING TREE RSTP mode. The bold line indicates that RSTP is enabled. Dell(conf-rstp)#show config protocol spanning-tree rstp no disable...
Page 717 To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4...
Page 718: Adding And Removing Interfaces
Max-age — the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. NOTE: Dell Networking recommends that only experienced network administrators change the Rapid Spanning Tree group parameters. Poorly planned modification of the RSTP parameters can negatively affect network performance. Rapid Spanning Tree Protocol (RSTP)
Page 719 Change the hello-time parameter. PROTOCOL SPANNING TREE RSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. •...
Page 720: Enabling Snmp Traps For Root Elections And Topology Changes
The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree rstp command from EXEC privilege mode. Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps, use the following command. •...
Page 721: Influencing Rstp Root Selection
Configure EdgePort only on links connecting to an end station. If you enable EdgePort on an interface connected to a network, it can cause loops. Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Page 722: Configuring Fast Hellos For Link State Detection
To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE mode. In the following example, the bold line indicates that the interface is in EdgePort mode. Dell(conf-if-te-1/1/2/1)#show config...
Page 723: Software-Defined Networking (Sdn)
Software-Defined Networking (SDN) The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide. Software-Defined Networking (SDN)
Page 724: Security
Security This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Topics: • AAA Accounting •...
Page 725 Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null Username Sessions When you activate AAA accounting, the Dell Networking OS software issues accounting records for all users on the system, including users whose username string is NULL because of protocol translation.
Page 726: Aaa Authentication
Dell Networking uses local usernames/passwords (stored on the Dell Networking system) or AAA for login authentication. With AAA, you can specify the security protocol or mechanism for different login methods and different users. In Dell Networking OS, AAA uses a list of authentication methods, called method lists, to define the types of authentication and the sequence in which they are applied.
Page 727: Configuration Task List For Aaa Authentication
If the first method list does not respond or returns an error, Dell Networking OS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, Dell Networking OS does not apply the next method list.
Page 728 To view the configuration, use the show config command in LINE mode or the show running-config in EXEC Privilege mode. NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH).
Page 729: Obscuring Passwords And Keys
Using AAA authentication, the switch acts as a RADIUS or TACACS+ client to send authentication requests to a TACACS+ or RADIUS server. • TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable$. •...
Page 730: Privilege Levels Overview
Limiting access to the system is one method of protecting the system and your network. However, at times, you might need to allow others access to the router and you can limit that access to a subset of commands. In Dell Networking OS, you can configure a privilege level for users who need limited access to the system.
Page 731 To view username, use the show users command in EXEC Privilege mode. Configuring the Enable Password Command To configure Dell Networking OS, use the enable command to enter EXEC Privilege level 15. After entering the command, Dell Networking OS requests that you enter a password.
Page 732 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • command: an Dell Networking OS CLI keyword (up to five keywords allowed). • reset: return the command to its default privilege mode.
Page 733 Dell(conf)#privilege config level 8 snmp-server Dell(conf)#end Dell#show running-config Current Configuration ... hostname Force10 enable password level 8 notjohn enable password Force10 username admin password 0 admin username john password 0 john privilege 8 The following example shows the Telnet session for user john. The show privilege command output confirms that john is in privilege level 8.
Page 734: Radius
For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service. RADIUS Authentication Dell Networking OS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aaa authentication login command.
Page 735 • ACL Configuration Information • Auto-Command • Privilege Levels After gaining authorization for the first time, you may configure these attributes. NOTE: RADIUS authentication/authorization is done for every login. There is no difference between first-time login and subsequent logins. Idle Time Every session line has its own idle-time.
Page 736: Configuration Task List For Radius
• Monitoring RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication.
Page 737 To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If you configure multiple RADIUS server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. When Dell Networking OS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response.
Page 738: Tacacs
TACACS+ Remote Authentication • Specifying a TACACS+ Server Host For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Choosing TACACS+ as the Authentication Method One of the login authentication methods available is TACACS+ and the user’s name and password are sent for authentication to the TACACS hosts specified.
Page 739 If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method.
Page 740: Tacacs+ Remote Authentication
Dell(conf)#username angeline password angeline Dell(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user angeline on vty0 (10.11.9.209) %RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0 ( 10.11.9.209 ) Monitoring TACACS+ To view information on TACACS+ transactions, use the following command. • View TACACS+ transactions to troubleshoot problems.
Page 741: Command Authorization
Enabling SCP and SSH Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use authentication. SSH is enabled by default.
Page 742: Using Scp With Ssh To Copy A Software Image
Specifying an SSH Version The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 Dell(conf)#do show ip ssh SSH server : enabled.
Page 743: Removing The Rsa Host Keys And Zeroizing Storage
To remove the generated RSA host keys and zeroize the key storage location, use the crypto key zeroize rsa command in CONFIGURATION mode. Dell(conf)#crypto key zeroize rsa Configuring When to Re-generate an SSH Key You can configure the time-based or volume-based rekey threshold for an SSH session. If both threshold types are configured, the session rekeys when either one of the thresholds is reached.
Page 744: Configuring The Ssh Server Key Exchange Algorithm
Examples The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes. Dell(conf)#ip ssh rekey volume 4096...
Page 745: Configuring The Ssh Server Cipher List
Secure Shell (SSH) is enabled by default using the SSH Password Authentication method. Enabling SSH Authentication by Password Authenticate an SSH client by prompting for a password when attempting to connect to the Dell Networking system. This setup is the simplest method of authentication and uses SSH version 1.
Page 746 The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version 2. On the SSH client (Unix machine), generate an RSA key, as shown in the following example. Copy the public key id_rsa.pub to the Dell Networking system. Disable password authentication if enabled.
Page 747 Create a list of IP addresses and usernames that are permitted to SSH in a file called rhosts. Refer to the second example. Copy the file shosts and rhosts to the Dell Networking system. Disable password authentication and RSA authentication, if configured...
Page 748: Troubleshooting Ssh
Dell(conf)#ip telnet server enable Dell(conf)#no ip telnet server enable VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 74. VTY Access...
Page 749: Vty Line Local Authentication And Authorization
Dell Networking OS retrieves the access class from the VTY line. The Dell Networking OS takes the access class from the VTY line and applies it to ALL users. Dell Networking OS does not need to know the identity of the incoming user and can immediately apply the access class. If the authentication method is RADIUS, TACACS+, or line, and you have configured an access class for the VTY line, Dell Networking OS immediately applies it.
Page 750: Vty Mac-Sa Filter Support
(same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address.
Page 751: Overview Of Rbac
When you enable role-based only AAA authorization using the aaa authorization role-only command in Configuration mode, the Dell Networking OS checks to ensure that you do not lock yourself out and that the user authentication is available for all terminal lines.
Page 752 To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles.
Page 753: User Roles
that are available to the system security administrator for cryptography operations, AAA, or the commands reserved solely for the system administrator. • Security Administrator (secadmin): This user role can control the security policy across the systems that are within a domain or network topology.
Page 754 The following example denies the netadmin role from using the show users command and then verifies that netadmin cannot access the show users command in exec mode. Note that the netadmin role is not listed in the Role access: secadmin,sysadmin, which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin show users Security...
Page 755 Dell#show role mode exec show users Role access: secadmin,sysadmin Example: Allow Security Administrator to Configure Spanning Tree The following example allows the security administrator (secadmin) to configure the spanning tree protocol. Note command is protocol spanning-tree. Dell(conf)#role configure addrole secadmin protocol spanning-tree Example: Allow Security Administrator to Access Interface Mode The following example allows the security administrator (secadmin) to access Interface mode.
Page 756: Aaa Authentication And Authorization For Roles
CONFIGURATION mode. Example The following example creates a user name that is authenticated based on a user role. Dell (conf) #username john password 0 password role secadmin The following example deletes a user role. NOTE: If you already have a user ID that exists with a privilege level, you can add the user role to username that has a privilege Dell (conf) #no username john The following example adds a user, to the secadmin user role.
