Download  Print this page

Dell Force10 C150 Configuration Manual

Ftos configuration guide ftos 8.4.2.7 e-series terascale, c-series, s-series (s50/s25)
Hide thumbs
   
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990

Advertisement

Quick Links

FTOS Configuration Guide
FTOS 8.4.2.7
E-Series TeraScale, C-Series,
S-Series (S50/S25)

Advertisement

loading

  Also See for Dell Force10 C150

  Related Manuals for Dell Force10 C150

  Summary of Contents for Dell Force10 C150

  • Page 1 FTOS Configuration Guide FTOS 8.4.2.7 E-Series TeraScale, C-Series, S-Series (S50/S25)
  • Page 2 Information in this publication is subject to change without notice. © 2012 Dell Force10. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. © 2012 Dell Inc. Trademarks used in this text: Dell(TM), the Dell logo, Dell Boomi(TM), Dell Precision(TM) , OptiPlex(TM), Latitude(TM), PowerEdge(TM), PowerVault(TM), PowerConnect(TM), OpenManage(TM), EqualLogic(TM), Compellent(TM), KACE(TM), FlexAddress(TM), Force10(TM) and Vostro(TM) are trademarks of Dell Inc.
  • Page 3: Table Of Contents

    1 About this Guide ..........33 Objectives .
  • Page 4 Change System Logging Settings ......... .63 Display the Logging Buffer and the Logging Configuration .
  • Page 5 6 802.3ah ............93 Link Layer OAM Overview .
  • Page 6 MAC Authentication Bypass ..........127 MAB in Single-host and Multi-Host Mode .
  • Page 7 Configuring BFD for VLANs ......... .198 Configuring BFD for Port-Channels .
  • Page 8 Boot Behavior ............286 When to Use CAM Profiling .
  • Page 9 Configuration Tasks ........... .314 Configure the System to be a DHCP Server .
  • Page 10 Enable Force10 Service Agent ......... . .348 Specify an SMTP Server for FTSA .
  • Page 11 Failure and Event Logging ......... . .392 Hot-lock Behavior .
  • Page 12 Configure Management Interfaces on the S-Series ......424 Displaying Information on a Management Interface ......425 VLAN Interfaces .
  • Page 13 ARP Learning via ARP Request ......... .474 Configurable ARP Retries .
  • Page 14 Clear IPv6 Routes ..........504 23 Intermediate System to Intermediate System .
  • Page 15 MAC Learning Limit ........... .562 mac learning-limit dynamic .
  • Page 16 Configuring Transmit and Receive Mode ........596 Configuring a Time to Live .
  • Page 17 View the Source-active Cache ........623 Limit the Source-active Cache .
  • Page 18 Multicast Policies ............665 IPv4 Multicast Policies .
  • Page 19 Enable OSPFv2 ...........705 Enable Multi-Process OSPF .
  • Page 20 Refusing Multicast Traffic ..........756 Sending Multicast Traffic .
  • Page 21 Create VLANs for an Office VOIP Deployment ......795 Configure LLDP-MED for an Office VOIP Deployment ..... .796 Configure Quality of Service for an Office VOIP Deployment .
  • Page 22 Configure Per-VLAN Spanning Tree Plus ........836 Related Configuration Tasks .
  • Page 23 Implementation Information ..........878 Configuration Information .
  • Page 24 Protection from TCP Tiny and Overlapping Fragment Attacks ....935 SCP and SSH ............935 Using SCP with SSH to copy a software image .
  • Page 25 Show sFlow Globally ..........976 Show sFlow on an Interface .
  • Page 26 Events that Bring Down a SONET Interface ....... .1013 SONET Port Recovery Mechanism ........1014 SONET MIB .
  • Page 27 Configuring Spanning Tree ..........1049 Related Configuration Tasks .
  • Page 28 Clearing a UFD-Disabled Interface ........1090 Displaying Uplink Failure Detection .
  • Page 29 VRRP Implementation ..........1129 VRRP version 3 .
  • Page 30 Save a hardware log to a file on the flash .......1176 Manual reload messages .
  • Page 31 Trace logs ............1214 Buffer full condition .
  • Page 33: About This Guide

    About this Guide Objectives This guide describes the protocols and features supported by the Dell Force10 Operating System (FTOS) and provides configuration instructions and examples for implementing them. It supports the system platforms E-Series, C-Series, and S-Series. The E-Series ExaScale platform is supported with FTOS version 8.1.1.0. and later.
  • Page 34: Conventions

    This symbol is a note associated with some other text on the page that is marked with an asterisk. Related Documents For more information about the Dell Force10 E-Series, C-Series, and S-Series refer to the following documents: • FTOS Command Reference •...
  • Page 35: Configuration Fundamentals

    Configuration Fundamentals The FTOS Command Line Interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is largely the same for the E-Series, C-Series, and S-Series with the exception of some commands and command outputs. The CLI is structured in modes for security and management purposes.
  • Page 36: Cli Modes

    CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (with the exception of EXEC mode commands preceded by the command The do Command on page 40). You can set user access rights to commands and command modes using privilege levels;...
  • Page 37: Navigating Cli Modes

    Figure 2-2. CLI Modes in FTOS EXEC EXEC Privilege CONFIGURATION ARCHIVE AS-PATH ACL INTERFACE GIGABIT ETHERNET 10 GIGABIT ETHERNET INTERFACE RANGE LOOPBACK MANAGEMENT ETHERNET NULL PORT-CHANNEL SONET VLAN VRRP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST LINE AUXILIARY CONSOLE VIRTUAL TERMINAL MAC ACCESS-LIST...
  • Page 38 Table 2-1. FTOS Command Modes Access Command CLI Command Mode Prompt EXEC FTOS> Access the router through the console or Telnet. enable EXEC Privilege FTOS# • From EXEC mode, enter the command • From any other mode, use the command CONFIGURATION FTOS(conf)# •...
  • Page 39 Table 2-1. FTOS Command Modes Access Command CLI Command Mode Prompt mac access-list standard STANDARD ACCESS- FTOS(config-std-macl)# LIST mac access-list extended EXTENDED ACCESS- FTOS(config-ext-macl)# LIST MULTIPLE FTOS(config-mstp)# protocol spanning-tree mstp SPANNING TREE Per-VLAN SPANNING FTOS(config-pvst)# protocol spanning-tree pvst TREE Plus ip prefix-list PREFIX-LIST FTOS(conf-nprefixl)#...
  • Page 40: The Do Command

    The do Command Enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, etc.) without returning to EXEC mode by preceding the EXEC mode command with the command Figure 2-4 illustrates the command. Note: The following commands cannot be modified by the command: , and enable, disable, exit...
  • Page 41: Obtaining Help

    Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the help command: • Enter at the prompt or after a keyword to list the keywords available in the current mode. •...
  • Page 42: Command History

