New Features SFTOS 2.5.3 improves SFTOS internals only, with no new features. SFTOS 2.5.2 adds: • A substantial support interface that is not accessible through the standard CLI modes and is not publicly documented • Support for new S-Series platforms, including the S50N, S50N-DC, and S25P-DC Other Changes to the Document Changes in this edition include: •...
Conventions ............16 Related Dell Force10 Documents and Additional Information .....16 Contact Information .
Page 6
Checking Status ............32 Viewing the Software Version and Switch Numbers .
Page 7
Deleting a Script ..........61 Downloading a Configuration Script from a TFTP Server .
Page 8
Best Practices ............89 Removing a Switch from a Stack .
Page 9
Configuring the Switch as a DHCP Server ........130 Important Points to Remember .
Page 10
Example of configuring STP ........152 Influencing the Spanning Tree Topology .
Page 11
Using the “show policy-map” Command ....... . .187 Using the show service-policy Command ....... .190 Configuring Differentiated Services by Department .
Page 12
Displaying GARP, GVRP, GMRP Properties ......222 show garp and show gvrp configuration all commands ....222 Creating an IP Subnet-based VLAN .
Page 13
VLAN IP Commands ..........262 VLAN Routing Configuration .
Audience on page 16 • Introduction to the Guide on page 16 • Conventions on page 16 • Related Dell Force10 Documents and Additional Information on page 16 • Contact Information on page 17 • Documentation Feedback on page 17 •...
Related Dell Force10 Documents and Additional Information The following documents provide information on using Dell Force10 S-Series switches and SFTOS software. All of the documents are available on the Documents tab of iSupport (the Dell Force10 support website — http://www.force10networks.com/support: •...
Technical Support The iSupport Website Dell Force10 iSupport provides a range of support programs to assist you with effectively using Dell Force10 equipment and mitigating the impact of network outages. Through iSupport you can obtain technical information regarding Dell Force10 products, access to software upgrades and patches, and open and manage your Technical Assistance Center (TAC) cases.
If you do not have one, you can request one at the website: 1. On the Dell Force10 iSupport page, click the Account Request link. 2. Fill out the User Account Request form and click Send. You will receive your userid and password by email.
SFTOS Features This chapter contains these major sections: • Overview of SFTOS Features on page 19 • Layer 2 Package Feature Details on page 20 • Layer 3 Package Feature Details on page 22 • Notable Differences between S-Series and E-Series on page 24 •...
— Flow Control at the MAC layer: you may configure the switch or a port to temporarily halt traffic when necessary to prevent overload (formerly IEEE 802.3x) • Additional functions you can use to manage the network including IGMP Snooping (see Chapter 15, IGMP Snooping) , Port Mirroring (see...
• HTML-based Management • HTTPS/SSL • RMON Groups • SNMP v1/v2c • SNTP Support • SSHv2 • Syslog • Telnet (RFC 854) • TFTP (RFC 783) Stacking • Stacking Multiple Units • LAG across Units in a Stack • Hot Insertion and Removal of Units in a Stack •...
Load Balancing • LAG Load Balancing: For IPv4 packets, LAG load balancing is provided automatically by a hash algorithm that is based on an XOR (eXclusive OR) of the 3 LSBs (Least Significant Bits) of the source and destination IP addresses. For all other packet types, the 3 LSBs of the source and destination MAC addresses are used.
Page 25
• Displaying the MAC address table: Both FTOS and SFTOS have the show mac-address-table command, but the SFTOS command provided different results than the FTOS command before SFTOS Release 2.3. The SFTOS syntax still contains the unit/slot/port form cited above, for example, show mac-addr-table interface 1/0/4.
• Software naming convention: E-Series software uses this naming convention: FTOS-EF-x.x.x.x Through version 2.3.1.5, the S-Series used a different format that ends with an “.opr” extension. Starting with SFTOS 2.4.1, SFTOS software image file names have a new naming format that is more descriptive and is consistent with the E-Series software naming convention: "SFTOS-<...
Getting Started This chapter summarizes the following basic tasks: • Connecting to the Console Port on page 29 • Command Line Interface (CLI) Overview on page 31 • Checking Status on page 32 — Displaying Statistics on page 36 — Viewing the Software Version and Switch Numbers on page 32 —...
Setting up SNMP Management on page Note: The Dell Force10 Management System (FTMS) is a graphical network management software product that provides a global view of your complete Dell Force10 network. FTMS includes Node Manager, which not only provides GUI-based device management, it also includes the ability to execute CLI commands, either individually from Node Manager or by having Node Manager open a Telnet window to the device.
Connecting to the Console Port To access the console port, follow the procedure below: Step Task Caution: Install a straight-through RJ-45 copper cable (for example, an Ethernet cable) into the console port. This is different from many other implementations that require a crossover (rollover) cable. If connecting to a terminal server and using an Ethernet crossover cable, daisychain another crossover cable to effectively get a straight-through cable connection.
Page 30
Step Task (continued) Enter Line Config mode by logging in, entering Privileged Exec mode (enable command), Global Config mode (config command), then lineconfig. In Line Config mode, use the serial timeout command to set the console inactivity timeout (0 for no timeout; up to 160 minutes): Figure 3-2.
Command Line Interface (CLI) Overview The SFTOS Command Line Interface (CLI) is the main way to manage S-Series switches. You can use the CLI through: • Console port: As described above (Connecting to the Console Port on page 29), the port is the one located at bottom right of the front panel (Use only the console port of the management unit in an S50 stack.
Getting Help From the CLI The following help commands are the same as those found in the E-Series: • Use “ ” at the prompt to get a list of commands in that mode: “ ” Force10# ? • Use “ ”...
Page 33
• show running-config Because output from the show tech-support command is so lengthy, Dell Force10 recommends that you set the storage buffer high on your terminal access program, then use the option — non-paged show tech-support non-paged —...
Showing Network Settings Execute the show interface managementethernet command from either the User Exec or Privileged Exec modes. The resulting display, as shown in the example below, displays all the settings relating to IP-based management connections to the switch. The data includes the management IP address, subnet mask, default gateway, MAC information, etc., as shown below: Figure 3-7.
Page 35
Figure 3-8. Displaying All Supported Features and System Uptime Force10 #show version Switch: 1 System Description......Force10 S50 Vendor ID........07 Plant ID........01 Country Code........04 Date Code........062005 Serial Number........DE4000126 Part Number........759-00001-00 Revision........0A Catalog Number......... SA-01-GE-48T Burned In MAC Address......
Figure 3-9. Creating a User and a Password Force10 (Config)#username w_turner passwd willspwd User login name and password are set. Force10 (Config)#no username w_turner Force10 (Config)#username w_turner passwd newpwd User login name and password are set.Password Changed! Note: SFTOS 2.5.1.3 adds support for the following special characters: , . { } | , in other words, period, comma, open bracket, close bracket, and bar.
Figure 3-11. Creating and Displaying SNMP Access Levels For details on SNMP, see Setting up SNMP Management on page Setting the Enable Password To change the Privileged Exec password (also called the “Enable” password) in SFTOS Version 2.3.1 and above, you do so in Global Config mode. Enter enable passwd , press Enter, and enter a new password: Figure 3-12.
Figure 3-14. Enabling an Individual Port Force10 >enable Force10 #config Force10 (Config)#interface 1/0/22 Force10 (Interface 1/0/22)#no shutdown For more on setting up ports, see Configuring Interfaces on page 111. Setting the Management IP Address On first startup, you have management access only through the console port. If you want to manage the switch through an IP-based access method (Telnet, SSH, SNMP, TFTP, etc.), you must configure a management IP interface, using the following the procedure.
Configuring an Interface with an IP Address Note: You must have the optional SFTOS Layer 3 Package installed to configure routing commands and to set IP addressing an interface. Use the show version command (see Figure 3-8 on page 35) to determine what software is installed. To assign an IP address to an interface, use the following commands: Command Syntax Command Mode...
Use the command to display a smaller set of information about all IP interfaces. show ip interface brief Figure 3-16. Using the show ip interface brief Command Force10 #show ip interface brief Netdir Multi Interface IP Address IP Mask Bcast CastFwd --------- --------------- --------------- -------- -------- 1/0/3...
Setting Up the Management VLAN As described in Setting the Management IP Address on page 39, when you set up a management IP address, you can manage the switch through an IP-based access method (SNMP, Telnet, etc.); any enabled port in the management VLAN is available for the IP-based access. By default, the management VLAN is set up on the default VLAN 1, which, on first startup, includes every port (although, by default, all ports are shut down until you enable them—see Enabling Ports on page...
Important Points to Remember — Files • Beginning with SFTOS Version 2.3, when you save the running-config to the startup-config file, the startup-config is converted to text, if it is not already. Upgrading the software to Version 2.3 or above automatically invokes a conversion of the binary configuration file to text.
For information on the SSL and SSH files listed above, see the Secure Communications folder on the S-Series Documentation and Software CD-ROM. Points to Remember when Transferring Files Points to remember when downloading software code or configuration files include: • Code: —...
Figure 3-19. Displaying the Current Software Version Force10 #show hardware Switch: 1 System Description......Force10 S50 Vendor ID........07 Plant ID........01 Country Code........04 Date Code........Serial Number........114 Part Number........Revision........Catalog Number......... SA-01-GE-48T Burned In MAC Address......00:D0:95:B7:CD:2E Software Version.......
Or, typically, before starting the download, users want to increase the transfer rate to the maximum. So, instead of immediately selecting 4, you would select option 2, which accesses a menu that enables you to change the baud rate to 115200. Typically, you would then also need to modify your terminal software settings to 115200.
Page 48
Figure 3-21. Logging In and Using the enable Command Force10 User:admin Password: NOTE: Enter '?' for Command Help. Command help displays all options that are valid for the 'normal' and 'no' command forms. For the syntax of a particular command form, please consult the documentation.
With all versions of SFTOS, using the command to download SFTOS software to the management copy switch automatically propagates that software to all stack members. You also have the option of using the following version of the command to copy an image from the management unit to a stack member: copy copy image1...