Page 757 denied access to the system because they do not have a role. For information about role only mode, see Configuring Role-based Only AAA Authorization. NOTE: Authentication services only validate the user ID and password combination. To determine which commands are permitted for users, configure authorization.
Page 758 For RBAC and privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled “Force10-avpair”. The value is a string in the following format: protocol : attribute sep value “attribute”...
Page 759: Role Accounting
The following example shows you how to configure AAA accounting to monitor commands executed by the users who have a secadmin user role. Dell(conf)#aaa accounting command role secadmin default start-stop tacacs+ Applying an Accounting Method to a Role To apply an accounting method list to a role executed by a user with that user role, use the accounting command in LINE mode.
Page 760: Display Information About User Roles
Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line...
Page 761 The mode is displayed at the start of the output and both the privilege and roles for all users is also displayed. If the role is not defined, the system displays "unassigned" . Example of Displaying Information About Users Logged into the Switch Dell#show users Authorization Mode: role or privilege...
Page 762: Service Provider Bridging
Service Provider Bridging Service provider bridging provides the ability to add a second VLAN ID tag in an Ethernet frame and is referred to as VLAN stacking in the Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks.
Page 763: Important Points To Remember
To switch traffic, add these interfaces to a non-default VLAN-Stack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN. • This limitation becomes relevant if you enable the port as a multi-purpose port (carrying single-tagged and double-tagged traffic).
Page 764: Creating Access And Trunk Ports
Enabling VLAN-Stacking for a VLAN. Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Dell Networking OS Options for Trunk Ports • Debugging VLAN Stacking • VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands.
Page 765: Enable Vlan-Stacking For A Vlan
The default is 9100. To display the S-Tag TPID for a VLAN, use the show running-config command from EXEC privilege mode. Dell Networking OS displays the S-Tag TPID only if it is a non-default value. Configuring Dell Networking OS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic.
Page 766: Debugging Vlan Stacking
While 802.1Q requires that the inner tag TPID is 0x8100, it does not require a specific value for the outer tag TPID. Systems may use any 2- byte value; Dell Networking OS uses 0x9100 (shown in the following) while non-Dell Networking systems might use a different value.
Page 767 R4. The TPID on the outer tag is 0x9100. R2’s TPID must also be 0x9100, and it is, so R2 forwards the frame. Given the matching-TPID requirement, there are limitations when you employ Dell Networking systems at network edges, at which, frames are either double tagged on ingress (R4) or the outer tag is removed on egress (R3).
Page 768 Figure 113. Single and Double-Tag TPID Match Service Provider Bridging...
Page 769 Figure 114. Single and Double-Tag First-byte TPID Match Service Provider Bridging...
Page 770: Vlan Stacking Packet Drop Precedence
Figure 115. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested.
Page 771: Honoring The Incoming Dei Value
By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an Dell Networking OS drop precedence. Precedence can have one of three colors.
Page 772: Marking Egress Packets With A Dei Value
{green | yellow} {0 | 1} Example of Viewing DEI-Marking Configuration To display the DEI-marking configuration, use the show interface dei-mark [interface slot/port/subport ] in EXEC Privilege mode. Dell#show interface dei-mark Default CFI/DEI Marking: 0 Interface Drop precedence CFI/DEI --------------------------------...
Page 773: Mapping C-Tag To S-Tag Dot1P Values
(CAM) tables. Dell Networking OS Behavior: For Option A shown in the previous illustration, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence.
Page 774: Layer 2 Protocol Tunneling
• vman-qos-dual-fp: mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p. This method requires twice as many CAM entries as vman-qos and FP blocks in multiples of 2. The default is: 0 FP blocks for vman-qos and vman-qos-dual-fp. The new CAM configuration is stored in NVRAM and takes effect only after a save and reload.
Page 775 Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge.
Page 776: Implementation Information
Figure 118. VLAN Stacking with L2PT Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. • No protocol packets are tunneled when you enable VLAN stacking. • L2PT requires the default CAM profile. Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command.
Page 777: Specifying A Destination Mac Address For Bpdus
Specifying a Destination MAC Address for BPDUs By default, Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command.
Page 778: Debugging Layer 2 Protocol Tunneling
Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel Provider Backbone Bridging IEEE 802.1ad—Provider Bridges amends 802.1Q—Virtual Bridged Local Area Networks so that service providers can use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider.
Page 779: Sflow
Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe.
Page 780: Important Points To Remember
• Dell Networking OS exports all sFlow packets to the collector. A small sampling rate can equate to many exported packets. A backoff mechanism is automatically applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect.
Page 781: Enabling And Disabling Sflow On An Interface
Hu 1/2/1: configured rate 131072, actual rate 131072 Dell# If you did not enable any extended information, the show output displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 20...
Page 782: Sflow Show Commands
Example of the show sflow command when the sflow max-header-size extended is configured globally Example of viewing the sflow max-header-size extended on an Interface Mode Example of the show running-config sflow Command sFlow Show Commands Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Globally •...
Page 783: Displaying Show Sflow On A Stack-Unit
:16384 Counter polling interval Extended max header size :128 Samples rcvd from h/w The following example shows the show running-config interface command. Dell#show running-config interface tengigabitethernet 1/1/6/1 interface TenGigabitEthernet 1/1/6/1 no ip address switchport sflow ingress-enable sflow sample-rate 8192 no shutdown Displaying Show sFlow on a Stack-unit To view sFlow statistics on a specified Stack-unit, use the following command.
Page 784: Back-Off Mechanism
Confirm that extended information packing is enabled. show sflow Examples of Verifying Extended sFlow The bold line shows that extended sflow setting is enabled for extended switch. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768...
Page 785: Important Points To Remember
To export extended-gateway data, BGP must learn the IP destination address. • If the IP destination address is not learned via BGP the Dell Networking system does not export extended-gateway data. • If the IP source address is learned via IGP, srcAS and srcPeerAS are zero.
Page 786 IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description Exported Exported Extended gateway data is packed. sFlow...
Page 787: Simple Network Management Protocol (Snmp)
The Simple Network Management Protocol (SNMP) is designed to manage devices on IP networks by monitoring device operation, which might require administrator intervention. NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including Get and a limited number of Set operations (such as set vlan and copy cmd). Topics: •...
Page 788: Implementation Information
The following describes SNMP implementation information. • Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901, and SNMP version 3 as defined by RFC 2571. •...
Page 789: Configuration Task List For Snmp
The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these configurations use SNMP version 2c.
Page 790: Creating A Community
Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message. You must specify whether members of the community may only retrieve values (read), or retrieve and alter values (read-write).
Page 791: Reading Managed Object Values
You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address.
Page 792: Writing Managed Object Values
You may use up to 55 characters. The default is None. • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmp-server location text You may use up to 55 characters.
Page 793: Subscribing To Managed Object Value Updates Using Snmp
Subscribing to Managed Object Value Updates using SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system.
Page 794: Enabling A Subset Of Snmp Traps
PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command.
Page 795: Copy Configuration Files Using Snmp
• copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses. The examples in this section use IPv4 addresses; however, you can substitute IPv6 addresses for the IPv4 addresses in all of the examples.
Page 796: Copying A Configuration File
• If copySourceFileType is set to running-config or startup- config, copySrcFileName is not required. 1 = Dell Networking OS file copyDestFileType .1.3.6.1.4.1.6027.3.5.1.1.1.1.5 Specifies the type of file to copy 2 = running-config • If copySourceFileType is...
Page 797: Copying Configuration Files Via Snmp
CONFIGURATION mode snmp-server community community-name rw Copy the f10-copy-config.mib MIB from the Dell iSupport web page to the server to which you are copying the configuration file. On the server, use the snmpset command as shown in the following example.
Page 798: Copying The Startup-Config Files To The Running-Config
FTOS-COPY-CONFIG-MIB::copySrcFileType.100 = INTEGER: runningConfig(2) FTOS-COPY-CONFIG-MIB::copyDestFileType.100 = INTEGER: startupConfig(3) Copying the Startup-Config Files to the Running-Config To copy the startup-config to the running-config from a UNIX machine, use the following command. • Copy the startup-config to the running-config from a UNIX machine. snmpset -c private -v 2c force10system-ip-address copySrcFileType.index i 3 copyDestFileType.index i 2 Examples of Copying Configuration Files from a UNIX Machine...
Page 799: Copy A Binary File To The Startup-Configuration
11.11.11.11 Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP.
Page 800: Obtaining A Value For Mib Objects
MIB Object Values Description 4 = file exists 5 = file not found 6 = timeout 7 = unknown copyEntryRowStatus .1.3.6.1.4.1.6027.3.5.1.1.1.1.15 Row status Specifies the state of the copy operation. Uses CreateAndGo when you are performing the copy. The state is set to active when the copy is completed.
Page 801: Mib Support To Display The Available Memory Size On Flash
