Page 1 Dell PowerConnect M6220, M6348, M8024, and M8024-k Switch User’s Configuration Guide Regulatory Models: PCM6220, PCM6348, PCM8024, and PCM8024-k...
Page 2: Notes And Cautions
Other trademarks and trade names may be used in this publication to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3: Table Of Contents
Contents Introduction ..... . . About This Document ....Audience .
Page 4 Stacking Features (PCM6220 and PCM6348 Only) ..High Port Count ....Single IP Management ....Automatic Firmware Upgrade for New Stack Members .
Page 5 Switching Features ....Flow Control Support (IEEE 802.3x) ..Head of Line Blocking Prevention .
Page 6 Rapid Spanning Tree ....Multiple Spanning Tree ....Bridge Protocol Data Unit (BPDU) Guard .
Page 7 Priority-based Flow Control (PFC) ..Internet Small Computer System Interface (iSCSI) Optimization ....Layer 2 Multicast Features .
Page 8 Using Dell OpenManage Switch Administrator ..... About Dell OpenManage Switch Administrator ..Starting the Application ....
Page 9 Recalling Commands from the History Buffer . . . Specifying Physical Ports ... . . Default Settings ....Setting the IP Address and Other Basic Network Information .
Page 10 Configuring Static Network Information on the OOB Port ....Configuring Static Network Information on the Default VLAN ....Configuring and Viewing Additional Network Information .
Page 11 Stack Port Summary ....Stack Port Counters ....Stack Port Diagnostics .
Page 12 Default Management Security Values ..Controlling Management Access (Web) ..Access Profile ....Authentication Profiles .
Page 13 Configuring HTTP and HTTPS Access ..Configuring DoS Information ... . Management Access Configuration Examples ..Configuring a Management Access List .
Page 14 Log File ..... . Remote Log Server ....Email Alert Global Configuration .
Page 15 Default General System Information ..Default Port Aggregator Configurations ..Configuring General System Settings (Web) ..System Information ....CLI Banner .
Page 16 General System Settings Configuration Examples ......Configuring System and Banner Information . . . Configuring SNTP ....Configuring the Time Manually .
Page 17 SNMP Configuration Examples ... . . Configuring SNMPv1 and SNMPv2 ..Configuring SNMPv3 ....13 Managing Images and Files .
Page 18 14 Automatically Updating the Image and Configuration ... . Auto Configuration Overview ... . . What Is the DHCP Auto Configuration Process? .
Page 19 sFlow Sampler Configuration ... . sFlow Poll Configuration ....Interface Statistics ....Etherlike Statistics .
Page 20 ....How Does iSCSI Optimization Interact With Dell EqualLogic Arrays? ... What Occurs When iSCSI is Enabled or Disabled? .
Page 21 Default Captive Portal Behavior and Settings ..Configuring the Captive Portal (Web) ..Captive Portal Global Configuration ..Captive Portal Configuration .
Page 22 Default Port Values ....Configuring Port Characteristics (Web) ..Port Configuration ....Link Dependency Configuration .
Page 23 Port Access Control Configuration ..Port Access Control History Log Summary ..Port Security ....Internal Authentication Server Users Configuration .
Page 24 What Are the ACL Limitations? ..How Are ACLs Configured? ... . Configuring ACLs (Web) ....IP ACL Configuration .
Page 25 ....VLAN Configuration Examples ... . . Configuring VLANs Using Dell OpenManage Administrator ... .
Page 26 22 Configuring the Spanning Tree Protocol ......STP Overview ..... What Are Classic STP, Multiple STP, and Rapid STP? .
Page 27 What is LLDP? ....What is LLDP-MED? ....Why are Device Discovery Protocols Needed? .
Page 28 24 Configuring Port-Based Traffic Control ......Port-Based Traffic Control Overview ..What is Flow Control? .
Page 29 25 Configuring L2 Multicast Features ..L2 Multicast Overview ....What Are the Multicast Bridging Features? ..What Is IP Multicast Traffic? .
Page 30 Configuring L2 Multicast Features (CLI) ..Configuring Bridge Multicasting ..Configuring IGMP Snooping ... Configuring IGMP Snooping on VLANs .
Page 31 Dot1ag L2 Ping ....Dot1ag L2 Traceroute ....Dot1ag L2 Traceroute Cache .
Page 32 IPSG Interface Configuration ... IPSG Binding Configuration ... . IPSG Binding Summary ....DAI Global Configuration .
Page 33 Configuring Link Aggregation (Web) ..LAG Configuration ....LACP Parameters ....LAG Membership .
Page 34 30 Configuring Routing Interfaces ..Routing Interface Overview ....What Are VLAN Routing Interfaces? ..What Are Loopback Interfaces? .
Page 35 Configuring the DHCP Server (Web) ... DHCP Server Network Properties ..Address Pool ....Address Pool Options .
Page 36 Route Entry Configuration ... . . Configured Routes ....Route Preferences Configuration ..Configuring IP Routing Features (CLI) .
Page 37 Configuring L2 and L3 Relay Features (CLI) ..Configuring L2 DHCP Relay ... . . Configuring L3 Relay (IP Helper) Settings ..Relay Agent Configuration Example .
Page 38 Configuring OSPFv3 Features (Web) ..OSPFv3 Configuration ....OSPFv3 Area Configuration ... . OSPFv3 Stub Area Summary .
Page 39 OSPF Configuration Examples 1003 ... . . Configuring an OSPF Border Router and Setting Interface Costs 1003 ....Configuring Stub and NSSA Areas for OSPF and OSPFv3 1005...
Page 40 36 Configuring VRRP 1033 ....VRRP Overview 1033 ..... How Does VRRP Work? 1033 .
Page 41 Configuring IPv6 Routing Features (Web) 1061 ..Global Configuration 1061 ....Interface Configuration 1062 ....Interface Summary 1063 .
Page 42 DHCPv6 Pool Summary 1084 ....DHCPv6 Interface Configuration 1085 ..DHCPv6 Server Bindings Summary 1087 ..DHCPv6 Statistics 1088 .
Page 43 Class Criteria 1102 ....Policy Configuration 1104 ....Policy Class Definition 1106 .
Page 44 Interface Queue Configuration 1134 ..Interface Queue Drop Precedence Configuration 1135 ....Configuring CoS (CLI) 1137 .
Page 45 What Is IGMP? 1153 ....What Is MLD? 1154 ....What Is PIM? 1155 .
Page 46 MLD Routing Interface Source List Information 1182 ....MLD Traffic 1183 ....MLD Proxy Configuration 1184 .
Page 47 Configuring and Viewing MLD Proxy 1214 ..Configuring and Viewing PIM-DM for IPv4 Multicast Routing 1215 ....Configuring and Viewing PIM-DM for IPv6 Multicast Routing 1216 .
Page 48 Contents...
Page 49: Introduction
Introduction The Dell PowerConnect M6220, M6348, M8024, and M8024-k switches are Layer 3, blade switches that operate in the Dell PowerEdge M1000e system. The M1000e system can support up to 16 server blades and six PowerConnect M6220, M6348, M8024, and M8024-k blade switches.
Page 50: About This Document
About This Document This guide describes how to configure, monitor, and maintain a Dell PowerConnect M6220, M6348, M8024, and M8024-k switch by using Web- based Dell OpenManage Switch Administrator utility or the command-line interface (CLI). Audience This guide is for network administrators in charge of managing one or more PowerConnect M6220, M6348, M8024, and M8024-k switches.
Page 51: Additional Documentation
Additional Documentation The following documents for the PowerConnect M6220, M6348, M8024, and M8024-k switches are available at support.dell.com/manuals: Getting Started Guide— provides information about the switch models in • the series, including front and back panel features. It also describes the installation and initial configuration procedures.
Page 52 Introduction...
Page 53: Switch Features
Switch Features This section describes the switch user-configurable software features. NOTE: Before proceeding, read the release notes for this product. The release notes are part of the firmware download. The topics covered in this section include: • System Management • Link Aggregation Features Features &...
Page 54: System Management Features
Multiple Management Options You can use any of the following methods to manage the switch: • Use a Web browser to access the Dell OpenManage Switch Administrator interface. The switch contains an embedded Web server that serves HTML pages. •...
Page 55: Port Aggregator
Port Aggregator The Port Aggregator feature minimizes the administration required for managing the PowerConnect M6220/M6348/M8024/M8024-k switch. When the switch is operating in simple mode, the administrator can map internal ports to external ports without having to know anything about STP, VLANs, Link Aggregation or other L2/L3 protocols.
Page 56: Integrated Dhcp Server
Integrated DHCP Server PowerConnect M6220, M6348, M8024, and M8024-k switches include an integrated DHCP server that can deliver host-specific configuration information to hosts on the network. The switch DHCP server allows you to configure IP address pools (scopes), and when a host’s DHCP client requests an address, the switch DHCP server automatically assigns the host an address from the pool.
Page 57: File Management
File Management You can upload and download files such as configuration files and system images by using HTTP (web only), TFTP , Secure FTP (SFTP), or Secure Copy (SCP). Configuration file uploads from the switch to a server are a good way to back up the switch configuration.
Page 58: Sflow
sFlow sFlow is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources. The PowerConnect M6220, M6348, M8024, and M8024-k switches support sFlow version 5. For information about configuring managing sFlow settings, see "Monitoring Switch Traffic"...
Page 59: Stacking Features (Pcm6220 And Pcm6348 Only)
Stacking Features (PCM6220 and PCM6348 Only) NOTE: PowerConnect M6220 switches can be stacked only with other PowerConnect M6220 switches. PCM6220 and PCM6348 switches cannot be combined within the same stack. For information about creating and maintaining a stack of switches, see "Managing a Switch Stack"...
Page 60: Master Failover With Transparent Transition
Master Failover with Transparent Transition Standby The stacking feature supports a or backup unit that assumes the Master unit role if the Master unit in the stack fails. As soon as a Master failure is detected in the stack, the Standby unit initializes the control plane and enables all other stack units with the current configuration.
Page 61: Password-Protected Management Access
Password-Protected Management Access Access to the Web, CLI, and SNMP management interfaces is password protected, and there are no default users on the system. For information about configuring local user accounts, see "Controlling Management Access" on page 171. Strong Password Enforcement The Strong Password feature enforces a baseline password strength for all locally administered users.
Page 62: Ssh/Ssl
SSH/SSL The switch supports Secure Shell (SSH) for secure, remote connections to the CLI and Secure Sockets Layer (SSL) to increase security when accessing the Web-based management interface. For information about configuring SSH and SSL settings, see "Controlling Management Access" on page 171. Inbound Telnet Control You can configure the switch to prevent new Telnet sessions from being established with the switch.
Page 63: Dot1X Authentication (Ieee 802.1X)
Dot1x Authentication (IEEE 802.1X) Dot1x authentication enables the authentication of system users through a local internal server or an external server. Only authenticated and approved system users can transmit and receive data. Supplicants are authenticated using the Extensible Authentication Protocol (EAP). Also supported are PEAP , EAP-TTL, EAP-TTLS, and EAP-TLS.
Page 64: Access Control Lists (Acl)
Access Control Lists (ACL) Access Control Lists (ACLs) ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources. ACLs are used to provide traffic flow control, restrict contents of routing updates, decide which types of traffic are forwarded or blocked, and above all provide security for the network.
Page 65: Dhcp Snooping
DHCP Snooping DHCP Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server. It filters harmful DHCP messages and builds a bindings database of (MAC address, IP address, VLAN ID, port) tuples that are specified as authorized. DHCP snooping can be enabled globally and on specific VLANs.
Page 66: Switching Features
For information about how to configure the AFS CLI Reference Guide feature, see the available at support.dell.com/manuals. Jumbo Frames Support Jumbo frames enable transporting data in fewer frames to ensure less overhead, lower processing time, and fewer interrupts.
Page 67: Vlan-Aware Mac-Based Switching
VLAN-Aware MAC-based Switching Packets arriving from an unknown source address are sent to the CPU and added to the Hardware Table. Future packets addressed to or from this address are more efficiently forwarded. Back Pressure Support On half-duplex links, a receiver may prevent buffer overflows by occupying the link so that it is unavailable for additional traffic.
Page 68: Port Mirroring
Port Mirroring Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from up to four source ports to a monitoring port. The switch also supports flow-based mirroring, which allows you to copy certain types of traffic to a single destination port. This provides flexibility— instead of mirroring all ingress or egress traffic on a port the switch can mirror a subset of that traffic.
Page 69: Connectivity Fault Management (Ieee 802.1Ag)
Connectivity Fault Management (IEEE 802.1ag) NOTE: The Connectivity Fault Management feature is available only on the PowerConnect M6348. The Connectivity Fault Management (CFM) feature, also known as Dot1ag, supports Service Level Operations, Administration, and Management (OAM). CFM is the OAM Protocol provision for end-to-end service layer instance in carrier networks.
Page 70: Virtual Local Area Network Supported Features
Virtual Local Area Network Supported Features For information about configuring VLAN features see "Configuring VLANs" on page 575. VLAN Support VLANs are collections of switching ports that comprise a single broadcast domain. Packets are classified as belonging to a VLAN based on either the VLAN tag or a combination of the ingress port and packet contents.
Page 71: Garp And Gvrp Support
GARP and GVRP Support The switch supports the configuration of Generic Attribute Registration Protocol (GARP) timers GARP VLAN Registration Protocol (GVRP) relies on the services provided by GARP to provide IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports. When GVRP is enabled, the switch registers and propagates VLAN membership on all ports that are part of the active spanning tree protocol topology.
Page 72: Spanning Tree Protocol Features
Spanning Tree Protocol Features For information about configuring Spanning Tree Protocol features, see "Configuring the Spanning Tree Protocol" on page 633. Spanning Tree Protocol (STP) Spanning Tree Protocol (IEEE 802.1D) is a standard requirement of Layer 2 switches that allows bridges to automatically prevent and resolve L2 forwarding loops.
Page 73: Bridge Protocol Data Unit (Bpdu) Guard
Bridge Protocol Data Unit (BPDU) Guard Spanning Tree BPDU Guard is used to disable the port in case a new device tries to enter the already existing topology of STP. Thus devices, which were originally not a part of STP, are not allowed to influence the STP topology. BPDU Filtering When spanning tree is disabled on a port, the BPDU Filtering feature allows BPDU packets received on that port to be dropped.
Page 74: Routing Features
Routing Features Address Resolution Protocol (ARP) Table Management You can create static ARP entries and manage many settings for the dynamic ARP table, such as age time for entries, retries, and cache size. For information about managing the ARP table, see "Configuring IP Routing" on page 895.
Page 75: Bootp/Dhcp Relay Agent
BOOTP/DHCP Relay Agent The switch BootP/DHCP Relay Agent feature relays BootP and DHCP messages between DHCP clients and DHCP servers that are located in different IP subnets. For information about configuring the BootP/DHCP Relay agent, see "Configuring L2 and L3 Relay Features" on page 919. IP Helper and UDP Relay The IP Helper and UDP Relay features provide the ability to relay various protocols to servers on a different subnet.
Page 76: Virtual Router Redundancy Protocol (Vrrp)
Virtual Router Redundancy Protocol (VRRP) VRRP provides hosts with redundant routers in the network topology without any need for the hosts to reconfigure or know that there are multiple routers. If the primary (master) router fails, a secondary router assumes control and continues to use the virtual router IP (VRIP) address.
Page 77: Ipv6 Routes
IPv6 Routes Because IPv4 and IPv6 can coexist on a network, the router on such a network needs to forward both traffic types. Given this coexistence, each switch maintains a separate routing table for IPv6 routes. The switch can forward IPv4 and IPv6 traffic over the same set of interfaces.
Page 78: Quality Of Service (Qos) Features
Quality of Service (QoS) Features NOTE: Some features that can affect QoS, such as ACLs and Voice VLAN, are described in other sections within this chapter. Differentiated Services (DiffServ) The QoS Differentiated Services (DiffServ) feature allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per-hop behaviors.
Page 79: Priority-Based Flow Control (Pfc)
Priority-based Flow Control (PFC) NOTE: PFC is supported only on the PCM8024-k. The PCM6220, PCM6348, and PCM8024 switches do not support PFC. The Priority-based Flow Control feature allows the user to pause or inhibit transmission of individual priorities within a single physical link. By configuring PFC to pause a congested priority (priorities) independently, protocols that are highly loss sensitive can share the same link with traffic that has different loss tolerances.
Page 80: Layer 2 Multicast Features
Layer 2 Multicast Features For information about configuring L2 multicast features, see "Configuring L2 Multicast Features" on page 713. MAC Multicast Support Multicast service is a limited broadcast service that allows one-to-many and many-to-many connections. In Layer 2 multicast services, a single frame addressed to a specific multicast address is received, and copies of the frame to be transmitted on each relevant port are created.
Page 81: Multicast Vlan Registration
Multicast VLAN Registration NOTE: MVR is not supported on the PowerConnect M6220. The Multicast VLAN Registration (MVR) protocol, like IGMP Snooping, allows a Layer 2 switch to listen to IGMP frames and forward the multicast traffic only to the receivers that request it. Unlike IGMP Snooping, MVR allows the switch to listen across different VLANs.
Page 82: Protocol Independent Multicast-Dense Mode
Protocol Independent Multicast—Dense Mode Protocol Independent Multicast (PIM) is a standard multicast routing protocol that provides scalable inter-domain multicast routing across the Internet, independent of the mechanisms provided by any particular unicast routing protocol. The Protocol Independent Multicast-Dense Mode (PIM- DM) protocol uses an existing Unicast routing table and a Join/Prune/Graft mechanism to build a tree.
Page 83: Hardware Overview
Hardware Overview This section provides an overview of the switch hardware. The topics covered in this section include: • PowerConnect M6220, M6348, M8024, and M8024-k Front Panel • Console (RS-232) Port • Out-of-Band Management Port • LED Definitions PowerConnect M6220, M6348, M8024, and M8024-k Front Panel The images in this section show the front panels of the PowerConnect M6220, M6348, M8024, and M8024-k switches.
Page 84 Figure 3-1. PowerConnect M6220 Stacking Module or 10 Gb Module 10 Gb Module 10/100/100Base-T Auto-sensing Full-Duplex RJ-45 Ports Console Port • The switch automatically detects crossed and straight-through cables on RJ-45 ports. • The 10/100/100Base-T Auto-sensing RJ-45 ports support half- and full- duplex mode.