    • The UP and DOWN arrow keys display previously entered commands (see Command History). • The BACKSPACE and DELETE keys erase the previous letter. • Key combinations are available to move quickly across the command line, as described in Table 2-2.
  • Page 43: Filtering Show Command Outputs

    Filtering show Command Outputs show except find grep | Filter the output of a command to display specific information by adding no-more | save after the command. The variable is the text for which you are specified_text specified_text ignore-case filtering and it IS case sensitive unless the sub-option is implemented.
  • Page 44: Multiple Users In Configuration Mode

    % Warning: User "<username>" on line vty0 "10.11.130.2" is in configuration mode If either of these messages appears, Dell Force10 recommends that you coordinate with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes.
  • Page 45: Getting Started

    Getting Started This chapter contains the following major sections: • Default Configuration on page 46 • Configure a Host Name on page 47 • Access the System Remotely on page 47 • Configure the Enable Password on page 50 • Configuration File Management on page 50 •...
  • Page 46: Default Configuration

    Figure 3-1. Completed Boot Process .*************. #### #######. ######## ####### ######### ######## ######## .#. ###### ###########. #### .##. ## ### #### ###. ### ### ### ### ### ### ## ### #### ### ######## *# -## ### ###### ### ## ######### ######## *# ### ## ## ###...
  • Page 47: Configure A Host Name

    Configure a Host Name force10 The host name appears in the prompt. The default host name is • Host names must start with a letter and end with a letter or digit. • Characters within the string can be letters, digits, and hyphens. To configure a host name: Step Task...
  • Page 48: Configure The Management Port Ip Address

    Configure the Management Port IP Address Assign IP addresses to the management ports in order to access the system remotely. Note: Assign different IP addresses to each RPM’s management port. To configure the management port IP address: Step Task Command Syntax Command Mode interface ManagementEthernet Enter INTERFACE mode for the...
  • Page 49: Access The S-Series Remotely

    7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Force10 system. Access the S-Series Remotely The S-Series does not have a dedicated management port nor a separate management routing table.
  • Page 50: Configure The Enable Password

    Compact Flash for the internal and external Flash memory. It has a space limitation but does not limit the number of files it can contain. Note: Using flash memory cards in the system that have not been approved by Dell Force10 can cause unexpected system behavior, including a reboot.
  • Page 51: Copy Files To And From The System

    Table 3-1. file-destination • To copy a remote file to Dell Force10 system, combine the syntax for a remote file location file-origin with the syntax for a local file location shown in Table 3-1.
  • Page 52: Save The Running-Configuration

    26292881 bytes successfully copied Save the Running-configuration The running-configuration contains the current system configuration. Dell Force10 recommends that you copy your running-configuration to the startup-configuration. The system uses the startup-configuration during boot-up to configure the system. The startup-configuration is stored in the internal flash on the primary RPM by default, but it can be saved onto an external flash (on an RPM) or a remote server.
  • Page 53: View Files

    Task Command Syntax Command Mode Save the running-configuration to: copy running-config startup-config the startup-configuration on the internal flash of the primary RPM copy running-config rpm flash://filename the internal flash on an RPM Note: The internal flash memories on the RPMs are synchronized whenever there is a change, but only if the RPMs are running the same version of FTOS.
  • Page 54: Command Syntax

    To view a list of files on the internal or external Flash: Step Task Command Syntax Command Mode View a list of files on: dir flash: the internal flash of an RPM EXEC Privilege dir slot: the external flash of an RPM The output of the command also shows the read/write privileges, size (in bytes), and date of modification for each file, as shown in...
  • Page 55: File System Management

    --More-- File System Management The Dell Force10 system can use the internal Flash, external Flash, or remote devices to store files. It stores files on the internal Flash by default but can be configured to store files elsewhere. To view file system information:...
  • Page 56: View Command History

    Figure 3-9, the default storage location is changed to the external Flash of the primary RPM. File management commands then apply to the external Flash rather than the internal Flash. Figure 3-9. Alternative Storage Location FTOS#cd slot0: FTOS#copy running-config test No File System Specified FTOS#copy run test 7419 bytes successfully copied...
  • Page 57: System Management

    System Management c e s System Management is supported on platforms: This chapter explains the different protocols or services used to manage the Dell Force10 system including: • Configure Privilege Levels on page 57 • Configure Logging on page 61 •...
  • Page 58: Removing A Command From Exec Mode

    A user can access all commands at his privilege level and below. Removing a command from EXEC mode Remove a command from the list of available commands in EXEC mode for a specific privilege level privilege exec using the command from CONFIGURATION mode.
  • Page 59 Task Command Syntax Command Mode privilege configure level level Allow access to INTERFACE, LINE, ROUTE-MAP, CONFIGURATION interface line route-map and/or ROUTER mode. Specify all keywords in the router command. command-keyword ||...|| command-keyword privilege configure interface Allow access to a CONFIGURATION, INTERFACE, CONFIGURATION line route-map...
  • Page 60 Figure 4-1. Create a Custom Privilege Level FTOS(conf)#do show run priv privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence privilege exec level 3 capture bgp-pdu privilege exec level 3 capture bgp-pdu max-buffer-size privilege configure level 3 line privilege configure level 3 interface FTOS(conf)#do telnet 10.11.80.201 [telnet output omitted]...
  • Page 61: Apply A Privilege Level To A Username

    Apply a Privilege Level to a Username To set a privilege level for a user: Task Command Syntax Command Mode Configure a privilege level for a user. CONFIGURATION username username privilege level Apply a Privilege Level to a Terminal Line To set a privilege level for a terminal line: Task Command Syntax...
  • Page 62: Log Messages In The Logging Buffer

    Log Messages in the Logging Buffer All error messages, except those beginning with %BOOTUP (Message 1), are log in the internal buffer. Message 1 BootUp Events %BOOTUP:RPM0:CP %PORTPIPE-INIT-SUCCESS: Portpipe 0 enabled Configuration Task List for System Log Management The following list includes the configuration tasks for system log management: •...
  • Page 63: Send System Messages To A Syslog Server

    Send System Messages to a Syslog Server Send system messages to a syslog server by specifying a server: Task Command Syntax Command Mode Specify the server to which you want to send system logging ip-address ipv6-address CONFIGURATION messages. You can configure up to eight syslog servers, hostname which may be IPv4 and/or IPv6 addressed.
  • Page 64: Display The Logging Buffer And The Logging Configuration

    Task Command Syntax Command Mode Specify the size of the logging buffer. logging buffered size CONFIGURATION Note: When you decrease the buffer size, FTOS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. logging history size Specify the number of messages that FTOS saves to its size...
  • Page 65 Figure 4-2. show logging Command Example FTOS#show logging syslog logging: enabled Console logging: level Debugging Monitor logging: level Debugging Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes) Trap logging: level Informational %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM.
  • Page 66: Configure A Unix Logging Facility Level