Installing System Software After downloading a new software image (see Downloading a Software Image on page 45) and backing up the configuration (see Saving the Running Configuration on page 49), you are ready to install the new software. Execute the reload command, as shown in Using the reload command to upgrade to SFTOS 2.5.1...
Page 51
SFTOS Version 2.5.1 provides several new or revised software management commands: Command Syntax Command Mode Usage Privileged Exec Activate a particular image on the target system (“activate”, boot system image1 unit here, means to identify, to the system, the software to install image2 on the next reboot).
Page 52
The Boot Menu is also revised in SFTOS v. 2.5.1 to allow the user to select either image from the boot menu (or also to download a replacement image). This choice is available in two cases: • If the user interrupts the boot sequence •...
Page 53
The example in Figure 3-25 shows the boot messages when loading the switch (all switches in the stack are reloaded if a stack exists) with SFTOS 2.5.1: Figure 3-25. Using the reload command to upgrade to SFTOS 2.5.1 Force10 #reload Are you sure you want to reload the stack? (y/n) y Reloading all switches.
Page 54
After installing SFTOS 2.5.1 on the management switch and the stack, as described above, use the following procedure for subsequent upgrades: Command Step Command Syntax Mode Purpose Privileged Exec (OPTIONAL) Display SFTOS version information and show bootvar [ unit activation status on the specified stack member. If you do not specify a unit number, the command displays image details for all nodes on the stack.
Page 55
Figure 3-26. Example of Launching the Boot Menu to select the Backup Image Force10 #reload Management switch has unsaved changes. Would you like to save them now? (y/n) n Configuration Not Saved! Are you sure you want to reload the stack? (y/n) y Reloading all switches.
When converting from a Routing image to a Switching image, you must interrupt the reboot to revert the switch to factory defaults, as shown in Figure 3-27: Figure 3-27. Restoring Factory Defaults when Converting from Routing to Switching Image Force10 #reload Management switch has unsaved changes.
When the switch is booted, its configuration is managed by the startup configuration (“startup-config”) file that is stored in non-volatile memory (NVRAM). As you make configuration changes, those changes are stored in volatile system memory as the “running config” until you copy them to the startup-config. The quickest way to do that is to use the write memory command (executed from the Privileged Exec mode).
Figure 3-29. Using the copy nvram:startup-config Command Force10 #copy nvram:startup-config tftp://10.16.1.56/s50_1 Mode........... TFTP Set TFTP Server IP......10.16.1.56 TFTP Path......../ TFTP Filename........s50_1 Data Type........Config File Are you sure you want to start? (y/n) y File transfer operation completed successfully. Configuring from the Network The following example is of installing a configuration file from the network.
3. Select 10 to restore the configuration to factory defaults (deletes the configuration file). Note: Resetting to factory defaults is more powerful than executing the clear config command, because it resets all internal values. 4. Select option 9 to reload/boot the switch. Figure 3-31.
Using Configuration Scripts This section contains: • Creating a Configuration Script on page 60 • Viewing a Configuration Script File on page 60 • Uploading a Configuration Script to a TFTP Server on page 61 • Deleting a Script on page 61 •...
Force10 #script delete test.scr Are you sure you want to delete the configuration script(s)? (y/n)y 1 configuration script(s) deleted. Downloading a Configuration Script from a TFTP Server To download a “config script”, use the copy command, as in the following. Command Syntax Command Mode Purpose...
Figure 3-35. Example of a Script Validation Error Message Configuration script validation failed. Following lines in the script may have problem: Line 29:: permit 01:80:c2:00:00:00 any assign-queue 4 Line 30:: permit any 01:80:c2:00:00:ff assign-queue 3 redirect 1/0/10 Line 31:: permit 01:80:c2:00:00:ee any assign-queue 4 Line 36:: match cos 5 Line 44:: police-simple 500000 64 conform-action transmit violate-action drop Line 45:: police-simple 500000 64 conform-action transmit violate-action drop...
For example, the command to create a class-map called “cm-1” is , while class-map match-all cm-1 the command to edit cm-1 later is (For more on class-map, see Using Differentiated class-map cm-1 Services (DiffServ) on page 177 .) Attempting to apply an unmodified config script containing cm-1 to a machine that already has a class-map called cm-1 results in an error similar to the following example (see Figure 3-37 on page 64).
Displaying Logs The switch maintains four logs: • Event log (“Persistent log”) — exception messages and critical boot-up messages; saved on switch reset — Use the command show eventlog. • System log, “buffered log”) – system trace information; cleared on switch reset —...
Management This chapter covers the following management tasks: • Creating the Management IP Address • Changing the Management VLAN from the Default on page 68 • Verifying Access to a Management Port on page 69 • Verifying Management Port Connectivity on page 69 •...
Changing the Management VLAN from the Default As stated in Setting Up the Management VLAN on page 42 in the Getting Started chapter, the default management VLAN is the default VLAN 1, so, when you configure the management IP interface (see Creating the Management IP Address on page 67), any port that is part of the default VLAN will carry management traffic.
Verifying Access to a Management Port It is possible to set the management VLAN to a VLAN that does not exist. If you cannot reach anything from the management address, inspect the management VLAN with the commands show interface managementethernet show running-config , to inspect the management IP settings, as shown in Figure...
Setting the Host Name Prompt If you have more than one individually managed S-Series switch, you can differentiate them by creating a unique CLI host name prompt for each switch. Use the hostname command, in Global Config mode, to edit the prompt, as shown in Figure 4-43: Figure 4-43.
When the S50 starts to reload, the following text appears at the console: Figure 4-44. Rebooting Reloading all switches. Force10 Boot Code... Version 01.00.26 06/03/2005 Select an option. If no selection in 2 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu.
Page 72
The MIB files are on the S-Series product CD-ROM and on the iSupport website (password required): https://www.force10networks.com/csportal20/KnowledgeBase/Documentation.aspx As a best practice, Dell Force10 recommends polling several SNMP object IDs (OIDs), as described here. SNMP is especially valuable in certain cases — for example when a console connection is unavailable.
• : Sets a client IP mask for an SNMP community. snmp-server community ipmask • : Activates [deactivates] the designated SNMP community. snmp-server community mode name All configured communities are enabled by default. • : Restricts access to switch information to read-only. snmp-server community ro •...
• [no] snmp-server enable trap violation : This command enables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port (traps disabled by default). • snmp-server traps enable : This command sets the Authentication flag (traps disabled by default).
Link Layer Discovery Protocol (LLDP) The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows a switch residing on an 802 VLAN to advertise connectivity, physical description, management information, and major capabilities. The information distributed via this protocol is stored by its recipients in a standard Management Information Base (MIB), facilitating multi-vendor interoperability and use of standard management tools to discover and make available physical topology information for network management.
Alarm Periodically takes statistical samples and compares them with set thresholds for events (OID 1.3.6.1.2.1.16.3) generation — includes the alarm table and requires the implementation of the event group. Alarm type, interval, starting threshold, stop threshold. Events Controls the generation and notification of events from this device — event type, (OID 1.3.6.1.2.1.16.9) description, last time event sent.
Page 77
[no] rmon alarm 1-65535 Global Config Identify the event ID created in Step 1 for which delta you want to set [or disable] an alarm, identify SNMP_OID 5-3600 { the target MIB, and configure the parameters absolute rising-threshold that trigger the alarm. 0-4294967295 index falling-threshold 0-4294967295...
Example of configuring an RMON alarm The following example shows the use of the commands to create two event rmon event rmon alarm IDs and then associate them with an alarm. The event IDs are highlighted in the alarm statement. Figure 4-48.
The software clock runs only when the software is up. When the switch reboots, the clock restarts, based on the hardware clock. If you set the date and time manually, and then set up SNTP, the automatic update uses the SNTP update. Use the command to check the accuracy of the system date and time.
CLI Examples of SNTP Setup The following examples show the major command sequences in configuring the SNTP connection. Example #1: Configuring SNTP client mode Figure 4-49. Configuring SNTP Client Mode Force10 (Config)#sntp client mode broadcast ? <cr> Press Enter to execute the command. Force10 (Config)#sntp client mode unicast ? <cr>...
Example #5: show sntp server Figure 4-53. Using the show sntp server Command Force10 #show sntp server Server IP Address: 10.11.8.6 Server Type: ipv4 Server Stratum: 3 Server Reference Id: NTP Srv: 128.4.1.2 Server Mode: Server Server Maximum Entries: 3 Server Current Entries: 1 SNTP Servers ------------...
• The S50N, S50V, and S25P models of the S-Series can be stacked together. While the hardware connection limit is a maximum of eight units in the stack, Dell Force10 currently only supports a stack maximum of three units. Stacking S-Series Switches | 83...
Page 84
The original S50 model can only be stacked with another S50. The number of S50s in a stack is limited by the number of S50s with 10G modules (the hardware supports stacking eight units, but the current software implementation limits stack size to seven), but, again, Dell Force10 currently only supports a stack maximum of three units.
Stacking Commands Overview Command Syntax Command Mode Purpose Privileged Exec Starting with SFTOS 2.5.1, this command copies a selected copy image1 image2 software image from the management switch to a designated unit:// image1 image2 unit switch. Note: Before SFTOS 2.5.1, the archive copy-sw command copied the system image from the management unit to the other stack members.
to be a management unit, then the newly added unit changes its configured value to disable the management unit function. • Conversely, if the management unit function is enabled or unassigned on the unit and there is no other management unit in the system, then the unit becomes the management unit. •...
Page 87
Number Assignment on page 86). Use the command (Figure 5-56 on page 88) to see the show switch status of the individual members in a stack. Note: Unit numbers are stored in NVRAM and are persistent, even when a unit is removed from a stack.
Page 88
All of the forwarding protocols run on the management unit. The subordinate units do not run the full stack. The forwarding database resides on the management unit, which then synchronizes the forwarding tables in the other units in the stack. The individual units in the stack then make individual forwarding decisions based on their local copy of the forwarding table.
Adding a Switch to a Stack Note: Dell Force10 currently supports a stack maximum of three units. S50 models can only stack with other S50 models. The S25P, S50N, and S50V can be stacked together. See the Quick Reference appropriate to your S-Series model or its installation guide for instructions on making the physical stacking connections.