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory.
Page 802: Viewing The Software Core Files Generated By The System
MIB Object Description chSysCoresProcess Contains information that includes the process names that generated each core file. Viewing the Software Core Files Generated by the System • To view the software core files generated by the system, use the following command. snmpwalk -v2c -c public 192.168.60.120 .1.3.6.1.4.1.6027.3.10.1.2.10 enterprises.6027.3.10.1.2.10.1.1.1.1 = 1 enterprises.6027.3.10.1.2.10.1.1.1.2 = 2...
Page 803: Displaying The Ports In A Vlan
MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto Displaying the Ports in a VLAN Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command. Add Tagged and Untagged Ports to a VLAN The value dot1qVlanStaticEgressPorts object is an array of all VLAN members.
Page 804: Managing Overload On Startup
Create an SNMP community on the Dell system. CONFIGURATION mode snmp-server community From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. EXEC Privilege mode show interface Or, from the management system, use the snmpwwalk command to identify the interface index.
Page 805: Fetch Dynamic Mac Entries Using Snmp
Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs regarding 802.1d, as 802.1d itself does not define them. As a switchport must belong a VLAN (the default VLAN or a configured VLAN), all MAC address learned on a switchport are associated with a VLAN.
Page 806: Deriving Interface Indices
SNMPv2-SMI::enterprises.6027.3.2.1.1.5.1.4.1000.0.1.232.6.149.172.1 = INTEGER: 1 Deriving Interface Indices The Dell Networking OS assigns an interface index to each (configured and unconfigured) physical and logical interface, and displays it in the output of the show interface command. The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface.
Page 807: Monitor Port-Channels
Flash Partition The system image can also be retrieved by performing an SNMP walk on the following OID: MIB Object is chSysSwModuleTable and the OID is 1.3.6.1.4.1.6027.3.10.1.2.8. Dell#show interface Tengigabitethernet 1/1/2/1 TenGigabitEthernet 1/1/2/1 is up, line protocol is up Monitor Port-Channels To check the status of a Layer 2 port-channel, use f10LinkAggMib (.1.3.6.1.4.1.6027.3.2).
Page 808: Troubleshooting Snmp Operation
SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior. • When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the output for echo replies may be incorrectly displayed.
Page 809: Storm Control
Storm control allows you to control unknown-unicast, muticast, and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports unknown-unicast, muticast, and broadcast control for Layer 2 and Layer 3 traffic.
Page 810: Configuring Storm Control From Configuration Mode
• The storm control is calculated in packets per second. • Configure storm control. INTERFACE mode • Configure the packets per second of broadcast traffic allowed on an interface (ingress only). INTERFACE mode storm-control broadcast packets_per_second in • Configure the packets per second of multicast traffic allowed on C-Series or S-Series interface (ingress only) network only. INTERFACE mode storm-control multicast packets_per_second in •...
Page 811: Detect Pfc Storm
This command triggers a queue drop state on the interface with PFC storm, so that the traffic through other ports and priorities are not affected. For more information about the above commands, see the Dell Networking OS Command Line Reference Guide. Restore Queue Drop State You can restore the queue drop triggered due to the storm control PFC detection to the normal state.
Page 812 -------------------------------------------------------------------------------- Te 0/0 Te 0/1 Te 0/2 Te 0/3 Te 0/4 Te 0/5 Te 0/80 Dell# Storm Control...
Page 813: Spanning Tree Protocol (Stp)
Layer 2 loops, which can occur in a network due to poor network design and without enabling protocols like xSTP, can cause unnecessarily high switch CPU utilization and memory consumption. Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 85. Dell Networking OS Supported Spanning Tree Protocols...
Page 814: Configure Spanning Tree
• The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time.
Page 815: Configuring Interfaces For Layer 2 Mode
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 119. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. If the interface has been assigned an IP address, remove it.
Page 816: Enabling Spanning Tree Protocol Globally
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1/1/1)# Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally;...
Page 817 The port is not in the portfast mode To confirm that a port is participating in Spanning Tree, use the show spanning-tree 0 brief command from EXEC privilege mode. Dell#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462...
Page 818: Adding An Interface To The Spanning Tree Group
STP. NOTE: Dell Networking recommends that only experienced network administrators change the spanning tree parameters. Poorly planned modification of the spanning tree parameters can negatively affect network performance. The following table displays the default values for STP.
Page 819: Modifying Interface Stp Parameters
PROTOCOL SPANNING TREE mode hello-time seconds NOTE: With large configurations (especially those with more ports) Dell Networking recommends increasing the hello- time. The range is from 1 to 10. the default is 2 seconds. • Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology).
Page 820: Enabling Portfast
Disabled state when receiving the BPDU, the physical interface remains up and spanning-tree will only drop packets after a BPDU violation. The following example shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Networking system is configured with Portfast.
Page 821 • Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 121. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU.
Page 822: Selecting Stp Root
Te 1/1/6/1 Root 128.263 128 20000 FWD 20000 P2P Te 1/1/7/1 ErrDis 128.264 128 20000 EDS 20000 P2P Dell(conf-if-te-1/1/7/1)#do show ip interface brief tengigabitEthernet 1/1/7/1 Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/1/7/1 unassigned YES Manual up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge.
Page 823: Root Guard Scenario
Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
Page 824: Enabling Snmp Traps For Root Elections And Topology Changes
• Spanning Tree Protocol (STP) • Rapid Spanning Tree Protocol (RSTP) • Multiple Spanning Tree Protocol (MSTP) • Per-VLAN Spanning Tree Plus (PVST+) • When enabled on a port, root guard applies to all VLANs configured on the port. • You cannot enable root guard and loop guard at the same time on an STP port.
Page 825: Stp Loop Guard
Example of Configuring all Spanning Tree Types to be Hitless Dell(conf)#redundancy protocol xstp Dell#show running-config redundancy redundancy protocol xstp Dell# STP Loop Guard The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault.
Page 826: Configuring Loop Guard
Figure 123. STP Loop Guard Prevents Forwarding Loops Configuring Loop Guard Enable STP loop guard on a per-port or per-port channel basis. The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface. •...
Page 827: Displaying Stp Guard Configuration
BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU. • Verify the STP guard configured on port or port-channel interfaces. show spanning-tree 0 guard [interface interface] Example of Viewing STP Guard Configuration Dell#show spanning-tree 0 guard Interface Name Instance Sts Guard type...
Page 828: Supportassist
SupportAssist requires Dell Networking OS 9.9(0.0) and SmartScripts 9.7 or later to be installed on the Dell Networking device. For more information on SmartScripts, see Dell Networking Open Automation guide.
Page 829: Configuring Supportassist Using A Configuration Wizard
Dell end user license agreement, available at: www.dell.com/aeula, you agree to allow Dell to provide remote monitoring services of your IT environment and you give Dell the right to collect the Collected Data in accordance with Dells Privacy Policy, available at: www.dell.com/privacypolicycountryspecific,...
Page 830 If you are downloading SupportAssist on behalf of a company or other legal entity, you are further certifying to Dell that you have appropriate authority to provide this consent on behalf of that entity. If you do not consent to the collection, transmission and/or use of the Collected Data, you may not download, install or otherwise use SupportAssist.
Page 831: Configuring Supportassist Activity
{full-transfer | core-transfer} start now Dell#support-assist activity full-transfer start now Dell#support-assist activity core-transfer start now Configuring SupportAssist Activity SupportAssist Activity mode allows you to configure and view the action-manifest file for a specific activity. To configure SupportAssist activity, use the following commands.
Page 832: Configuring Supportassist Company
Configure the address information for the company. SUPPORTASSIST COMPANY mode [no] address [city company-city] [{province | region | state} name] [country company-country] [{postalcode | zipcode] company-code] Dell(conf-supportassist-cmpy-test)#address city MyCity state MyState country MyCountry Dell(conf-supportassist-cmpy-test)# Configure the street address information for the company. SUPPORTASSIST COMPANY mode [no] street-address {address1}[address2]…[address8]...
Page 833: Configuring Supportassist Person
Configure the time frame for contacting the person. SUPPORTASSIST PERSON mode [no] time-zone zone +-HH:MM[start-time HH:MM] [end-time HH:MM] Dell(conf-supportassist-pers-john_doe)#time-zone zone +01:24 start-time 12:00 end-time 23:00 Dell(conf-supportassist-pers-john_doe)# Configuring SupportAssist Server SupportAssist Server mode allows you to configure server name and the means of reaching the server. By default, a SupportAssist server URL has been configured on the device.
Page 834: Viewing Supportassist Configuration
SUPPORTASSIST SERVER mode [no] proxy-ip-address {ipv4-address | ipv6-address}port port-number [ username userid password [encryption-type] password ] Dell(conf-supportassist-serv-default)#proxy-ip-address 10.0.0.1 port 90 username test password 0 test1 Dell(conf-supportassist-serv-default)# Enable communication with the SupportAssist server. SUPPORTASSIST SERVER mode [no] enable Dell(conf-supportassist-serv-default)#enable Dell(conf-supportassist-serv-default)# Configure the URL to reach the SupportAssist remote server.
Page 835 Dell end user license agreement, available at: www.dell.com/aeula, you agree to allow Dell to provide remote monitoring services of your IT environment and you give Dell the right to collect the Collected Data in accordance with Dells Privacy Policy, available at: www.dell.com/privacypolicycountryspecific, in order to enable the performance of all of the various functions of SupportAssist during your entitlement to receive related repair services from Dell,.