    Configure a UNIX Logging Facility Level Facility is a message tag used to describe the application or process that submitted the log message. You can save system log messages with a UNIX system logging facility: Command Syntax Command Mode Purpose logging facility [ facility-type CONFIGURATION...
  • Page 67: Synchronize Log Messages

    Synchronize Log Messages You can configure a terminal line to hold all logs until all command inputs and outputs are complete so that log printing does not interfere when you are performing management tasks. Log synchronization also filters system messages for a specific line based on severity level and limits number of messages that are printed at once.
  • Page 68: File Transfer Services

    File Transfer Services You can configure the system to transfer files over the network using File Transfer Protocol (FTP). Configuration Task List for File Transfer Services The following list includes the configuration tasks for file transfer services: • Enable FTP server on page 68 •...
  • Page 69: Terminal Lines

    Note: You cannot use the change directory ( cd ) command until ftp-server topdir is configured. show running-config ftp Display your FTP configuration using the command from EXEC Privilege mode, as shown in Figure 4-4. Configure FTP client parameters When the system will be an FTP client, configure FTP client parameters: Task Command Syntax Command Mode...
  • Page 70: Configure Login Authentication For Terminal Lines

    Figure 4-5. Applying an Access List to a VTY Line FTOS(config-std-nacl)#show config ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 FTOS(config-std-nacl)#line vty 0 FTOS(config-line-vty)#show config line vty 0 access-class myvtyacl FTOS Behavior: Prior to FTOS version 7.4.2.0, in order to deny access on a VTY line, you must apply an ACL and AAA authentication to the line.
  • Page 71: Time Out Of Exec Privilege Mode

    Step Task Command Syntax Command Mode If you used the line authentication password LINE method in the method list you applied to the terminal line, configure a password for the terminal line. line Figure 4-6 VTY lines 0-2 use a single authentication method, Figure 4-6.
  • Page 72: Telnet To Another Network Device

    Figure 4-7. Configuring EXEC Timeout FTOS(conf)#line con 0 FTOS(config-line-console)#exec-timeout 0 FTOS(config-line-console)#show config line console 0 exec-timeout 0 0 FTOS(config-line-console)# Telnet to Another Network Device To telnet to another device: Task Command Syntax Command Mode telnet-peer-rpm Telnet to the peer RPM. You do not need to configure the management EXEC Privilege port on the peer RPM to be able to telnet to it.
  • Page 73: Viewing The Configuration Lock Status

    A two types of locks can be set: auto and manual. configuration mode exclusive auto • Set an auto-lock using the command from CONFIGURATION mode. When you set an auto-lock, every time a user is in CONFIGURATION mode all other users are denied access.
  • Page 74: Recovering From A Forgotten Password

    send command You can then send any user a message using the from EXEC Privilege mode. Alternatively clear you can clear any line using the command from EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode. Recovering from a Forgotten Password If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter.
  • Page 75: Recovering From A Forgotten Enable Password

    Step Task Command Syntax Command Mode Figure 4-12. Renaming the startup-config RPM0-CP BOOT_ADMIN # dir flash: Directory of flash: 1 -rwx 11407411 Jun 09 2004 09:38:40 FTOS-EE3-5.3.1.1.bin 2 -rwx 4977 Jun 09 2004 09:38:38 startup-config.bak Reload the system. reload BOOT_ADMIN Copy startup-config.bak to the copy flash://startup-config.bak EXEC Privilege...
  • Page 76: Recovering From A Forgotten Password On S-Series

    Step Task Command Syntax Command Mode Save the running-config to the copy running-config startup-config EXEC Privilege startup-config. The startup-config files on both RPMs will be synchronized. Recovering from a Forgotten Password on S-Series If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter.
  • Page 77: Recovering From A Failed Start

    Recovering from a Failed Start A system that does not start correctly might be attempting to boot from a corrupted FTOS image or from a incorrect location. To resolve the problem, you can restart the system and interrupt the boot process to boot change point the system to another boot location by using the command, as described below.
  • Page 78 boot change boot system Very similar to the options of the command, the command is available in CONFIGURATION mode on the C-Series and E-Series to set the boot parameters that, when saved to the startup configuration file, are stored in NVRAM and are then used routinely: Task Command Syntax Command Mode...
  • Page 79: Ethernet Cfm

    802.1ag 802.1ag is available only on platform: Ethernet Operations, Administration, and Maintenance (OAM) is a set of tools used to install, monitor, troubleshoot and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: 1. Service Layer OAM: IEEE 802.1ag Connectivity Fault Management (CFM) 2.
  • Page 80: Maintenance Domains

    There is a need for Layer 2 equivalents to manage and troubleshoot native Layer 2 Ethernet networks. With these tools, you can identify, isolate, and repair faults quickly and easily, which reduces operational cost of running the network. OAM also increases availability and reduces mean time to recovery, which allows for tighter service level agreements, resulting in increased revenue for the service provider.
  • Page 81: Maintenance End Points

    MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP: monitors the forwarding path internal to an bridge on the customer or provider edge; on Dell Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine. •...
  • Page 82: Implementation Information

    Implementation Information • Since the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configure CFM Configuring CFM is a five-step process: cam-acl 1. Configure the ecfmacl CAM region using the command.
  • Page 83: Enable Ethernet Cfm

    Enable Ethernet CFM Task Command Syntax Command Mode ethernet cfm Spawn the CFM process. No CFM configuration is CONFIGURATION allowed until the CFM process is spawned. disable Disable Ethernet CFM without stopping the CFM ETHERNET CFM process. Create a Maintenance Domain Connectivity Fault Management (CFM) divides a network into hierarchical maintenance domains, as shown in Figure...
  • Page 84: Create A Maintenance Association

    MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP: monitors the forwarding path internal to an bridge on the customer or provider edge; on Dell Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine. •...
  • Page 85: Create A Maintenance Intermediate Point

    Task Command Syntax Command Mode FTOS#show ethernet cfm maintenance-points local mep ------------------------------------------------------------------------------- MPID Domain Name Level Type Port CCM-Status MA Name VLAN ------------------------------------------------------------------------------- cfm0 Gi 4/10 Enabled test0 DOWN 00:01:e8:59:23:45 cfm1 Gi 4/10 Enabled test1 DOWN 00:01:e8:59:23:45 cfm2 Gi 4/10 Enabled test2 DOWN...
  • Page 86 • MIP Database (MIP-DB): Every MIP must maintain a database of all other MEPs in the MA that have announced their presence via CCM Task Command Syntax Command Mode show ethernet cfm maintenance-points remote detail active Display the MEP Database. EXEC Privilege domain expired...
  • Page 87: Continuity Check Messages

    Continuity Check Messages Continuity Check Messages (CCM) are periodic hellos used to: • discover MEPs and MIPs within a maintenance domain • detect loss of connectivity between MEPs • detect misconfiguration, such as VLAN ID mismatch between MEPs • to detect unauthorized MEPs in a maintenance domain Continuity Check Messages (CCM) are multicast Ethernet frames sent at regular intervals from each MEP.
  • Page 88: Enable Ccm