Page 85: Powerconnect M6348 Front Panel
PowerConnect M6348 Front Panel The PowerConnect M6348 front panel provides 16 10/100/1000Base-T ports. There are also 32 internal 1 gigabit ports that connect to each of the server blades. Figure 3-2. PowerConnect M6348 10/100/100Base-T Auto-sensing Full-Duplex RJ-45 Ports 10 Gb SFP+ Ports 10 Gb CX4 Ports Console Port Hardware Overview...
Page 86: Powerconnect M8024 Front Panel
PowerConnect M8024 Front Panel The PowerConnect M8024 front panel supports up to eight 10-gigabit ports. It has two 10-gigabit bays that can support SFP+, CX-4, or 10GBase-T modules. The SFP+ Module supports four ports, the CX-4 module supports three ports, and the 10GBase-T module supports two ports. The modules can be used in any combination and are sold separately.
Page 87: Powerconnect M8024-K Front Panel
PowerConnect M8024-k Front Panel The PowerConnect M8024-k front panel includes four SFP+ ports an expansion slot for 10-Gigabit modules. The expansion slot can support SFP+, CX-4, or 10GBase-T modules. The SFP+ Module supports four ports, the CX-4 module supports three ports, and the 10GBase-T module supports two ports.
Page 88: Console Redirect
CLI. Console Redirect The Dell M1000e Server Chassis includes a console redirect feature that allows you to manage each PCM6220, PCM6348, PCM8024, and PCM8024-k module from a single serial connection to the chassis. For more...
Page 89: Led Definitions
LED Definitions This section describes the light emitting diodes (LEDs) on the front panel of the switch and on the optional modules that plug into the back panel. Port LEDs The integrated external 10/100/1000Base-T switch ports on the PowerConnect M6220 and M6348 switches include two LEDs. The integrated SFP+ switch ports on the PowerConnect M8024-k include one LED.
Page 90 SFP+ Port LEDs (PowerConnect M6348 and M8024-k) Each integrated SFP port on the PowerConnect M6348 switch includes two LEDs. Table 3-3 contains SFP port LED definitions for the PowerConnect M6348. Table 3-2. PowerConnect M6348 SFP+ Port LEDs Definitions Color/Activity Definition Green solid The port is linked.
Page 91: Module Leds
Module LEDs The 10GBase-T module has two or three LEDs per port, the SFP+ module has one LED per port, and the Stacking/10 GbE module does not have any LEDs. 10GBase-T Module LEDs Each 10GBase-T Module has three LEDs. Table 3-4 contains 10GBase-T port LED definitions for the PowerConnect M6220 and M8024.
Page 92 SFP+ Port LEDs Table 3-5 contains LED definitions for SFP+ port on the plug-in module available for PowerConnect M6220, M6348, M8024, and M8024-k switches. Table 3-5. SFP+ Port LEDs Definitions Color/Activity Definition LNK/ACT Green solid The port is linked. Green blinking The port is sending and/or receiving network traffic.
Page 93: System Leds
System LEDs The system LEDs for the PowerConnect M6220, M6348, M8024, and M8024-k switches are located on the right side of the front panel next to the console port. Figure 3-6. System LEDs System Status LED System Power LED Table 3-7 contains the status LED definitions for the PowerConnect M6220 and M6348 switches.
Page 94 Table 3-8 contains the status LED definitions for the PowerConnect M8024 and M8024-k switches. Table 3-8. PCM8024 and PCM8024-k Power and Status LED Definitions Color Definition Green Power is being supplied to the switch. The switch does not have power. Blue The switch is operating normally.
Page 95: Using Dell Openmanage Switch
Dell OpenManage Switch Administrator is a Web-based tool to help you manage and monitor a PowerConnect M6220/M6348/M8024/M8024-k switch. Table 4-1 lists the Web browsers that are compatible with Dell OpenManage Switch Administrator. The browsers have been tested on a PC running the Microsoft Windows operating system.
Page 96: Starting The Application
Starting the Application To access the Dell OpenManage Switch Administrator and log on to the switch: 1 Open a web browser. 2 Enter the IP address of the switch in the address bar and press <Enter>. For information about assigning an IP address to a switch, see "Setting the IP Address and Other Basic Network Information"...
Page 97: Understanding The Interface
5 The Dell OpenManage Switch Administrator home page displays. The home page is the Device Information page, which contains a graphical representation of the front panel of the switch. For more information about the home page, see "Device Information" on page 244.
Page 98 Save, Print, Refresh, Help Configuration and Status Options Command Button Using the Switch Administrator Buttons and Links Table 4-2 describes the buttons and links available from the Dell OpenManage Switch Administrator interface. Table 4-2. Button and Link Descriptions Button or Link Description...
Page 99: Defining Fields
Defining Fields User-defined fields can contain 1 159 characters, unless otherwise noted on – the Dell OpenManage Switch Administrator Web page. All characters may be used except for the following: • • •...
Page 100: Understanding The Device View
Each port image is a hyperlink to the Port Configuration page for the specific port. Using Dell OpenManage Switch Administrator...
Page 101: Using The Command-Line Interface
For more information about creating a serial connection, see the Getting Started Guide available at support.dell.com/manuals. 1 Connect the DB-9 connector of the supplied serial cable to a management station, and connect the USB type-A connector to the switch console port.
Page 102: Telnet Connection
2 Start the terminal emulator, such as Microsoft HyperTerminal, and select the appropriate serial port (for example, COM 1) to connect to the console. 3 Configure the management station serial port with the following settings: • Data rate — 9600 baud. •...
Page 103: Understanding Command Modes
Understanding Command Modes The CLI groups commands into modes according to the command function. Each of the command modes supports specific software commands. The commands in one mode are not available until you switch to that particular mode, with the exception of the User EXEC mode commands. You can execute the User EXEC mode commands in the Privileged EXEC mode.
Page 104 Table 5-1. Command Mode Overview Command Mode Access Method Command Prompt Exit or Access Previous Mode User EXEC The user is logout console> automatically in User EXEC mode unless the user is defined as a privileged user. Privileged EXEC From User Use the exit console# EXEC mode,...
Page 105: Entering Cli Commands
Entering CLI Commands The switch CLI uses several techniques to help you enter commands. Using the Question Mark to Get Help Enter a question mark (?) at the command prompt to display the commands available in the current mode. console(config-vlan)#? exit To exit from the mode.
Page 106: Using Command Completion
You can also enter a question mark (?) after typing one or more characters of a word to list the available command or parameters that begin with the letters, as shown in the following example: console#show po? policy-map port ports Using Command Completion The CLI can complete partially entered commands when you press the <Tab>...
Page 107: Understanding Error Messages
Understanding Error Messages If you enter a command and the system is unable to execute it, an error message appears. Table 5-2 describes the most common CLI error messages. Table 5-2. CLI Error Messages Message Text Description Indicates that you entered an incorrect or % Invalid input unavailable command.
Page 108: Specifying Physical Ports
Table 5-3. History Buffer Navigation Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively <Ctrl>+<P> older commands. Down-arrow key Returns to more recent commands in the history buffer after recalling commands with the up-arrow key.
Page 109 Unit, Slot, and Port Numbers The unit, slot, and port numbers are separated by forward slashes and follow the port type. For switches that do not support stacking (PCM8024 and PCM8024-k), the unit number is always 1. For stackable switches (PCM6220 and PCM6348), the unit number can be 1–12.
Page 110 Using the Command-Line Interface...
Page 111: Default Settings
Default Settings This section describes the default settings for many of the software features on the PowerConnect M6220, M6348, M8024, and M8024-k switches. Table 6-1. Default Settings Feature Default IP address None Subnet mask None Default gateway None DHCP client Enabled on out-of-band (OOB) interface.
Page 112 Table 6-1. Default Settings (Continued) Feature Default SNMP logging Disabled Console logging Enabled (Severity level: debug and above) RAM logging Enabled (Severity level: debug and above) Persistent (FLASH) logging Disabled Enabled (No servers configured) SNMP Enabled (SNMPv1) SNMP Traps Enabled Auto Configuration Enabled Auto Save...
Page 113 Table 6-1. Default Settings (Continued) Feature Default Protected Ports (Private VLAN Edge) None Flow Control Support (IEEE 802.3x) Enabled Head of Line Blocking Prevention Disabled Maximum Frame Size 1500 bytes Auto-MDI/MDIX Support Enabled Auto Negotiation Enabled Advertised Port Speed Maximum Capacity Broadcast Storm Control Disabled Port Mirroring...
Page 114 Table 6-1. Default Settings (Continued) Feature Default STP Bridge Priority 32768 Multiple Spanning Tree Disabled Link Aggregation No LAGs configured LACP System Priority Routing Mode Disabled OSPF Admin Mode Enabled OSPF Router ID 0.0.0.0 IP Helper and UDP Relay Enabled Enabled VRRP Disabled...
Page 115: Setting The Ip Address And Other
Setting the IP Address and Other Basic Network Information This chapter describes how to configure basic network information for the switch, such as the IP address, subnet mask, and default gateway. The topics in this chapter include: • IP Address and Network Information Overview •...
Page 116: Why Is Basic Network Information Needed
IP addresses. Default Domain Name Identifies your network, such as dell.com. If you enter a hostname and do not include the domain name information, the default domain name is automatically appended to the hostname.
Page 117: How Is Basic Network Information Configured
You must use a console-port connection to perform the initial switch configuration. When you boot the switch for the first time and the configuration file is empty, the Dell Easy Setup Wizard starts. The Dell Easy Setup Wizard is a CLI-based tool to help you perform the initial switch configuration.
Page 118 Dell recommends that you use the OOB port for remote management. The following list highlights some advantages of using OOB management instead of in-band management: •...
Page 119: Default Network Information
Destination Unreachable, Fragmentation needed but DF set an ICMP notification, the switch will reduce the MSS. However, many firewalls block ICMP Destination Unreachable messages, which causes the destination to request the packet again until the connection times out. In order to resolve this issue, you can reduce the MSS setting to a more appropriate value on the local host or alternatively, you can set the MTU on the PowerConnect management port to a smaller value.
Page 120: Configuring Basic Network Information (Web)
Configuring Basic Network Information (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring basic network information on the PowerConnect M6220/M6348/M8024/M8024-k switch. For details about the fields on a page, click at the top of the page. Out-of-Band Interface Use the Out of Band Interface page to assign the Out of Band Interface IP address and subnet mask or to enable/disable the DHCP client for address...
Page 121: Ip Interface Configuration (Default Vlan Ip Address)
IP Interface Configuration (Default VLAN IP Address) Use the IP Interface Configuration page to assign the Default VLAN IP address and Subnet Mask, the Default Gateway IP address, and to assign the boot protocol. To display the IP Interface Configuration page, click Routing → IP → IP Interface Configuration in the navigation panel.
Page 122: Route Entry Configuration (Switch Default Gateway)
4 If you select Manual for the configuration method, specify the IP Address and Subnet Mask in the appropriate fields. 5 Click Apply. NOTE: You do not need to configure any additional fields on the page. For information about VLAN routing interfaces, see "Configuring Routing Interfaces" on page 855.
Page 123 Configuring a Default Gateway for the Switch: To configure the switch default gateway: 1 Open the Route Entry Configuration page. 2 From the Route Type field, select Default. Figure 7-4. Default Route Configuration (Default VLAN) 3 In the Next Hop IP Address field, enter the IP address of the default gateway.
Page 124: Domain Name Server
Domain Name Server Use the Domain Name Server page to configure the IP address of the DNS server. The switch uses the DNS server to translate hostnames into IP addresses. To display the Domain Name Server page, click System → IP Addressing → Domain Name Server in the navigation panel.
Page 125: Default Domain Name
Default Domain Name Use the Default Domain Name page to configure the domain name the switch adds to a local (unqualified) hostname. To display the Default Domain Name page, click System → IP Addressing → Default Domain Name in the navigation panel. Figure 7-7.
Page 126: Host Name Mapping
Host Name Mapping Use the Host Name Mapping page to assign an IP address to a static host name. The Host Name Mapping page provides one IP address per host. To display the Host Name Mapping page, click System → IP Addressing → Host Name Mapping.
Page 127: Dynamic Host Name Mapping
The switch learns hosts dynamically by using the configured DNS server to resolve a hostname. For example, if you ping www.dell.com from the CLI, the switch uses the DNS server to lookup the IP address of dell.com and adds the entry to the Dynamic Host Name Mapping table.
Page 128: Configuring Basic Network Information (Cli)
M6220/M6348/M8024/M8024-k switch. For more information about these PowerConnect M6220/M6348/M8024/M8024-k CLI commands, see the Reference Guide at support.dell.com/manuals. Enabling the DHCP Client on the OOB Port Beginning in Privileged EXEC mode, use the following commands to enable the DHCP client on the OOB port.
Page 129: Managing Dhcp Leases
Managing DHCP Leases Beginning in Privileged EXEC mode, use the following commands to manage and troubleshoot DHCP leases on the switch. Command Purpose interface release dhcp Force the DHCPv4 client to release a leased address on the specified interface. interface renew dhcp Force the DHCP client to immediately renew an IPv4 address lease.
Page 130: Configuring Static Network Information On The Oob Port
Configuring Static Network Information on the OOB Port Beginning in Privileged EXEC mode, use the following commands to configure a static IP address, subnet mask, and default gateway on the OOB port. Command Purpose configure Enter Global Configuration mode. interface out-of-band Enter Interface Configuration mode for the OOB port.
Page 131: Configuring And Viewing Additional Network Information
Configuring and Viewing Additional Network Information Beginning in Privileged EXEC mode, use the following commands to configure a DNS server, the default domain name, and a static host name-to- address entry. Use the show commands to verify configured information and to view dynamic host name mappings.
Page 132: Basic Network Information Configuration Example
Basic Network Information Configuration Example In this example, an administrator at a Dell office in California decides not to use the Dell Easy Setup Wizard to perform the initial switch configuration. The administrator configures a PowerConnect M6220/M6348/M8024/M8024-k switch to obtain its information from a DHCP server on the network and creates the administrative user with read/write access.
Page 133 Default Gateway....10.27.22.1 Protocol Current....DHCP Burned In MAC Address.... 001E.C9AA.AA08 5 View additional network information. console#show hosts Host name: Default domain: sunny.dell.com dell.com Name/address lookup is enabled Name servers (Preference order): 10.27.138.20, 10.27.138.21 Configured host name-to-address mapping: Host Addresses...
Page 134 Setting Basic Network Information...
Page 135: Managing A Switch Stack
Managing a Switch Stack This chapter describes how to configure and manage a stack of switches. NOTE: Stacking is supported on the PowerConnect M6220 and PowerConnect M6348 switches. The PowerConnect M8024 and PowerConnect M8024-k switches do not support stacking. The topics covered in this chapter include: •...
Page 136: Creating A Powerconnect M6220 Stack
The running configuration and application state is synchronized between the Master and Standby during the normal stacking operation. In a stack of three or more switches, Dell strongly recommends connecting the stack in a ring topology so that each switch is connected to two other switches.
Page 137: Creating A Powerconnect M6348 Stack
Figure 8-1. Connecting a Stack of PowerConnect M6220 Switches M6220 Switches Stacking Cables The stack in Figure 8-1 has six M6220 switches connected through the stacking ports. The first stacking port on each switch is physically connected to the second stacking port on the next switch by using a stacking cable. The first stacking port on switch six is connected to the second stacking port on switch one.
Page 138 NOTE: The PowerConnect M6348 and M6220 can not be stacked together. 1 For each switch in the stack, connect one of the short stacking cables from stacking port one on the switch to stacking port two on the next switch. 2 If necessary, use a separately purchased, long (3 meter) stacking cable to connect the switches.
Page 139: Powerconnect 7000 Series And M6348 Stacking Compatibility
PowerConnect 7000 Series and M6348 Stacking Compatibility The stack can contain any combination of switch models in the PowerConnect 7000 Series as well as the PowerConnect M6348 switch, as long as all switches are running the same firmware version. For example, a single stack of six switches might include the following members: •...
Page 140: Adding A Switch To The Stack
• If the Management Unit function is disabled, the unit remains a non- Management Unit. If the entire stack is powered OFF and ON again, the unit that was the Management Unit before the reboot will remain the Management Unit after the stack resumes operation.
Page 141: Removing A Switch From The Stack
might trigger many other protocols. However, it is possible to intentionally pre-configure a unit. You can view the preconfigured/unassigned units by using the show switch CLI command. If a new switch is added to a stack of switches that are powered and running and already have an elected Management Unit, the newly added switch becomes a stack member rather than the Management Unit.
Page 142: How Is The Firmware Updated On The Stack
How is the Firmware Updated on the Stack? When you add a new switch to a stack, the Stack Firmware Synchronization feature automatically synchronizes the firmware version with the version running on the stack master. The synchronization operation may result in either upgrade or downgrade of firmware on the mismatched stack member.
Page 143 management plane is application software running on the Management Unit that provides interfaces allowing a network administrator to configure the device. The Nonstop Forwarding (NSF) feature allows the forwarding plane of stack units to continue to forward packets while the control and management planes restart as a result of a power failure, hardware failure, or software fault on the stack Management Unit.
Page 144 Checkpointing Switch applications (features) that build up a list of data such as neighbors or clients can significantly improve their restart behavior by remembering this data across a warm restart. This data can either be stored persistently, as DHCP server and DHCP snooping store their bindings database, or the Management Unit can checkpoint this data directly to the standby unit.
Page 145: Switch Stack Mac Addressing And Stack Design Considerations
Table 8-1. Applications that Checkpoint Data Application Checkpointed Data IGMP/MLD Snooping Multicast groups, list of router ports, last query data for each VLAN IPv6 NDP Neighbor cache entries iSCSI Connections LLDP List of interfaces with MED devices attached OSPFv2 Neighbors and designated routers OSPFv3 Neighbors and designated routers Route Table Manager...
Page 146: Nsf Network Design Considerations
If you move the master unit of stack to a different place in the network, make sure you power down the whole stack before you redeploy the master unit so that the stack members do not continue to use the MAC address of the redeployed switch.