Page 836: System Time And Date
System time and date settings and the network time protocol (NTP) are supported on Dell Networking OS. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings.
Page 837: Protocol Overview
Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP host with which to synchronize and serve as a client to the NTP host.
Page 838: Enabling Ntp
NTP is disabled by default. To enable NTP, specify an NTP server to which the Dell Networking system synchronizes. To specify multiple servers, enter the command multiple times. You may specify an unlimited number of servers at the expense of CPU resources.
Page 839: Disabling Ntp On An Interface
Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, Dell Networking OS drops any NTP packets sent to that interface. To disable NTP on an interface, use the following command.
Page 840 To configure NTP authentication, use the following commands. Enable NTP authentication. CONFIGURATION mode ntp authenticate Set an authentication key. CONFIGURATION mode ntp authentication-key number md5 key Configure the following parameters: • number: the range is from 1 to 4294967295. This number must be the same as the number in the ntp trusted-key command.
Page 841 Filter dispersion — the error in calculating the minimum delay from a set of sample data from a peer. To view the NTP configuration, use the show running-config ntp command in EXEC privilege mode. The following example shows an encrypted authentication key (in bold). All keys are encrypted. Dell#show running ntp ntp authenticate ntp authentication-key 345 md5 5A60910F3D211F02 ntp server 11.1.1.1 version 3...
Page 842: Configuring A Custom-Defined Period For Ntp Time Synchronization
The range for threshold-value is from 0 to 999. Dell(conf)#ntp offset-threshold 9 Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings.
Page 843: Setting The Timezone
Dell# Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year. Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis.
Page 844: Setting Recurring Daylight Saving Time
60 minutes. Example of the clock summer-time Command Dell(conf)#clock summer-time pacific date Mar 14 2009 00:00 Nov 7 2009 00:00 Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar 14 2009;Summer time ends 00:00:00 pacific Sat Nov 7 2009"...
Page 845 Examples of the clock summer-time recurring Command The following example shows the clock summer-time recurring command. Dell(conf)#clock summer-time pacific recurring Mar 14 2009 00:00 Nov 7 2009 00:00 ? Dell(conf)#02:02:13: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Summertime configuration changed from "none" to "Summer time starts 00:00:00 Pacific Sat Mar 14 2009;Summer time ends 00:00:00 pacific Sat Nov 7 2009"...
Page 846: Uplink Failure Detection (Ufd)
Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. Feature Description A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connectivity, downstream devices also lose their connectivity.
Page 847: How Uplink Failure Detection Works
Figure 126. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
Page 848: Ufd And Nic Teaming
Figure 127. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the upstream port bandwidth to the downstream port bandwidth in the same uplink-state group.
Page 849: Configuring Uplink Failure Detection
• If one of the upstream interfaces in an uplink-state group goes down, either a user-configurable set of downstream ports or all the downstream ports in the group are put in an Operationally Down state with an UFD Disabled error. The order in which downstream ports are disabled is from the lowest numbered port to the highest.
Page 850: Clearing A Ufd-Disabled Interface
NOTE: Downstream interfaces in an uplink-state group are put into a Link-Down state with an UFD-Disabled error message only when all upstream interfaces in the group go down. To revert to the default setting, use the no downstream disable links command. (Optional) Enable auto-recovery so that UFD-disabled downstream ports in the uplink-state group come up when a disabled upstream port in the group comes back up.
Page 851: Displaying Uplink Failure Detection
Example of Syslog Messages Before and After Entering the clear ufd-disable uplink-state-group Command (S50) The following example message shows the Syslog messages that display when you clear the UFD-Disabled state from all disabled downstream interfaces in an uplink-state group by using the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
Page 852 The following example shows viewing the uplink state group status. The following example shows viewing the interface status with UFD information. Dell#show interfaces tengigabitethernet 1/15/1 TenGigabitEthernet 1/15/1 is up, line protocol is down (error-disabled[UFD]) Hardware is Force10Eth, address is 00:01:e8:32:7a:47...
Page 853: Sample Configuration: Uplink Failure Detection
Dell(conf)# uplink-state-group 3 00:08:11: %STKUNIT0-M:CP %IFMGR-5-ASTATE_UP: Changed uplink state group Admin state to up: Group 3 Dell(conf-uplink-state-group-3)# downstream tengigabitethernet 1/1-2,5,9,11-12/1 Dell(conf-uplink-state-group-3)# downstream disable links 2 Dell(conf-uplink-state-group-3)# upstream tengigabitethernet 1/3-4/1 00:10:00: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Te 1/1/1...
Page 854: Tunneling
If the tunnel mode is IPv6 or IPIP, you can use either an IPv6 address or an IPv4 address for the logical address of the tunnel, but in IPv6IP mode, the logical address must be an IPv6 address. The following sample configuration shows a tunnel configured in IPv6 mode (carries IPv6 and IPv4 traffic). Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#tunnel source 30.1.1.1 Dell(conf-if-tu-1)#tunnel destination 50.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#ip address 1.1.1.1/24...
Page 855: Configuring Tunnel Keepalive Settings
Dell(conf-if-tu-1)#ipv6 address 1abd::1/64 Dell(conf-if-tu-1)#ip address 1.1.1.1/24 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#tunnel keepalive 1.1.1.2 attempts 4 interval 6 Dell(conf-if-tu-1)#show config interface Tunnel 1 ip address 1.1.1.1/24 ipv6 address 1abd::1/64 tunnel destination 40.1.1.2 tunnel source 40.1.1.1 tunnel keepalive 1.1.1.2 attempts 4 interval 6...
Page 856: Configuring A Tunnel Interface
The following sample configuration shows how to use the interface tunnel configuration commands. Dell(conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 ip address 20.1.1.1/24 ipv6 address 20:1::1/64 no shutdown Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ip unnumbered tengigabitethernet 1/1/1/1 Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 1/1/1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config interface Tunnel 1...
Page 857: Configuring Tunnel Source Anylocal Decapsulation
The following sample configuration shows how to use the tunnel source anylocal command. Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#ipv6 address 1abd::1/64 Dell(conf-if-tu-1)#ip address 1.1.1.1/24 Dell(conf-if-tu-1)#tunnel source anylocal Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#tunnel allow-remote 40.1.1.2 Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config interface Tunnel 1 ip address 1.1.1.1/24...
Page 858: Upgrade Procedures
Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes.
Page 859: Virtual Lans (Vlans)
Interfaces chapter. • VLAN Stacking in the Service Provider Bridging chapter. For a complete listing of all commands related to Dell Networking OS VLANs, refer to these Dell Networking OS Command Reference Guide chapters: • Interfaces • 802.1X • GARP VLAN Registration Protocol (GVRP) •...
Page 860: Default Vlan
T Te 1/1/1/1 Port-Based VLANs Port-based VLANs are a broadcast domain defined by different ports or interfaces. In Dell Networking OS, a port-based VLAN can contain interfaces from different line cards within the chassis. Dell Networking OS supports 4094 port-based VLANs.
Page 861: Vlans And Port Tagging
Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination and source MAC addresses. That information is preserved as the frame moves through the network. The following example shows the structure of a frame with a tag header.
Page 862: Assigning Interfaces To A Vlan
(T) or untagged (U). For more information about this command, refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use the following commands.
Page 863: Moving Untagged Interfaces
Inactive Active Po1(So 0/0-1) Te 1/1/1 Active Po1(So 0/0-1) Te 1/2/1 Dell#config Dell(conf)#interface vlan 4 Dell(conf-if-vlan)#tagged po 1 Dell(conf-if-vlan)#show conf interface Vlan 4 no ip address tagged Port-channel 1 Dell(conf-if-vlan)#end Dell#show vlan Codes: * - Default VLAN, G - GVRP VLANs...
Page 864: Assigning An Ip Address To A Vlan
You cannot assign an IP address to the Default VLAN (VLAN 1). To assign another VLAN ID to the Default VLAN, use the default vlan-id vlan-id command. In Dell Networking OS, you can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic. For more information, refer to Bulk Configuration.
Page 865: Enabling Null Vlan As The Default Vlan
This presents a vulnerability because both interfaces are initially placed in the native VLAN, VLAN 1, and for that period customers are able to access each other's networks. Dell Networking OS has a Null VLAN to eliminate this vulnerability. When you enable the Null VLAN, all ports are placed into it by default, so even if you activate the physical ports of multiple customers, no traffic is allowed to traverse the links until each port is place in another VLAN.
Page 866: Vlt Proxy Gateway
The virtual link trucking (VLT) proxy gateway feature allows a VLT domain to locally terminate and route L3 packets that are destined to a Layer 3 (L3) end point in another VLT domain. Enable the VLT proxy gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide. Topics: •...
Page 867: Guidelines For Enabling The Vlt Proxy Gateway
Figure 129. Sample Configuration for a VLT Proxy Gateway Guidelines for Enabling the VLT Proxy Gateway Keep the following points in mind when you enable a VLT proxy gateway: • Proxy gateway is supported only for VLT; for example, across a VLT domain. •...
Page 868: Enable Vlt Proxy Gateway
TLV. • Dell Networking devices not configured with VLT proxy gateway process standard TLVs and ignore TLVs configured with VLT proxy gateway. The LLDP organizational TLV passes local destination MAC address information to peer VLT domain devices so they can act as a proxy gateway.
Page 869 • You must configure the interface proxy gateway LLDP to enable or disable a proxy-gateway LLDP TLV on specific interfaces. • The interface is typically a VLT port-channel that connects to a remote VLT domain. • The new proxy gateway TLV is carried on the physical links under the port channel only. •...