    Enable CCM Step Task Command Syntax Command Mode no ccm disable Enable CCM. ECFM DOMAIN Default: Disabled ccm transmit-interval seconds Configure the transmit interval (mandatory). ECFM DOMAIN Default: 10 seconds The interval specified applies to all MEPs in the domain. Enable Cross-checking Task Command Syntax...
  • Page 89: Link Trace Cache

    Figure 5-4. Linktrace Message and Response MPLS Core Link trace messages carry a unicast target address (the MAC address of an MIP or MEP) inside a multicast frame. The destination group address is based on the MD level of the transmitting MEP (01:80:C2:00:00:3[8 to F]).
  • Page 90: Enable Cfm Snmp Traps

    Task Command Syntax Command Mode FTOS#show ethernet cfm traceroute-cache Traceroute to 00:01:e8:52:4a:f8 on Domain Customer2, Level 7, MA name Test2 with VLAN 2 ------------------------------------------------------------------------------ Hops Host IngressMAC Ingr Action Relay Action Next Host Egress MAC Egress Action FWD Status ------------------------------------------------------------------------------ 00:00:00:01:e8:53:4a:f8 00:01:e8:52:4a:f8 IngOK...
  • Page 91: Display Ethernet Cfm Statistics

    Three values are given within the trap messages: MD Index, MA Index, and MPID. You can reference show ethernet cfm domain show ethernet cfm maintenance-points these values against the output of local mep FTOS#show ethernet cfm maintenance-points local mep ------------------------------------------------------------------------------- MPID Domain Name Level...
  • Page 92 Task Command Syntax Command Mode Display CFM statistics by port. show ethernet cfm port-statistics interface EXEC Privilege FTOS#show ethernet cfm port-statistics interface gigabitethernet 0/5 Port statistics for port: Gi 0/5 ================================== RX Statistics ============= Total CFM Pkts 75394 CCM Pkts 75394 LBM Pkts 0 LTM Pkts 0 LBR Pkts 0 LTR Pkts 0 Bad CFM Pkts 0 CFM Pkts Discarded 0...
  • Page 93: Link Layer Oam Overview

    802.3ah 802.3ah is available only on platform: A metropolitan area network (MAN) is a set of LANs, geographically separated but managed by a single entity. If the distance is large—across a city, for example—connectivity between LANs is managed by a service provider.
  • Page 94: Link Layer Oampdus

    • Remote Loopback—directs the remote system to reflects back frames that the local system transmits so that an administrator can isolate a fault. • Remote Failure Indication—notifies a peer of a critical link event. Link Layer OAMPDUs Link Layer OAM is conducted using OAMPDUs, shown in Figure 6-1.
  • Page 95: Link Layer Oam Operational Modes

    Link Layer OAM Operational Modes When participating in EFM OAM, system may operate in active or passive mode. • Active mode—Active mode systems initiate discovery. Once the Discovery process completes, they can send any OAMPDU while connected to a peer in Active mode, and a subset of OAMPDUs if the peer is in Passive mode (see Table 6-1).
  • Page 96: Link Layer Oam Events

    Link Layer OAM Events Link Layer OAM defines a set of events that may impact link operation, and monitors the link for those events. If an event occurs, the detecting system notifies its peer. There are two types of events: •...
  • Page 97: Configure Link Layer Oam

    Configure Link Layer OAM Configuring Link Layer OAM is a two-step process: 1. Enable Link Layer OAM. See page 97. 2. Enable any or all of the following: Link Performance Event Monitoring on page 99 Remote Failure Indication on page 102 Remote Loopback on page 103 Related Configuration Tasks •...
  • Page 98 Task Command Syntax Command Mode FTOS# show ethernet oam discovery interface <interface-name> Output format: <interface name> Local client __________ Administrative configurations: Mode:active Unidirection:not supported Link monitor:supported (on) Remote loopback:not supported MIB retrieval:not supported Mtu size:1500 Operational status: Port status:operational Loopback status:no loopback PDU permission:any PDU revision:1 Remote client...
  • Page 99: Adjust The Oampdu Transmission Parameters

    Adjust the OAMPDU Transmission Parameters Task Command Syntax Command Mode ethernet oam max-rate value min-rate value Specify a the maximum or minimum INTERFACE number of OAMPDUs to be sent per Range: 1-10 second. Default: 10 ethernet oam mode active passive Set the transmission mode to active or INTERFACE passive.
  • Page 100: Set Threshold Values

    Set Threshold Values The available pre-defined errors fall under two categories: • Symbol Errors—a symbol is an (electrical or optical) pulse on the physical medium that represents one or more bits. A symbol error occurs when a symbol degrades in transit so that the receiver is not able to decode it.
  • Page 101 Frame Errors per Second Task Command Syntax Command Mode ethernet oam link-monitor frame threshold high Specify the high threshold value for INTERFACE none frame errors, or disable the high frames threshold. Range: 1-65535 Default: None ethernet oam link-monitor frame threshold low frames Specify the low threshold for frame INTERFACE errors.
  • Page 102: Execute An Action Upon Exceeding The High Threshold

    Task Command Syntax Command Mode ethernet oam link-monitor frame-seconds window Specify the time period for error INTERFACE milliseconds second per time period condition. Range: 100-900, in multiples of 100 Default: 1000 milliseconds Execute an Action upon Exceeding the High Threshold When an error exceeds the low threshold, an event notification is sent to the peer.
  • Page 103: Remote Loopback

    Remote Loopback An active-mode device can place a passive peer into loopback mode by sending a Loopback Control OAMPDU. When in loopback mode: • the remote peer returns unaltered all non-OAMPDU frames sent by the local peer, and • all outbound data frames are discarded. Note: Control traffic egresses from loopback initiator and from interface in loopback mode.
  • Page 104: Display Link Layer Oam Configuration And Statistics

    Display Link Layer OAM Configuration and Statistics Task Command Syntax Command Mode show ethernet oam status interface interface Display Link Layer OAM status per EXEC Privilege interface. FTOS# show ethernet oam status interface <interface-name> Output Format : <interface-name> General ______ Mode:active PDU max rate:10 packets per second PDU min rate:1 packet per second...
  • Page 105 Task Command Syntax Command Mode FTOS# show ethernet oam statistics interface <interface-name> <interface-name> Counters: _________ Information OAMPDU Tx: 3439489 Information OAMPDU Rx: 9489 Unique Event Notification OAMPDU Tx: 0 Unique Event Notification OAMPDU x: 0 Duplicate Event Notification OAMPDU Tx: 0 Duplicate Event Notification OAMPDU Rx: 0 Loopback Control OAMPDU Tx: 0 Loopback Control OAMPDU Rx: 2...
  • Page 106: Manage Link Layer Oam