Figure 5-57. Using the member Command to Add a Unit to a Stack Force10 #show supported switchtype Mgmt Code Switch Model ID Pref Type --- -------------------------------- ------------ --------- SA-01-GE-48T 0x100b000 SA-01-GE-48T 0x100b000 SA-01-GE-48T 0x100b000 Force10 #configure Force10 (Config)#stack Force10 (config-stack)#member 5 1 Force10 (config-stack)#exit Force10 (Config)#exit Force10 #show switch...
Step Command Syntax Command Mode Purpose Attach the stacking cables to support the new configuration (see Figure 5-54 on page 84). show stack-port counters Privileged Exec Inspect the stack traffic data to confirm that the stack is successfully reconfigured. See Figure 5-68 on page To remove a switch from the stack, use the no member...
Page 92
Figure 5-60. Changing Switch Unit Priority Force10 (Config)#switch 4 priority 2 Force10 (Config)#exit Force10 #show switch Management Preconfig Plugged-in Switch Code Switch Status Model ID Model ID Status Version ------ ------------ ------------- ------------- --------------------- -------- Stack Member SA-01-GE-48T SA-01-GE-48T 2.3.1.5 Mgmt Switch SA-01-GE-48T SA-01-GE-48T...
Figure 5-61. Moving the Management Unit Function within a Stack Force10 (config-stack)#movemanagement 1 3 Moving stack management will unconfigure entire stack including all interfaces. Are you sure you want to move stack management? (y/n) y Force10 (config-stack)# (Unit 1)>This switch is not manager of the stack. STACK: detach 15 units Unit 1 no longer (Unit 1)>...
Administrative Management Preference The “Administrative Management Preference” indicates the preference given to this unit over another units in a stack by an administrator when the management unit fails. The default value is 1. A value of 0 means the unit cannot become a management unit. This field indicates the administrative management preference value assigned to the switch.
For more on downloading SFTOS, see Downloading a Software Image on page 45 in the Getting Started chapter See also the command syntax for the set of Dual Software Image Management commands in that section of the System Configuration Commands chapter in the SFTOS Command Reference. The purpose of the two “image”...
Page 96
Figure 5-62. Using the show bootvar Command within a Stack Force10-S50 #show switch Management Preconfig Plugged-in Switch Code Switch Status Model ID Model ID Status Version ------ ------------ ---------------- ---------------- --------------- -------- Mgmt Switch SA-01-GE-48T SA-01-GE-48T F.10.20.1 Stack Member SA-01-GE-48T SA-01-GE-48T Code Version Mismatch F.10.16.2 Force10-S50 #show stack...
Page 97
Figure 5-64. Using the show bootvar Command within a Stack Force10-S50 #boot system 2 image2 Activating image image2 .. Force10-S50 #show bootvar Image Descriptions image1 : default image image2 : Images currently available on Flash -------------------------------------------------------------------- unit image1 image2 current-active next-active -------------------------------------------------------------------- F.10.20.1...
Using show Commands for Stacking Information show commands to gather information about stack members. In this chapter, see the following examples of using show commands: • : See Figure 5-55 on page show stack-port • : See Figure 5-56 on page Figure 5-57 on page Figure 5-58 on page 91, and...
Page 99
Figure 5-68. Using the show stack-port counters Command Example on an S50 Force10 #show stack-port counters ------------TX-------------- ------------RX-------------- Data Error Data Error Rate Rate Total Rate Rate Total Unit Interface (Mb/s) (Errors/s) Errors (Mb/s) (Errors/s) Errors ---- ---------------- ------ ---------- ---------- ------ ---------- ---------- Stack Port A Stack Port B Stack Port A...
Page 100
Figure 5-70. show stack Command Example Force10 #show stack Configured Running Stack Stack Link Link Unit Interface Mode Mode Status Speed (Gb/s) ---- ---------------- ---------- ---------- ------------ ------------ Stack Port A Stack Link Up Stack Port B Stack Link Up Stack Port A Stack Link Up...
System Logs This chapter describes the system logging features, in these major sections: • Logging Commands on page 101 • Configuring the System Log on page 102 • Using the Persistent Event Log on page 105 • Displaying the SNMP Trap Log on page 106 •...
• . See Configuring Syslog Server Host Connections on page 107. logging host • logging host reconfigure . See Configuring Syslog Server Host Connections on page 107. • logging host remove . See Configuring Syslog Server Host Connections on page 107.
Command Syntax Command Mode Purpose Configuring Syslog Server Host Connections on page 107. (Optional) To display accurate times and dates in the log, configure a connection to an SNTP server. See Setting the System Date and Time Manually on page Note: You can copy the System log from the switch to a TFTP server.
Interpreting system log messages Table 6-2 uses the first log message in Figure 6-71 as an example to present the field descriptions: <189> JAN 01 00:00:58 0.0.0.0-1 TRAPMGR[190295576]: traputil.c(661) 67 %% Cold Start: Unit: 0 Table 6-2. A System Log Message Decomposed Field Example Description <189>...
The log does not require configuration. The purpose of the Event log is to save system exception information to persistent memory for analysis by Dell Force10 Engineering. Error messages start with “ERROR”, while event messages start with “EVENT”, as shown in Figure 6-72.
Displaying the SNMP Trap Log show logging traplogs command displays a trap summary (number of traps since last reset and last view), followed by trap details, as shown in Figure 6-73. Figure 6-73. Using the show logging traplogs Command Force10 #show logging traplogs Number of Traps Since Last Reset....6 Number of Traps Since Log Last Viewed..6 Log System Up Time Trap...
Configuring Syslog Server Host Connections A syslog server can: • Store system messages and/or errors • Store to local files on the switch or a remote server running a syslog daemon • Collect message logs from many systems The S-Series switch sends System log messages to all enabled syslog servers. You have the following choices for managing the logging settings: •...
Figure 6-74. Using the logging host Command Force10 #config Force10 (Config)#logging ? buffered Buffered (In-Memory) Logging Configuration. cli-command CLI Command Logging Configuration. console Console Logging Configuration. facility Syslog Facility Configuration. history Syslog Configuration. host Enter IP Address for Logging Host. Force10 (Config)#logging host ? <hostaddress>...
Page 109
local7.debugging /var/log/force10.log • for a 5.7 SunOS UNIX system, include this line in the file /etc/syslog.conf local7.debugging /var/adm/force10.log In the lines above, local7 is the logging facility and debugging is the Syslog level. Therefore the Syslog daemon sends all messages since debugging is the lowest Syslog level. Refer to the logging facility command descriptions, above, for more information on those keywords and on setting the logging host...
Configuring Interfaces This chapter contains overview information on interfaces supported by SFTOS, along with information on configuring physical interfaces, in the following sections: • Interface Support in SFTOS • Viewing Interface Information on page 112 • Viewing Layer 3 Interface Information on page 117 •...
Table 7-3. Interfaces in the S-Series Modes Require Type of Interface Possible Creation Default State Port Channel Layer 2 Shut down (disabled) Layer 3 VLAN Layer 2 Yes* Enabled (active for Layer 2) Layer 3 Shut down (disabled for Layer 3) *The Default VLAN (VLAN 1) does not require creation, but it can be modified.
Page 113
In addition to inspecting the running config, as described above (see Figure 7-76), the CLI provides multiple commands to inspect the status and configuration of interfaces: • : Use this command, in either Privileged Exec mode or User Exec show interface managementethernet mode (the only command in this set that is available in User Exec mode), to display the current Management Ethernet interface settings.
Page 114
Port Force10 #show interface 1/0/1 Ports 1 through 48 Packets Received Without Error....0 Packets Received With Error....0 Broadcast Packets Received..... 0 Packets Transmitted Without Errors..... 0 Transmit Packet Errors......0 Collision Frames....... 0 Time Since Counters Last Cleared....0 day 0 hr 25 min 38 sec Force10 # Contrast the output in Figure...
Page 116
Figure 7-82. Checking Detailed Interface Counters Per Port Using show interface ethernet Force10 #show interface ethernet 1/0/43 Total Packets Received (Octets)....16217658 Packets Received > 1522 Octets....0 Packets RX and TX 64 Octets....3260 Packets RX and TX 65-127 Octets....11968 Packets RX and TX 128-255 Octets....
Viewing Layer 3 Interface Information Note: Layer 3 interfaces can only be created with the Layer 3 Package of SFTOS. Use the show version command to determine what package is installed. See Figure 3-8 on page To enable Layer 3 traffic on a particular interface, use the command in Global Config mode to ip routing enable routing for the system, then add an IP address to the selected interface using the...
Page 118
Physical interfaces can become part of virtual interfaces such as VLANs or Link Aggregation Groups (LAGs), also called port channels: • For more information on VLANs, see VLANs on page 207. • For more information on port channels, see Link Aggregation on page 165.
Page 119
— Lag—This port is a member of a port-channel (LAG). — Probe—This port is a probe port. • The Admin Mode column shows if the port is enabled or shut down. To enable the port, see Enabling an Interface on page 120.
Enabling an Interface Ports are shut down by default. To enable them, you can do so in bulk mode or per port. For more on bulk configuration, see Bulk Configuration on page 126. To enable an individual port, use the following sequence of commands: Step Command Syntax Command Mode...
Page 121
Figure 7-86. Using the show port Command to Verify Port Settings Force10 #show port 1/0/30 Admin Physical Physical Link Link LACP Interface Type Mode Mode Status Status Trap Mode -------------- ------ ------- -------- ------ ------ ------- 1/0/30 Enable Auto 100 Full Up Enable Enable The Link Status field indicates whether the port is passing traffic.
The following table describes the expected interface status of two directly connected fiber ports based on the configured or auto-negotiated speed and duplex settings. The fiber ports support only auto-negotiation or 1 Gbps full-duplex. Table 7-5. Expected Interface Status of Directly Connected Fiber Ports Port B Port A 1 Gbps Full...