Page 147: Default Stacking Values
Default Stacking Values Stacking is always enabled. NSF is enabled by default. You can disable NSF in order to redirect the CPU resources consumed by data checkpointing. Checkpointing only occurs when a backup unit is elected, so there is no need to disable the NSF feature on a standalone switch.
Page 148: Managing And Monitoring The Stack (Web)
Managing and Monitoring the Stack (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring stacking on a PowerConnect M6220 or PowerConnect M6348 switch. For details about the fields on a page, click at the top of the page. NOTE: The changes you make to the Stacking configuration pages take effect only after the device is reset.
Page 149 Changing the ID or Switch Type for a Stack Member To change the switch ID or type: 1 Open the Unit Configuration page. 2 Click Add to display the Add Unit page. Figure 8-4. Add Remote Log Server Settings 3 Specify the switch ID, and select the model number of the switch. 4 Click Apply.
Page 150: Stack Summary
Stack Summary Use the Stack Summary page to view a summary of switches participating in the stack. To display the Stack Summary page, click System → Stack Management → Stack Summary in the navigation panel. Figure 8-5. Stack Summary Managing a Switch Stack...
Page 151: Stack Firmware Synchronization
Stack Firmware Synchronization Use the Stack Firmware Synchronization page to control whether the firmware image on a new stack member can be automatically upgraded or downgraded to match the firmware image of the stack master. To display the Stack Firmware Synchronization page, click System → Stack Management →...
Page 152: Supported Switches
Supported Switches Use the Supported Switches page to view information regarding each type of supported switch for stacking, and information regarding the supported switches. To display the Supported Switches page, click System → Stack Management → Supported Switches in the navigation panel. Figure 8-7.
Page 153: Stack Port Summary
Stack Port Summary Use the Stack Port Summary page to configure the stack-port mode and to view information about the stackable ports. This screen displays the unit, the stackable interface, the configured mode of the interface, the running mode as well as the link status and link speed of the stackable port. To display the Stack Port Summary page, click System →...
Page 154: Stack Port Counters
Stack Port Counters Use the Stack Port Counters page to view the transmitted and received statistics, including data rate and error rate. To display the Stack Port Counters page, click System → Stack Management → Stack Point Counters in the navigation panel. Figure 8-9.
Page 155: Nsf Summary
NSF Summary Use the NSF Summary page to change the administrative status of the NSF feature and to view NSF information. NOTE: The OSPF feature uses NSF to enable the hardware to continue forwarding IPv4 packets using OSPF routes while a backup unit takes over Management Unit responsibility.
Page 156: Checkpoint Statistics
Checkpoint Statistics Use the Checkpoint Statistics page to view information about checkpoint messages generated by the master unit. To display the Checkpoint Statistics page, click System → Stack Management → Checkpoint Statistics in the navigation panel. Figure 8-11. Checkpoint Statistics Managing a Switch Stack...
Page 157: Managing The Stack (Cli)
For more information PowerConnect M6220/M6348/M8024/M8024-k about these commands, see the CLI Reference Guide at support.dell.com/manuals. Configuring Stack Member and NSF Settings Beginning in Privileged EXEC mode, use the following commands to configure stacking and NSF settings.
Page 158: Viewing And Clearing Stacking And Nsf Information
Command Purpose boot auto-copy-sw allow- Allow the firmware version on the newly added stack downgrade member to be downgraded if the firmware version on manager is older. exit Exit to Privileged EXEC mode. show auto-copy-sw View the Stack Firmware Synchronization settings for the stack.
Page 159: Stacking And Nsf Usage Scenarios
Command Purpose show checkpoint View information about checkpoint messages generated by statistics the master unit. clear checkpoint Reset the checkpoint statistics counters to zero. statistics Stacking and NSF Usage Scenarios Only a few settings are available to control the stacking configuration, such as the designation of the standby unit or enabling/disabling NSF.
Page 160: Basic Failover
Basic Failover In this example, the stack has four members that are connected through a daisy-chain, as Figure 8-12 shows. Figure 8-12. Basic Stack Failover When all four units are up and running, the show switch CLI command gives the following output: console#show switch Management Standby...
Page 161 At this point, if Unit 2 is powered off or rebooted due to an unexpected failure, show switch gives the following output: console#show switch Management Standby Preconfig Plugged- Switch Code Status Status Model ID in Model Status Version --- --------- ------- -------- ------------------- --------...
Page 162: Preconfiguring A Stack Member
Preconfiguring a Stack Member To preconfigure a stack member before connecting the physical unit to the stack, use the show support switchtype command to obtain the SID of the unit to be added. The example in this section demonstrates pre-configuring a PowerConnect 7048P switch on a stand-alone PowerConnect 7048R switch.
Page 163 3 Confirm the stack configuration. Some of the fields have been omitted from the following output due to space limitations. console#show switch SW Management Standby Preconfig Plugged-in Switch Code Status Status Model ID Model ID Status Version --- --------- ------- -------- --------- ---------- -------- Mgmt Sw PCT7048R PCT7048R...
Page 164: Nsf In The Data Center
NSF in the Data Center Figure 8-13 illustrates a data center scenario, where the stack of two PowerConnect switches acts as an access switch. The access switch is connected to two aggregation switches, AS1 and AS2. The stack has a link from two different units to each aggregation switch, with each pair of links grouped together in a LAG.
Page 165: Nsf And Voip
NSF and VoIP Figure 8-14 shows how NSF maintains existing voice calls during a Management Unit failure. Assume the top unit is the Management Unit. When the Management Unit fails, the call from phone A is immediately disconnected. The call from phone B continues. On the uplink, the forwarding plane removes the failed LAG member and continues using the remaining LAG member.
Page 166: Nsf And Dhcp Snooping
NSF and DHCP Snooping Figure 8-15 illustrates an L2 access switch running DHCP snooping. DHCP trusted snooping only accepts DHCP server messages on ports configured as ports. DHCP snooping listens to DHCP messages to build a bindings database that lists the IP address the DHCP server has assigned to each host. IP Source Guard (IPSG) uses the bindings database to filter data traffic in hardware based on source IP address and source MAC address.
Page 167: Nsf And The Storage Access Network
If a host is in the middle of an exchange with the DHCP server when the failover occurs, the exchange is interrupted while the control plane restarts. When DHCP snooping is enabled, the hardware traps all DHCP packets to the CPU. The control plane drops these packets during the restart. The DHCP client and server retransmit their DHCP messages until the control plane has resumed operation and messages get through.
Page 168 Figure 8-16. NSF and a Storage Area Network Disc Array (iSCSI Targets) Servers (iSCSI Initiators) 10.1.1.2 10.1.1.3 10.1.1.1 10.1.1.10 10.1.1.11 When the Management Unit fails, session A drops. The initiator at 10.1.1.10 detects a link down on its primary NIC and attempts to reestablish the session on its backup NIC to a different IP address on the disk array.
Page 169: Nsf And Routed Access
NSF and Routed Access Figure 8-17 shows a stack of three units serving as an access router for a set of hosts. Two LAGs connect the stack to two aggregation routers. Each LAG is a member of a VLAN routing interface. The stack has OSPF and PIM adjacencies with each of the aggregation routers.
Page 170 JOIN messages upstream. The control plane updates the driver with checkpointed unicast routes. The forwarding plane reconciles L3 hardware tables. The OSPF graceful restart finishes, and the control plane deletes any stale unicast routes not relearned at this point. The forwarding plane reconciles L3 multicast hardware tables.
Page 171: Controlling Management Access
Controlling Management Access This chapter describes how to control access to the switch management interface through switch-based authentication or by using TACACS+ or RADIUS servers. It also includes information about controlling access through Telnet, SSH, HTTP, and HTTPs. The Denial of Service (DoS) protection feature is also described in this chapter.
Page 172 Table 9-1. Management Security Features Management Security Description Feature Management Access Contains rules to apply to one or more in-band ports, LAGs, Control List (ACL) or VLANs to limit management access by method (for example, Telnet or HTTP) and/or source IP address. NOTE: Management ACLs cannot be applied to the OOB port.
Page 173: What Are The Recommendations For Management Security
What Are the Recommendations for Management Security? Selecting the authentication policy for a network is very important. In large deployments, many administrators prefer to use a RADIUS or TACACS+ server because it allows the authentication policy to be applied system wide with little administrative effort.
Page 174: How Does Tacacs+ Control Management Access
• Console—Authenticates access through the console port (CLI only). • Telnet—Authenticates users accessing the CLI by using a Telnet or SSH client. • Secure HTTP—Authenticates users accessing OpenManage Switch Administrator by using an HTTPS connection. • HTTP—Authenticates users accessing OpenManage Switch Administrator by using an HTTP connection.
Page 175 Figure 9-1. Basic TACACS+ Topology Backup TACACS+ Server PowerConnect Switch Primary TACACS+ Server Management Network Management Host You can configure the TACACS+ server list with one or more hosts defined via their network IP address. You can also assign each a priority to determine the order in which the TACACS+ client will contact them.
Page 176: How Does Radius Control Management Access
How Does RADIUS Control Management Access? Many networks use a RADIUS server to maintain a centralized user database that contains per-user authentication information. RADIUS servers provide a centralized authentication method for: • Telnet Access • Web Access • Console to Switch Access •...
Page 177 Figure 9-2. RADIUS Topology Backup RADIUS Server PowerConnect Switch Primary RADIUS Server Management Network Management Host The server can authenticate the user itself or make use of a back-end device to ascertain authenticity. In either case a response may or may not be forthcoming to the client.
Page 178: What Are Radius Server Groups
enable Auth-Type := Local, User-Password == "pass5678" Service-Type = Administrative-User The values for the Service-Type attribute are as follows: • NAS-Prompt-User indicates the user should be provided a command prompt on the switch, which is acting as the Network Access Server (NAS), from which nonprivileged commands can be executed.
Page 179 When multiple RADIUS servers are configured with different names, the servers are in different groups. The primary/secondary designation and priority applies to RADIUS servers only within the same group. Within a named group, the switch always attempts to contact the primary RADIUS server first.
Page 180: What Other Features Use Authentication
What Other Features Use Authentication? In addition to controlling access to the management interface, the switch can use RADIUS, IAS, or the local user database to provide port-based access control. Port-based access control specifies whether devices that are connected to the switch ports are allowed access to the network. The IEEE 802.1X feature (also known as Dot1X) and Captive Portal feature use RADIUS or the local user database to control network access.
Page 181 Table 9-2. Management Security Default Values (Continued) Management Security Default Feature Authentication The following three Authentication Profiles are configured Profiles by default: • defaultList—Method is NONE, which means no authentication is required. • networkList—Method is LOCAL, which means the user credentials are verified against the information in the local user database.
Page 182: Controlling Management Access (Web)
Controlling Management Access (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring management security on a PowerConnect M6220/M6348/M8024/M8024-k switch. For details about the fields on a page, click at the top of the page. Access Profile Use the Access Profile page to define a profile and rules for accessing the switch.
Page 183 Adding and Configuring an Access Profile To configure an access profile: 1 Open the Access Profile page. 2 Click Add Profile to display the Add an Access Profile page. 3 Enter a name for the Access Profile. 4 Specify a rule for management access, and then click Apply. In Figure 9-4, the Access Profile name is mgmt_ACL, and access is permitted on VLAN 1 from any host in the 10.27.65.0/24 subnet.
Page 184 Figure 9-5 shows the configuration of an additional rule that allows management access to a host in the 10.27.65.0/24 subnet that is connected to Port 1. The rule priority is 2. This rule might be necessary if Port 1 is not a member of VLAN 1.
Page 185 Figure 9-6. View Access Profile Information 8 Click Access Profile to return to the main page for the feature. 9 To activate the profile, select the Set Active Access Profile option, and then click Apply. NOTE: The switch enforces the profile rules only if the profile is active. If an access profile is not activated, the device can be accessed by any host and on any interface.
Page 186: Authentication Profiles
Figure 9-7. Activate the Access Profile Authentication Profiles User authentication occurs locally and on an external server. Use the Authentication Profiles page to select the user authentication methods for the defaultList and networkList. These Authentication Profiles are created by default. To display the Authentication Profiles page, click System →...
Page 187 Figure 9-8. Authentication Profiles Adding and Configuring an Authentication Profile To configure an authentication profile: 1 Open the Authentication Profiles page. 2 Click Add to display the Add Authentication Profiles page. 3 Enter a name for the Authentication Profile. 4 Select the authentication methods to use for the profile. The order in which you select the methods is the order the switch will use to attempt to authentication the user.
Page 188 Figure 9-9. Configure Authentication Profile 5 Click Apply. A profile is created. You can apply the newly created authentication profile to an access method by using the System → Management Security → Select Authentication page. For example, you can select myList as the login authentication for anyone who connects to the switch by using Telnet.
Page 189 6 To view the existing Authentication Profiles and the order in which the login methods are used, click Show All. Figure 9-10. View Authentication Profile Table Controlling Management Access...
Page 190: Select Authentication
Select Authentication After authentication profiles are defined, you can apply them to management access methods. For example, console users can be authenticated by Authentication Profile List 1, while Telnet users are authenticated by Authentication Profile List 2. To display the Select Authentication page, click System → Management Security →...
Page 191: Password Management
Password Management Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP , HTTPS, and SNMP access are assigned security features, including: • Defining minimum password lengths (the minimum password length is 8 when password length-checking is enabled) •...
Page 192 Figure 9-12. Password Management Adding Excluded Keywords To prevent keywords from being used in passwords: 1 Make sure Create is selected from the Password Exclude-keyword menu. 2 Specify the keyword to exclude. 3 Click Add Excluded Keyword. Controlling Management Access...
Page 193: Last Password Set Result
Last Password Set Result Use the Last Password Set Result page to view information about the most recently configured password for a user in the Local User Database. To display the Last Password Set Result page, click System → Management Security →...
Page 194: User Login Configuration
User Login Configuration Use the User Login Configuration page to select the list to use to authenticate attempts to login to the switch by users configured in the Local User Database. Each user in the database can have a different list applied. To display the User Login Configuration page, click System →...
Page 195: Local User Database
Local User Database Use the Local User Database page to define passwords, access rights for users and reactivate users whose accounts have been suspended. This page also contains fields to allow you to configure SNMPv3 settings for users in the local database.
Page 196 Adding a User to the Local Database To add local users: 1 Open the Local User Database page. 2 Click Add to display the Add a New User page. 3 Specify a login name, select the access level, and type/retype the password. Figure 9-16.
Page 197: Line Password
Line Password Use the Line Password page to define passwords that are used to access the CLI through the Console port, SSH, or Telnet. To display the Line Password page, click System → Management Security → Line Password in the navigation panel. Figure 9-17.
Page 198: Tacacs+ Settings
TACACS+ Settings TACACS+ provides centralized security for validation of users accessing the switch, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services: • Authentication — Provides authentication during login and through user names and user-defined passwords. •...
Page 199 Adding TACACS+ Host Information To add a TACACS+ host: 1 Open the TACACS+ Settings page. 2 Click Add to display the Add a TACACS+ Host page. 3 Specify a the hostname or IP address of the TACACS+ the switch will use to authenticate users.
Page 200: Radius Global Configuration
Figure 9-21. View Local User Database Entries RADIUS Global Configuration Use the RADIUS Global Configuration page to configure that affect all RADIUS servers that are configured on the switch. To display the RADIUS Global Configuration page, click System → Management Security → RADIUS Global Configuration in the navigation panel.
Page 201: Radius Server Configuration
RADIUS Server Configuration From the RADIUS Server Configuration page, you can add a new RADIUS server, configure settings for a new or existing RADIUS server, and view RADIUS server status information. The RADIUS client on the switch supports up to 32 named authentication and accounting servers. To access the RADIUS Server Configuration page, click System →...
Page 202 4 Use the default RADIUS server name or enter up to 32 alphanumeric characters. Spaces, hyphens, and underscores are also permitted. You can use the same name for multiple RADIUS Authentication servers. RADIUS clients can use RADIUS servers with the same name as backups for each other.
Page 203: Radius Accounting Server Configuration
Figure 9-25. Viewing the RADIUS Server Table RADIUS Accounting Server Configuration From the RADIUS Accounting Server Configuration page, you can add a new RADIUS accounting server, configure settings for a new or existing RADIUS accounting server, and view RADIUS accounting server status information.
Page 204 Adding and Configuring RADIUS Accounting Server Information To add a RADIUS accounting server: 1 Open the RADIUS Accounting Server Configuration page. 2 Click Add to display the Add RADIUS Accounting Server page. 3 Specify the IP address of the RADIUS accounting server. 4 Use the default RADIUS server name or enter up to 32 alphanumeric characters.
Page 205: Radius Accounting Server Statistics
Figure 9-28. Viewing the RADIUS Accounting Server Table RADIUS Accounting Server Statistics Use the RADIUS Accounting Server Statistics page to view statistical information for each RADIUS accounting server configured on the system. To access the RADIUS Accounting Server Statistics page, click System → Management Security →...
Page 206: Radius Server Statistics
RADIUS Server Statistics Use the RADIUS Server Statistics page to view statistical information for each RADIUS server configured on the system. To access the RADIUS Server Statistics page, click System → Management Security → RADIUS Server Statistics in the navigation panel. Figure 9-30.
Page 207: Authorization Network Radius
Authorization Network RADIUS In some networks, the RADIUS server is responsible for assigning traffic to a particular VLAN. From the Authorization Network RADIUS page, you can enable the switch to accept VLAN assignment by the RADIUS server. For more information about VLANs and RADIUS-assigned VLANs, see "Dynamic VLAN Creation"...
Page 208: Telnet Server
Telnet Server Use the Telnet Server page to enable or disable telnet service on the switch or to modify the telnet port. To display the Telnet Server page, click System → Management Security → Telnet Server. Figure 9-32. Telnet Server Controlling Management Access...
Page 209: Denial Of Service
Denial of Service Denial of Service (DoS) refers to the exploitation of a variety of vulnerabilities which would interrupt the service of a host or make a network unstable. Use the Denial of Service page to configure settings to help prevent DoS attacks.
Page 210: Secure Http Configuration
Secure HTTP Configuration Secure HTTP (HTTPS) increases the security of web-based management by encrypting communication between the administrative system and the switch. Use the Secure HTTP page to manage the HTTPS mode and certificate information that enables management of the switch through HTTPS. To display the Secure HTTP page, click System →...