    Manage Link Layer OAM Enable MIB Retrieval Support/Function IEEE 802.3ah defines the Link OAM MIB in Sec 30A.20, “OAM entity managed object class”; all of the objects described there are supported. Note that 802.3ah does not include the ability to set/write remote MIB variables.
  • Page 107: Protocol Overview

    802.1X c e s 802.1X is supported on platforms: This chapter has the following sections: • Protocol Overview on page 107 • Configuring 802.1X on page 111 • Important Points to Remember on page 112 • Enabling 802.1X on page 112 •...
  • Page 108 (typically RADIUS) via a mandatory intermediary network access device, in this case, a Dell Force10 switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP over Ethernet (EAPOL) to communicate with the end-user device and EAP over RADIUS to communicate with the server.
  • Page 109: The Port-Authentication Process

    The authenticator changes the port state to authorized if the server can authenticate the supplicant. In this state, network traffic can be forwarded normally. Note: The Dell Force10 switches place 802.1X-enabled ports in the unauthorized state by default. The Port-authentication Process...
  • Page 110: Eap Over Radius

    Figure 7-2. 802.1X Authentication Process Authentication Supplicant Authenticator Server EAP over LAN (EAPOL) EAP over RADIUS Request Identity Response Identity Access Request Access Challenge EAP Request EAP Reponse Access Request Access {Accept | Reject} EAP {Sucess | Failure} EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579.
  • Page 111: Configuring 802.1X

    RADIUS Attributes for 802.1 Support Dell Force10 systems includes the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Table 7-1. 802.1X Supported RADIUS Attributes Attribute Name Description User-Name the name of the supplicant to be authenticated. NAS-IP-Address NAS-Port the physical port number by which the authenticator is connected to the supplicant.
  • Page 112: Important Points To Remember

    Important Points to Remember • FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • On E-Series ExaScale, if the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
  • Page 113 To enable 802.1X: Step Task Command Syntax Command Mode dot1x authentication Enable 802.1X globally. CONFIGURATION interface range Enter INTERFACE mode on an interface or a range of INTERFACE interfaces. dot1x authentication Enable 802.1X on an interface or a range of interfaces. INTERFACE show running-config | find Verify that 802.1X is enabled globally and at interface level using the command...
  • Page 114: Configuring Request Identity Re-Transmissions

    Configuring Request Identity Re-transmissions If the authenticator sends a Request Identity frame, but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits are configurable. Note: There are several reasons why the supplicant might fail to respond;...
  • Page 115: Forcibly Authorizing Or Unauthorizing A Port

    Figure 7-7 shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame: • After 90 seconds and a maximum of 10 times for an unresponsive supplicant • Re-transmits an EAP Request Identity frame Figure 7-7. Configuring a Request Identity Re-transmissions FTOS(conf-if-range-gi-2/1)#dot1x tx-period 90 FTOS(conf-if-range-gi-2/1)#dot1x max-eap-req 10 FTOS(conf-if-range-gi-2/1)#dot1x quiet-period 120...
  • Page 116: Re-Authenticating A Port

    To place a port in one of these three states: Step Task Command Syntax Command Mode dot1x port-control force-authorized Place a port in the ForceAuthorized, INTERFACE force-unauthorized auto ForceUnauthorized, or Auto state. Default: auto Figure 7-8 shows configuration information for a port that has been force-authorized. Figure 7-8.
  • Page 117: Configuring Timeouts

    To configure a maximum number of re-authentications: Step Task Command Syntax Command Mode dot1x reauth-max number Configure the maximum number of INTERFACE times that the supplicant can be Range: 1-10 reauthenticated. Default: 2 Figure 7-9. Configuring a Reauthentiction Period FTOS(conf-if-gi-2/1)#dot1x reauthentication interval 7200 FTOS(conf-if-gi-2/1)#dot1x reauth-max 10 FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.1x information on Gi 2/1:...
  • Page 118 To terminate the authentication process due to an unresponsive authentication server: Step Task Command Syntax Command Mode dot1x server-timeout seconds Terminate the authentication process due to an INTERFACE unresponsive authentication server. Range: 1-300. Default: 30 dot1x server-timeout Note: When you configure the value, you must take into account the communication medium used to dot1x communicate with an authentication server and the number of RADIUS servers configured.
  • Page 119: Dynamic Vlan Assignment With Port Authentication

    The dynamic VLAN assignment is based on RADIUS attribute 81, Tunnel-Private-Group-ID, and uses the following standard dot1x procedure: 1. The host sends a dot1x packet to the Dell Force10 system. 2. The system forwards a RADIUS REQUEST packet containing the host MAC address and ingress port number.
  • Page 120 Figure 7-11 shows the configuration on a Dell Force10 switch that uses dynamic VLAN assignment with 802.1X before you connect the end-user device (black and blue text), and after you connect the device (red text). The blue text corresponds to the numbered steps on page 119. Note that the GigabitEthernet 1/11 port, on which dynamic VLAN assignment with 802.1X is configured, is initially an untagged member of VLAN...
  • Page 121: Guest And Authentication-Fail Vlans

    Guest and Authentication-Fail VLANs Typically, the authenticator (Dell Force10 system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured, or the VLAN that the authentication server indicates in the authentication data.
  • Page 122: Configuring An Authentication-Fail Vlan

    Configuring an Authentication-Fail VLAN If the supplicant fails authentication, the authenticator re-attempts to authenticate after a specified amount of time (30 seconds by default, see Configuring a Quiet Period after a Failed Authentication on page 114). You can configure the maximum number of times the authenticator re-attempts authentication after a failure (3 by default), after which the port is placed in the Authentication-fail VLAN.
  • Page 123: Multi-Host Authentication

    Multi-Host Authentication Multi-Host Authentication is available on platforms: 802.1x assumes that a single end-user is connected to a single authenticator port, as shown in Figure 7-15; this one-to-one mode of authentication is called Single-host mode. If multiple end-users are connected to the same port, a many-to-one configuration, only the first end-user to respond to the identity request is authenticated.
  • Page 124 When the host mode is changed on a port that is already authenticated: • Single-host to Multi-host: all devices attached to the port that were previously blocked may access the network; the supplicant does not re-authenticate. • Multi-host to Single-host: the port restarts the authentication process, and the first end-user to respond is authenticated and allowed access.
  • Page 125: Multi-Supplicant Authentication

    Task Command Syntax Command Mode dot1x host-mode single-host Configure Single-host Authentication mode on a port. INTERFACE FTOS(conf-if-gi-2/1)#dot1x port-control force-authorized FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.1x information on Gi 2/1: ----------------------------- Dot1x Status: Enable Port Control: FORCE_AUTHORIZED Port Auth Status: UNAUTHORIZED Re-Authentication: Disable...
  • Page 126 During the authentication process, the Dell Force10 system is able to learn the MAC address of the device though the EAPoL frames, and the VLAN assignment from the RADIUS server. With this information it creates an authorized-MAC to VLAN mapping table per port. Then, the system can tag all incoming untagged frames with the appropriate VLAN-ID based on the table entries.
  • Page 127: Mac Authentication Bypass