PoE priority. • Support for PoE is provided in the CLI, as well as SNMP. • SNMP support is through the Power-Ethernet MIB (POWER-ETHERNET-MIB) and the Dell Force10 SFTOS-POWER-ETHERNET-MIB for snmpwalk. • Syslog messages are provided for PoE events.
Page 124
You can override the default power allocation method by using the CLI to prioritize the delivery of power to the ports. When the power budget is exceeded, the next port attempting to power up causes the port with the lowest priority to stop delivering power, to allow higher priority ports to deliver power. In any case, even if a connected device is not currently drawing power, the port can stay up and pass data.
Page 125
Figure 7-88. Sample of Output of show inlinepower Command for a Switch Force10-S50V >show inlinepower all Slot Admin Output Port Type Mode Class Priority Power Limit Status ------ --------------- ------- ----- --------- ------ ----- --------- 1/0/1 Enable 0.000 Searching 1/0/2 Enable 0.000 Searching...
Bulk Configuration Bulk configuration means configuring groups of interfaces (physical or logical) with the same command(s). You have these bulk configuration options: • Global: Make system-level changes in the Global Config mode. For example, to enable all ports, enter no shutdown all in Global Config mode.
Bulk Configuration Examples The following examples are of using the command for bulk configuration. interface range Configure a single range In this example, the command was used to select ports 1 through 23 on stack interface range ethernet range member 5. Then, the command enabled all of those ports.
DHCP This chapter describes how to configure the S-Series to serve as a DHCP/BootP relay agent or a DHCP server. Note: The S-Series switch can only act as a DHCP/BootP relay agent when the Layer 3 Package of SFTOS is installed. This chapter contains the following sections: •...
Table 8-6. Messages Exchanged between a DHCP Client and Server Reference Message 0x01 DHCPDISCOVER The client is looking for available DHCP servers. 0x02 DHCPOFFER The server response to the client’s DHCPDISCOVER message. 0x03 DHCPREQUEST The client broadcasts to the server, requesting offered parameters from one server specifically, as defined in the packet.
Configuring a DHCP address pool (required) You can configure a DHCP address pool with a name that is a symbolic string (such as “Engineering”) or an integer (such as 0). Configuring a DHCP address pool also places you in DHCP pool configuration mode, as identified by the “(config-dhcp)#”...
Figure 8-92. Using the show ip dhcp server statistics Command Force10 #show ip dhcp server statistics Automatic Bindings......0 Expired Bindings....... 0 Malformed Bindings......0 Messages Received ---------- ---------- DHCP DISCOVER........5 DHCP REQUEST........0 DHCP DECLINE........0 DHCP RELEASE........0 DHCP INFORM........
Configuring the Switch as a DHCP Relay Agent Implement the DHCP relay agent feature with bootpdhcprelay commands, all in Global Config mode. For details on these commands, see the Bootp/DHCP Relay Commands section of the Routing Commands chapter in the SFTOS Command Reference Step Command...
Page 134
Figure 8-94. Diagram of Two Switches Acting as DHCP Server and Relay Agent Configure switch “S50-B”, from the diagram above, as a DHCP server, as shown in Figure 8-95. Figure 8-95. Example of Configuring a Switch as a DHCP server S50-B #config S50-B (Config)#service dhcp S50-B (Config)#ip dhcp pool Pool1...
Providing User Access Security This chapter contains the following major sections: • Choosing a TACACS+ Server and Authentication Method • Configuring TACACS+ Server Connection Options on page 137 • Configuring a RADIUS Connection on page 138 • Enabling Secure Management with SSH on page 140 SFTOS supports several user-access security methods to the switch, including local (see Creating a User and Password on page...
Page 136
Command Step Command Syntax Mode Purpose show tacacs Privileged Verify the configuration and status of TACACS Exec Figure 9-98) servers (See show authentication Privileged Display the ordered authentication methods for all Exec authentication login lists. would generally not be the last method specified, in order to avoid a situation where the final TACACS authentication option depends on a server that might be offline.
Figure 9-100. Verifying the Authentication Method Lists with the show authentication Command Force10_S50)#show authentication Authentication Login List Method 1 Method 2 Method 3 ------------------------- -------- -------- -------- defaultList local undefined undefined local tacacs undefined undefined undefined undefined three tacacs reject undefined Figure 9-101 shows the assignment of list “three”...
Configuring a RADIUS Connection Remote Authentication Dial-In User Service (RADIUS) is another means of port-based network access control. The switch acts as an intermediary to a RADIUS server, which provides both an authentication and an accounting function to maintain data on service usages. Under RFC 2866, an extension was added to the RADIUS protocol giving the client the ability to deliver accounting information about a user to an accounting server.
Page 139
• radiusList method associated with the 802.1x default login (for non-configured users for 802.1x port security). 802.1x port-based access control is enabled for the system. • Interface 1/0/1 in force-authorized mode, because this is where the RADIUS server and protected network resources are located If a user, or supplicant, attempts to communicate through the switch on any interface except port 1/0/1, the system challenges the supplicant for login credentials.
Figure 9-104. Topology with Two RADIUS Servers Figure 9-105. Configuration Example for Two RADIUS Servers Force10 #config Force10 (Config)#radius server host auth 10.10.10.10 Force10 (Config)#radius server key auth 10.10.10.10 Enter secret (16 characters max):****** Re-enter secret:****** Force10 (Config)#radius server host auth 11.11.11.11 Force10 (Config)#radius server key auth 11.11.11.11 Enter secret (16 characters max):****** Re-enter secret:******...
Page 141
4. Disable the insecure version of the management server (Telnet). The SSH keys certificates are in a .zip file that are on the S-Series CD-ROM. You can also get them from your Dell Force10 account team. The .zip file contains two directories—ssh and ssl: •...
Enabling SSH Starting with SFTOS 2.5.1.1, you no longer need to generate the SSH keys off-line. Before you enable the SSH server, NVRAM does not contain the keys, as shown (or not shown, in this case) in Figure 9-106. After you enable the SSH server and the SSH keys are automatically generated, the keys will not be deleted even if SSH is disabled later.
Page 143
2. To verify that the server has started, use the command to show the SSH server status. show ip ssh Figure 9-108. Using the show ip ssh Command to Show SSH Server Status Force10 #show ip ssh SSH Configuration Administrative Mode: ......Enabled Protocol Levels: ......
Spanning Tree This chapter discusses the SFTOS implementation of Spanning Tree Protocol (STP), Multiple Spanning Tree Protocol (MSTP), and Rapid Spanning Tree Protocol (RSTP). The chapter contains the following major sections: • SFTOS STP Switching Features • Spanning Tree Protocol (STP, IEEE 802.1D) on page 146 •...
Spanning Tree Protocol (STP, IEEE 802.1D) When SFTOS is set to run in basic Spanning Tree Protocol (STP) mode, SFTOS conforms to IEEE 802.1D and the RFC 1493 Bridge MIB. A spanning tree algorithm provides path redundancy while preventing undesirable loops in a network: •...
Basic STP CLI Port Management Privileged and User Exec Mode CLI command: • Display STP settings and parameters for an interface — show spanning-tree interface unit/slot/port Global Config Mode CLI command: • [Disable] enable STP administrative mode for all interfaces —...
Port States RSTP merges states from STP, leaving just three possible operational states. The 802.1D blocking and disabled states are merged into the 802.1w discarding state. The 802.1D learning and listening states are merged into the 802.1w learning state. Port Costs RSTP introduces new default port costs.
Important Points to Remember MSTP is part of the SFTOS switching package. Either IEEE 802.1D or IEEE 802.1s operates at any given time. The following is the SFTOS implementation of MSTP: • MSTP instances can only exist within a region. •...
MSTP CLI Management SFTOS supports Multiple Spanning Tree Protocol (MSTP) by default. The basic STP commands (see Basic STP (802.1D) CLI Management on page 146) applicable to MSTP. In addition to display commands (see Display Spanning Tree Configuration on page 157), SFTOS provides the following commands specific to MSTP: Command Syntax...
4. Verify the global configuration, the interface configuration, and the STP convergence. See Display Spanning Tree Configuration on page 157. 5. (OPTIONAL) Influence the STP topology. See Influencing the Spanning Tree Topology on page 153 6. (OPTIONAL) Change global STP operational parameters. See Changing Spanning Tree Global Parameters on page 155.
Enabling STP Use the following commands to run Spanning Tree convergence on participating switches. spanning tree Global Config Enable the Spanning Tree Protocol on participating switches. spanning-tree port mode enable Interface Config Enable STP on selected ports. spanning-tree port mode enable all Global Config Alternatively to enabling STP on selected ports, activate STP on all ports.
Figure 10-111. Using the spanning-tree Command S50-1 #config S50-1 (Config)#spanning-tree S50-2 #config S50-2 (Config)#spanning-tree S50-3 #config S50-3 (Config)#spanning-tree 3. Use either the command in Global Config mode to enable Spanning spanning-tree port mode enable all Tree on all ports (as shown in Figure 10-112), or use the command in...
The following commands influence which switch becomes the root bridge and the role of a port in the spanning tree: Command Syntax Command Mode Purpose spanning-tree msti { 0 {cost 1-200000000 Interface To influence the role of the selected port in the Config | external-cost 1-200000000 | 0-240 } | spanning tree:...
After lowering the priority of MST 5: Force10 #show spanning-tree mst port summary 5 all Port Interface Mode Type State Role --------- -------- ------- ----------------- ---------- 1/0/1 Enabled Disabled Disabled 1/0/2 Enabled Disabled Disabled 1/0/3 Enabled Disabled Disabled 1/0/4 Enabled Disabled Disabled 1/0/5...
Enabling an Edge Port Note: Only interfaces connected to end stations should be set up as edge ports. Edge ports in 802.1D mode are not supported. The edge port feature (Portfast) enables interfaces to begin forwarding packets immediately after they are connected.
Page 158
Command Syntax Command Mode Purpose show spanning-tree mst detailed mstid Privileged Exec Display settings and parameters for one MST instance. show spanning-tree vlan vlanid Privileged Exec Display the association between an MST instance and a VLAN. See Figure 10-125 on page 162.