Page 870: Lldp Vlt Proxy Gateway In A Square Vlt Topology
C and D (VLT domain 1) and C1 and D1 (VLT domain 2). This behavior is applicable only in the LLDP configuration and not required in the static configuration. Sample Configuration Dell(conf-vlt-domain)#proxy-gateway lldp Dell(conf-vlt-domain-pxy-gw-lldp)#vlt-peer-mac transmit • Assume the inter-chassis link (ICL) between C1 and D1 is shutdown and if D1 is the secondary VLT, one half of the inter DC link goes down.
Page 871: Configuring A Static Vlt Proxy Gateway
VLT domains [C and D in VLT domain 1 and C1 and D1 in VLT domain 2]. Sample Configuration LLDP Method Dell(conf-vlt-domain)#proxy-gateway ll Dell(conf-vlt-domain-pxy-gw-lldp)#peer-domain-link port-channel 1 exclude-vlan 10 Sample Configuration Static Method Dell(conf-vlt-domain)#proxy-gateway static Dell(conf-vlt-domain-pxy-gw-static)#remote-mac-address <xx:xx:xx:xx:xx:xx> exclude-vlan 10 •...
Page 872: Virtual Link Trunking (Vlt)
Virtual Link Trunking (VLT) Virtual link trunking (VLT) allows physical links between two Dell switches to appear as a single virtual link to the network core or other switches such as Edge, Access, or top-of-rack (ToR). As a result, the two physical switches appear as a single switch to the connected devices.
Page 873 Figure 132. VLT providing multipath VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology. To prevent the initial loop that may occur prior to VLT being established, use a spanning tree protocol. After VLT is established, you may use rapid spanning tree protocol (RSTP) to prevent loops from forming with new links that are incorrectly connected and outside the VLT domain.
Page 874 Agility in VM Migration under VLT domain. CAUTION: Dell Networking does not recommend enabling Stacking and VLT simultaneously. If you enable both features at the same time, unexpected behavior may occur. As shown in the following example, VLT presents a single logical Layer 2 domain from the perspective of attached devices that have a virtual link trunk terminating on separate chassis in the VLT domain.
Page 875: Vlt On Core Switches
Figure 134. VLT on Core Switches The aggregation layer is mostly in the L2/L3 switching/routing layer. For better resiliency in the aggregation, Dell Networking recommends running the internal gateway protocol (IGP) on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system.
Page 876: Vlt Terminology
End devices (such as switches, servers, and so on) connected to a VLT domain consider the two VLT peers as a single logical switch. • Although VLT does not require spanning tree protocols, Dell Networking recommends enabling RSTP before configuring VLT to avoid possible loops from forming due to incorrect configuration.
Page 877: Configure Virtual Link Trunking
PVST Configuration. • Dell Networking strongly recommends that the VLTi (VLT interconnect) be a static LAG and that you disable LACP on the VLTi. • Ensure that the spanning tree root bridge is at the Aggregation layer. Refer to RSTP and VLT for guidelines to avoid traffic loss, if you enable RSTP on the VLT device.
Page 878: Configuration Notes
VLT peer switches operate as separate chassis with independent control and data planes for devices attached to non-VLT ports. • Port-channel link aggregation (LAG) across the ports in the VLT interconnect is required; individual ports are not supported. Dell Networking strongly recommends configuring a static LAG for VLTi.
Page 879 • If the size of the MTU for VLTi members is less than 1496 bytes, MAC addresses may not synchronize between VLT peers. Dell Networking does not recommend using an MTU size lower than the default of 1554 bytes for VLTi members.
Page 880 Enable Layer 3 VLAN connectivity VLT peers by configuring a VLAN network interface for the same VLAN on both switches. • Dell Networking does not recommend enabling peer-routing if the CAM is full. To enable peer-routing, a minimum of two local DA spaces for wild-card functionality are required.
Page 881: Primary And Secondary Vlt Peers
• If the primary chassis fails, the secondary chassis takes on the operational role of the primary. • The SNMP MIB reports VLT statistics. Primary and Secondary VLT Peers To prevent issues when connectivity between peers is lost, you can designate Primary and Secondary roles for VLT peers . You can elect or configure the Primary Peer.
Page 882: Vlt And Igmp Snooping
VLT and IGMP Snooping When configuring IGMP Snooping with VLT, ensure the configurations on both sides of the VLT trunk are identical to get the same behavior on both sides of the trunk. When you configure IGMP snooping on a VLT node, the dynamically learned groups and multicast router ports are automatically learned on the VLT peer node.
Page 883 Figure 136. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches.
Page 884: Vlt Routing
Each VLT peer runs its own PIM protocol independently of other VLT peers. To ensure the PIM protocol states or multicast routing information base (MRIB) on the VLT peers are synced, if the incoming interface (IIF) and outgoing interface (OIF) are Spanned, the multicast route table is synced between the VLT peers.
Page 885 NOTE: The peer routing and peer-routing-timeout is applicable for both IPv6/ IPv4. Configuring VLT Unicast To enable and configure VLT unicast, follow these steps. Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode. CONFIGURATION mode vlt domain domain-id Enable peer-routing.
Page 886: Non-Vlt Arp Sync
Run RSTP on both VLT peer switches. The primary VLT peer controls the RSTP states, such as forwarding and blocking, on both the primary and secondary peers. Dell Networking recommends configuring the primary VLT peer as the RSTP primary root device and configuring the secondary VLT peer as the RSTP secondary root device.
Page 887: Preventing Forwarding Loops In A Vlt Domain
Preventing Forwarding Loops in a VLT Domain During the bootup of VLT peer switches, a forwarding loop may occur until the VLT configurations are applied on each switch and the primary/secondary roles are determined. To prevent the interfaces in the VLT interconnect trunk and RSTP-enabled VLT ports from entering a Forwarding state and creating a traffic loop in a VLT domain, take the following steps.
Page 888 Before you begin, make sure that both VLT peer switches are running the same Dell Networking OS version and are configured for RSTP as described in the RSTP Configuration section. For VRRP operation, ensure that you configure VRRP groups and L3 routing on each VLT...
Page 889 Enabling VLT and Creating a VLT Domain To enable VLT and create a VLT domain, use the following steps. Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode. CONFIGURATION mode vlt domain domain-id The domain ID range is from 1 to 1000. Configure the same domain ID on the peer switch to allow for common peering.
Page 890 LACP on VLT ports (on a VLT switch or access device), which are members of the virtual link trunk, is not brought up until the VLT domain is recognized on the access device. Repeat Steps 1 to 5 on the VLT peer switch to configure the IP address of this switch as the endpoint of the VLT backup link and to configure the same port channel for the VLT interconnect.
Page 891 Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. (Optional) When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch.
Page 892 interface port-channel id-number Remove an IP address from the interface. INTERFACE PORT-CHANNEL mode no ip address Place the interface in Layer 2 mode. INTERFACE PORT-CHANNEL mode switchport Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: •...
Page 893 You can optionally specify the time interval used to send hello messages. The range is from 1 to 5 seconds. When you create a VLT domain on a switch, Dell Networking OS automatically creates a VLT-system MAC address used for internal system operations.
Page 894 When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch. To explicitly configure the default values on each peer switch, use the following command. VLT DOMAIN CONFIGURATION mode unit-id {0 | 1} The unit IDs are used for internal system operations.
Page 895 NOTE: To benefit from the protocol negotiations, Dell Networking recommends configuring VLTs used as facing hosts/ switches with LACP. Ensure both peers use the same port channel ID. Configure the peer-link port-channel in the VLT domains of each peer unit.
Page 896 Example of Configuring VLT In the following sample VLT configuration steps, VLT peer 1 is Dell-2, VLT peer 2 is Dell-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers.
Page 897 : Disabled Peer-Routing-Timeout timer : 0 seconds Multicast peer-routing timeout : 150 seconds Dell# Verify that the VLT LAG is up in VLT peer unit. Dell-2#show interfaces port-channel 2 brief Codes: L - LACP Port-channel Mode Status Uptime Ports L2L3...
Page 898: Pvst+ Configuration
Secondary peer does not control the VLT-LAGs. Dell Networking recommends configuring the primary VLT peer as the primary root device for all the configured PVST+ Instances and configuring the secondary VLT peer as the secondary root device for all the configured PVST+ Instances.
Page 899: Evlt Configuration Example
eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network. In this example, you are configuring two domains. Domain 1 consists of Peer 1 and Peer 2; Domain 2 consists of Peer 3 and Peer 4, as shown in the following example.
Page 900 Next, configure the VLT domain and VLTi on Peer 2. Domain_1_Peer2#configure Domain_1_Peer2(conf)#interface port-channel 1 Domain_1_Peer2(conf-if-po-1)# channel-member TenGigabitEthernet 1/1/8/1-1/1/8/2 Domain_1_Peer2(conf) #vlt domain 1000 Domain_1_Peer2(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer2(conf-vlt-domain)# back-up destination 10.16.130.12 Domain_1_Peer2(conf-vlt-domain)# system-mac mac-address 00:0a:00:0a:00:0a Domain_1_Peer2(conf-vlt-domain)# peer-routing Domain_1_Peer2(conf-vlt-domain)# unit-id 1 Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100...
Page 901: Pim-Sparse Mode Configuration Example
Configure eVLT on Peer 4. Domain_2_Peer4(conf)#interface port-channel 100 Domain_2_Peer4(conf-if-po-100)# switchport Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4. Domain_2_Peer4(conf)#interface range tengigabitethernet 1/1/3/1 - 1/1/3/2 Domain_2_Peer4(conf-if-range-te-1/1/3/1-2)# port-channel-protocol LACP Domain_2_Peer4(conf-if-range-te-1/1/3/1-2)# port-channel 100 mode active Domain_2_Peer4(conf-if-range-te-1/1/3/1-2)# no shutdown PIM-Sparse Mode Configuration Example The following sample configuration shows how to configure the PIM Sparse mode designated router functionality on the VLT domain with...