    MAC Authentication Bypass MAC Authentication Bypass is supported on platforms: MAC Authentication Bypass (MAB) enables you to provide MAC-based security by allowing only known MAC addresses within the network using a RADIUS server. 802.1X-enabled clients can authenticate themselves using the 802.1X protocol. Other devices that do not use 802.1X—like IP phones, printers, and IP fax machines—still need connectivity to the network.
  • Page 128: Mab In Single-Host And Multi-Host Mode

    MAB in Single-host and Multi-Host Mode In single-host and multi-host mode, the switch attempts to authenticate a supplicant using 802.1X. If 802.1X times out because the supplicant does not respond to the Request Identity frame and MAB is enabled, the switch attempts to authenticate the first MAC it learns on the port. Subsequently, for single-host mode, traffic from all other MACs is dropped;...
  • Page 129 Step Task Command Syntax Command Mode (Optional) Use MAB authentication only— dot1x auth-type mab-only INTERFACE do not use 802.1X authentication first. If MAB fails the port or the MAC address is blocked, the port is placed in the guest VLAN (if configured). 802.1x authentication is not even attempted.
  • Page 130: Dynamic Cos With 802.1X

    VLAN and priority values are automatically applied to incoming packets. The RADIUS server finds the appropriate record based on the supplicant’s credentials and sends the priority re-mapping table to the Dell Force10 system by including Attribute 59 in the AUTH-ACCEPT packet. 802.1X...
  • Page 131 FTOS Behavior: The following conditions are applied to the use of dynamic CoS with 802.1X authentication on C-Series and S-Series platforms: • In accordance with port-based QoS, incoming dot1p values can be mapped to only four priority values: 0, 2, 4, and 6.
  • Page 132 802.1X...
  • Page 133: Ip Access Control Lists (Acl), Prefix Lists, And Route-Maps

    IP Access Control Lists (ACL), Prefix Lists, and Route-maps c e s IP Access Control Lists, Prefix Lists, and Route-maps are supported on platforms: c e s Ingress IP ACLs are supported on platforms: Egress IP ACLs are supported on platform: Overview At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based on MAC and/or IP addresses.
  • Page 134: Ip Access Control Lists (Acls)

    IP Access Control Lists (ACLs) In the Dell Force10 switch/routers, you can create two different types of IP ACLs: standard or extended. A standard ACL filters packets based on the source IP packet. An extended ACL filters traffic based on the following criteria (for more information on ACL supported options see the FTOS Command Reference): •...
  • Page 135 CAM optimization is supported on platforms CAM Profiling CAM optimization is supported on platforms CAM profiling for ACLs is supported on E-Series TeraScale only. For complete information regarding E-Series TeraScale CAM profiles and configuration, refer to Chapter 11, Content Addressable Memory.
  • Page 136: Cam Optimization

    cam-acl Allocate space for IPV6 ACLs on the C-Series by using the command in CONFIGURATION mode. The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. Note that there are 16 FP blocks, but the System Flow requires 3 blocks that cannot be reallocated. The default CAM Allocation settings on a C-Series matching are: •...
  • Page 137: Implementing Acls On Ftos

    Figure 8-1. Command Example: test cam-usage (C-Series) FTOS#test cam-usage service-policy input TestPolicy linecard all Linecard | Portpipe | CAM Partition | Available CAM | Estimated CAM per Port | Status ------------------------------------------------------------------------------------------ 1 | IPv4Flow 232 | Allowed 1 | IPv6Flow 0 | Allowed 0 | IPv4Flow 232 |...
  • Page 138: Ip Fragment Handling

    Standard and Extended ACLs take up the same amount of CAM space. A single ACL rule uses 2 CAM entries whether it is identified as a Standard or Extended ACL. Determine the order in which ACLs are used to classify traffic service-queue When you link class-maps to queues using the command , FTOS matches the class-maps...
  • Page 139: Ip Fragments Acl Examples

    • Second and subsequent fragments are allowed because a Layer 4 rule cannot be applied to these fragments. If the packet is to be denied eventually, the first fragment would be denied and hence the packet as a whole cannot be reassembled. •...
  • Page 140: Configure A Standard Ip Acl

    In the following, TCP packets that are first fragments or non-fragmented from host 10.1.1.1 with TCP destination port equal to 24 are permitted. Additionally, all TCP non-first fragments from host 10.1.1.1 are permitted. All other IP packets that are non-first fragments are denied. FTOS(conf)#ip access-list extended ABC FTOS(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24 FTOS(conf-ext-nacl)#permit tcp host 10.1.1.1 any fragment...
  • Page 141 A standard IP ACL uses the source IP address as its match criterion. Note: On E-Series ExaScale systems, TCP ACL flags are not supported in standard or extended ACLs with IPv6 microcode. An error message is shown if IPv6 microcode is configured and an ACL is entered with a TCP filter included.
  • Page 142 Figure 8-4. Command example: seq FTOS(config-std-nacl)#seq 25 deny ip host 10.5.0.0 any log FTOS(config-std-nacl)#seq 15 permit tcp 10.3.0.0 /16 any FTOS(config-std-nacl)#show config ip access-list standard dilling seq 15 permit tcp 10.3.0.0/16 any seq 25 deny ip host 10.5.0.0 any log FTOS(config-std-nacl)# no seq To delete a filter, use the...
  • Page 143: Configure An Extended Ip Acl

    Figure 8-6. Command Example: show ip accounting access-list FTOS#show ip accounting access example interface gig 4/12 Extended IP access list example seq 10 deny tcp any any eq 111 seq 15 deny udp any any eq 111 seq 20 deny udp any any eq 2049 seq 25 deny udp any any eq 31337 seq 30 deny tcp any any range 12345 12346 seq 35 permit udp host 10.21.126.225 10.4.5.0 /28...
  • Page 144 Step Command Syntax Command Mode Purpose seq sequence-number deny CONFIG-EXT-NACL Configure a drop or forward filter. permit log and monitor options are supported on ip-protocol-number • E-Series only. icmp | ip | tcp | udp host source mask ip-address destination mask host ip-address operator count...
  • Page 145 When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order. Note: When assigning sequence numbers to filters, keep in mind that you might need to insert a new filter.
  • Page 146: Established Flag

    Figure 8-8 illustrates an extended IP ACL in which the sequence numbers were assigned by the software. The filters were assigned sequence numbers based on the order in which they were configured (for show config example, the first filter was given the lowest sequence number). The command in the IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10.
  • Page 147: Assign An Ip Acl To An Interface

    If a rule is simply appended, existing counters are not affected. Table 8-2. L2 and L3 ACL Filtering on Switched Packets L2 ACL Behavior L3 ACL Behavior Decision on Targeted Traffic Deny Deny Denied by L3 ACL Deny Permit Permitted by L3 ACL Permit Deny Denied by L2 ACL...
  • Page 148: Counting Acl Hits