Page 211 Importing and Requesting Certificates Use the following steps to import or request a certificate by using SSH. 1 From the Secure HTTP page, click SSH Request. Figure 9-35. Secure HTTP - SSH Request 2 Select the certificate number. 3 Complete the fields that are relevant to the certificate. 4 To import the certificate, click Certificate Import.
Page 212 Viewing Certificate Information To view the certificate request or to view the generated certificate, click Show All. Figure 9-36. View Certificate Requests Controlling Management Access...
Page 213: Secure Shell Configuration
Secure Shell Configuration Secure Shell (SSH) is similar to Telnet but increases the security of CLI- based management by creating a secure channel for communication between the administrative system and the switch. Use the Secure Shell page to manage the SSH mode and other information that enables management of the switch through SSH.
Page 214: Secure Public Key Configuration
Generate RSA Keys — Begin generating RSA host keys. Note that to • generate SSH key files, SSH must be administratively disabled and there must be no active SSH sessions. Generate DSA Key — Begin generating DSA host keys. Note that to •...
Page 215 Configuring a Public Key Use the following steps to configure a public key for SSH. 1 From the Secure Public Key page, click Add. Figure 9-39. Secure Public Key — Add 2 Specify the algorithm to use of the public-key cryptography, either DSA or RSA.
Page 216: Controlling Management Access (Cli)
For more information about PowerConnect M6220/M6348/M8024/M8024-k CLI these commands, see the Reference Guide at support.dell.com/manuals. Configuring a Management Access List NOTE: Management ACLs can be applied only to in-band ports and cannot be applied to the OOB port.
Page 217 Command Purpose permit ip-source Allow access to the management interface from hosts that address mask [mask meet the specified IP address value and other optional prefix-length interface- criteria. type interface-number interface-type interface-number • — A valid port, LAG, or service [service ] [priority VLAN interface, for example gi1/0/13, port-channel 3, or...
Page 218: Adding Users To The Local Database
Adding Users to the Local Database Beginning in Privileged EXEC mode, use the following commands to add users to the local user database. Command Purpose configure Enter Global Configuration mode. name username Add a new user to the local users database. password password [level...
Page 219: Configuring And Applying Authentication Profiles
Configuring and Applying Authentication Profiles Beginning in Privileged EXEC mode, use the following commands to create an authentication list, configure the authentication methods for that list, and apply the list to an access method. Command Purpose configure Enter Global Configuration mode. aaa authentication login Configure the methods used to authenticate a user list-name...
Page 220: Managing Passwords
Command Purpose line {console|ssh Enter Line configuration mode for the specified access |telnet} method. login authentication Specify the login authentication list to use for the line list-name {default| access. The list is applied to the current line mode (console, Telnet, or SSH). enable authentication Specify the enable authentication list to use for access to list-name...
Page 221 Command Purpose passwords lock-out Specify the number of times a user can enter an incorrect attempts password before being denied access to the management interface. NOTE: Password lockout applies only to local users. Users authenticated by RADIUS and TACACS+ are subject to the policies defined by the RADIUS or TACACS+ server.
Page 222: Configuring Radius Server Information
Command Purpose passwords strength Specify up to three keywords to exclude in a password. The word exclude-keyword password does not accept the keyword in any form (in between the string, case in-sensitive and reverse) as a substring. passwords strength- Verify the strength of a password during configuration. check exit Exit to Privileged EXEC mode.
Page 223 Command Purpose key-string key [ Set the authentication and encryption key for all RADIUS communications between the switch and the RADIUS server. NOTE: You can also use the radius-server key [ key-string command in Global Configuration mode to set the same authentication and encryption key for all configured RADIUS servers.
Page 224: Configuring Tacacs+ Server Information
Command Purpose show radius statistics View the RADIUS statistics for the switch. You can specify [[accounting | additional information to narrow the scope of the authentication] command output. ipaddress hostname • accounting | authentication — The type of server servername name (accounting or authentication).
Page 225: Configuring Telnet And Ssh Access
Configuring Telnet and SSH Access Beginning in Privileged EXEC mode, use the following commands to specify Telnet and SSH server settings on the switch. Command Purpose configure Enter Global Configuration mode. ip telnet server disable Disable the Telnet service on the switch ip ssh server Allow access to the switch management interface by using SSH, which is disabled by default.
Page 226: Configuring Http And Https Access
Command Purpose show crypto key pubkey- View SSH public keys stored on the switch. chain ssh [username username • — Specifies the remote SSH client username. username ] [fingerprint (Range: 1–48 characters) bubble-babble|hex] • bubble-babble — Fingerprints in Bubble Babble format. •...
Page 227 Command Purpose <CTRL + Z> Exit to Privileged EXEC mode. crypto certificate Generate and display a certificate request for HTTPS. This number request command takes you to Crypto Certificate Request mode. In this mode, you can use the following commands to specify certificate details: •...
Page 228: Configuring Dos Information
Command Purpose show crypto certificate View the SSL certificates of your switch. mycertificate show ip http server Display the HTTPS server configuration. secure status show ip http server Display the HTTP server configuration. status Configuring DoS Information Beginning in Privileged EXEC mode, use the following commands to specify settings to help prevent DoS attacks on the switch.
Page 229 Command Purpose size dos-control icmp [ Enable Maximum ICMP Packet Size Denial of Service size protections, where is the Maximum ICMP packet size. (Range: 0-16376). If ICMP Echo Request (PING) packets ingress having a size greater than the configured value, the packets are dropped.
Page 230: Management Access Configuration Examples
Management Access Configuration Examples This section contains the following examples: • Configuring a Management Access List • Configuring an Authentication Profile • Configuring the Primary and Secondary RADIUS Servers • Configuring Password Lockout Configuring a Management Access List The commands in this example create a management ACL that permits access to the switch through the in-band switch ports on VLAN 1 and on port 9 from hosts with an IP address in the 10.27.65.0 subnet.
Page 231: Configuring The Primary And Secondary Radius Servers
The commands in this example configure primary and secondary RADIUS servers that the switch will use to authenticate access. The RADIUS servers belong to the same named server group (Dell-RADIUS) and use the same RADIUS secret (test1234). A third RADIUS server is configured as an accounting server, and RADIUS accounting is globally enabled.
Page 232 2 Configure the secondary RADIUS server. console(config)#radius-server host auth 10.27.65.104 console(Config-auth-radius)#name Dell-RADIUS console(Config-auth-radius)#key test1234 console(Config-auth-radius)#exit 3 Configure the RADIUS accounting server. console(config)#radius-server host acct 10.27.65.114 console(Config-acct-radius)#key test1234 console(Config-acct-radius)#name Dell-RADIUS- Accounting console(Config-acct-radius)#exit 4 Activate RADIUS accounting. console(config)#aaa accounting network default start-stop group radius console(config)#exit 5 View the configured RADIUS servers.
Page 233: Configuring An Authentication Profile
Configuring an Authentication Profile The commands in this example create a new authenticating profile that uses the RADIUS server configured in the previous example to authenticate users who attempt to access the switch management interface by using SSH or Telnet. If the RADIUS authentication is unsuccessful, the switch uses the local user database to attempt to authenticate the users.
Page 234: Configuring Password Lockout
4 View the current authentication methods and profiles. console#show authentication methods Login Authentication Method Lists --------------------------------- defaultList none networkList local myList radius local Enable Authentication Method Lists ---------------------------------- enableList none Line Login Method List Enable Method List ------- ----------------- ------------------ Console defaultList enableList...
Page 235 The password lockout feature disables local access to the switch for a given user name if the user fails to supply the correct password within the configured number of attempts. Failed attempts to log on do not need to close together in time; consecutive login failures separated by extensive time periods can still cause a user to be locked out.
Page 236 4 View information about the authentication profiles. By default, Console (serial) access uses the defaultList authentication. The defaultList does not require authentication, but the networkList requires authentication by verifying the user name and password against an entry in the local database.
Page 237 The following screen text shows an example session that results in the lockout of local user abc User:abc Password:******** ! Enter invalid password User:abc Password:******** ! Enter invalid password User:abc Password:******** User: <188> FEB 04 19:44:52 10.27.22.46-1 USER_MGR[183162896]: user_mgr.c(1640) 695 %% User abc locked out on authentication failure ! Enter valid password User:abc...
Page 238 Controlling Management Access...
Page 239: Monitoring And Logging System
Monitoring and Logging System Information This chapter provides information about the features you use to monitor the switch, including logging, cable tests, and email alerting. The topics covered in this chapter include: • System Monitoring Overview • Default Log Settings •...
Page 240: Why Is System Information Needed
Why Is System Information Needed? The information the switch provides can help you troubleshoot issues that might be affecting system performance. The cable diagnostics test help you troubleshoot problems with the physical connections to the switch. Auditing access to the switch and the activities an administrator performed while managing the switch can help provide security and accountability.
Page 241: What Are The Severity Levels
What Are the Severity Levels? For each local or remote log file, you can specify the severity of the messages to log. Each severity level is identified by a name and a number. Table 10-1 provides information about the severity levels. Table 10-1.
Page 242: What Is The Log Message Format
The first part of the log message up to the first left bracket is fixed by the Syslog standard (RFC 3164). The second part up to the two percent signs is standardized for all Dell PowerConnect logs. The variable text of the log message follows. The log message is limited to 96 bytes.
Page 243: What Factors Should Be Considered When Configuring Logging
Message — Contains the text of the log message. What Factors Should Be Considered When Configuring Logging? Dell recommends that network administrators deploy a syslog server in their network and configure all switches to log messages to the syslog server.
Page 244: Monitoring System Information And Configuring Logging (Web)
Device Information The Device Information page displays after you successfully log on to the switch by using the Dell OpenManage Switch Administrator. This page is a virtual representation of the switch front panel. Use the Device Information page to view information about the port status, system status, and the switch stack.
Page 245 Figure 10-2. Stack View For more information about the device view features, see "Understanding the Device View" on page 100. Monitoring and Logging System Information...
Page 246: System Health
System Health Use the Health page to view status information about the switch power and ventilation sources. To display the Health page, click System → General → Health in the navigation panel. Figure 10-3. Health Monitoring and Logging System Information...
Page 247: System Resources
System Resources Use the System Resources page to view information about memory usage and task utilization. To display the System Resources page, click System → General → System Resources in the navigation panel. Figure 10-4. System Resources Monitoring and Logging System Information...
Page 248: Integrated Cable Test For Copper Cables
Integrated Cable Test for Copper Cables Use the Integrated Cable Test for Copper Cables page to perform tests on copper cables. Cable testing provides information about where errors occurred in the cable, the last time a cable test was performed, and the type of cable error which occurred.
Page 249: Optical Transceiver Diagnostics
To view a summary of all integrated cable tests performed, click the Show All link. Figure 10-6. Integrated Cable Test Summary Optical Transceiver Diagnostics Use the Optical Transceiver Diagnostics page to perform tests on Fiber Optic cables. To display the Optical Transceiver Diagnostics page, click System → Diagnostics →...
Page 250 Figure 10-7. Optical Transceiver Diagnostics To view a summary of all optical transceiver diagnostics tests performed, click the Show All link. Figure 10-8. Optical Transceiver Diagnostics Summary Monitoring and Logging System Information...
Page 251: Log Global Settings
Log Global Settings Use the Global Settings page to enable logging globally, to enable other types of logging. You can also specify the severity of messages that are logged to the console, RAM log, and flash-based log file. The Severity table lists log messages from the highest severity (Emergency) to the lowest (Debug).
Page 252: Ram Log
RAM Log Use the RAM Log page to view information about specific RAM (cache) log entries, including the time the log was entered, the log severity, and a description of the log. To display the RAM Log, click System → Logs → RAM Log in the navigation panel.
Page 253: Log File
Log File The Log File contains information about specific log entries, including the time the log was entered, the log severity, and a description of the log. To display the Log File, click System → Logs → Log File in the navigation panel.
Page 254 Figure 10-12. Remote Log Server Adding a New Remote Log Server To add a log server: 1 Open the Remote Log Server page. 2 Click Add to display the Add Remote Log Server page. 3 Specify the IP address or hostname of the remote server. 4 Define the UDP Port and Description fields.
Page 255 Figure 10-13. Add Remote Log Server 5 Select the severity of the messages to send to the remote server. NOTE: When you select a severity level, all higher severity levels are automatically selected. 6 Click Apply. Click the Show All link to view or remove remote log servers configured on the system.
Page 256: Email Alert Global Configuration
Figure 10-14. Show All Log Servers Email Alert Global Configuration Use the Email Alert Global Configuration page to enable the email alerting feature and configure global settings so that system log messages can be sent to from the switch to one or more email accounts. To display the Email Alert Global Configuration page, click System →...
Page 257: Email Alert Mail Server Configuration
Email Alert Mail Server Configuration Use the Email Alert Mail Server Configuration page to configure information about the mail server the switch uses for sending email alert messages. To display the Email Alert Mail Server Configuration page, click System → Email Alerts →...
Page 258 Figure 10-17. Add Mail Server 4 Click Apply. 5 If desired, click Configuration to return to the Email Alert Mail Server Configuration page to specify port and security settings for the mail server. Click the Show All link to view or remove mail servers configured on the switch.
Page 259: Email Alert Subject Configuration
Email Alert Subject Configuration Use the Email Alert Subject Configuration page to configure the subject line for email alerts that are sent by the switch. You can customize the subject for the message severity and entry status. To display the Email Alert Subject Configuration page, click System → Email Alerts →...
Page 260: Email Alert To Address Configuration
Email Alert To Address Configuration Use the Email Alert To Address Configuration page to specify where the email alerts are sent. You can configure multiple recipients and associate different message severity levels with different recipient addresses. To display the Email Alert To Address Configuration page, click System → Email Alerts →...
Page 261: Email Alert Statistics
Figure 10-22. View Email Alert To Address Configuration Email Alert Statistics Use the Email Alert Statistics page to view the number of emails that were successfully and unsuccessfully sent, and when emails were sent. To display the Email Alert Statistics page, click System → Email Alerts → Email Alert Statistics in the navigation panel.
Page 262: Monitoring System Information And Configuring Logging (Cli)
PowerConnect M6220/M6348/M8024/M8024-k switch. For more information about these PowerConnect M6220/M6348/M8024/M8024-k CLI commands, see the Reference Guide at support.dell.com/manuals. Viewing System Information Beginning in Privileged EXEC mode, use the following commands to view system health and resource information. Command...
Page 263: Configuring Local Logging
Command Purpose test copper-port tdr Perform the Time Domain Reflectometry (TDR) test to interface diagnose the quality and characteristics of a copper cable attached to the specified port. CAUTION: Issuing the test copper-port tdr command will bring the interface down. The interface is specified in unit/slot/port format.
Page 264 Command Purpose logging Enable logging to the specified file. Optionally, you can {buffered|console| file} define a logging discriminator to help filter log messages severity and set the severity of the messages to log. • buffered — Enables logging to the RAM file (cache). If the switch resets, the buffered logs are cleared.
Page 265: Configuring Remote Logging
Configuring Remote Logging Beginning in Privileged EXEC mode, use the following commands to define a remote server to which the switch sends log messages. Command Purpose configure Enter Global Configuration mode. ip-address logging { Define a remote log server and enter the configuration hostname mode for the specified log server.
Page 266: Configuring Mail Server Settings
Configuring Mail Server Settings Beginning in Privileged EXEC mode, use the following commands to configure information about the mail server (SMTP host) on the network that will initially receive the email alerts from the switch and relay them to the correct recipient. Command Purpose configure...
Page 267: Configuring Email Alerts For Log Messages
Configuring Email Alerts for Log Messages Beginning in Privileged EXEC mode, use the following commands to configure email alerts so that log messages are sent to the specified address. Command Purpose configure Enter Global Configuration mode. severity logging email [ ] Enable email alerting and determine which non-critical log severity messages should be emailed.
Page 268 Command Purpose logging email test Send a test email to the configured recipient to verify that message-type {urgent | the feature is properly configured. non-urgent | both} body message-body CTRL + Z Exit to Privileged EXEC mode. show logging email View the configured settings for email alerts.
Page 269: Logging Configuration Examples
Logging Configuration Examples This section contains the following examples: • Configuring Local and Remote Logging • Configuring Email Alerting Configuring Local and Remote Logging This example shows how to enable switch auditing and CLI command logging. Log messages with a severity level of Notification (level 5) and above are sent to the RAM (buffered) log.
Page 270 4 Verify the remote log server configuration. console#show syslog-servers IP Address/Hostname Port Severity Description ------------------------- ------ -------------- ---------- 192.168.2.10 debugging Syslog Server 5 Verify the local logging configuration and view the log messages stored in the buffer (RAM log). console#show logging Logging is enabled Console Logging: level debugging.
Page 271: Configuring Email Alerting
Configuring Email Alerting The commands in this example define the SMTP server to use for sending email alerts. The mail server does not require authentication and uses the standard TCP port for SMTP, port 25, which are the default values. Only Emergency messages (severity level 0) will be sent immediately as individual emails, and messages with a severity of alert, critical, and error (levels 1-3) will be sent in a single email every 120 minutes.
Page 272 5 Specify the address where email alerts should be sent. console(config)#logging email message-type both to-addr administrator@dell.com 6 Specify the text that will appear in the email alert Subject line. console(config)#logging email message-type urgent subject "LOG MESSAGES - EMERGENCY"...
Page 273 Email Alert Non Urgent Severity Level..3 Email Alert Trap Severity Level....6 Email Alert Notification Period....120 min Email Alert To Address Table: For Msg Type......1 Address1......administrator@dell.com For Msg Type......2 Address1......administrator@dell.com Email Alert Subject Table For Msg Type 1, subject is....LOG MESSAGES - EMERGENCY For Msg Type 2, subject is....LOG MESSAGE...
Page 274 Monitoring and Logging System Information...
Page 275: Managing General System Settings
Managing General System Settings This chapter describes how to set system information, such as the hostname, and time settings, and how to select the Switch Database Management (SDM) template to use on the switch. This chapter also describes how to view expansion slot information as well as how to configure the operational mode and Port Aggregator feature.