Page 902 show vlt backup-link • Display general status information about VLT domains currently configured on the switch. EXEC mode show vlt brief • Display detailed information about the VLT-domain configuration, including local and peer port-channel IDs, local VLT switch status, and number of active VLANs on each port channel.
Page 903 HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: 34998 HeartBeat Messages Sent: 1030 HeartBeat Messages Received: 1014 The following example shows the show vlt brief command. Dell#show vlt brief VLT Domain Brief ------------------ Domain ID Role : Secondary Role Priority : 32768...
Page 904 Local System MAC address: 00:01:e8:8a:df:e6 Local System Role Priority: 32768 The following example shows the show running-config vlt command. Dell_VLTpeer1# show running-config vlt vlt domain 30 peer-link port-channel 60 back-up destination 10.11.200.18 Dell_VLTpeer2# show running-config vlt vlt domain 30 peer-link port-channel 60 back-up destination 10.11.200.20 The following example shows the show vlt statistics command.
Page 905: Additional Vlt Sample Configurations
Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Cost Bridge ID PortID ---------- -------- ---- ------- -------- - ------- ------------- Po 1 128.2 128 200000 DIS 0001.e88a.dff8 128.2 Po 3 128.4 128 200000 DIS 0001.e88a.dff8 128.4 Po 4 128.5...
Page 906: Troubleshooting Vlt
1/5,6 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Virtual Link Trunking (VLT)
Page 907 Version ID mismatch A syslog error message and an A syslog error message and an Verify the Dell Networking OS SNMP trap are generated. SNMP trap are generated. software versions on the VLT peers is compatible. For more information, refer to the Release Notes for this release.
Page 908: Reconfiguring Stacked Switches As Vlt
Description Behavior at Peer Up Behavior During Run Time Action to Take The VLT port channel is brought The VLT port channel is brought VLT LAG ID mismatch Perform a mismatch check after down. down. the VLT peer is established. A syslog error message is A syslog error message is generated.
Page 909: Association Of Vlti As A Member Of A Pvlan
• ARP entries are synchronized even when a mismatch occurs in the PVLAN mode of a VLT LAG. Any VLAN that contains at least one VLT port as a member is treated as a VLT VLAN. You can configure a VLT VLAN to be a primary, secondary, or a normal VLAN.
Page 910: Pvlan Operations When A Vlt Peer Is Restarted
PVLAN Operations When a VLT Peer is Restarted When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back online, a verification is performed with the newly received PVLAN configuration from the peer. If any differences are identified, the VLTi link is either added or removed from the VLAN.
Page 911: Configuring A Vlt Vlan Or Lag In A Pvlan
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Synchronization Peer1 Peer2 Peer1 Peer2 Trunk Access Primary Secondary Promiscuous Promiscuous Primary Primary Promiscuous Access Primary Secondary Promiscuous Promiscuous Primary Primary - Secondary - Secondary (Community) (Isolated) Access Access Secondary Secondary (Isolated) No (Community)
Page 912: Creating A Vlt Lag Or A Vlt Vlan
isolation between ports within the same VLAN. A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair. With VLT being a Layer 2 redundancy feature, support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved.
Page 913: Associating The Vlt Lag Or Vlt Vlan In A Pvlan
Associating the VLT LAG or VLT VLAN in a PVLAN Access INTERFACE mode for the port that you want to assign to a PVLAN. CONFIGURATION mode interface interface Enable the port. INTERFACE mode no shutdown Set the port in Layer 2 mode. INTERFACE mode switchport Select the PVLAN mode.
Page 914: Working Of Proxy Arp For Vlt Peer Nodes
By default, proxy ARP is enabled. To disable proxy ARP, use the no proxy-arp command in Interface mode. To re-enable proxy ARP, use the ip proxy-arp command in Interface mode. To view if proxy ARP is enabled on the interface, use the show config command in INTERFACE mode.
Page 915: Vlt Nodes As Rendezvous Points For Multicast Resiliency
ICL down event is triggered on the other VLT node, which in turn starts the proxy ARP application. The VLT node, where the ICL link is deleted, flushes the peer IP addresses and does not perform proxy ARP for the additional LAG hashed ARP requests. VLT Nodes as Rendezvous Points for Multicast Resiliency You can configure VLT peer nodes as rendezvous points (RPs) in a Protocol Independent Multicast (PIM) domain.
Page 916 Configure the VLT LAG as VLAN-Stack Access or Trunk Port Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#switchport Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown...
Page 917 Configure the VLAN as a VLAN-Stack VLAN and add the VLT LAG as Members to the VLAN Dell(conf)#interface vlan 50 Dell(conf-if-vl-50)#vlan-stack compatible Dell(conf-if-vl-50-stack)#member port-channel 10 Dell(conf-if-vl-50-stack)#member port-channel 20 Dell#show running-config interface vlan 50 interface Vlan 50 vlan-stack compatible member Port-channel 10,20 shutdown...
Page 918 Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 interface Port-channel 20 no ip address switchport vlan-stack trunk vlt-peer-lag port-channel 20 no shutdown Dell# Configure the VLAN as a VLAN-Stack VLAN and add the VLT LAG as members to the VLAN...
Page 919: Virtual Extensible Lan (Vxlan)
Virtual Extensible LAN (VXLAN) Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview The switch acts as the VXLAN gateway and performs the VXLAN Tunnel End Point (VTEP) functionality. VXLAN is a technology where in the data traffic from the virtualized servers is transparently transported over an existing legacy network.
Page 920: Components Of Vxlan Network
Provide an interface for cloud orchestration in cloud data center management. In VXLAN with NSX, Dell Networking OS supports physical interface or Port channel as access port. Dell supports only physical interface as network port and does not support Port channel/VLAN as network port.
Page 921: Functional Overview Of Vxlan Gateway
VXLAN Hypervisor It is the VTEP that connects the Virtual Machines (VM) to the underlay legacy network to the physical infrastructure. Service Node(SN) It is also another VTEP, but it is fully managed by NSX. The purpose of SN is to be the central replication engine for flooded packets Legacy TOR It is a TOR switch, which performs routing or switching decisions.
Page 922: Components Of Vxlan Frame Format
Components of VXLAN Frame Format Some of the important fields of the VXLAN frame format are described below: Outer Ethernet The Outer Ethernet Header consists of the following components: Header: • Destination Address: Generally, it is a first hop router's MAC address when the VTEP is on a different address. •...
Page 923 To view the certificate, use the following command: • show file flash://vtep-cert.pem The output appears similar to the following example: -----BEGIN CERTIFICATE----- MIID3jCCAsagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMxFTATBgNVBAMMDHd3dy5kZWxsLmNvb TENMAsGA1UECgwERGVsbDEYMBYGA1UECwwPRGVsbCBOZXR3b3JraW5nMREwDwYDVQQHDAhTQU4gSm9zZTETMBEGA1UECA wKQ2FsaWZvcm5pYTEiMCAGCSqGSIb3DQEJARYTc29tZW9uZUBleGFtcGxlLmNvbTAeFw0xNTExMjAwMzA0NTNaFw0yNTE xMTcwMzA0NTNaMIGZMQswCQYDVQQGEwJVUzEVMBMGA1UEAwwMd3d3LmRlbGwuY29tMQ0wCwYDVQQKDAREZWxsMRgwFgYD VQQLDA9EZWxsIE5ldHdvcmtpbmcxETAPBgNVBAcMCFNBTiBKb3NlMRMwEQYDVQQIDApDYWxpZm9ybmlhMSIwIAYJKoZIh vcNAQkBFhNzb21lb25lQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGaGq3Cv4/ RpuoiuePrnayORRhzEW/H2Ypv8OKEcew1gySmFz24LQttzSHo4AO+qF3LkILvFW2RaHZ1mxbmm95d3PnZ8fXg2wgPz+ +T6coHGYH0o0+LkHVBb3IIXd/CSp+TBRzAwWMPS7tnaRv1UqiJtm6/RjcJghbf6zcQWUcg2CTtKe5ej/ rS2tIU9EBGCzL3xs6DRB3lvScgmuckc5L18qWqNHRWMdKFgKwHKUOOvHakPFs9RNJNy5Sxwfe/kgkVmqA/ KWiRIecLIgmgYjKu2E0uC3URpuydoN7UwPSeigXWeR3JyhzfFVEr5LtyXVpo9zS2JGyygKtzZBpke1wIDAQABoy8wLTAM BgNVHRMEBTADAQH/MB0GA1UdDgQWBBTaOaPuXmtLDTJVv++VYBiQr9gHCTANBgkqhkiG9w0BAQUFAAOCAQEAn5E/ w3BLQrX3e3Jv3EUFftGV0NABXOQxb/ODH4doA/68nQcvW7GZgpwoxe77YQH+C/uBNFwSBFxsu9ZkXhKu2q8wrCd +cnuaNu7Kq2V0DGSdR7eIkDTHkflttHbMmRfStHLetk3bA0HgXTW5c+vFn79EX/nJqxIvkl5ADT7k5JZR +j6i9eskgUlvBuV5OOZKzh29Gy4sjXvdYL5GirZFon8iZNY5FON +WlpcLJ9GjMvVfwvJx7exVs9cqXvm6UZ4Bf262STKbm+Q4qz30tyjDdF1xDBcBjL83UcEvSW65V/ sSFKBohqu40EWXIBJ0QbKvFWv91rbjkgtsrHVTdohrA== -----END CERTIFICATE----- Copy and paste the generated certificate to the NSX.
Page 924: Configuring Vxlan Gateway
You can create a logical network by creating a logical switch. The logical network acts as the forwarding domain for workloads on the physical as well as virtual infrastructure. Figure 142. Create Logical Switch Create Logical Switch Port A logical switch port provides a logical connection point for a VM interface (VIF) and a L2 gateway connection to an external network. It binds the virtual access ports in the GW to logical network (VXLAN) and VLAN.
Page 925: Advertising Vxlan Access Ports To Controller
Fail Mode : secure Port List Fo 1/4/1 Te 1/1/1/1 Te 1/1/2/1 Po 2 The following example shows the show vxlan vxlan-instance logical-network command. Dell#show vxlan vxlan-instance 1 logical-network Instance Total LN count Name VNID bffc3be0-13e6-4745-9f6b-0bcbc5877f01 4656 Virtual Extensible LAN (VXLAN)
Page 926: Displaying Vxlan Configurations
Fo 1/4/1 : VLAN: 0 (0x80000004), The following example shows the show vxlan vxlan-instance statistics interface command. Dell#show vxlan vxlan-instance 1 statistics interface fortyGigE 1/4/1 100 Port : Fo 1/4/1 Vlan : 100 Rx Packets : 13 Rx Bytes : 1317...
Page 927: Vxlan Service Nodes For Bfd
Te 0/80: VLAN: 0 (0x80000001), Fo 0/124: VLAN: 0 (0x80000004), The following example shows the show vxlan vxlan-instance statistics interface command. Dell#show vxlan vxlan-instance 1 statistics interface fortyGigE 0/124 100 Port : Fo 0/124 Vlan : 100 Rx Packets : 13...
Page 928: Examples Of The Show Bfd Neighbors Command
Examples of the command. show bfd neighbors To verify that the session is established, use the show bfd neighbors command. Dell_GW1#show bfd neighbors - Active session role Ad Dn - Admin Down - BGP - CLI - ISIS - OSPF - OSPFv3 - Static Route (RTM) - MPLS...
Page 929: Virtual Routing And Forwarding (Vrf)
Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist within the same router at the same time.
Page 930: Vrf Configuration Notes
VRF supports route redistribution between routing protocols (including static routes) only when the routes are within the same VRF. Dell Networking OS uses both the VRF name and VRF ID to manage VRF instances. The VRF name and VRF ID number are assigned using the ip vrf command.
Page 931 If the next-hop IP in a static route VRF statement is VRRP IP of another VRF, this static route does not get installed on the VRRP master. VRF supports some routing protocols only on the default VRF (default-vrf) instance. Table 1 displays the software features supported in VRF and whether they are supported on all VRF instances or only the default VRF.