Page 159
Use the command (Figure 10-118) to determine current bridge characteristics: show spanning-tree brief Figure 10-118. Example Output from spanning-tree brief Command Force10 #show spanning-tree brief Bridge Priority........ 32768 Bridge Identifier......80:00:00:01:E8:D5:A7:82 Bridge Max Age......... 20 Bridge Max Hops........ 20 Bridge Hello Time......2 Bridge Forward Delay......
Page 160
Figure 10-120 displays the output from the command for STP details show spanning-tree mst port summary of individual ports: Figure 10-120. Example Output of show spanning-tree mst port summary Command S50-2 #show spanning-tree mst port summary 0 1/0/1 MST Instance ID........ CST Port Interface Mode...
Page 161
Figure 10-122 shows the output of the command from S50-3 for show spanning-tree mst port summary participating ports: Figure 10-122. Example Output from show spanning-tree mst port summary Command S50-3 #show spanning-tree mst port summary 0 1/0/1 MST Instance ID........ CST Port Interface Mode...
Page 162
Figure 10-124 shows the output of the command after lowering the show spanning-tree mst port summary priority of the MST instance (contrast to Figure 10-122): Figure 10-124. Example Output from show spanning-tree mst port summary Command Force10 #show spanning-tree mst port summary 50 all Port Interface Mode...
Displaying STP, MSTP, and RSTP Operation Use the show interface ethernet command to display STP, MSTP, and RSTP BPDUs unit/slot/port transmitted and received. Figure 10-126. Example Output from show interface ethernet Command Force10 #show interface ethernet 1/0/1 Type........... Normal Admin Mode........Disable Physical Mode........
Link Aggregation This chapter contains the following major sections: • Link Aggregation—IEEE 802.3 • Link Aggregation Group (LAG) Commands on page 168 • Configuring a LAG on page 170 • Link Aggregation Control Protocol (LACP) on page 174 • Displaying LAGs (Port Channels) on page 176 Note: SFTOS 2.5.1 introduces the Interface Port Channel Config mode (see Interface Port Channel Config mode commands on page...
A LAG can offer the following benefits: • Increased reliability and availability — if one of the physical links in the LAG goes down, traffic will be dynamically and transparently reassigned to one of the other physical links. • Better use of physical resources — traffic can be load-balanced across the physical links. •...
LAG Implementation Restrictions Interface restrictions: • All of the physical links of a LAG must run in full-duplex mode at the same speed. Set the speed and mode of a port to that of the LAG before adding the port to the LAG. •...
Link Aggregation Group (LAG) Commands Privileged Exec and User Exec mode commands • To remove all LAGs: — clear port-channel • To display a summary of LAGs, including port assignments: — show interface port-channel brief • To display settings and counters for a specific LAG, including port assignments: —...
Page 169
The CLI commands in the Interface Port Channel Config mode include the following: • Add to the selected LAG (or delete from it), one or more ports: — [ – channel-member unit/slot/port unit/slot/port unit/slot/port • Enter a description for the selected LAG: —...
Interface Config mode commands Note: The [no] port lacpmode enable command is deprecated. The CLI commands in Interface Config mode used to configure LAGs are: • Add a port to a LAG: — (where is the logical interface defined by the system for addport unit/slot/port unit/slot/port the LAG)
Step Command Syntax Command Mode Purpose (continued) interface port-channel Global Config Create the LAG and/or enter Interface Port Channel 1–128 Config mode. For the LAG ID, enter an integer between 1 (Before v. 2.5.1, the syntax and 128 that is not already in use by another LAG. The was port-channel name character string allows the dash “-”...
Basic LAG configuration example This example shows configuring the S-Series switch to support LAGs to a server and to a Layer 2 switch. Figure 11-127. LAG Example Network Diagram 1. Use the command to learn the LAG IDs already in use (see show interface port-channel brief Figure 11-130 on page 173).
4. Verify both LAGs. Figure 11-130. Using the show interface port-channel brief Command Force10#show interface port-channel brief Codes: L - LACP Port-channel LAG Status Ports --- ------ ------- Up 1/0/2 (Up) 1/0/3 (Up) Up 1/0/2 (Up) 5. At this point, the LAGs could be added to VLANs, as described next. Adding a LAG to a VLAN To add a LAG to a VLAN, you access the Interface VLAN mode with the command,...
Using the Interface Range mode If you are applying the same configuration elements to a number of LAGs (also called bulk configuration you can replicate the steps shown in the examples above for all of those LAGs from the Interface Range mode.
LACP works by constantly exchanging custom MAC PDUs across LAN Ethernet links. The protocol packets are only exchanged between ports that are configured to be LACP-capable. LACP Configuration SFTOS allows the user to enable LACP and configure LACP timeout characteristics for a particular LAG. Note: LACP is enabled by default.
Verify the status of the LAG as dynamic created through LACP: Figure 11-134. Displaying Details on a LAG with the show interface port-channel Command Force10 (Config)#exit Force10#show interface port-channel 2 Description........MAC Address........00:01:E8:D5:A0:81 MTU..........1518 Packets RX and TX 64 Octets....0 Packets RX and TX 65-127 Octets....
Quality of Service This chapter contains the following major sections: • Using Differentiated Services (DiffServ) on page 177 •Deploying DiffServ on page 180 •Monitoring DiffServ on page 184 •Configuring Differentiated Services by Department on page 191 •Configuring Differentiated Services for Voice over IP on page 194 Using Differentiated Services (DiffServ) This section contains the following subsections: •...
Page 178
• Interior node: A switch in the core of the network is responsible for forwarding packets, rather than for classifying them. It will decode the DSCP in an incoming packet, and provide buffering and forwarding services using the appropriate queue management algorithms. To configure DiffServ on a particular S-Series router, you first determine the QoS (quality of service) requirements for the network as a whole.
Page 179
Packet processing begins by testing the match criteria for a packet. A policy is applied to a packet when a class match within that policy is found. Note that the type of class — all, any, or ACL — has a bearing on the validity of match criteria specified when defining the class.
Deploying DiffServ The four basic steps necessary to deploy DiffServ are: 1. Create class-maps. (See Creating Class-maps/DiffServ Classes on page 180.) A class-map is used to differentiate between types of traffic based on a packet’s match to defined rules in the class-map.
Page 181
parameter is a case-sensitive alphanumeric string from 1 to 31 characters that you create to classname uniquely identify the class. Note: The word “default” is reserved and must not be used as a class name. For example, entering means “Create a class named Dallas that must class-map match-all Dallas match all statements in the policy.”...
Creating a Policy-Map The second step in deploying DiffServ is to create a policy-map. From the Global Config mode, use the command (Figure 12-139) to create or identify an existing policy-map. The policy-map policy-map defines: • Traffic Conditioning—Specify traffic conditioning actions (policing, marking, shaping) to apply to traffic classes •...
Figure 12-139. policy-map Command Example policy-map pm-1 in class cl-map-1 assign-queue 3 exit class cl-map-2 mark ip-precedence 1 exit In the above example, we have created a policy-map with the name of “pm-1”. This policy-map is meant to affect inbound traffic. Traffic that is part of the class cl-map-1 (created in the previous example) is affected. Traffic that falls into this class will be assigned to queue 3.
Figure 12-141. service-policy Interface Command Example Force10 #config Force10 (Config)#interface 1/0/4 Force10 (Interface 1/0/4)#service-policy in pm-1 Force10 (Interface 1/0/4)# Note: When applied globally, a service-policy command appears under each interface, as if the command were applied one interface at a time. The commands then can be removed from individual interfaces, or from all interfaces simultaneously, using the no form of the command.
Figure 12-142. show class-map Command Example Force10 #show class-map cm-3 Class Name........cm-3 Class Type........All Match Criteria Values ---------------------------- ------------------------------------- IP Precedence Reference Class cl-map-2 Force10 #show class-map cl-map-2 Class Name........cl-map-2 Class Type........All Match Criteria Values ---------------------------- ------------------------------------- Destination Layer 4 Port 7(echo) Force10 #...
Figure 12-143. show class-map Command Example Force10 #show class-map Class Class Name Type Reference Class Name ------------------------------- ----- ------------------------------- cl-map-1 cl-map-2 cm-3 cl-map-2 Force10 # is not specified, this command displays a list of all defined DiffServ classes. The following classname fields are displayed: Class Name—The name of this class.
Policy Attribute Table Size—The current number of entries (rows) in the Policy Attribute Table. Policy Attribute Table Max—The maximum allowed entries (rows) for the Policy Attribute Table. Service Table Size—The current number of entries (rows) in the Service Table. Service Table Max—The maximum allowed entries (rows) for the Service Table. The following examples show sample output from the show diffserv show diffserv service brief...
Page 188
Drop—Drop a packet upon arrival. This is useful for emulating access control list operation using DiffServ, especially when DiffServ and ACL cannot co-exist on the same interface. Exceed CoS—The action to be taken on excess packets per the policing metrics. Exceed Secondary CoS—The action to be taken on excess packets conforming with the secondary class of service value per the policing metrics.
Page 189
Non-Conform IP Precedence Value—This field displays the IP Precedence mark value if this action is markprec. Bandwidth—This field displays the minimum amount of bandwidth reserved in either percent or kilobits-per-second. Expedite Burst Size (KBytes)—This field displays the maximum guaranteed amount of bandwidth reserved in either percent or kilobits-per-second format.
Figure 12-147. show policy-map Command Example Force10 #show policy-map pm-1 Policy Name........pm-1 Policy Type........In Class Name........cl-map-1 Assign Queue........3 --More-- or (q)uit Class Name........cl-map-2 Mark IP Precedence......1 The following is sample output from show policy-map interface: Figure 12-148.
The following information is repeated for each interface and direction (only those interfaces configured with an attached policy are shown): Intf (Interface)—Valid unit, slot and port number separated by forward slashes. Oper Stat (Operational Status)—The current operational status of this DiffServ service interface. Offered Packets—A count of the total number of packets offered to all class instances in this service before their defined DiffServ treatment is applied.
Page 192
Figure 12-150. DiffServ Internet Access Example Network Diagram 1. Ensure DiffServ operation is enabled for the switch. Force10 #config Force10 (Config)#diffserv 2. Create a DiffServ class of type for each of the departments, and name them. Define the match criteria—VLAN ID—for the new classes. Figure 12-151.