Page 276: Why Does System Information Need To Be Configured
Table 11-1. System Information Feature Description SDM Template Determines the maximum resources a switch or router can use for various features. For more information, see "What Are SDM Templates?" on page 280 The switch can obtain the time from a Simple Network Time Protocol (SNTP) server, or you can set the time manually.
Page 277: What Is Simple Mode
The Banner can provide information about the switch status. For example, if multiple users connect to the switch, the message of the day (MOTD) banner might alert everyone who connects to the switch about a scheduled switch image upgrade. What is Simple Mode? The PowerConnect M6220, M6348, M8024, and M8024-k switches support a simple operational mode to allow auto configuration of complex network setting.
Page 278 • Simple mode allows the user to create Aggregation Groups where internal ports and external ports can be configured in a separate broadcast domain. • Security-related configurations: dot1x, RADIUS, TACACS+ are allowed when the switch is operating in Simple Mode. •...
Page 279: What Is The Port Aggregator Feature
• Dot1x • SNMP • • General System Information (Read-Only) • HTTP Server • Port Aggregator (Available only in Simple mode) NOTE: The default username (root) and password (calvin) is not available in Simple mode. A user with privilege level of 15 must be configured to access the switch management interface from a remote connection.
Page 280: What Is The Lag Dependency Feature In Port Aggregator Mode
and M8024-k switches, eight ports is the maximum number. No member port, either internal or external, can participate in more than one Aggregator Group. What Is the LAG Dependency Feature in Port Aggregator Mode? LAG (port-channel) dependency allows you to set the minimum number of uplinks to be active for the aggregator group.
Page 281: Why Is The System Time Needed
Table 11-3. SDM Template Parameters and Values (Continued) Parameter Dual IPv4/IPv6 IPv4 Only IPv4 Data Center IPv6 Neighbor Discovery 2560 Protocol (NDP) entries IPv6 unicast routes 4096 ECMP next hops IPv4 multicast routes 1536 2048 2048 IPv6 multicast routes SDM Template Configuration Guidelines When you configure the switch to use an SDM template that is not currently in use, you must reload the switch for the configuration to take effect.
Page 282: What Configuration Is Required For Plug-In Modules
Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock. The switch is at a stratum that is one lower than its time source.
Page 283: Default General System Information
Default General System Information By default, no system information or time information is configured, and the SNTP client is disabled. The default SDM Template applied to the switch is the Dual IPv4-IPv6 template. Simple mode is disabled by default on the PowerConnect M6220, M6348, and M8024 switches.
Page 284 Table 11-4. PCM6220 Default Port Aggregator Group Mapping (Stack with Two Members) Aggregator Member Internal Ports Member Uplink (External) Group Ports Group 1 Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/17, Gi1/0/18, Gi1/0/6, Gi1/0/7, Gi1/0/8, Gi1/0/9, Gi1/0/19, Gi1/0/20 Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14, Gi1/0/15, Gi1/0/16 Group 2 Gi2/0/1, Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5,...
Page 285 Table 11-6. PCM8024 and PCM8024-k Default Port Aggregator Group Mapping Aggregator Member Internal Ports Member Uplink (External) Group Ports Group 1 Te1/0/1, Te1/0/2, Te1/0/3, Te1/0/4, Te1/0/5, Te1/0/17, Te1/0/18, Te1/0/6, Te1/0/7, Te1/0/8, Te1/0/9, Te1/0/19, Te1/0/20 Te1/0/10, Te1/0/11, Te1/0/12, Te1/0/13, Te1/0/21, Te1/0/22, Te1/0/14, Te1/0/15, Te1/0/16 Te1/0/23, Te1/0/24 For the PCM6220 and PCM6348 switches, the same default configuration is...
Page 286: Configuring General System Settings (Web)
Configuring General System Settings (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring general system settings on the PowerConnect M6220/M6348/M8024/M8024-k switch. For details about the fields on a page, click at the top of the page. System Information Use the System Information page to configure the system name, contact name, location, and asset tag.
Page 287 Initiating a Telnet Session from the Web Interface NOTE: The Telnet client feature does not work with Microsoft Windows Internet Explorer 7 and later versions. Initiating this feature from any browser running on a Linux operating system is not supported. To launch a Telnet session: 1 From the System →...
Page 288 Figure 11-3. Select Telnet Client The selected Telnet client launches and connects to the switch CLI. Figure 11-4. Telnet Session Managing General System Settings...
Page 289: Cli Banner
CLI Banner Use the CLI Banner page to configure a message for the switch to display when a user connects to the switch by using the CLI. You can configure different banners for various CLI modes and access methods. To display the CLI Banner page, click System → General → CLI Banner in the navigation panel.
Page 290: Sdm Template Preference
SDM Template Preference Use the SDM Template Preference page to view information about template resource settings and to select the template that the switch uses. If you select a new SDM template for the switch to use, you must reboot the switch before the template is applied.
Page 291: Operational Mode Configuration
Operational Mode Configuration Use the Operational Mode Configuration page to enable Simple mode or return the switch to normal mode. Only users with the highest privilege level can change the operating mode. To display the Operational Mode Configuration page, click System → Operational Mode →...
Page 292 Figure 11-8. Operational Mode Configuration 4 Click Apply. The switch loads the Simple mode configuration file, and you are automatically logged off the system. To log on to the switch, you must enter a username and password in the logon screen. When the switch is operating in Simple mode, many of the pages available in normal mode are not available, and the navigation panel displays only the features that are available in Simple mode.
Page 293: Port Aggregator Global Configuration
Port Aggregator Global Configuration Use the Global Configuration page to configure LAG failover settings for all port aggregator groups. To display the Global Configuration page, click Switching → Port Aggregator → Global Configuration in the tree view. Figure 11-10. Port Aggregator Global Configuration Managing General System Settings...
Page 294: Port Aggregator Port Configuration
Port Aggregator Port Configuration Use the Port Configuration page to view and configure information about the port members and LAG roles for the aggregator groups. By default, all ports are in aggregator group 1. To display the Port Configuration page, click Switching → Port Aggregator →...
Page 295 Figure 11-12. Port Aggregator Port Configuration Summary 3 To modify the port assignment, click any Modify link to access the Port Configuration page. 4 If the system supports stacking, select the stack member to configure from the Unit field. 5 Enter the Port Aggregator Group ID in the Group ID field for the ports to add to a group.
Page 296: Port Aggregator Group Configuration
Port Aggregator Group Configuration Use the Group Configuration page to view and configure information about the port aggregator group settings for each aggregator group. To display the Group Configuration page, click Switching → Port Aggregator → Group Configuration in the tree view. Figure 11-13.
Page 297 Figure 11-14. Port Aggregator Group Configuration Summary 3 To modify the settings for an aggregator group, click the Modify link associated with the group to access the Group Configuration page for the group. Managing General System Settings...
Page 298: Port Aggregator Internal Port Vlan Configuration
Port Aggregator Internal Port VLAN Configuration Use the Internal Port VLAN Configuration page to configure VLAN settings for the internal ports. To display the Internal Port VLAN Configuration page, click Switching → Port Aggregator → Internal Port VLAN Configuration in the tree view. Figure 11-15.
Page 299 Figure 11-16. Port Aggregator Group Configuration Summary 3 To view the VLAN settings for a different group, select the group from the Group ID menu. Managing General System Settings...
Page 300: Port Aggregator Port Channel Summary
Port Aggregator Port Channel Summary Use the Port Channel Summary page to view information about the LAG members and LAG status for each group. To display the Port Channel Summary page, click Switching → Port Aggregator → Port Channel Summary in the tree view. Figure 11-17.
Page 301: Group Vlan Mac Summary
Group VLAN MAC Summary Use the Group VLAN MAC Summary page to view the MAC address table entries for each Port Aggregator group. To display the Group VLAN MAC Summary page, click Switching → Port Aggregator → Group VLAN MAC Summary in the tree view. Figure 11-18.
Page 302: Clock
Clock If you do not obtain the system time from an SNTP server, you can manually set the date and time on the switch on the Clock page. The Clock page also displays information about the time settings configured on the switch. To display the Clock page, click System →...
Page 303: Sntp Global Settings
SNTP Global Settings Use the SNTP Global Settings page to enable or disable the SNTP client, configure whether and how often the client sends SNTP requests, and determine whether the switch can receive SNTP broadcasts. To display the SNTP Global Settings page, click System → Time Synchronization →...
Page 304: Sntp Authentication
SNTP Authentication Use the SNTP Authentication page to enable or disable SNTP authentication, to modify the authentication key for a selected encryption key ID, to designate the selected authentication key as a trusted key, and to remove the selected encryption key ID. NOTE: The SNTP server must be configured with the same authentication information to allow time synchronization to take place between the two devices.
Page 305 Figure 11-22. Add Authentication Key 3 Enter a numerical encryption key ID and an authentication key in the appropriate fields. 4 If the key is to be used to authenticate a unicast SNTP server, select the Trusted Key check box. If the check box is clear, the key is untrusted and cannot be used for authentication.
Page 306: Sntp Server
Figure 11-23. Authentication Key Table SNTP Server Use the SNTP Server page to view and modify information about SNTP servers, and to add new SNTP servers that the switch can use for time synchronization. The switch can accept time information from both IPv4 and IPv6 SNTP servers.
Page 307 Figure 11-24. SNTP Servers Defining a New SNTP Server To add an SNTP server: 1 Open the SNTP Servers page. 2 Click Add. The Add SNTP Server page displays. Managing General System Settings...
Page 308 Figure 11-25. Add SNTP Server 3 In the SNTP Server field, enter the IP address or host name for the new SNTP server. 4 Specify whether the information entered in the SNTP Server field is an IPv4 address, IPv6 address, or a hostname (DNS). 5 If you require authentication between the SNTP client on the switch and the SNTP server, select the Encryption Key ID check box, and then select the key ID to use.
Page 309 Figure 11-26. SNTP Servers Table Managing General System Settings...
Page 310: Summer Time Configuration
Summer Time Configuration Use the Summer Time Configuration page to configure summer time (daylight saving time) settings. To display the Summer Time Configuration page, click System → Time Synchronization → Summer Time Configuration in the navigation panel. Figure 11-27. Summer Time Configuration NOTE: The fields on the Summer Time Configuration page change when you select or clear the Recurring check box.
Page 311: Time Zone Configuration
Time Zone Configuration Use the Time Zone Configuration to configure time zone information, including the amount time the local time is offset from UTC and the acronym that represents the local time zone. To display the Time Zone Configuration page, click System → Time Synchronization →...
Page 312: Slot Summary
Slot Summary Use the Slot Summary page to view information about the expansion slot status. To display the Slot Summary page, click Switching → Slots → Summary in the navigation panel. Figure 11-29. Slot Summary Managing General System Settings...
Page 313: Supported Cards
Supported Cards Use the Supported Cards page to view information about the supported plug-in modules for the switch. To display the Supported Cards page, click Switching → Slots → Supported Cards in the navigation panel. Figure 11-30. Supported Cards Managing General System Settings...
Page 314: Configuring System Settings (Cli)
PowerConnect M6220/M6348/M8024/M8024-k switch. For more information about these PowerConnect M6220/M6348/M8024/M8024-k CLI commands, see the Reference Guide at support.dell.com/manuals. Configuring System Information Beginning in Privileged EXEC mode, use the following commands to configure system information. Command...
Page 315: Configuring The Banner
Configuring the Banner Beginning in Privileged EXEC mode, use the following commands to configure the MOTD, login, or User EXEC banner. The switch supports the following banner messages: • MOTD—Displays when a user connects to the switch. • Login—Displays after the MOTD banner and before the login prompt. •...
Page 316: Managing The Sdm Template
Managing the SDM Template Beginning in Privileged EXEC mode, use the following commands to set the SDM template preference and to view information about the available SDM templates. Command Purpose configure Enter Global Configuration mode. sdm prefer {dual-ipv4- Select the SDM template to apply to the switch after the and-ipv6 default| ipv4- next boot.
Page 317 Command Purpose interface add interface Add member Ethernet ports to the Aggregator Group. intf-list interface • –Specify the Ethernet interface type, for example GigabitEthernet or TenGigabitEthernet. intf-list • — List of Ethernet interfaces to add. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate a range of ports.
Page 318: Configuring Sntp Authentication And An Sntp Server
Configuring SNTP Authentication and an SNTP Server Beginning in Privileged EXEC mode, use the following commands to require the SNTP client to use authentication when communicating with the SNTP server. The commands also show how to configure an SNTP server. Requiring authentication is optional.
Page 319 Command Purpose ip_address sntp server { Define the SNTP server. hostname } [priority ip_address • —The IP address (or host name) of the SNTP priority key_id ] [key server to poll. The IP address can be an IPv4 or IPv6 address.
Page 320: Setting The System Time And Date Manually
Setting the System Time and Date Manually Beginning in Privileged EXEC mode, use the following commands to configure the time and date, time zone, and summer time settings. Command Purpose mm/dd/yyyy clock set { Configure the time and date. You can enter the time first hh:mm:ss and then the date, or the date and then the time.
Page 321: Viewing Slot Information
Command Purpose clock summer-time Use this command if the summer time does not start and date month date { end every year according to a recurring pattern. You can month date year enter the month and then the date, or the date and then the hh:mm date month month.
Page 322: General System Settings Configuration Examples
3 Configure the message that displays when a user connects to the switch. PCM6348(config)#banner motd "This switch connects users in cubicles C121-C139." PCM6348(config)#exit 4 View system information to verify the configuration. PCM6348#show system System Description: Dell Ethernet Switch Managing General System Settings...
Page 323 System Up Time: 0 days, 19h:36m:36s System Contact: Jane Doe System Name: PCM6348 System Location: RTP100 Burned In MAC Address: 001E.C9AA.AA07 System Object ID: 1.3.6.1.4.1.674.10895.3035 System Model ID: PCM6348 Machine Type: PowerConnect M6348 Temperature Sensors: Unit Description Temperature Status (Celsius) ---- ----------- -----------...
Page 324: Configuring Sntp
Figure 11-31. Verify MOTD Configuring SNTP The commands in this example configure the switch to poll an SNTP server to synchronize the time. Additionally, the SNTP sessions between the client and server must be authenticated. To configure the switch: 1 Configure the authentication information. The SNTP server must be configured with the same authentication key and ID.
Page 325 3 Verify the configuration. console#show sntp configuration Polling interval: 512 seconds MD5 Authentication keys: 23456465 Authentication is required for synchronization. Trusted keys: 23456465 Unicast clients: Enable Unicast servers: Server Polling Priority ------------ ----------- --------- -------- 192.168.10.30 23456465 Enabled 4 View the SNTP status on the switch. console#show sntp status Client Mode: Unicast...
Page 326: Configuring The Time Manually
Configuring the Time Manually The commands in this example manually set the system time and date. The time zone is set to Eastern Standard Time (EST), which has an offset of -5 hours. Summer time is enabled and uses the preconfigured United States settings.
Page 327: Configuring Snmp
Configuring SNMP The topics covered in this chapter include: • SNMP Overview • Default SNMP Values • Configuring SNMP (Web) • Configuring SNMP (CLI) • SNMP Configuration Examples SNMP Overview Simple Network Management Protocol (SNMP) provides a method for managing network devices. The PowerConnect M6220, M6348, M8024, and M8024-k switches support SNMP version 1, SNMP version 2, and SNMP version 3.
Page 328: What Are Snmp Traps
The SNMP agent maintains a list of variables that are used to manage the switch. The variables are defined in the MIB. The MIB presents the variables controlled by the agent. The SNMP agent defines the MIB specification format, as well as the format used to access the information over the network. Access rights to the SNMP agent are controlled by access strings.
Page 329: Why Is Snmp Needed
Why Is SNMP Needed? Some network administrators prefer to use SNMP as the switch management interface. Settings that you view and configure by using the Web-based Dell OpenManage Switch Administrator and the CLI are also available by using SNMP .
Page 330 Table 12-1. SNMP Defaults Parameter Default Value QoS traps Enabled Multicast traps Disabled Captive Portal traps Disabled OSPF traps Disabled Table 12-2 describes the two views that are defined by default. Table 12-2. SNMP Default Views View Name OID Subtree View Type Default Included...
Page 331: Configuring Snmp (Web)
Configuring SNMP (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring the SNMP agent on a PowerConnect M6220/M6348/M8024/M8024-k switch. For details about the fields on a page, click at the top of the page. NOTE: For some features, the control to enable or disable traps is available from a configuration page for that feature and not from the Trap Manager pages that...
Page 332: Snmp View Settings
SNMP View Settings Use the SNMP View Settings page to create views that define which features of the device are accessible and which are blocked. You can create a view that includes or excludes OIDs corresponding to interfaces. To display the View Settings page, click System → SNMP → View Settings in the navigation panel.
Page 333 Figure 12-3. Add View 3 Specify a name for the view and a valid SNMP OID string. 4 Select the view type. 5 Click Apply. The SNMP view is added, and the device is updated. Click Show All to view information about configured SNMP Views. Configuring SNMP...
Page 334: Access Control Group
Access Control Group Use the Access Control Group page to view information for creating SNMP groups, and to assign SNMP access privileges. Groups allow network managers to assign access rights to specific device features or features aspects. To display the Access Control Group page, click System → SNMP → Access Control in the navigation panel.
Page 335: Snmpv3 User Security Model (Usm)
Figure 12-5. Add Access Control Group 3 Specify a name for the group. 4 Select a security model and level 5 Define the context prefix and the operation. 6 Click Apply to update the switch. Click Show All to view information about existing access control configurations.
Page 336 Figure 12-6. SNMPv3 User Security Model Adding Local SNMPv3 Users to a USM To add local users: 1 Open the User Security Model page. 2 Click Add Local User. The Add Local User page displays: Configuring SNMP...
Page 337 Figure 12-7. Add Local Users 3 Define the relevant fields. 4 Click Apply to update the switch. Click Show All to view the User Security Model Table, which contains information about configured Local and Remote Users. Adding Remote SNMPv3 Users to a USM To add remote users: 1 Open the SNMPv3 User Security Model page.
Page 338: Communities
Figure 12-8. Add Remote Users 3 Define the relevant fields. 4 Click Apply to update the switch. Click Show All to view the User Security Model Table, which contains information about configured Local and Remote Users. Communities Access rights for SNMPv1 and SNMPv2 are managed by defining communities Communities page.