Page 932: Dhcp
Feature/Capability Support Status for Default VRF Support Status for Non-default VRF OSPFv3 IS-IS Multicast DHCP DHCP requests are not forwarded across VRF instances. The DHCP client and server must be on the same VRF instance. VRF Configuration The VRF configuration tasks are: Enabling VRF in Configuration Mode Creating a Non-Default VRF Assign an Interface to a VRF...
Page 933: Assigning An Interface To A Vrf
Assigning an Interface to a VRF You must enter the ip vrf forwarding command before you configure the IP address or any other setting on an interface. NOTE: You can configure an IP address or subnet on a physical or VLAN interface that overlaps the same IP address or subnet configured on another interface only if the interfaces are assigned to different VRFs.
Page 934: Assigning An Ospf Process To A Vrf Instance
show ip vrf [vrf-name] Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. See the Open Shortest Path First (OSPFv2) chapter for complete OSPF configuration information. Assign an OSPF process to a VRF instance . Return to CONFIGURATION mode to enable the OSPF process. The OSPF Process ID is the identifying number assigned to the OSPF process, and the Router ID is the IP address associated with the OSPF process.
Page 935: Configuring Management Vrf
Task Command Syntax Command Mode 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 43, Gratuitous ARP sent: 0 Virtual MAC address: 00:00:5e:00:01:0a Virtual IP address: 10.1.1.100 Authentication: (none) Configuring Management VRF You can assign a management interface to a management VRF.
Page 936: Sample Vrf Configuration
management route ip-address mask managementethernet ormanagement route ipv6-address prefix- length managementethernet You can also have the management route to point to a front-end port in case of the management VRF. For example: management route 2::/64 tengigabitethernet 1/1/1/1. • Configure a static entry in the IPv6 neighbor discovery. CONFIGURATION ipv6 neighbor vrf management 1::1 tengigabitethernet 1/1/1/1 xx:xx:xx:xx:xx:xx Sample VRF Configuration...
Page 937 Figure 146. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface TenGigabitEthernet 1/1/1/3 no ip address switchport no shutdown interface TenGigabitEthernet 1/1/1/1 ip vrf forwarding blue ip address 10.0.0.1/24...
Page 938 ip vrf forwarding green ip address 30.0.0.1/24 no shutdown interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 1/1/1/3 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 1/1/1/3 no shutdown interface Vlan 256 ip vrf forwarding green ip address 3.0.0.1/24 tagged TenGigabitEthernet 1/1/1/3...
Page 939 Te 1/1/1/1, Vl 128 orange Te 1/1/2/1, Vl 192 green Te 1/1/3/1, Vl 256 Dell#show ip ospf 1 neighbor Neighbor ID State Dead Time Address Interface Area 1.0.0.2 FULL/DR 00:00:32 1.0.0.2 Vl 128 Dell#sh ip ospf 2 neighbor Neighbor ID...
Page 940: Route Leaking Vrfs
Dell#show ip route vrf orange Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1,...
Page 941: Dynamic Route Leaking
NOTE: In Dell Networking OS, you can configure at most one route-export per VRF as only one set of routes can be exposed for leaking. However, you can configure multiple route-import targets because a VRF can accept routes from multiple VRFs.
Page 942 ip route-export 1:1 Configure VRF-red. ip vrf vrf-red interface-type slot/port[/subport] ip vrf forwarding VRF-red ip address ip—address mask A non-default VRF named VRF-red is created and the interface is assigned to this VRF. Configure the import target in VRF-red. ip route-import 1:1 Configure the export target in VRF-red.
Page 943 VRF-shared ip route-export ip route-import ip route-import Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red 11.1.1.1/32 via 111.1.1.1 110/0 00:00:10 111.1.1.0/24 Direct, Te 1/1/1/1 0/0...
Page 944: Configuring Route Leaking With Filtering
144.4.4.0/24 Direct, Te 1/1/4/1 00:32:36 Important Points to Remember • If the target VRF conatins the same prefix as either the sourced or Leaked route from some other VRF, then route Leaking for that particular prefix fails and the following error-log is thrown. SYSLOG (“Duplicate prefix found %s in the target VRF %d”, address, import_vrf_id) with The type/level is EVT_LOGWARNING.
Page 945 !this action accepts only OSPF routes from VRF-red even though both OSPF as well as BGP routes are shared The show VRF commands displays the following output: Dell# show ip route vrf VRF-Blue 122.2.2.0/24 Direct, Te 1/1/2/1 0/0 22:39:61 22.2.2.2/32 via 122.2.2.2...
Page 946 44.4.4.4/32 via vrf-red:144.4.4.4 00:32:36 << only OSPF and BGP leaked from VRF-red Important Points to Remember • Only Active routes are eligible for leaking. For example, if VRF-A has two routes from BGP and OSPF, in which the BGP route is not active.
Page 947: Virtual Router Redundancy Protocol (Vrrp)
Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).
Page 948: Vrrp Benefits
Figure 147. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables.
Page 949: Vrrp Configuration
For a complete listing of all commands related to VRRP, refer to Dell Networking OS Command Line Reference Guide. Creating a Virtual Router To enable VRRP, create a virtual router. In Dell Networking Operating System (OS), the virtual router identifier (VRID) identifies a VRRP group.
Page 950 Delete a VRRP group. INTERFACE mode no vrrp-group vrid Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#interface tengigabitethernet 1/1/1/1 Dell(conf-if-te-1/1/1/1)#vrrp-group 111 Dell(conf-if-te-1/1/1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-te-1/1/1/1)#show conf interface TenGigabitEthernet 1/1/1/1 ip address 10.10.10.1/24...
Page 951 The virtual IP addresses must be in the same subnet as the primary or secondary IP addresses configured on the interface. Though a single VRRP group can contain virtual IP addresses belonging to multiple IP subnets configured on the interface, Dell Networking recommends configuring virtual IP addresses belonging to the same IP subnet for any one VRRP group.
Page 952 Examples of the Configuring and Verifying a Virtual IP Address The following example shows how to configure a virtual IP address. Dell(conf-if-te-1/1/1/1-vrid-111)#virtual-address 10.10.10.1 Dell(conf-if-te-1/1/1/1-vrid-111)#virtual-address 10.10.10.2 Dell(conf-if-te-1/1/1/1-vrid-111)#virtual-address 10.10.10.3 The following example shows how to verify a virtual IP address configuration. NOTE: In the following example, the primary IP address and the virtual IP addresses are on the same subnet.
Page 953: Configuring Vrrp Authentication
Configuring VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, Dell Networking OS includes the password in its VRRP transmission. The receiving router uses that password to verify the transmission.
Page 954 Examples of the authentication-type Command The bold section shows the encryption type (encrypted) and the password. Dell(conf-if-te-1/1/1/1-vrid-111)#authentication-type ? Dell(conf-if-te-1/1/1/1-vrid-111)#authentication-type simple 7 force10 The following example shows verifying the VRRP authentication configuration using the show conf command. The bold section shows the encrypted password.
Page 955 MASTER. NOTE: To avoid throttling VRRP advertisement packets, Dell Networking OS recommends increasing the VRRP advertisement interval to a value higher than the default value of one second. If you do change the time interval between VRRP advertisements on one router, change it on all participating routers.
Page 956: Show Track
Track an Interface or Object You can set Dell Networking OS to monitor the state of any interface according to the virtual group. Each VRRP group can track up to 12 interfaces and up to 20 additional objects, which may affect the priority of the VRRP group. If the tracked interface goes down, the VRRP group’s priority decreases by a default value of 10 (also known as cost).
Page 957 Examples of Configuring and Viewing the track Command The following example shows how to configure tracking using the track command. Dell(conf-if-te-1/1/1/1)#vrrp-group 111 Dell(conf-if-te-1/1/1/1-vrid-111)#track Tengigabitethernet 1/1/2/1 The following example shows how to verify tracking using the show conf command. Dell(conf-if-te-1/1/1/1-vrid-111)#show conf...
Page 958: Setting Vrrp Initialization Delay
15 minutes, after which VRRP enables normally. NOTE: When you reload a node that contains VRRP configuration and is enabled for VLT, Dell Networking recommends that you configure the reload timer by using the vrrp delay reload command to ensure that VRRP is functional. Otherwise, when you reload a VLT node configured for VRRP, the local destination address is not seen on the reloaded node causing suboptimal routing.
Page 959: Sample Configurations
The default is 0. Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration.
Page 960 Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 1/1/3/1 R2(conf-if-te-1/1/3/1)#ip address 10.1.1.1/24 R2(conf-if-te-1/1/3/1)#vrrp-group 99 R2(conf-if-te-1/1/3/1-vrid-99)#priority 200 R2(conf-if-te-1/1/3/1-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-1/1/3/1-vrid-99)#no shut R2(conf-if-te-1/1/3/1)#show conf interface TenGigabitEthernet 1/1/3/1 ip address 10.1.1.1/24 vrrp-group 99 priority 200 virtual-address 10.1.1.3...
Page 961 Figure 149. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following example shows configuring VRRP for IPv6 Router 2 and Router 3.
Page 962: Vrrp In A Vrf Configuration
R2(conf-if-te-1/1/1/1-vrid-10)#virtual-address fe80::10 R2(conf-if-te-1/1/1/1-vrid-10)#virtual-address 1::10 R2(conf-if-te-1/1/1/1-vrid-10)#no shutdown R2(conf-if-te-1/1/1/1)#show config interface TenGigabitEthernet 1/1/1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 no shutdown R2(conf-if-te-1/1/1/1)#end R2#show vrrp ------------------ TenGigabitEthernet 1/1/1/1, IPv6 VRID: 10, Version: 3, Net:fe80::201:e8ff:fe6a:c59f VRF: 0 default State: Master, Priority: 100, Master: fe80::201:e8ff:fe6a:c59f (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 135...
Page 963 VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two switches. The default gateway to reach the Internet in each VRF is a static route with the next hop being the virtual IP address configured in VRRP.
Page 964 Figure 150. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 S1(conf)#ip vrf VRF-1 1 S1(conf)#ip vrf VRF-2 2 S1(conf)#ip vrf VRF-3 3 S1(conf)#interface TenGigabitEthernet 1/1/1/1 S1(conf-if-te-1/1/1/1)#ip vrf forwarding VRF-1 S1(conf-if-te-1/1/1/1)#ip address 10.10.1.5/24 S1(conf-if-te-1/1/1/1)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 1 will be 177.