Page 193
each department's traffic on a different egress queue. This is how the DiffServ inbound policy connects to the CoS queue settings established below. Figure 12-152. Example of Using policy-map Command Force10 (Config)#policy-map internet_access in Force10 (Config-policy-map)#class finance_dept Force10 (Config-policy-classmap)#assign-queue 1 Force10 (Config-policy-classmap)#exit Force10 (Config-policy-map)#class marketing_dept Force10 (Config-policy-classmap)#assign-queue 2...
Configuring Differentiated Services for Voice over IP One of the most valuable uses of DiffServ is to support Voice over IP (VoIP). VoIP traffic is inherently time-sensitive. For a network to provide acceptable service, a guaranteed transmission rate is vital. This example shows one way to provide the necessary quality of service: how to set up a class for UDP traffic, have that traffic marked on the inbound side, and then expedite the traffic on the outbound side.
Page 195
1. Enter Global Config mode. Set queue 5 on all ports to use strict priority mode. This queue shall be used for all VoIP packets. Activate DiffServ for the switch. Force10 #config Force10 (Config)#cos-queue strict 5 Force10 (Config)#diffserv 2. Create a DiffServ classifier named “class_voip” and define a single match criterion to detect UDP packets.
Access Control This chapter contains the following major sections: • SFTOS Support for Access Control Lists •Common ACL Commands on page 198 •Access Control List Configuration Example on page 202 •Applying an IP ACL to the Loopback Interface on page 203 •...
Note that the order of the rules is important: when a packet matches multiple rules in an ACL, the first rule created in the ACL takes precedence. Also, once you define an ACL for a given port, all traffic not specifically permitted by the ACL will be denied access.
Page 199
Each rule is appended to the list of configured rules for the list. Note that an implicit “deny all” MAC rule always terminates the access list. Note: You can add new deny/permit list items to an existing list, but you cannot remove previously configured deny/permit list items.
IP ACL Commands IP ACLs ensure that only authorized users have access to specific resources and block any unwarranted attempts to reach network resources. The following rules apply to IP ACLs: • SFTOS does not support IP ACL configuration for IP packet fragments. •...
• Attach a specified ACL to the selected interface — ip access-group ACLnumber 1-4294967295 The optional variable is an integer that indicates the order of application of 1-4294967295 this ACL relative to other ACLs assigned to this interface. Figure 13-160. Using the ip access-group Command Force10 (Config)#interface 1/0/21 Force10 (Interface 1/0/21)#ip access-group 100 1 in When the...
2. Within that mode, use the command to assign the appropriate ACLs (see ip access-group ACLnumber Figure 13-160 on page 201). For a configuration example, see Applying an IP ACL to the Loopback Interface on page 203. Access Control List Configuration Example The following example shows how to set up an IP ACL with two rules—one for TCP traffic and one for UDP traffic.
Figure 13-164. Example of Defining a Second IP ACL Rule Force10 #config Force10 (Config)#access-list 101 permit udp 192.168.77.0 0.0.0.255 192.178.77.0 0.0.0.255 Force10 (Config)# 3. Apply the ACL to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted. Figure 13-165.
To apply an ACL (standard or extended) for loopback, use the following sequence: Command Step Command Syntax Mode Purpose • For a Standard IP ACL: Global Create an IP ACL. access-list {deny | permit} {every | } [log] 1-99 srcip srcmask Note: The mirror Config [assign-queue...
Figure 13-166. Loopback ACL Example Force10 (Config)#access-list 2 permit every Force10 (Config)#access-list 2 deny 10.240.4.113 255.255.255.0 Force10 (Config)#interface loopback 0 Force10 (Conf-if-lo-0)# ip access-group 2 in 10 10 is the priority, an optional parameter. Force10 (Conf-if-lo-0)# exit Force10 #show ip access-lists 2 ACL ID: 2 Interface :loopback Rule Number: 1...
Page 206
Figure 13-167. Using the show interface-ethernet Command Force10 #show interface ethernet 1/0/2 Type........... Normal Admin Mode........Enable Physical Mode........Auto Physical Status........ Down Speed.......... 0 - None Link Status........Detach MAC Address........0001.E8D5.A058 Total Packets Received (Octets)....0 Packets Received > 1522 Octets....0 Packets RX and TX 64 Octets....
VLANs This chapter describes the use of SFTOS to create IEEE 802.1Q Virtual LANs (VLANs); it contains the following major sections: • Introduction to VLAN Configuration on page 207 • Important Points to Remember on page 208 • Implementing VLANs on page 209 •...
A VLAN is a set of end stations and the switch ports that connect them. You may have many reasons for the logical division, such as department or project membership. The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN. Each VLAN in a network has a VLAN ID, which appears in the IEEE 802.1Q tag in the Layer 2 header of packets transmitted on a VLAN.
• It is possible to set the management VLAN to a VLAN that does not exist. If you cannot reach anything from the management IP address (see Creating the Management IP Address on page 67), check the management VLAN using show interface managementethernet or show running-config Implementing VLANs Table 14-8.
VLAN Mode Commands The starting point for VLAN command syntax statements is the VLAN Commands chapter (Chapter 7) in the SFTOS Command Reference. Executing the command (Global Config mode) either creates a VLAN or selects a interface vlan 2-4094 previously created VLAN (or use [no] interface vlan to delete a VLAN) and then enters the Interface 2-4094...
Configuration Task List for VLANs • Creating a VLAN and Adding Ports • Clearing/Resetting a VLAN on page 214 • Adding a LAG to a VLAN on page 215 • Creating a Routed VLAN on page 217 • Enabling Dynamic VLANs with GVRP on page 220 •...
Example of creating a VLAN and assigning interfaces The diagram in this example shows four S-Series switches, R1, R2, R3, and R4, each configured with VLAN 2 to handle traffic destined for R1. This example creates VLAN 2 to connect four switches, with each switch having an interface that connects through VLAN 2 to switch R1.
6. Verify the configuration with the commands, or any of the other commands listed in show vlan Displaying VLAN Information on page 233. Notes: • Note that VLAN2 on R1 has some untagged ports and some tagged ports. The tagging type (either untagged or tagged) must match those of their directly connected ports on the other switches.
Note: Recovery of VLAN information from the startup configuration would then require reloading the switch. Adding a LAG to a VLAN To add a Link Aggregation Group (LAG) (also called a Port Channel) to a VLAN, you first create the LAG, as detailed in the LAG chapter (Configuring a LAG on page 170), and then add the LAG to the...
Example of adding a LAG to a VLAN Figure 14-171. Adding a LAG to a VLAN 1. To create the topology shown in Figure 14-171, create the LAG on switch R1, giving it an integer ID (and, optionally, a description — the “admin1” shown here). Add ports to it, and enable it (use either no shutdown command inside the Interface Port Channel mode, or use the global mode shown here).
Creating a Routed VLAN This section provides an example of how to configure an S-Series switch to enable VLAN routing. Your switch must be running a version of SFTOS that supports Layer 3 : Step Command Syntax Command Mode Usage ip routing Global Config Enable routing globally...
Generic Attribute Registration Protocol (GARP) provides a generic attribute dissemination protocol used to support other protocols such as GVRP (GARP VLAN Registration Protocol. GARP is used to register and deregister attribute values with other GARP participants within bridged LANs. When a GARP participant declares or withdraws a given attribute, the attribute value is recorded with the applicant state machine for the port from which the declaration or withdrawal was made.
GARP Commands Global Config mode, you can enable GVRP, or GMRP, or both for the switch: gvrp adminmode enable gmrp adminmode enable: enables GARP Multicast Registration Protocol (GMRP) on the system gmrp interfacemode enable all: enables GARP Multicast Registration Protocol on all interfaces In Interface Config mode, enable GVRP for a port: gvrp interfacemode enable...
Step Command Syntax Command Mode Usage show gvrp configuration all Privileged Exec Verify the GARP interface. show vlan brief Privileged Exec Verify the VLAN. Example of Creating a Dynamic VLAN through GVRP In this case, after enabling GVRP globally and on specific ports, and then creating a VLAN on R2 with one of those ports: •...
Figure 14-181. Using the show vlan id Command (R1) #show vlan id 3 Codes: * - Default VLAN, G - GVRP VLANs, E - Ethernet interface Vlan Id Status Ports ------- --------- -------- Active 1/0/2 Notes: • The ‘G’ indicates that this VLAN was dynamically created via GVRP on R1. •...
Creating an IP Subnet-based VLAN Note: IP Subnet-based VLAN functionality was not tested in SFTOS 2.5.2.0, so it is not supported. As shown in Figure 14-183, use the vlan association subnet command in Interface VLAN ipaddr netmask mode to configure an IP subnet-based VLAN by associating the VLAN with an IP address and subnet mask.
The following sequence shows the steps for configuring a protected port group: Step Command Syntax Command Mode Usage Global Config Create a new (or specify an existing) protected port by switchport protected groupid group number, and then, optionally, assign a name to it. name name Global Config...
Page 225
6. The default acceptframe type for all ports is “Untagged”. An interface can have only one native VLAN. It can be untagged or tagged. Untagged VLANs on an interface are native VLANs by default. On an interface where there is an untagged VLAN, there can be tagged VLANs, but not tagged native VLANs.
Page 226
Figure 14-186. Validating an Untagged Interface untagged 1/0/2 Is port 1/0/2 tagged as native Reject command for any other VLAN? Is port 1/0/2 untagged for any Reject command other non-default VLAN? Apply command; remove VLAN 1 as native VLAN. Is interface 1/0/2 tagged in Set frametype to admitall some other VLAN? Set frametype to UntaggedOnly...
Figure 14-187. Validating a Tagged Interface tagged 1/0/3 Is 1/0/3 untagged in Reject command the same VLAN? Apply command; set Is 1/0/3 tagged native in the acceptframe to admitall same VLAN? No action required. If the interface is already tagged native, then acceptframe is already set to vlanonly, and tagging properties are correct.