Page 339 Figure 12-9. SNMP Communities Adding SNMP Communities To add a community: 1 Open the Communities page. 2 Click Add. The Add SNMPv1,2 Community page displays: Configuring SNMP...
Page 340 Figure 12-10. Add SNMPv1,2 Community 3 Specify the IP address of an SNMP management station and the community string to act as a password that will authenticate the management station to the SNMP agent on the switch. 4 Select the access mode. 5 Click Apply to update the switch.
Page 341: Notification Filter
Notification Filter Use the Notification Filter page to set filtering traps based on OIDs. Each OID is linked to a device feature or a feature aspect. The Notification Filter page also allows you to filter notifications. To display the Notification Filter page, click System → SNMP → Notification Filters in the navigation panel.
Page 342: Notification Recipients
Figure 12-12. Add Notification Filter 3 Specify the name of the filter, the OID for the filter. 4 Choose whether to send (include) traps or informs to the trap recipient or prevent the switch from sending (exclude) the traps or informs. 5 Click Apply to update the switch.
Page 343 Figure 12-13. SNMP Notification Recipient Adding a Notification Recipient To add a recipient: 1 Open the Notification Recipient page. 2 Click Add. The Add Recipient page displays: Configuring SNMP...
Page 344 Figure 12-14. Add Notification Recipient 3 Specify the IP address or hostname of the host to receive notifications. 4 Select whether to send traps or informs to the specified recipient 5 Define the relevant fields for the SNMP version you use. 6 Configure information about the port on the recipient.
Page 345: Trap Flags
Trap Flags The Trap Flags page is used to specify which traps you want to enable or disable. When the condition identified by an active trap is encountered by the switch, a trap message is sent to any enabled SNMP Trap Receivers, and a message is written to the trap log.
Page 346: Ospfv2 Trap Flags
OSPFv2 Trap Flags The OSPFv2 Trap Flags page is used to specify which OSPFv2 traps you want to enable or disable. When the condition identified by an active trap is encountered by the switch, a trap message is sent to any enabled SNMP Trap Receivers, and a message is written to the trap log.
Page 347: Ospfv3 Trap Flags
OSPFv3 Trap Flags The OSPFv3 Trap Flags page is used to specify which OSPFv3 traps you want to enable or disable. When the condition identified by an active trap is encountered by the switch, a trap message is sent to any enabled SNMP Trap Receivers, and a message is written to the trap log.
Page 348: Trap Log
Trap Log The Trap Log page is used to view entries that have been written to the trap log. To access the Trap Log page, click Statistics/RMON → Trap Manager → Trap Log in the navigation panel. Figure 12-18. Trap Logs Click Clear to delete all entries from the trap log.
Page 349: Configuring Snmp (Cli)
PowerConnect M6220/M6348/M8024/M8024-k CLI commands, see the Reference Guide at support.dell.com/manuals. Configuring the SNMPv3 Engine ID To use SNMPv3, the switch must have engine ID. You can specify your own ID or use the default string that is generated using the MAC address of the switch.
Page 350: Configuring Snmp Views, Groups, And Users
Command Purpose snmp-server engineID Configure the SNMPv3 Engine ID. engineid-string local { • engineid-string — The character string that identifies the default} engine ID. The engine ID is a concatenated hexadecimal string. Each byte in hexadecimal character strings is two hexadecimal digits.
Page 351 Command Purpose snmp-server group Specify the identity string of the receiver and set the groupname {v1 | v2 | v3 receiver timeout value. {noauth | auth | priv} groupname • — Specifies the name of the group. (Range: view-name [notify 1-30 characters.) view-name [context...
Page 352 Command Purpose snmp-server user Configure a new SNMPv3 user. username groupname username • — Specifies the name of the user on the host engineid-string [remote that connects to the agent. (Range: 1-30 characters.) password [{auth-md5 groupname • — Specifies the name of the group to which password auth-sha the user belongs.
Page 353: Configuring Communities
Command Purpose show snmp group View SNMP group configuration information. group_name show snmp user View SNMP user configuration information. user_name Configuring Communities Beginning in Privileged EXEC mode, use the following commands to configure access rights for SNMPv1 and SNMPv2. Command Purpose configure Enter Global Configuration mode...
Page 354 Command Purpose snmp-server community- Map the internal security name for SNMP v1 and SNMP community string group v2 security models to the group name. group-name [ipaddress community-string — • Community string that acts like a ip-address password and permits access to the SNMP protocol (Range: 1-20 characters) group-name —...
Page 355: Configuring Snmp Notifications (Traps And Informs)
Configuring SNMP Notifications (Traps and Informs) Beginning in Privileged EXEC mode, use the following commands to allow the switch to send SNMP traps and to configure which traps are sent. Command Purpose configure Enter Global Configuration mode snmp-server enable traps Specify the traps to enable.
Page 356 Command Purpose host- snmp-server host For SNMPv1 and SNMPv2, configure the system to receive addr [informs [timeout SNMP traps or informs. seconds retries ] [retries host-addr • — Specifies the IP address of the host (targeted | traps version {1 | 2}]] recipient) or the name of the host.
Page 357 Command Purpose snmp-server v3-host { For SNMPv3, configure the system to receive SNMP traps address hostname or informs. username {traps | ip-address • — Specifies the IP address of the host informs} [noauth | auth (targeted recipient). | priv] [timeout hostname •...
Page 358: Snmp Configuration Examples
SNMP Configuration Examples This section contains the following examples: • Configuring SNMPv1 and SNMPv2 • Configuring SNMPv3 Configuring SNMPv1 and SNMPv2 This example shows how to complete a basic SNMPv1/v2 configuration. The commands enable read-only access from any host to all objects on the switch public using the community string , and enable read-write access from any...
Page 359: Configuring Snmpv3
Community-String Group Name IP Address ----------------- -------------- ------------ private DefaultWrite public DefaultRead Traps are enabled. Authentication trap is enabled. Version 1,2 notifications Target Addr. Type Community Version UDP Filter Retries Port Name ------------ ---- --------- ---- ----- ----- ------- 192.168.3.65 Trap public Version 3 notifications Target Addr.
Page 360 admin , assign the user to the group, and specify the 3 Create the user authentication credentials. console(config)#snmp-server user admin group_snmpv3 auth-md5 secretkey 4 Specify the IP address of the host where traps are to be sent. Packet authentication using MD5-SHA is enabled for the traps. console(config)#snmp-server v3-host 192.168.3.35 admin traps auth console(config)#exit...
Page 361 console#show snmp views Name OID Tree Type ------------------ ------------------------ ------------ Default Included Default snmpVacmMIB Excluded Default usmUser Excluded Default snmpCommunityTable Excluded view_snmpv3 internet Included DefaultSuper Included console#show snmp group Name Context Model Security Read Views Notify Prefix Level Write ------------ -------- ------ -------- -------- ------ ------- DefaultRead ""...
Page 362 Configuring SNMP...
Page 363: Managing Images And Files
Managing Images and Files This chapter describes how to upload, download, and copy files, such as firmware images and configuration files, on the switch. The topics covered in this chapter include: • Image and File Management Overview • Managing Images and Files (Web) •...
Page 364 Table 13-1. Files to Manage File Action Description startup-config Download Contains the software configuration that Upload loads during the boot process. Copy running-config Download Contains the current switch configuration. Upload Copy backup-config Download An additional configuration file that serves Upload as a backup.
Page 365: Why Is File Management Needed
Table 13-1. Files to Manage File Action Description SSL certificate files Download Contains information to encrypt, authenticate, and validate HTTPS sessions. The switch supports the following files for SSL: • SSL Trusted Root Certificate File (PEM Encoded) • SSL Server Certificate File (PEM Encoded) •...
Page 366 changes that take place after the boot process completes are written to the running-config file. The backup-config file does not exist until you explicitly create one by copying an existing configuration file to the backup-config file or downloading a backup-config file to the switch. You can also create configuration scripts, which are text files that contains CLI commands.
Page 367: What Methods Are Supported For File Management
What Methods Are Supported for File Management? You can use any of the following protocols to download files from a remote system to the switch or to upload files from the switch to a remote system: • TFTP • SFTP •...
Page 368 Editing and Downloading Configuration Files Each configuration file contains a list of executable CLI commands. The commands must be complete and in a logical order, as if you were entering them by using the switch CLI. When you download a startup-config or backup-config file to the switch, the new file replaces the previous version.
Page 369: How Is The Running Configuration Saved
! Display information about direct connections show serial ! End of the script file Managing Files on a Stack Image files downloaded to the master unit of a stack are automatically downloaded to all stack members. If you activate the backup image on the master, it is activated on all units as well so that when you reload the stack, all units use the same image.
Page 370: Managing Images And Files (Web)
Managing Images and Files (Web) This section provides information about the OpenManage Switch Administrator pages to use to manage images and files on a PowerConnect M6220/M6348/M8024/M8024-k switch. For details about the fields on a page, click at the top of the page. File System Use the File System page to view a list of the files on the device and to modify the image file descriptions.
Page 371: Active Images
Active Images Use the Active Images page to set the firmware image to use when the switch boots. If you change the boot image, it does not become the active image until you reset the switch. To display the Active Images page, click System → File Management → Active Images in the navigation panel.
Page 372: File Download
File Download Use the File Download page to download image (binary) files, SSH and SSL certificates, IAS User files, and configuration (ASCII), files from a remote server to the switch. To display the File Download page, click System → File Management → File Download in the navigation panel.
Page 373 4 To download using HTTP, click Browse and select the file to download, then click Apply. 5 To download using any method other than HTTP, enter the IP address of the server that contains the file to download, the name of the file and the path on the server where it is located.
Page 374: File Upload
File Upload Use the File Upload to Server page to upload configuration (ASCII), image (binary), IAS user, operational log, and startup log files from the switch to a remote server. To display the File Upload to Server page, click System → File Management →...
Page 375 4 To upload by using HTTP, click Apply. A dialog box opens to allow you to open or save the file. Figure 13-6. File Upload 5 To upload by using any method other than HTTP, enter the IP address of the server and specify a name for the file.
Page 376: Copy Files
Copy Files Use the Copy Files page to: • Copy the active firmware image to one or all members of a stack. • Copy the running, startup, or backup configuration file to the startup or backup configuration file. • Restore the running configuration to the factory default settings. To display the Copy Files page, click System →...
Page 377: Managing Images And Files (Cli)
M6220/M6348/M8024/M8024-k switch. For more information about these PowerConnect M6220/M6348/M8024/M8024-k CLI commands, see the Reference Guide at support.dell.com/manuals. It also describes the commands that control the Auto Configuration feature. NOTE: Upload, download, and copy functions use the copy command. The basic...
Page 378: Managing Files In Internal Flash
Managing Files in Internal Flash Beginning in Privileged EXEC mode, use the following commands to copy, rename, delete and list the files in the internal flash. Command Purpose List the files in the flash file system. current_name rename Rename a file in flash. new_name filename delete...
Page 379: Managing Configuration Scripts (Sftp)
Command Purpose file user copy scp:// Adds a description to an image file. address hostname path The file can be one of the following files: file-name • backup-config • image • operational-log • running-config file-name • script • startup-config • startup-log Password entry After you enter the copy command, the CLI prompts you for the password associated with the username.
Page 380 Command Purpose script- script activate Executes the commands within the script in order. The name configuration changes in the script are applied to the running configuration. script-name script show View the contents of the specified script. Managing Images and Files...
Page 381: File And Image Management Configuration Examples
File and Image Management Configuration Examples This section contains the following examples: • Upgrading the Firmware • Managing Configuration Scripts Upgrading the Firmware This example shows how to download a firmware image to the switch and activate it. The TFTP server in this example is PumpKIN, an open source TFTP server running on a Windows system.
Page 382 Figure 13-8. Image Path 3 View information about the current image. console#show bootvar Image Descriptions image1 : image2 : Images currently available on Flash ------- ------------ ------------ --------------- -------------- unit image1 image2 current-active next-active ------- ------------ ------------ --------------- -------------- 2.23.11.17 image1 image1 4 Download the image to the switch.
Page 383 Management access will be blocked for the duration of the transfer Are you sure you want to start? (y/n)y 5 Activate the new image (image2) so that it becomes the active image after the switch resets. console#boot system image2 Activating image image2 .. 6 View information about the current image.
Page 384: Managing Configuration Scripts
Managing Configuration Scripts This example shows how to create a configuration script that adds three hostname-to-IP address mappings to the host table. To configure the switch: 1 Open a text editor on an administrative computer and type the commands as if you were entering them by using the CLI. Figure 13-9.
Page 385 Management access will be blocked for the duration of the transfer 4 After you confirm the download information and the script successfully downloads, it is automatically validated for correct syntax. Are you sure you want to start? (y/n) y 135 bytes transferred Validating configuration script...
Page 386 6 Verify that the script was successfully applied. console#show hosts Host name: test Name/address lookup is enabled Name servers (Preference order): 192.168.3.20 Configured host name-to-address mapping: Host Addresses ------------------------ ------------------------ labpc1 192.168.3.56 labpc2 192.168.3.58 labpc3 192.168.3.59 Managing Images and Files...
Page 387: Automatically Updating The Image And Configuration
Automatically Updating the Image and Configuration The topics covered in this chapter include: • Auto Configuration Overview • What Are the Dependencies for DHCP Auto Configuration? • Default Auto Configuration Values • Managing Auto Configuration (Web) • Managing Auto Configuration (CLI) •...
Page 388 Auto Configuration is successful when an image or configuration file is downloaded to the switch from a TFTP server. NOTE: The downloaded configuration file is not automatically saved to startup- config. You must explicitly issue a save request (copy running-config startup- config) in order to save the configuration.
Page 389 Option 125 and specify the Dell Enterprise Number, 674. Within the Dell section of option 125, sub option 5 must specify the path and name of a file on the TFTP server. This file is not the image file itself, but rather a text file that contains the path and name of the image file.
Page 390 If the DHCP server does not specify a configuration file or download of the configuration file fails, the Auto Configuration process attempts to download a configuration file with the name dell-net.cfg. The switch unicasts or broadcasts TFTP requests for a network configuration file in the same manner as it attempts to download a host-specific configuration file.
Page 391 Final File Sought Sought Host-specific config file, ending in a bootfile.cfg *.cfg file extension Default network config file dell-net.cfg Host-specific config file, associated hostname.cfg with hostname. Default config file host.cfg Table 14-2 displays the determining factors for issuing unicast or broadcast TFTP requests.
Page 392: Monitoring And Completing The Dhcp Auto Configuration Process
Monitoring and Completing the DHCP Auto Configuration Process When the switch boots and triggers an Auto Configuration, a message displays on the console screen to indicate that the process is starting. After the process completes, the Auto Configuration process writes a log message. When Auto Configuration has successfully completed, you can execute a show running-config command to validate the contents of configuration.
Page 393: What Are The Dependencies For Dhcp Auto Configuration
What Are the Dependencies for DHCP Auto Configuration? The Auto Configuration process from TFTP servers depends upon the following network services: • A DHCP server must be configured on the network with appropriate services. • An image file and a text file containing the image file name for the switch must be available from a TFTP server if DHCP image download is desired.
Page 394: Default Auto Configuration Values
Default Auto Configuration Values Table 14-3 describes the Auto Configuration defaults. Table 14-3. Auto Configuration Defaults Feature Default Description Auto Install Enabled When the switch boots and no saved configuration is Mode found, the Auto Configuration automatically begins. Retry Count When the DHCP or BootP server returns information about the TFTP server and bootfile, the switch makes three unicast TFTP requests for the specified bootfile.
Page 395: Managing Auto Configuration (Web)
Managing Auto Configuration (Web) This section provides information about the OpenManage Switch Administrator pages to use to manage images and files on a PowerConnect M6220/M6348/M8024/M8024-k switch. For details about the fields on a page, click at the top of the page. Auto-Install Configuration Use the Auto-Install Configuration page to allow the switch to obtain network information (such as the IP address and subnet mask) and...
Page 396: Managing Auto Configuration (Cli)
Auto-Install Configuration feature on the switch. For more information about PowerConnect M6220/M6348/M8024/M8024-k CLI these commands, see the Reference Guide at support.dell.com/manuals. Managing Auto Configuration Beginning in Privileged EXEC mode, use the following commands to manually activate the Auto Configuration process and download a configuration script from a remote system to the switch, validate the script, and activate it.
Page 397: Auto Configuration Example
Auto Configuration Example A network administrator is deploying three PowerConnect switches and wants to quickly and automatically install the latest image and a common configuration file that configures basic settings such as VLAN creation and membership, RADIUS server settings, and 802.1X information. The configuration file also contains the command boot host autosave so that the downloaded configuration is automatically saved to the startup config.
Page 398 5 Connect a port (OOB port for out-of-band management or any switch port for in-band management) on each switch to the network. 6 Boot the switches. Auto Image and Configuration Update...
Page 399: Monitoring Switch Traffic
Monitoring Switch Traffic This chapter describes sFlow features, Remote Monitoring (RMON), and Port Mirroring features. The topics covered in this chapter include: • Traffic Monitoring Overview • Default Traffic Monitoring Values • Monitoring Switch Traffic (Web) • Monitoring Switch Traffic (CLI) •...
Page 400 sampled traffic statistics to the sFlow Collector for analysis. You can specify up to eight different sFlow receivers to which the switch sends sFlow datagrams. Figure 15-1. sFlow Architecture sFlow Receiver PowerConnect Switches (sFlow Agents) sFlow Datagrams The advantages of using sFlow are: •...
Page 401 sFlow Sampling The sFlow Agent in the PowerConnect M6220/M6348/M8024/M8024-k switch software uses two forms of sampling: • Statistical packet-based sampling of switched or routed Packet Flows • Time-based sampling of counters Packet Flow Sampling and Counter Sampling are performed by sFlow Instances associated with individual Data Sources within an sFlow Agent.
Page 402: What Is Rmon
• When a sample is taken, the counter indicating how many packets to skip before taking the next sample is reset. The value of the counter is set to a random integer where the sequence of random integers used over time is the Sampling Rate.
Page 403: What Is Port Mirroring
• Specify the network management system IP address or permit management access from all IP addresses. For more information about configuring SNMP, see "Configuring SNMP" on page 327. The RMON agent in the switch supports the following groups: • Group 1—Statistics. Contains cumulative traffic and error statistics. •...