Page 965 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-te-1/1/3/1-vrid-105)#priority 255 S1(conf-if-te-1/1/3/1-vrid-105)#virtual-address 20.1.1.5 S1(conf-if-te-1/1/3/1)#no shutdown Dell#show vrrp tengigabitethernet 1/1/8/1 ------------------ TenGigabitEthernet 1/1/8/1, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 0 default State: Master, Priority: 100, Master: 10.1.1.1 (local)
Page 966 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-vl-300-vrid-101)#priority 255 S1(conf-if-vl-300-vrid-101)#virtual-address 20.1.1.5 S1(conf-if-vl-300)#no shutdown Dell#show vrrp vrf vrf1 vlan 400 ------------------ Vlan 400, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local)
Page 967 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S2(conf-if-vl-300-vrid-101)#priority 100 S2(conf-if-vl-300-vrid-101)#virtual-address 20.1.1.5 S2(conf-if-vl-300)#no shutdown Dell#show vrrp vrf vrf1 vlan 400 ------------------ Vlan 400, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local)
Page 968: Vrrp For Ipv6 Configuration
00:00:5e:00:01:0a Virtual IP address: 20.1.1.100 Authentication: (none) Dell#show vrrp vrf vrf2 port-channel 1 ------------------ Port-channel 1, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 2 vrf2 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec...
Page 969 Figure 151. VRRP for IPv6 Topology NOTE: This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on.
Page 970 Virtual MAC address: 00:00:5e:00:02:0a Virtual IP address: 1::10 fe80::10 Dell#show vrrp tengigabitethernet 1/1/1/1 TenGigabitEthernet 1/1/1/1, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 0 default State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec...
Page 971 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Dell# Dell#show vrrp vrf vrf1 vlan 400 Vlan 400, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:e9ed VRF: 1 vrf1 State: Master, Priority: 200, Master: fe80::201:e8ff:fe8a:e9ed (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec...
Page 972: Debugging And Diagnostics
Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, Level 0 diagnostics verify the identification registers of the components on the board.
Page 973: Trace Logs
Each trace message provides the date, time, and name of the Dell Networking OS process. All messages are stored in a ring buffer. You can save the messages to a file either manually or automatically after failover.
Page 974: Recognize An Overtemperature Condition
Example of the show interfaces transceiver Command Dell#show interfaces tengigabitethernet 1/1/2/1 transceiver QSFP 1/2/1 Serial ID Base Fields QSFP 1/2/1 Id = 0x0d QSFP 1/2/1 Ext Id = 0x00 QSFP 1/2/1 Connector = 0x23 QSFP 1/2/1 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00...
Page 975: Troubleshoot An Over-Temperature Condition
After the software has determined that the temperature levels are within normal limits, you can re-power the card safely. To bring back the line card online, use the power-on command in EXEC mode. In addition, to control airflow for adequate system cooling, Dell Networking requires that you install blanks in all slots without a line card. NOTE: Exercise care when removing a card;...
Page 976: Recognize An Under-Voltage Condition
Dell Networking OS provides two pre-defined buffer profiles, one for single-queue (for example, non-quality-of-service [QoS]) applications, and one for four-queue (for example, QoS) applications. You must reload the system for the global buffer profile to take effect, a message...
Page 977: Deciding To Tune Buffers
Dell Networking OS Behavior: After you configure buffer-profile global 1Q, the message displays during every bootup. Only one reboot is required for the configuration to take effect; afterward you may ignore this bootup message.
Page 978 Examples of Viewing Buffer Information Dell Networking OS Behavior: If you attempt to apply a buffer profile to a non-existent port-pipe, Dell Networking OS displays the following message: %DIFFSERV-2-DSA_BUFF_CARVING_INVALID_PORT_SET: Invalid FP port-set 2 for linecard 2. Valid range of port-set is <0-1>. However, the configuration still appears in the running-config.
Page 979: Using A Pre-Defined Buffer Profile
Dell Networking OS Behavior: After you configure buffer-profile global 1Q, the message displays during every bootup. Only one reboot is required for the configuration to take effect; afterward you may ignore this bootup message.
Page 980: Sample Buffer Profile Configuration
[1Q|4Q] If the default buffer profile dynamic is active, Dell Networking OS displays an error message instructing you to remove the default configuration using the no buffer-profile global command. Sample Buffer Profile Configuration The two general types of network environments are sustained data transfers and voice/data.
Page 981 Internal Mac Transmit Errors Unknown Opcodes Internal Mac Receive Errors --- FEC Counters --- Ingress FEC uncorrected code words: 172 --- Error Ratio Counters --- Ingress preFEC Bit Error Ratio: 3.727463E-11 Ingress FCS Drops Error Ratio : 0.0E0 Dell# Debugging and Diagnostics...
Page 982: Dataplane Statistics
CPU-bound traffic is internal (so-called party bus or IPC traffic) or network control traffic, which the CPU must process. Example of Viewing Dataplane Statistics Dell#show hardware stack-unit 1 cpu data-plane statistics bc pci driver statistics for device: rxHandle...
Page 983: Display Stack Port Statistics
The following example is a sample of the output for the counters option. Example of Displaying Counter Values for all Interface in the Selected Stack-Member and Port-Pipe Dell#show hardware stack-unit 1 unit 0 counters unit: 0 port: 1 (interface Hu 1/1/1)
Page 984 RX - 64 Byte Frame Counter RX - 65 to 127 Byte Frame Counter RX - 128 to 255 Byte Frame Counter RX - 256 to 511 Byte Frame Counter RX - 512 to 1023 Byte Frame Counter RX - 1024 to 1518 Byte Frame Counter RX - 1519 to 1522 Byte Good VLAN Frame Counter RX - 1519 to 2047 Byte Frame Counter RX - 2048 to 4095 Byte Frame Counter...
Page 985: Enabling Application Core Dumps
To undo this command, use the no logging coredump server command. Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. Application and kernel mini core dumps are always enabled. The mini core dumps contain the stack space and some other minimal information that you can use to debug a crash.
Page 986: Enabling Tcp Dumps
-rwx 1525213 Jul 29 2015 21:10:24 +00:00 f10lp_sysdlp_150729211132.acore.gz -rwx 765783 Jul 29 2015 21:31:56 +00:00 f10lp_sysdlp_150729213305.acore.gz -rwx 784725 Jul 29 2015 22:02:48 +00:00 f10lp_sysdlp_150729220356.acore.gz -rwx 787785 Jul 29 2015 22:20:54 +00:00 f10lp_sysdlp_150729222203.acore.gz -rwx 797852 Jul 29 2015 22:33:24 +00:00 f10lp_sysdlp_150729223433.acore.gz -rwx 1552883 Jul 29 2015 22:38:24 +00:00 f10lp_sysdlp_150729223932.acore.gz...
Page 987 tcpdump cp [capture-duration time | filter expression | max-file-count value | packet-count value | snap-length value | write-to path] Debugging and Diagnostics...
Page 988: Standards Compliance
This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click “Browse and search IETF documents,”...
Page 989: Rfc And I-D Compliance
12,000 bytes RFC and I-D Compliance Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols.
Page 990: General Ipv4 Protocols
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 94. General IPv4 Protocols Full Name Z-Series S-Series Internet Protocol 7.6.1 Internet Control 7.6.1 Message Protocol An Ethernet Address 7.6.1 Resolution Protocol Using ARP to 7.6.1...
Page 991: General Ipv6 Protocols
Address Allocation Protection Against a 7.6.1 Variant of the Tiny Fragment Attack General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 95. General IPv6 Protocols Full Name Z-Series S-Series 7.8.1...
Page 992 Full Name Z-Series S-Series Transmission of 7.8.1 IPv6 Packets over Ethernet Networks IPv6 7.8.1 Jumbograms 2711 IPv6 Router 8.3.12.0 Alert Option IPv6 Global 7.8.1 Unicast Address Format IPv6 Scoped 8.3.12.0 Address Architecture Internet 7.8.1 Protocol Version 6 (IPv6) Addressing Architecture Internet Control 7.8.1 Message...
Page 993: Border Gateway Protocol (Bgp)
Border Gateway Protocol (BGP) The following table lists the Dell Networking OS support per platform for BGP protocols. Table 96. Border Gateway Protocol (BGP) RFC# Full Name S-Series/Z-Series 1997 BGP ComAmtturnibituitees 7.8.1 2385 Protection of BGP Sessions via the TCP MD5 7.8.1...
Page 994: Intermediate System To Intermediate System (Is-Is)
Intermediate System to Intermediate System (IS-IS) The following table lists the Dell Networking OS support per platform for IS-IS protocol. Table 98. Intermediate System to Intermediate System (IS-IS) RFC# Full Name S-Series 1142 OSI IS-IS Intra-Domain Routing Protocol (ISO DP...
Page 995: Multicast
Multicast - Sparse Mode pim - (PIM-SM): Protocol Specification (Revised) new- Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 101. Network Management RFC# Full Name S4810 1155 Structure and Identification of Management 7.6.1...
Page 996 RFC# Full Name S4810 1850 OSPF Version 2 Management Information Base 7.6.1 1901 Introduction to Community-based SNMPv2 7.6.1 2011 SNMPv2 Management Information Base for the 7.6.1 Internet Protocol using SMIv2 2012 SNMPv2 Management Information Base for the 7.6.1 Transmission Control Protocol using SMIv2 2013 SNMPv2 Management Information Base for the User 7.6.1...
Page 997 RFC# Full Name S4810 2674 Definitions of Managed Objects for Bridges with Traffic 7.6.1 Classes, Multicast Filtering and Virtual LAN Extensions 2787 Definitions of Managed Objects for the Virtual Router 7.6.1 Redundancy Protocol 2819 Remote Network Monitoring Management Information 7.6.1 Base: Ethernet Statistics Table, Ethernet History Control Table, Ethernet History Table, Alarm Table, Event Table, Log Table...
Page 998 RFC# Full Name S4810 isisISAdjIPAddrTable isisISAdjProtSuppTable draft-ietf-netmod-interfaces-cfg-03 Defines a YANG data model for the configuration of 9.2(0.0) network interfaces. Used in the Programmatic Interface RESTAPI feature. IEEE 802.1AB Management Information Base module for LLDP 7.7.1 configuration, statistics, local system data and remote systems data components.
Page 999: Mib Location
You also can obtain a list of selected MIBs and their OIDs at the following URL: https://www.force10networks.com/CSPortal20/Main/Login.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/AccountRequest/AccountRequest.aspx If you have forgotten or lost your account information, contact Dell TAC for assistance. Standards Compliance...

Dell S6100 Configuration Manual

1 About this Guide

2 Configuration Fundamentals

3 Getting Started

4 Management

6 Access Control Lists (Acls)

7 Bidirectional Forwarding Detection (BFD)

8 Border Gateway Protocol Ipv4 (Bgpv4)

9 Content Addressable Memory (CAM)

10 Control Plane Policing (Copp)

11 Data Center Bridging (DCB)

12 Dynamic Host Configuration Protocol (DHCP)

Quick Links

Troubleshooting

Related Manuals for Dell S6100

Summary of Contents for Dell S6100