Page 228
Figure 14-190. Using show vlan Command to Display Native VLAN Members Force10 #show vlan Codes: * - Default VLAN, G - GVRP VLANs, E - Ethernet interface, ^ - Native VLAN Vlan Id Status Ports ------- --------- -------- Inactive ^1/0/1 , ^1/0/2 ,1/0/3 ,1/0/4 ,1/0/5 ,1/0/6 ,1/0/7 1/0/8 ,1/0/9 ,1/0/10,1/0/11,1/0/12,1/0/13,1/0/14 1/0/15,1/0/16,1/0/17,1/0/18,1/0/19,1/0/20,1/0/21...
Configuring a VLAN Tunnel (DVLAN or VLAN-Stack) Note: VLAN stacking functionality existed in SFTOS prior to SFTOS 2.5.2.0, but it was not tested in SFTOS 2.5.2.0, so it is not supported in versions after SFTOS 2.5.1.13. VLAN stacking, also called Double VLAN (DVLAN) and QinQ, support VLAN tunneling. In more detail, with the VLAN-Stack feature, you can “stack”...
Page 230
Step Command Syntax Command Mode Purpose mode dvlan-tunnel Interface Config Enable DVLAN tagging for the port. (same as mode dot1q-tunnel) show dvlan-tunnel Privileged Exec Display DVLAN-enabled VLAN tagging. (same as show dot1q-tunnel) show dvlan-tunnel interface { Privileged Exec Display detailed information for a specific unit/slot/ | all} interface.
DVLAN configuration example The example here shows how to configure VLANs so that VLAN traffic from switches R4 and R5 is encapsulated in frames tagged with VLAN 3 going through switch R7. Figure 14-194. DVLAN Example Topology Configure switch R4: Figure 14-195.
Page 232
Note: The first command in Figure 14-195 and in Figure 14-196 configures a dvlan-tunnel ethertype of vman, but you can assign a custom ethertype, which controls the encapsulation of the tunneled traffic, as long as the ethertype matches on both end switches (R4 and R5 here). Note: If you are sending large frames, make sure you configure the MTU appropriately.
Displaying VLAN Information show port show running-config (see Figure 14-198, below), and show vlan commands provide most of the information about the VLAN configuration. The command has the following options: show vlan • (no option entered) Display summary information for all configured VLANs. See Figure 14-199, below.
Page 234
Figure 14-198. Using the show running-config and show vlan brief Commands Force10 #show running-config !Current Configuration: ![excerpt showing just the vlan elements in the report]! interface vlan exit interface vlan 2 exit interface vlan 3 exit Force10 #show vlan brief VLAN Name MAC AgingIP Address...
Page 235
Figure 14-200. Example Output from show vlan id Command Force10#show vlan id 1 Codes: * - Default VLAN, G - GVRP VLANs, E - Ethernet interface, ^ - Native VLAN Vlan Id Status Q Ports --------- ---------- - ------ Inactive T E ^1/0/3 R2 #show vlan id 300 Codes: * - Default VLAN, G - GVRP VLANs, E - Ethernet interface...
IGMP Snooping This chapter discusses the use of IGMP (Internet Group Management Protocol) commands for IGMP Snooping, in the following major sections: • Enabling IGMP Snooping on page 237 • Monitoring IGMP Snooping on page 238 See also IGMP Proxy on page 251 in the Routing chapter of this guide.
set igmp maxresponse 1–3599 (typically, 1 less than group membership interval) — Default 10 seconds — sets the maximum response time on all interfaces set igmp maxresponse all 1–3599 — Both commands are issued from the Global Config mode. set igmp mcrtexpiretime all 0-3600 —...
Page 239
Figure 15-203. Report from show igmp interface Command Force10 #show igmp interface ? <unit/slot/port>Enter interface in unit/slot/port format. membershipDisplay interfaces subscribed to the multicast group. stats Display IGMP statistical information. Force10 #show igmp interface 1/0/10 Slot/Port........1/0/10 IGMP Admin Mode........Enable Interface Mode.........Disable IGMP Version........3 Query Interval (secs)......125 Query Max Response Time (1/10 of a second..100...
Page 240
Figure 15-205. Report from show ip igmp interface Command Force10 #show ip igmp ? <cr> Press Enter to execute the command. groups Display the subscribed multicast groups. interface Display IGMP configuration information. Force10 #show ip igmp interface 1/0/2 Slot/Port........1/0/2 IGMP Admin Mode.........Enable Interface Mode........Disable IGMP Version........3 Query Interval (secs)......125...
Port Mirroring This chapter contains the following sections: • Port Mirroring Features • Port Mirroring Commands on page 242 • Port Mirroring Configuration Examples on page 242 • Verifying Port Mirroring on page 244 Port Mirroring Features • Enables you to monitor network traffic with an external network analyzer •...
Port Mirroring Commands The following are common port mirroring commands using Figure 16-208 as a model: • Enable port mirroring session (default is disable): monitor session 1 mode • Configure mirrored port: monitor session 1 source interface 1/0/2 • Configure destination port/probe port: monitor session 1 destination interface 1/0/3 (Remove an existing destination port before replacing it with another.) •...
Configuring the mirrored port and destination port When enabled, the probe port monitors all traffic received and transmitted on the monitored port. A session is operationally active if and only if both a destination port and at least one source port is configured.
Stopping the mirroring session and removing probe and mirrored ports Figure 16-213. Command Examples: Removing port mirroring configuration Force10 (Config)#no monitor session 1 mode Force10 (Config)#no monitor session source Force10 (Config)#no monitor session destination Force10 (Config)#no monitor Note: Alternatively, you can use the no monitor command to disable port mirroring, which automatically removes the mirror and probe configuration from the source and destination ports.
Using other commands that show port mirroring status You can use the command to show all existing probe ports and mirrored ports, along with show port all their operational status: Figure 16-215. Example of show port all Showing Port Mirroring Force10 S50 #show port all Admin Physical...
Layer 3 Routing This chapter contains these major sections: • Enabling Routing on page 248 • IGMP Proxy on page 251 • RIP Configuration on page 255 • OSPF Configuration on page 257 • VLAN Routing on page 262 • Link Aggregation on page 269 •...
Enabling Routing The S-Series always provides Layer 2 bridging, while Layer 3 routing must be explicitly enabled, first for the S-Series router as a whole, and then for each port that is to participate in the routed network. As introduced in the Getting Started chapter, use the command (see show version Figure 3-8 on page...
Page 249
Then invoke the following commands, assuming that you are still in Interface Config mode after completing the Layer 2 procedure (see Configuring Physical Interfaces on page 117): Step Command Syntax Command Mode Purpose ip routing Config Enable routing on the switch. interface Config To access the INTERFACE mode for the selected port, enter...
Port Routing Configuration Example The diagram in this section shows a Layer 3 switch configured for port routing. It connects three different subnets, each connected to a different port. The example shows the commands you would use to configure the S-Series to provide the port routing support shown in the diagram. Figure 17-219.
IGMP Proxy Configuration The following procedure shows the basic steps for creation and configuring of an IGMP Proxy router. Step Command Syntax Command Mode Purpose ip routing Global Config Enable routing on the switch. ip multicast Global Config Enable multicast forwarding on the router. Note: No multicast routing protocols can be enabled on the router.
Verifying the configuration Verify the configuration with these show commands, in Privileged Exec or User Exec modes: Use the show ip igmp-proxy command to display host interface status parameters. It displays operational parameters only when IGMP Proxy is enabled, as shown in Figure 17-225 Figure 17-224.
Figure 17-227. Using the show ip igmp-proxy interface Command Force10-S50V#show ip igmp-proxy interface VLAN .......... 2 Query Rcvd Report Rcvd Report Sent Leave Rcvd Leave Sent ----------------------------------------------------------------- ----- ----- ----- ----- For more IGMP information, see the IGMP Commands section of the IP Multicast Commands chapter in the SFTOS Command Reference.
RIP Configuration Example The configuration commands used in the following example enable RIP on ports 1/0/2 and 1/0/3: 1. Enable routing for the switch. Figure 17-228. Using the ip routing Command to Enable Routing Force10 #config Force10 (Config)#ip routing 2. Enable routing and assign the IP for ports 1/0/2 and 1/0/3. Figure 17-229.
OSPF Configuration For larger networks, Open Shortest Path First (OSPF) is generally used in preference to RIP. OSPF offers several benefits to the administrator of a large and/or complex network: • Less network traffic: • Routing table updates are sent only when a change has occurred. •...
Page 258
Figure 17-232. OSPF Example Network Diagram: Inter-area Router 1. Enable routing for the switch. Figure 17-233. Enabling Routing for the Switch Force10 #config Force10 (Config)#ip routing 2. For ports 0/2 and 0/3, enable routing, and assign the IP: Figure 17-234. Enabling Routing for Ports Force10 #config Force10 (Config)#interface 1/0/2 Force10 (Interface 1/0/2)#routing...
Page 259
4. Enable OSPF for the ports and set the OSPF priority and cost for the ports. Figure 17-236. Using the ospf priority Command Force10 (Config)#interface 1/0/2 Force10 (Interface 1/0/2)#ip ospf Force10 (Interface 1/0/2)#ip ospf areaid 0.0.0.2 Force10 (Interface 1/0/2)#ip ospf priority 128 Force10 (Interface 1/0/2)#ip ospf cost 32 Force10 (Interface 1/0/2)#exit Force10 (Config)#interface 1/0/3...
Configuring OSPF on an S-Series operating as a border router The next diagram shows the same network segment with the S-Series operating as the border router in area 0.0.0.2. The example shows the commands used to configure the switch with OSPF enabled on port 0/2 for communication with the inter-area router in the OSPF backbone, and on ports 0/3 and 0/4 for communication with subnets within area 0.0.0.2.
Page 261
3. Specify the router ID and enable OSPF for the switch. Set disable 1583compatibility to prevent the routing loop. Force10 (Config)#router ospf Force10 (Config router)#enable Force10 (Config router)#router-id 192.130.1.1 Force10 (Config router)#no 1583compatibility Force10 (Config router)#exit Force10 (Config)# 4. Enable OSPF for the ports and set the OSPF priority and cost for the ports. Force10 (Config)#interface 1/0/2 Force10 (Interface 1/0/2)#ip ospf Force10 (Interface 1/0/2)#ip ospf areaid 0.0.0.2...