Page 404: Why Is Traffic Monitoring Needed
NOTE: You can create a DiffServ policy class definition that mirrors specific types of traffic to a destination port. For more information, see "Configuring Differentiated Services" on page 1097. The packet that is copied to the destination port is in the same format as the original packet on the wire.
Page 405: Monitoring Switch Traffic (Web)
Monitoring Switch Traffic (Web) This section provides information about the OpenManage Switch Administrator pages to use to monitor network traffic on a PowerConnect M6220/M6348/M8024/M8024-k switch. For details about the fields on a page, click at the top of the page. sFlow Agent Summary Use the sFlow Agent Summary page to view information about sFlow MIB and the sFlow Agent IP address.
Page 406: Sflow Receiver Configuration
sFlow Receiver Configuration Use the sFlow Receiver Configuration page to configure settings for the sFlow receiver to which the switch sends sFlow datagrams. You can configure up to eight sFlow receivers that will receive datagrams. To display the Receiver Configuration page, click System → sFlow → Receiver Configuration in the navigation panel.
Page 407: Sflow Sampler Configuration
sFlow Sampler Configuration Use the sFLow Sampler Configuration page to configure the sFlow sampling settings for switch ports. To display the Sampler Configuration page, click System → sFlow → Sampler Configuration in the navigation panel. Figure 15-4. sFlow Sampler Configuration Click Show All to view information about configured sampler data sources.
Page 408: Sflow Poll Configuration
sFlow Poll Configuration Use the sFLow Poll Configuration page to configure how often a port should collect counter samples. To display the Sampler Configuration page, click System → sFlow → Sampler Configuration in the navigation panel. Figure 15-5. sFlow Poll Configuration Click Show All to view information about the ports configured to collect counter samples.
Page 409: Interface Statistics
Interface Statistics Use the Interface Statistics page to display statistics for both received and transmitted packets. The fields for both received and transmitted packets are identical. To display the page, click Statistics/RMON → Table Views → Interface Statistics in the navigation panel. Figure 15-6.
Page 410: Etherlike Statistics
Etherlike Statistics Use the Etherlike Statistics page to display interface statistics. To display the page, click Statistics/RMON → Table Views → Etherlike Statistics in the navigation panel. Figure 15-7. Etherlike Statistics Monitoring Switch Traffic...
Page 411: Gvrp Statistics
GVRP Statistics Use the GVRP Statistics page to display switch statistics for GVRP. To display the page, click Statistics/RMON → Table Views → GVRP Statistics in the navigation panel. Figure 15-8. GVRP Statistics Monitoring Switch Traffic...
Page 412: Eap Statistics
EAP Statistics Use the EAP Statistics page to display information about EAP packets received on a specific port. For more information about EAP, see "Configuring 802.1X and Port-Based Security" on page 509. To display the EAP Statistics page, click Statistics/RMON → Table Views → EAP Statistics in the navigation panel Figure 15-9.
Page 413: Utilization Summary
Utilization Summary Use the Utilization Summary page to display interface utilization statistics. To display the page, click Statistics/RMON → Table Views → Utilization Summary in the navigation panel. Figure 15-10. Utilization Summary Monitoring Switch Traffic...
Page 414: Counter Summary
Counter Summary Use the Counter Summary page to display interface utilization statistics in numeric sums as opposed to percentages. To display the page, click Statistics/RMON → Table Views → Counter Summary in the navigation panel. Figure 15-11. Counter Summary Monitoring Switch Traffic...
Page 415: Switchport Statistics
Switchport Statistics Use the Switchport Statistics page to display statistical summary information about switch traffic, address tables, and VLANs. To display the page, click Statistics/RMON → Table Views → Switchport Statistics in the navigation panel. Figure 15-12. Switchport Statistics Monitoring Switch Traffic...
Page 416: Rmon Statistics
RMON Statistics Use the RMON Statistics page to display details about switch use such as packet processing statistics and errors that have occurred on the switch. To display the page, click Statistics/RMON → RMON → Statistics in the navigation panel. Figure 15-13.
Page 417: Rmon History Control Statistics
RMON History Control Statistics Use the RMON History Control page to maintain a history of statistics on each port. For each interface (either a physical port or a port-channel), you can define how many buckets exist, and the time interval between each bucket snapshot.
Page 418 Figure 15-15. Add History Entry 3 Select the port or LAG on which you want to maintain a history of statistics. 4 Specify an owner, the number of historical buckets to keep, and the sampling interval. 5 Click Apply to add the entry to the RMON History Control Table. To view configured history entries, click the Show All tab.
Page 419: Rmon History Table
RMON History Table Use the RMON History Table page to display interface-specific statistical network samplings. Each table entry represents all counter values compiled during a single sample. To display the RMON History Table page, click Statistics/RMON → RMON → History Table in the navigation panel. Figure 15-16.
Page 420: Rmon Event Control
RMON Event Control Use the RMON Events Control page to define RMON events. Events are used by RMON alarms to force some action when a threshold is crossed for a particular RMON counter. The event information can be stored in a log and/or sent as a trap to a trap receiver.
Page 421 Figure 15-18. Add an Event Entry 3 If the event sends an SNMP trap, specify the SNMP community to receive the trap. 4 Optionally, provide a description of the event and the name of the event owner. 5 Select an event type. 6 Click Apply.
Page 422: Rmon Event Log
RMON Event Log Use the RMON Event Log page to display a list of RMON events. To display the page, click Statistics/RMON → RMON → Events Log in the navigation panel. Figure 15-19. RMON Event Log Monitoring Switch Traffic...
Page 423: Rmon Alarms
RMON Alarms Use the RMON Alarms page to set network alarms. Alarms occur when certain thresholds are crossed for the configured RMON counters. The alarm triggers an event to occur. The events can be configured as part of the RMON Events group.
Page 424 Adding an Alarm Table Entry To add an alarm: 1. Open the RMON Alarms page. 2. Click Add. The Add an Alarm Entry page displays. Figure 15-21. Add an Alarm Entry 3. Complete the fields on this page as needed. Use the help menu to learn more information about the data required for each field.
Page 425: Port Statistics
Port Statistics Use the Port Statistics page to chart port-related statistics on a graph. To display the page, click Statistics/RMON → Charts → Port Statistics in the navigation panel. Figure 15-22. Ports Statistics To chart port statistics, select the type of statistics to chart and (if desired) the refresh rate, then click Draw.
Page 426: Lag Statistics
LAG Statistics Use the LAG Statistics page to chart LAG-related statistics on a graph. To display the page, click Statistics/RMON → Charts → LAG Statistics in the navigation panel. Figure 15-23. LAG Statistics To chart LAG statistics, select the type of statistics to chart and (if desired) the refresh rate, then click Draw.
Page 427: Port Mirroring
Port Mirroring Use the Port Mirroring page to create a mirroring session in which all traffic that is sent or received (or both) on one or more source ports is mirrored to a destination port. To display the Port Mirroring page, click Switching → Ports → Traffic Mirroring →...
Page 428 Figure 15-25. Add Source Port 5 Click Apply. 6 Repeat the previous steps to add additional source ports. 7 Click Port Mirroring to return to the Port Mirroring page. 8 Enable the administrative mode and specify the destination port. Figure 15-26. Configure Additional Port Mirroring Settings 9 Click Apply.
Page 429: Monitoring Switch Traffic (Cli)
For more information about these commands, see the PowerConnect M6220/M6348/M8024/M8024-k CLI Reference Guide support.dell.com/manuals. Configuring sFlow Beginning in Privileged EXEC mode, use the following commands to configure the sFlow receiver and to configure the sampling and polling on switch interfaces.
Page 430 Command Purpose rcvr-index sflow polling Enable a new sFlow poller instance on an interface range. if_type if_number poll- rcvr-index • — The sFlow Receiver associated with the interval poller (Range: 1–8). if_type if_number • — The list of interfaces to poll. The interface type can be Gigabitethernet (gi) or Tengigabitethernet (te), for example gi1/0/3-5 enables polling on ports 3, 4, and 5.
Page 431: Configuring Rmon
Command Purpose CTRL + Z Exit to Privileged Exec mode. show sflow agent View information about the switch sFlow agent. index show sflow View information about a configured sFlow receivers. destination index show sflow polling View information about the configured sFlow poller instances for the specified receiver.
Page 432 Command Purpose number rmon alarm Add an alarm entry variable interval number • — The alarm index. (Range: 1–65535) {absolute |delta} rising- variable • — A fully qualified SNMP object identifier that value event- threshold resolves to a particular instance of an MIB object. number ] rising- value...
Page 433: Viewing Statistics
Command Purpose rmon collection history Enable an RMON MIB history statistics group on the index [owner interface. ownername ] [buckets NOTE: You must configure RMON alarms and events before bucket-number RMON collection history is able to display. seconds [interval index •...
Page 434: Configuring Port Mirroring
Configuring Port Mirroring Use the following commands in Privileged EXEC mode to configure a port mirroring session. Command Purpose configure Enter Global Configuration mode monitor session Configure a source (monitored) port or CPU interface for session_number source a monitor session. interface {cpu | session_number •...
Page 435: Traffic Monitoring Configuration Examples
Traffic Monitoring Configuration Examples This section contains the following examples: • Configuring sFlow • Configuring RMON Configuring sFlow This example shows how to configure the switch so that ports 10-15 and port 23 send sFlow datagrams to an sFlow receiver at the IP address 192.168.20.34. The receiver owner is receiver1, and the timeout is 100000 seconds.
Page 436 Port......6343 Datagram Version....5 Maximum Datagram Size..... 1400 console#show sflow 1 polling Poller Receiver Poller Data Source Index Interval ----------- ------- ------- gi1/0/10 gi1/0/11 gi1/0/12 gi1/0/13 gi1/0/14 gi1/0/15 gi1/0/23 console#show sflow 1 sampling Sampler Receiver Packet Max Header Data Source Index Sampling Rate Size...
Page 437: Configuring Rmon
Configuring RMON This example generates a trap and creates a log entry when the number of inbound packets are undeliverable due to errors increases by 20 or more. First, an RMON event is created. Then, the alarm is created. The event (event 1) generates a trap and creates a log entry.
Page 438 Monitoring Switch Traffic...
Page 439: Configuring Iscsi Optimization
Configuring iSCSI Optimization This chapter describes how to configure Internet Small Computer System Interface (iSCSI) optimization, which enables special quality of service (QoS) treatment for iSCSI traffic. The topics covered in this chapter include: • iSCSI Optimization Overview • Default iSCSI Optimization Values •...
Page 440: When Should Iscsi Optimization Be Enabled
When Should iSCSI Optimization Be Enabled? Use this feature in networks containing iSCSI initiators and targets where you want to protect this traffic from interruption by giving it preferential QoS treatment. The dynamically-generated classifier rules are used to direct the iSCSI data traffic to queues that can be given the desired preference characteristics over other data traveling through the switch.
Page 441: What Information Does The Switch Track In Iscsi Traffic Flows
LLDP is enabled by default. For more information about LLDP, see "Discovering Network Devices" on page 663. When the switch detects a Dell EqualLogic array, the following actions occur: • Spanning-Tree portfast is enabled on the interface identified by LLDP.
Page 442: What Occurs When Iscsi Is Enabled Or Disabled
If the iSCSI feature is disabled on the switch, iSCSI resources are released and the detection of Dell EqualLogic arrays by using LLDP is disabled. Disabling iSCSI does not remove the MTU, flow control, portfast or storm control configuration applied as a result of enabling iSCSI.
Page 443: Default Iscsi Optimization Values
Default iSCSI Optimization Values Table 16-1 shows the default values for the iSCSI optimization feature. Table 16-1. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization Global Status Disabled iSCSI CoS mode Disabled Classification iSCSI packets are classified by VLAN instead of by DSCP values. VLAN Priority tag iSCSI flows are assigned by default the highest 802.1p VLAN priority tag mapped...
Page 444: Configuring Iscsi Optimization (Web)
Configuring iSCSI Optimization (Web) This section provides information about the OpenManage Switch Administrator pages to use to the iSCSI features on a PowerConnect M6348, M8024, or M8024-k switch. For details about the fields on a page, click the top of the page. iSCSI Global Configuration Use the Global Configuration page to allow the switch to snoop for iSCSI sessions/connections and to configure QoS treatment for packets where the...
Page 445: Iscsi Targets Table
iSCSI Targets Table Use the Targets Table page to view and configure iSCSI targets on the switch. To access the Targets Table page, click System → iSCSI → Targets in the navigation panel. Figure 16-2. iSCSI Targets Table To add an iSCSI Target, click Add at the top of the page and configure the relevant information about the iSCSI target.
Page 446: Iscsi Sessions Table
iSCSI Sessions Table Use the Sessions Table page to view summary information about the iSCSI sessions that the switch has discovered. An iSCSI session occurs when an iSCSI initiator and iSCSI target communicate over one or more TCP connections. The maximum number of iSCSI sessions is 192. To access the Sessions Table page, click System →...
Page 447: Iscsi Sessions Detailed
iSCSI Sessions Detailed Use the Sessions Detailed page to view detailed information about an iSCSI sessions that the switch has discovered. To access the Sessions Detailed page, click System → iSCSI → Sessions Detailed in the navigation panel. Figure 16-5. iSCSI Sessions Detail Configuring iSCSI Optimization...
Page 448: Configuring Iscsi Optimization (Cli)
This section provides information about the commands you use to configure iSCSI settings on the PowerConnect M6348, M8024, or M8024-k switch. For PowerConnect more information about the commands, see the M6220/M6348/M8024/M8024-k CLI Reference Guide support.dell.com/manuals. Command Purpose configure Enter Global Configuration mode.
Page 449 Command Purpose iscsi cos {enable | disable | Set the quality of service profile that will be applied to dscp | dscp [remark] iSCSI flows. • enable—Enables application of preferential QoS treatment to iSCSI frames • disable—Disables application of preferential QoS treatment to iSCSI frames.
Page 450: Iscsi Optimization Configuration Examples
iSCSI Optimization Configuration Examples This section contains an example of how to configure iSCSI optimization on a stack of switches that are between a disk array and servers. Configuring iSCSI Optimization Between Servers and a Disk Array Figure 16-6 illustrates a stack of three PowerConnect M6220, M6348, M8024, and M8024-k switches connecting two servers (iSCSI initiators) to a disk array (iSCSI targets).
Page 451 The following commands show how to configure the iSCSI example depicted in Figure 16-6. 1 Enable iSCSI optimization on the switch. console#config console(config)#iscsi enable 2 Configure the switch to associate the DSCP priority 45 (and the queue that is mapped to it) with detected iSCSI session traffic. The remark keyword indicates that the switch should add this priority marking on packets as it forwards them.
Page 452 Configuring iSCSI Optimization...
Page 453: Configuring A Captive Portal
Configuring a Captive Portal This chapter describes how to configure the Captive Portal feature. The topics covered in this chapter include: • Captive Portal Overview • Default Captive Portal Behavior and Settings • Configuring the Captive Portal (Web) • Configuring a Captive Portal (CLI) •...
Page 454: Is The Captive Portal Feature Dependent On Any Other Feature
Figure 17-1. Connecting to the Captive Portal Switch with Captive Portal RADIUS Server Captive (Optional) Portal User (Host) Default Captive Portal Welcome Screen (Displays in Captive Portal User’s Browser) The Captive Portal feature blocks hosts connected to the switch from accessing the network until user verification has been established.
Page 455: What Factors Should Be Considered When Designing And Configuring A Captive Portal
also writes a message to the trap log when the event occurs. To enable the Captive Portal traps, see "Configuring SNMP Notifications (Traps and Informs)" on page 355. What Factors Should Be Considered When Designing and Configuring a Captive Portal? Before enabling the Captive Portal feature, decide what type (or types) of authentication to require.
Page 456: How Does Captive Portal Work
Figure 17-2. Customized Captive Portal Welcome Screen How Does Captive Portal Work? When a port is enabled for Captive Portal, all the traffic coming onto the port from the unverified clients are dropped except for the ARP , DHCP, DNS and NETBIOS packets.
Page 457: What Captive Portal Pages Can Be Customized
What Captive Portal Pages Can Be Customized? You can customize the following three Captive Portal pages: • Authentication Page —This page displays when a client attempts to connect to the network. You can customize the images, text, and colors that display on this page. •...
Page 458: Default Captive Portal Behavior And Settings
Default Captive Portal Behavior and Settings Captive Portal is disabled by default. If you enable Captive Portal, no interfaces are associated with the default Captive Portal. After you associate an interface with the Captive Portal and globally enable the Captive Portal feature, a user who connects to the switch through that interface is presented with the Captive Portal Welcome screen shown in Figure 17-3.
Page 459 Table 17-1. Default Captive Portal Values Feature Value Authentication Timeout 300 seconds Configured Captive Portals Captive Portal Name Default Protocol Mode HTTP Verification Mode Guest URL Redirect Mode User Group 1-Default Session Timeout 86400 seconds Local Users None configured Interface associations None Interface status Not blocked...
Page 460: Configuring The Captive Portal (Web)
Configuring the Captive Portal (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring Captive Portal settings on a PowerConnect M6220/M6348/M8024/M8024-k switch. For details about the fields on a page, click at the top of the page. Captive Portal Global Configuration Use the Captive Portal Global Configuration page to control the administrative state of the Captive Portal feature and configure global...
Page 461: Captive Portal Configuration
Captive Portal Configuration Use the Captive Portal Configuration page to view summary information about captive portals on the system, add a captive portal, and configure existing captive portals. The switch supports 10 Captive Portal configurations. Captive Portal configuration 1 is created by default and cannot be deleted. Each captive portal configuration can have unique guest or group access modes and a customized acceptance use policy that displays when the client connects.
Page 462 From the Captive Portal Configuration page, click Add to create a new Captive Portal instance. Figure 17-6. Add Captive Portal Configuration From the Captive Portal Configuration page, click Summary to view summary information about the Captive Portal instances configured on the switch.
Page 463 2 Click Download Image to download one or more custom images to the switch. You can use a downloaded custom image for the branding logo (default: Dell logo) on the Authentication Page and Logout Success page, the account image (default: blue banner with keys) on the Authentication Page, and the background image (default: blank) on the Logout Success Page.
Page 464 4 Browse to the directory where the image to be downloaded is located and select the image. 5 Click Apply to download the selected file to the switch. 6 To customize the Authentication Page, which is the page that a user sees upon attempting to connect to the network, click the Authentication Page link.
Page 465 7 Select the branding image to use and customize other page components such as the font for all text the page displays, the page title, and the acceptance use policy. 8 Click Apply to save the settings to the running configuration or click Preview to view what the user will see.
Page 466: Local User
Figure 17-11. Captive Portal Logout Success Page 13 Customize the look and feel of the Logout Page, such as the background image and successful logout message. 14 Click Apply to save the settings to the running configuration or click Preview to view what the user will see. To return to the default views, click Clear.
Page 467 Figure 17-12 shows the Local User page after a user has been added. If no users have been added to the switch, many of the fields do not display on the screen. NOTE: Multiple user groups can be selected by holding the CTRL key down while clicking the desired groups.
Page 468 Figure 17-13. Add Local User From the Local User page, click Show All to view summary information about the local users configured in the local database. Figure 17-14. Captive Portal Local User Summary To delete a configured user from the database, select the Remove check box associated with the user and click Apply.
Page 469 Optional 0 session timeout is (seconds) reached (seconds). If the attribute is 0 or not present then use the value configured for the captive portal. Dell-Captive- 6231, A comma- String Optional None. The Portal-Groups delimited list of default group names that...
Page 470: User Group
User Group You can assign Local Users to User Groups that you create. If the Verification Mode is Local or RADIUS, you assign a User Group to a Captive Portal Configuration. All users who belong to the group are permitted to access the network through this portal.
Page 471 From the User Group page, click Add to configure a new user group. Figure 17-16. Add User Group From the User Group page, click Show All to view summary information about the user groups configured on the switch. Figure 17-17. Captive Portal User Group Summary To delete a configured group, select the Remove check box associated with the group and click Apply.
Page 472: Interface Association
Interface Association From the Interface Association page, you can associate a configured captive portal with specific interfaces. The captive portal feature only runs on the interfaces that you specify. A captive portal can have multiple interfaces associated with it, but an interface can be associated to only one Captive Portal at a time.
Page 473: Captive Portal Global Status
Captive Portal Global Status The Captive Portal Global Status page contains a variety of information about the Captive Portal feature. From the Captive Portal Global Status page, you can access information about the Captive Portal activity and interfaces. To display the Global Status page, click System → Captive Portal → Status →...
Page 474: Captive Portal Activation And Activity Status
Captive Portal Activation and Activity Status The Captive Portal Activation and Activity Status page provides information about each Captive Portal configured on the switch. The Captive Portal Activation and Activity Status page has a drop-down menu that contains all captive portals configured on the switch. When you select a captive portal, the activation and activity status for that portal displays.
Page 475: Interface Activation Status
Interface Activation Status The Interface Activation Status page shows information for every interface assigned to a captive portal instance. To display the Interface Activation Status page, click System → Captive Portal → Interface Status → Interface Activation Status. Figure 17-21. Interface Activation Status Configuring a Captive Portal...
Page 476: Interface Capability Status
Interface Capability Status The Interface Capability Status page contains information about interfaces that can have CPs associated with them. The page also contains status information for various capabilities. Specifically, this page indicates what services are provided through the Captive Portal to clients connected on this interface.
Page 477: Client Summary
Client Summary Use the Client Summary page to view summary information about all authenticated clients that are connected through the captive portal. From this page, you can manually force the captive portal to disconnect one or more authenticated clients. The list of clients is sorted by client MAC address.
Page 478: Client Detail
Client Detail The Client Detail page shows detailed information about each client connected to the network through a captive portal. To display the Client Detail page, click System → Captive Portal → Client Connection Status → Client Detail. Figure 17-24. Client Detail Configuring a Captive Portal...
Page 479: Captive Portal Interface Client Status
Captive Portal Interface Client Status Use the Interface Client Status page to view clients that are authenticated to a specific interface. To display the Interface Client Status page, click System → Captive Portal → Client Connection Status → Interface Client Status. Figure 17-25.
Page 480: Captive Portal Client Status
Captive Portal Client Status Use the Client Status page to view clients that are authenticated to a specific Captive Portal configuration. To display the Client Status page, click System → Captive Portal → Client Connection Status → Client Status. Figure 17-26. Captive Portal - Client Status Configuring a Captive Portal...
Page 481: Configuring A Captive Portal (Cli)
Captive Portal settings. For more information about the PowerConnect M6220/M6348/M8024/M8024-k CLI commands, see the Reference Guide at support.dell.com/manuals. Configuring Global Captive Portal Settings Beginning in Privileged EXEC mode, use the following commands to configure global Captive Portal settings. Command...
Page 482: Creating And Configuring A Captive Portal
Command Purpose CTRL + Z Exit to Privileged EXEC mode. show captive-portal View the Captive Portal administrative and operational [status] status. Use the status keyword to view additional global Captive Portal information and summary information about all configured Captive Portal instances. Creating and Configuring a Captive Portal Beginning in Privileged EXEC mode, use the following commands to create a Captive Portal instance and configure its settings.
Page 483 Command Purpose user-logout (Optional) Enable user logout mode to allow an authenticated client to deauthenticate from the network. If this option is clear or the user does not specifically request logout, the client connection status remains authenticated until the CP deauthenticates the user, for example by reaching the idle timeout or session timeout values.
Page 484 Command Purpose block (Optional) Block all traffic for a Captive Portal configuration. If the Captive Portal is blocked, users cannot gain access to the network through the Captive Portal. Use this function to temporarily protect the network during unexpected events, such as denial of service attacks.
Page 485: Configuring Captive Portal Groups And Users
Configuring Captive Portal Groups and Users Beginning in Privileged EXEC mode, use the following commands to create a Captive Portal group. You can use the default group, or you can create a new group. Command Purpose configure Enter global configuration mode. captive-portal Enter Captive Portal mode.
Page 486: Managing Captive Portal Clients
Command Purpose group-id user group (Optional) Move all of the users in a group to a different new-group-id moveusers group. This command removes the users from the group group-id specified by group-id • — Group ID (Range: 1–10). new-group-id • —...
Page 487: Captive Portal Configuration Example
Captive Portal Configuration Example The manager of a resort and conference center needs to provide wired Internet access to each guest room at the resort and in each conference room. Due to legal reasons, visitors and guests must agree to the resort’s acceptable use policy to gain network access.
Page 488: Configuration Overview
7. Customize the authentication, logout, and logout success web pages that a Captive Portal user will see. Dell recommends that you use Use Dell OpenManage Administrator to customize the Captive Portal authentication, logout, and logout success pages. A Preview button is available to allow you to see the pages that a Captive Portal user will see.
Page 489: Detailed Configuration Procedures
Detailed Configuration Procedures Use the following steps to perform the Captive Portal configuration: 1. Configure the RADIUS server information on the switch. In this example, the RADIUS server IP address is 192.168.2.188, and the RADIUS server name is luxury-radius. console#configure console(config)#radius-server host 192.168.12.182 console(Config-auth-radius)#name luxury-radius console(Config-auth-radius)#exit...
Page 490 1 group 2 Continue entering username and password combinations to populate the local database. 8. Add the User-Name, User-Password, Session-Timeout, and Dell-Captive- Portal-Groups attributes for each employee to the database on the RADIUS server. 9. Globally enable the Captive Portal.
Page 491: Configuring Port Characteristics
Configuring Port Characteristics This chapter describes how to configure physical switch port characteristics, including settings such as administrative status and maximum frame size. This chapter also describes the link dependency feature. The topics covered in this chapter include: • Port Overview •...
Page 492 Table 18-1. Port Characteristics (Continued) Feature Description Auto negotiation Enables a port to advertise its transmission rate, duplex mode and flow control abilities to its partner. Speed Specifies the transmission rate for frames. Duplex mode Specifies whether the interface supports transmission between the switch and the connected client in one direction at a time (half) or both directions simultaneously (both).
Page 493: What Is Link Dependency
What is Link Dependency? The link dependency feature provides the ability to enable or disable one or more ports based on the link state of one or more different ports. With link dependency enabled on a port, the link state of that port is dependent on the link state of another port.
Page 494: What Interface Types Are Supported
• Multiple port command — If a group of ports lose their link, the switch brings up/down the link on another group of ports. • Overlapping ports — Overlapping ports on different groups will be brought up/down only if both dependent ports lose the link. What Interface Types are Supported? The physical ports on the switch include the out-of-band (OOB) interface, 10-Gigabit Ethernet (for some models), and Gigabit Ethernet switch ports.
Page 495: What Is Interface Configuration Mode
What is Interface Configuration Mode? When you use the CLI to configure physical or logical characteristics for an interface, you must enter Interface Configuration Mode for that interface. To enter the mode, type the keyword interface followed by the interface type and additional information to identify the interface, such as the interface number.
Page 496 For many features, you can configure a range of interfaces. When you enter Interface Configuration mode for multiple interfaces, the commands you execute apply to all interfaces specified in the range. To enter Interface Configuration mode for a range of interfaces, include the keyword range and specify the interfaces to configure.
Page 497: Default Port Values
Default Port Values Table 18-2 lists the default values for the port characteristics that this chapter describes. Table 18-2. Default Port Values Feature Description Administrative status All ports are enabled Description None defined Auto negotiation Enabled Speed Autonegotiate Duplex mode Autonegotiate Flow control Enabled...
Page 498: Configuring Port Characteristics (Web)
Configuring Port Characteristics (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring port characteristics on a PowerConnect M6220/M6348/M8024/M8024-k switch. For details about the fields on a page, click at the top of the page. Port Configuration Use the Port Configuration page to define port parameters.
Page 499 Configuring Multiple Ports To configure port settings on multiple ports: 1 Open the Port Configuration page. 2 Click Show All to display the Port Configuration Table page. 3 In the Ports list, select the check box in the Edit column for the port to configure.
Page 500 In the following example, Ports 3, 4, and 5 will be updated with the settings that are applied to Port 1. Figure 18-3. Copy Port Settings 8 Click Apply. Configuring Port Characteristics...
Page 501: Link Dependency Configuration
Link Dependency Configuration Use the Link Dependency Configuration page to create link dependency groups. You can create a maximum of 16 dependency groups. The page displays the groups whether they have been configured or not. To display the Link Dependency Configuration page, click Switching → Link Dependency →...
Page 502 5 To add a port to the Ports Depended On column, click the port in the Available Ports column, and then click the > button to the right of the Available Ports column. In the following example, Group 1 is configured so that Port 3 is dependent on Port 4.
Page 503: Link Dependency Summary
Link Dependency Summary Use the Link Dependency Summary page to view all link dependencies on the system and to access the Link Dependency Configuration page. You can create a maximum of 16 dependency groups. The page displays the groups whether they have been configured or not. To display the Link Dependency Summary page, click Switching →...
Page 504: Configuring Port Characteristics (Cli)
This section provides information about the commands you use to configure port characteristics. For more information about the commands, see the PowerConnect M6220/M6348/M8024/M8024-k CLI Reference Guide support.dell.com/manuals. Configuring Port Settings Beginning in Privileged EXEC mode, use the following commands to configure various port settings.
Page 505: Configuring Link Dependencies
Command Purpose show interfaces View a summary of the configuration for all ports. configuration show interfaces advertise View a summary of the speeds that are advertised on each port. show interfaces View configured descriptions for all ports. description show interfaces detail View detailed information about the specified port.
Page 506: Port Configuration Examples
Command Purpose action {down|up} Specifies the action the member ports take when the dependent link goes down. • down—When the dependent link is down, the group members are down (the members are up otherwise). • up—When the dependent link goes down, the group members are brought up (the members are down otherwise) CTRL + Z...
Page 507: Configuring A Link Dependency Groups
4 Enable jumbo frame support on the interfaces. console(config-if)#mtu 9216 console(config-if)#CTRL + Z 5 View summary information about the ports console#show interfaces configuration Port Type Duplex Speed Admin St. --------- ------------- ------ ------- ---- ----- Gi1/0/1 Gigabit - Level Full Gi1/0/2 Gigabit - Level Unknown...
Page 508 3 Enter the configuration mode for Group 2 console(config)#link-dependency group 2 console(config-linkDep-group-2)#add gigabitethernet 1/0/6 console(config-linkDep-group-2)#depends-on port- channel 1 console(config-linkDep-group-2)#action up console(config-linkDep-group-2)#CTRL + Z 4 View the configured link dependency groups. console#show link-dependency GroupId Member Ports Ports Depended On Link Action ------- ------------- -----------------...
Page 509: Configuring 802.1X And Port-Based
Configuring 802.1X and Port-Based Security This chapter describes how to configure port-based security features including IEEE 802.1X authentication and port security. Port-based security can also be accomplished by using Access Control Lists (ACLs). For information about configuring ACLs, see "Configuring Access Control Lists" on page 543.
Page 510: What Is Ieee 802.1X
What is IEEE 802.1X? The IEEE 802.1X standard provides a means of preventing unauthorized access by supplicants (clients) to the services the switch offers, such as access to the LAN. The 802.1X network has three components: • Supplicant — The client connected to the authenticated port that requests access to the network.
Page 511: What Are The 802.1X Port States
What are the 802.1X Port States? The 802.1X port state determines whether to allow or prevent network traffic on the port. The 802.1X state of a port can be one of the following: • Authorized • Unauthorized • Automode • MAC-Based If the port is in the authorized state, the port sends and receives normal traffic without client port-based authentication.
Page 512 If a port uses MAC-based 802.1X authentication, the option to use MAC Authentication Bypass (MAB) is available. MAB is a supplemental authentication mechanism that allows 802.1X unaware clients, such as printers and fax machines, to authenticate to the network using the client MAC address as an identifier.
Page 513: What Is The Role Of 802.1X In Vlan Assignment
What is the Role of 802.1X in VLAN Assignment? PowerConnect M6220, M6348, M8024, and M8024-k switches allow a port to be placed into a particular VLAN based on the result of the authentication or type of 802.1X authentication a client uses when it accesses the switch. The authentication server can provide information to the switch about which VLAN to assign the supplicant.
Page 514 Dynamic VLAN Creation If RADIUS-assigned VLANs are enabled thought the Authorization Network RADIUS configuration option, the RADIUS server is expected to include the VLAN ID in the 802.1X tunnel attributes of its response message to the switch. If dynamic VLAN creation is enabled on the switch and the RADIUS- assigned VLAN does not exist, then the assigned VLAN is dynamically created.
Page 515: What Is Monitor Mode
port. The port is assigned a Guest VLAN ID and is moved to the authorized status. Disabling the supplicant mode does not clear the ports that are already authorized and assigned Guest VLAN IDs. What is Monitor Mode? The monitor mode is a special mode that can be enabled in conjunction with 802.1X authentication.
Page 516: How Does The Authentication Server Assign Diffserv Filters
Table 19-1. IEEE 802.1X Monitor Mode Behavior (Continued) Case Sub-case Regular Dot1x Dot1x Monitor Mode Unauth VLAN Port State: Permit Port State: Permit enabled VLAN: Unauth VLAN: Unauth RADIUS Default behavior Port State: Deny Port State: Permit Timeout VLAN: Default Unauth VLAN Port State: Deny Port State: Permit...
Page 517: What Is The Internal Authentication Server
What is the Internal Authentication Server? The Internal Authentication Server (IAS) is a dedicated database for local authentication of users for network access through 802.1X. In this database, the switch maintains a list of username and password combinations to use for 802.1X authentication.
Page 518: Default Port-Based Security Values
Default Port-Based Security Values Table 19-2 lists the default values for the 802.1X features and for port security. Table 19-2. Default Port-Based Security Values Feature Description Global 802.1X status Disabled 802.1X authentication method none Per-port 802.1X status Disabled Port state automode Periodic reauthentication Disabled...
Page 519: Configuring Port-Based Security (Web)
Configuring Port-Based Security (Web) This section provides information about the OpenManage Switch Administrator pages for configuring and monitoring the IEEE 802.1X features and Port Security on a PowerConnect M6220/M6348/M8024/M8024-k switch. For details about the fields on a page, click at the top of the page. Dot1x Authentication Use the Dot1x Authentication page to configure the 802.1X administrative mode on the switch and to configure general 802.1X parameters for a port.
Page 520 Configuring 802.1X Settings on Multiple Ports To configure 802.1X authentication on multiple ports: 1 Open the Dot1x Authentication page. 2 Click Show All to display the Dot1x Authentication Table page. 3 In the Ports list, select the check box in the Edit column for the port to configure.
Page 521 Re-Authenticating Multiple Ports in the Dot1x Authentication Table To reauthenticate multiple ports: 1 Open the Dot1x Authentication page. 2 Click Show All. The Dot1x Authentication Table displays. 3 Check Edit to select the Units/Ports to re-authenticate. 4 To re-authenticate on a periodic basis, set Periodic Re-Authentication to Enable, and specify a Re-Authentication Period for all desired ports.
Page 522: Authenticated Users
Authenticated Users The Authenticated Users page is used to display lists of ports that have authenticated users. To display the Authenticated Users page, click Switching → Network Security → Authenticated Users in the navigation panel. Figure 19-4. Network Security Authenticated Users Port Access Control Configuration Use the Port Access Control Configuration page to globally enable or disable RADIUS-assigned VLANs and to enable Monitor Mode to help troubleshoot...
Page 523: Port Access Control History Log Summary
Figure 19-5. Port Access Control Configuration Port Access Control History Log Summary Use the Port Access Control History Log Summary page to view log messages about 802.1X client authentication attempts. The information on this page can help you troubleshoot 802.1X configuration issues. To display the Port Access Control History Log Summary page, click Port Access Control Configuration page, click Switching →...
Page 524: Port Security
Figure 19-6. Port Access Control History Log Summary Port Security Use the Port Security page to enable MAC locking on a per-port basis. When a port is locked, you can limit the number of source MAC addresses that are allowed to transmit traffic on the port. To display the Port Security page, click Switching →...
Page 525 Configuring Port Security Settings on Multiple Ports To configure port security on multiple ports: 1 Open the Port Security page. 2 Click Show All to display the Port Security Table page. 3 In the Ports list, select the check box in the Edit column for the port to configure.