VLAN Routing This section introduces the basic commands for enabling VLAN routing and then provides examples for enabling VLAN routing over the OSPF and RIP protocols, in the following sections: • VLAN Routing Configuration on page 263 • VLAN Routing OSPF Configuration on page 264 •...
VLAN Routing Configuration The VLAN chapter in this guide (VLANs on page 207) contains a detailed explanation of enabling an IP VLAN (routed VLAN) on one S-Series switch. See Creating a Routed VLAN on page 217. The example Figure 17-238 is a quick refresher on the sequence of commands that you execute on each switch participating in an IP VLAN: Figure 17-238.
4. As above, create VLAN 200 on switch R2, add an IP address, subnet mask, and port 2 to it: R1 (Config)#interface vlan 200 R1 (Conf-if-vl-200)#ip address 10.11.12.144 255.255.255.0 R1 (Conf-if-vl-200)#tagged 1/0/2 5. Verify configurations with the show vlan id command on each switch.
Figure 17-249. Output of the show ip ospf interface vlan Command Force10 #show ip ospf interface vlan 10 IP Address........10.1.1.1 Subnet Mask........255.255.255.0 OSPF Admin Mode........ Enable OSPF Area ID........0.0.0.2 Router Priority........ 1 Retransmit Interval......5 Hello Interval......... 10 Dead Interval........
Page 268
1. As done previously, create the VLANs and enable VLAN routing. In this example, commands in the Interface Config mode are used, an alternative to using the Interface VLAN mode commands shown in the previous example. Force10 #config Force10 (Config)#interface vlan 10 Force10 (Conf-if-vl-10)#tagged 1/0/2 Force10 (Conf-if-vl-10)#ip address 192.150.3.1 255.255.255.0 Force10 (Conf-if-vl-10)#exit...
Link Aggregation A Link Aggregation Group (LAG) (also called a port channel) allows multiple physical links between two end-points to be treated as a single logical link. All of the physical links in a given LAG must operate in full-duplex mode at the same speed. A LAG will be treated by management functions as if it were a single physical port.
Page 270
Figure 17-253. Inspecting a Layer 3 LAG Configuration R1 (Config)#exit R1 #show interfaces port-channel brief LAG Status Ports --- ------ ------- 10 Down 1/0/10 (Down) 1/0/11 (Down) R1 #show ip interface ? <unit/slot/port> Enter interface in unit/slot/port format. vlan Display information about IP configuration settings for a Vlan. brief Display summary information about IP configuration settings for all ports.
Virtual Router Redundancy Protocol In a static default routed environment, all hosts are configured with a single default gateway. The router that owns this gateway IP address takes care of forwarding traffic from the LAN to the other networks. When an end station is statically configured with the address of the router that will handle its routed traffic, a single point of failure is introduced into the network.
Figure 17-257. Configuring a port for a VRRP Group Force10 #config Force10 (Config)#interface 1/0/2 Force10 (Interface 1/0/2)no shutdown Force10 (Interface 1/0/2)#routing Force10 (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 Force10 (Interface 1/0/2) 4. Assign a virtual router ID (VRID) (a VRRP group ID) to the port: Figure 17-258.
Page 274
4. Assign the same virtual router ID to the port as defined for Router 1. Force10 (Config)#interface 1/0/4 Force10 (Interface 1/0/4)#ip vrrp 20 5. Specify the virtual IP address that the VRRP function will recognize. Since the virtual IP address on port 1/0/4 is the same as Router 1’s port 1/0/2 actual IP address, this router will be the VRRP backup while Router 1 is active.
Troubleshooting This chapter describes how to identify and resolve software problems related to SFTOS on an S-Series switch. Unless otherwise noted, the term refers to a standalone switch and to a switch stack. switch Additional troubleshooting information, such as LED descriptions, is provided in the hardware installation guide.
Note: In SFTOS 2.3.1.9, these messages also appear when moving from the routing image to the switching image without resetting the configuration to factory defaults from the Boot Menu. This issue results from the use of unique flash file formats. Use one of the following procedures to resolve this condition: •...
Recovering from a Lost Password The default CLI user, , has read/write access, with no password until you create one. Once created, admin the only way to recover from a lost admin password is to reload the switch using factory defaults. See Restoring the System to the Factory Default Configuration on page Alternatively, if the user is not admin, then you can assign a new password to the user.
In addition to issuing the commands, use the show switch show stack show stack-port diag command to display communication statistics for the stacking ports: Figure 18-263. Using the show stack-port diag command Force10 S50 #show stack-port diag 1 - Stack Port A: RBYT:5fdd RPKT:53 TBYT:adf13 TPKT:8f2 RFCS:0 RFRG:0 RJBR:0 RUND:0 ROVR:0 TAGE:0 TABRT:0...
Page 279
When a local port connects to a remote port that does not support a speed of 1 Gbps, the speed on the local port may be shown as 100 full. The speed cannot be changed on the port if auto-negotiation is enabled, and the following error message will be reported (Note also that the following two figures display certain syslog messages because logging console 7...
Cleaning and Inspecting Optical Fibers (http:// www.pxit.com/pdf/whitepapers/Cleaning&Inspecting.pdf). Note: The Dell Force10 quality assurance team has verified cases in which a fully functional port appears to be a bad port due to dirty optical connectors. The port fails loop testing with acceptable power measurement levels.
Monitoring 10 GE Interfaces If a 10-Gigabit Ethernet (10-GE) interface does not reach a link up state, use the following steps: 1. Verify that you are using the correct XFP type. Optical specifications are available on the Dell Force10 website: http://www.force10networks.com/products/specifications.asp...
The routing software first looks for the destination MAC address in the ARP table, which it maintains. If it finds the address in the ARP table, it sends the packet to the Layer 2 application, which resolves it and finds the egress port from which to send it. If the software cannot find the destination in the ARP table, it sends an ARP request.
Page 283
Flow Control........Disable Stop Bits........1 Parity......... none 3. If you contact the Dell Force10 Technical Assistance Center, please have the following information: • How long did it take for the switch to show a response to a keystroke? Troubleshooting | 283...
Page 284
• Was the switch able to pass user traffic while the issue was occurring? • What was the LED status? (If the switch remains able to pass traffic, the port LEDs should continue to blink. In particular, during a broadcast storm, all of the port LEDs should be blinking.) •...
RFCs, MIBs, and Traps This appendix contains these sections: • IEEE Compliance • RFC Compliance on page 286 • SNMP-related RFCs on page 289 • Industry MIBs Supported by SFTOS on page 290 • Force 10 MIBs on page 291 •...
• GMRP — Dynamic L2 Multicast Registration • GVRP — Dynamic VLAN Registration RFC Compliance The following is a list of the RFCs supported by FTOS, listed by related protocol. The RFC categories under headings that include the parenthetical phrase “in Layer 3 Package only” are supported only in the Layer 3 Package (Routing) of SFTOS 2.5.1.
Used as a reference MIB for IANAipRouteProtocol, IANAipMRouteProtocol Textual Conventions. RFC 2271 — SNMP Framework power_ethernet.my Power over Ethernet Force 10 MIBs You can see this list of Dell Force10-specific MIBs in the report: show sysinfo Table A-10. Dell Force10-specific MIBs Description FORCE10-REF-MIB...
Page 292
F10OS-QOS-DIFFSERV-PRIVATE-MIB F10OS Flex QOS DiffServ Private MIBs' definitions sftos_power_ethernet.my Power over Ethernet Dell Force10 MIBs not listed in the output of the show sysinfo command: F10OS-DHCPSERVER-PRIVATE-MIB The Dell Force10 Private MIB for S-Series DHCP Server F10OS-OUTBOUNDTELNET-PRIVATE-M The Dell Force10 Private MIB for SFTOS Outbound Telnet...
SNMP Traps SNMP traps are the messages that are sent to designated trap receivers; they also appear in the report generated by the command, an abbreviated sample of which appears in show logging traplogs Figure A-269. A replication of the trap also appears in the System log, as described in Displaying the SNMP Trap Log on page 106.
Page 302
Remote Authentication Dial-In User Service RFC 783 (RADIUS) RFC 791 resetting the stack RFC 792 restore configuration to factory defaults RFC 793 Restoring the Configuration to Factory Defaults RFC 854 RFC 1058 RFC Compliance RFC 1112 RFC list RFC 1122 RFC list, supported RFC 1157 RFC1213-MIB...
Page 303
Running Configuration, Clearing show diffserv command output running-config and system-config files, managing show diffserv service brief command output show dot1q-tunnel command show dvlan-tunnel command show dvlan-tunnel l2pdu-forwarding command S2410 documentation show eventlog command interface managementethernet command show eventlog example snmp-server community command show garp command S50V switch show gmrp configuration command...
Page 304
show ip ssh command show slot command show lldp interface command show slot sample output show lldp local-device command show sntp client command show lldp neighbors command show sntp command show lldp remote-device command show sntp server command show logging buffered command show spanning-tree brief command show logging command show spanning-tree command...
Page 305
SNMP-COMMUNITY-MIB SSH keys SNMP-FRAMEWORK-MIB SSH2 Server Support SNMP-MPD-MIB SSHv2 SNMP-NOTIFICATION-MIB stack command snmp-server community command (S50) stack maximum snmp-server enable traps bcaststorm command stack member communication snmp-server enable traps linkmode command stack size limits snmp-server enable traps multiusers command stack VLANs snmp-server enable traps stpmode command Stackability Commands snmp-server traps enable command...
Page 306
TACACS+ server connection options tacacs-server host command Verifying Management Port Connectivity tagged command (VLAN) Verifying Management Port Network Tech Tips and FAQ, S-Series Verifying Switch Numbers and OS Version Telnet Viewing Software Version Telnet (RFC 854) Virtual LAN (VLAN) terminal emulation virtual router ID (VRID) terminal length command Virtual Router Redundancy Protocol (VRRP)