    To apply an IP ACL (standard or extended) to a physical or port channel interface, use these commands in the following sequence in the INTERFACE mode: Step Command Syntax Command Mode Purpose interface interface slot/port CONFIGURATION Enter the interface number. ip address ip-address INTERFACE...
  • Page 149: Configuring Ingress Acls

    Step Task View the number of packets matching the ACL using the show ip accounting access-list from EXEC Privilege mode. Configuring Ingress ACLs Ingress ACLs are applied to interfaces and to traffic entering the system.These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler implementation.
  • Page 150: Egress Layer 3 Acl Lookup For Control-Plane Ip Traffic

    An egress ACL is used when users would like to restrict egress traffic. For example, when a DOS attack traffic is isolated to one particular interface, you can apply an egress ACL to block that particular flow from exiting the box, thereby protecting downstream devices. ip access-group To create an egress ACLs, use the command...
  • Page 151: Configuring Acls To Loopback

    FTOS Behavior: VRRP hellos and IGMP packets are not affected when egress ACL filtering for CPU traffic is enabled. Packets sent by the CPU with the source address as the VRRP virtual IP address have the interface MAC address instead of VRRP virtual MAC address. Configuring ACLs to Loopback ACLs can be supplied on Loopback interfaces supported on platform...
  • Page 152 Step Command Syntax Command Mode Purpose seq number permit CONFIGURATION If you are applying an extended ACL, and it has loopback-logging any any a deny ip any any entry, this entry denies internally generated packets as well as packets received from external devices. To prevent internally generated packets from being dropped, make sure that the ACL you intend to apply has seq number...
  • Page 153: Ip Prefix Lists

    IP Prefix Lists c e s Prefix Lists are supported on platforms: IP prefix lists control routing policy. An IP prefix list is a series of sequential filters that contain a matching criterion (examine IP route prefix) and an action (permit or deny) to process routes. The filters are processed in sequence so that if a route prefix does not match the criterion in the first filter, the second filter (if configured) is applied.
  • Page 154: Configure A Prefix List

    The following list includes the configuration tasks for prefix lists: • Configure a prefix list on page 154 • Use a prefix list for route redistribution on page 156 For a complete listing of all commands related to prefix lists, refer to the FTOS Command Line Interface document.
  • Page 155 If you are creating a standard prefix list with only one or two filters, you can let FTOS assign a sequence number based on the order in which the filters are configured. The FTOS assigns filters in multiples of five. To configure a filter without a specified sequence number, use these commands in the following sequence starting in the CONFIGURATION mode: Step...
  • Page 156: Use A Prefix List For Route Redistribution

    Figure 8-15. Command example: show ip prefix-list detail FTOS>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0) seq 6 deny 2.1.0.0/16 ge 23 (hit count: 0) seq 10 permit 0.0.0.0/0 le 32 (hit count: 0) ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10...
  • Page 157: Acl Resequencing

    Figure 8-17. Command Example: show config in the ROUTER RIP Mode FTOS(conf-router_rip)#show config router rip distribute-list prefix juba out network 10.0.0.0 FTOS(conf-router_rip)#router ospf 34 To apply a filter to routes in OSPF, use either of the following commands in the ROUTER OSPF mode: Command Syntax Command Mode Purpose...
  • Page 158: Resequencing An Acl Or Prefix List

    IPv4 and IPv6 ACLs and prefixes and MAC ACLs can be resequenced. No CAM writes happen as a result of resequencing, so there is no packet loss; the behavior is like Hot-lock ACLs. Note: ACL Resequencing does not affect the rules or remarks or the order in which they are applied. It merely renumbers them so that new rules can be placed within the list as desired.
  • Page 159 Figure 8-19. Resequencing ACLs FTOS(config-ext-nacl)# show config ip access-list extended test remark remark this remark corresponds to permit any host 1.1.1.1 permit ip any host 1.1.1.1 remark remark this remark corresponds to permit ip any host 1.1.1.2 permit ip any host 1.1.1.2 permit ip any host 1.1.1.3 permit ip any host 1.1.1.4 FTOS# end...
  • Page 160: Route Maps

    Figure 8-20. Resequencing Remarks FTOS(config-ext-nacl)# show config ip access-list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1.1.1.1 seq 5 permit ip any host 1.1.1.1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4...
  • Page 161: Configuration Task List For Route Maps

    Important Points to Remember • For route-maps with more than one match clause: • Two or more match clauses within the same route-map sequence have the same match commands (though the values are different), matching a packet against these clauses is a logical OR operation. •...
  • Page 162 show config To view the configuration, use the command in the ROUTE-MAP mode (Figure 8-21). Figure 8-21. Command Example: show config in the ROUTE-MAP Mode FTOS(config-route-map)#show config route-map dilling permit 10 FTOS(config-route-map)# You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order.
  • Page 163: Configure Route Map Filters

    Figure 8-24. Command Example: show route-map FTOS#show route-map dilling route-map dilling, permit, sequence 10 Match clauses: Set clauses: route-map dilling, permit, sequence 15 Match clauses: interface Loopback 23 Set clauses: 3444 FTOS# no route-map To delete a route map, use the command in the CONFIGURATION mode.
  • Page 164 Also, if there are different instances of the same route-map, then it’s sufficient if a permit match happens in any instance of that route-map. As an example: FTOS(conf)#route-map force permit 10 FTOS(config-route-map)#match tag 1000 FTOS(conf)#route-map force deny 20 FTOS(config-route-map)#match tag 1000 FTOS(conf)#route-map force deny 30 FTOS(config-route-map)#match tag 1000 In the above route-map, instance 10 permits the route having a tag value of 1000 and instances 20 &...
  • Page 165 Command Syntax Command Mode Purpose match ip address CONFIG-ROUTE-MAP Match destination routes specified in a prefix list prefix-list-name (IPv4). match ipv6 address CONFIG-ROUTE-MAP Match destination routes specified in a prefix list prefix-list-name (IPv6). match ip next-hop CONFIG-ROUTE-MAP Match next-hop routes specified in a prefix list | prefix-list (IPv4).
  • Page 166: Configure A Route Map For Route Redistribution

    Command Syntax Command Mode Purpose set ipv6 next-hop ip-address CONFIG-ROUTE-MAP Assign an IPv6 address as the route’s next hop. set origin { egp | igp | incomplete } CONFIG-ROUTE-MAP Assign an ORIGIN attribute. set tag tag-value CONFIG-ROUTE-MAP Specify a tag for the redistributed routes. set weight value CONFIG-ROUTE-MAP...
  • Page 167: Configure A Route Map For Route Tagging

    router ospf 34 default-information originate metric-type 1 redistribute static metric 20 metric-type 2 tag 0 route-map staticospf route-map staticospf permit 10 match interface GigabitEthernet 0/0 match metric set level backbone Configure a route map for route tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol.
  • Page 168 Figure 8-27. Command Example: continue route-map test permit 10 match commu comm-list1 set community 1:1 1:2 1:3 set as-path prepend 1 2 3 4 5 continue 30! IP Access Control Lists (ACL), Prefix Lists, and Route-maps...
  • Page 169: Bidirectional Forwarding Detection

    BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Force10 routers, sessions are maintained by BFD Agents that reside on the line card, which frees resources on the RPM. Only session state changes are reported to the BFD Manager (on the RPM), which in turn notifies the routing protocols that are registered with it.
  • Page 170: How Bfd Works

    How BFD Works Two neighboring systems running BFD establish a session using a three-way handshake. After the session has been established, the systems exchange control packets at agreed upon intervals. In addition, systems send a control packet anytime there is a state change or change in a session parameter; these control packets are sent without regard to transmit and receive intervals.
  • Page 171 Figure 9-1. BFD in IPv4 Packet Format Bidirectional Forwarding Detection | 171...
  • Page 172: Field Description

    Table 9-1. BFD Packet Fields Field Description Diagnostic Code The reason that the last session failed. State The current local session state. See sessions. Flag A bit that indicates packet function. If the poll bit is set, the receiving system must respond as soon as possible, without regard to its transmit interval.
  • Page 173 BFD sessions BFD must be enabled on both sides of a link in order to establish a session. The two participating systems can assume either of two roles: • Active—The active system initiates the BFD session. Both systems can be active for the same session. •...
  • Page 174 handshake. At this point, the discriminator values have been exchanged, and the transmit intervals have been negotiated. 4. The passive system receives the control packet, changes its state to Up. Both systems agree that a session has been established. However, since both members must send a control packet—that requires a response—anytime there is a state change or change in a session parameter, the passive system sends a final response indicating the state change.
  • Page 175: Configuring Bidirectional Forwarding Detection

    Figure 9-3. BFD State Machine current session state Up, Admin Down, Timer the packet received Down Init Down Admin Down, Admin Down, Timer Down, Timer Down Up, Init Init Init, Up Important Points to Remember • BFD for line card ports is hitless, but is not hitless for VLANs since they are instantiated on the RPM. •...
  • Page 176: Configuring Bfd For Physical Ports

    Configuring BFD for Physical Ports BFD on physical ports is useful when no routing protocol is enabled. Without BFD, if the remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet. When BFD is enabled, the local system removes the route as soon as it stops receiving periodic control packets from the remote system.
  • Page 177 Figure 9-5. Establishing a BFD Session for Physical Ports R1: ACTIVE Role R2: ACTIVE Role 4/24 Force10(config)# bfd enable Force10(config)# interface gigabitethernet 2/1 Force10(conf-if-gi-2/1)# ip address 2.2.2.2/24 Force10(conf-if-gi-2/1)# bfd neighbor 2.2.2.1 Force10(config)# bfd enable Force10(config)# interface gigabitethernet 4/24 Force10(conf-if-gi-2/1)# ip address 2.2.2.1/24 fnC0038mp Force10(conf-if-gi-2/1)# bfd neighbor 2.2.2.2 To establish a session:...
  • Page 178 Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured per interface; if you change a parameter, the change affects all physical port sessions on that interface. Dell Force10 recommends maintaining the default values. To change session parameters on an interface:...
  • Page 179 Figure 9-8. Changing Session Parameters for Physical Ports R1(conf-if-gi-4/24)#bfd interval 100 min_rx 100 multiplier 4 role passive R1(conf-if-gi-4/24)#do show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 2.2.2.1 Local MAC Addr: 00:01:e8:09:c3:e5 Remote Addr: 2.2.2.2 Remote MAC Addr: 00:01:e8:06:95:a2 Int: GigabitEthernet 4/24 State: Up Configured parameters:...
  • Page 180: Configuring Bfd For Static Routes

    To re-enable BFD on an interface: Step Task Command Syntax Command Mode bfd enable Enable BFD on an interface. INTERFACE Configuring BFD for Static Routes BFD gives systems a link state detection mechanism for static routes. With BFD, systems are notified to remove static routes from the routing table as soon as the link state change occurs, rather than having to wait until packets fail to reach their next hop.
  • Page 181 To establish a BFD session: Step Task Command Syntax Command Mode ip route bfd Establish BFD sessions for all neighbors that are the next hop CONFIGURATION of a static route. show bfd neighbors Verify that sessions have been created for static routes using the command , as shown show bfd neighbors detail Figure...
  • Page 182: Configuring Bfd For Ospf

    To disable BFD for static routes: Step Task Command Syntax Command Mode no ip route bfd Disable BFD for static routes. CONFIGURATION Configuring BFD for OSPF When using BFD with OSPF, the OSPF protocol registers with the BFD manager on the RPM. BFD sessions are established with all neighboring interfaces participating in OSPF.
  • Page 183: Show Bfd Neighbors

    Figure 9-11. Establishing Sessions with OSPF Neighbors Force10(conf-if-gi-2/1)# ip address 2.2.2.2/24 Force10(conf-if-gi-2/2)# ip address 2.2.3.1/24 Force10(conf-if-gi-2/1)# no shutdown Force10(conf-if-gi-2/2)# no shutdown Force10(conf-if-gi-2/1)# exit Force10(conf-if-gi-2/2)# exit Force10(config)# router ospf 1 Force10(config)# router ospf 1 Force10(config-router_ospf )# network 2.2.2.0/24 area 0 Force10(config-router_ospf )# network 2.2.3.0/24 area 1 Force10(config-router_ospf )# bfd all-neighbors Force10(config-router_ospf )# bfd all-neighbors AREA 0...
  • Page 184 Changing OSPF session parameters BFD sessions are configured with default intervals and a default role. The parameters that can be configured are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured for all OSPF sessions or all OSPF sessions on a particular interface; if you change a parameter globally, the change affects all OSPF neighbors sessions.
  • Page 185: Configuring Bfd For Bgp

    Configuring BFD for BGP BFD for BGP is only supported on platforms: In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces.
  • Page 186 Note that the sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: bfd all-neighbors • By establishing BFD sessions with all neighbors discovered by BGP ( command) neighbor {ip-address | peer-group-name} • By establishing a BFD session with a specified BGP neighbor ( command) BFD packets originating from a router are assigned to the highest priority egress queue to minimize transmission delays.
  • Page 187 Step Task Command Syntax Command Mode bfd all-neighbors [interval millisecs Configure parameters for a BFD session CONFIG-ROUTER- min_rx millisecs multiplier value role established with all neighbors discovered by {active | passive}] BGP. neighbor { ip-address Establish a BFD session with a specified BGP } bfd peer-group-name neighbor or peer group using the default BFD...
  • Page 188 bfd all-neighbors • The neighbor inherits only the global timer values that are configured with the command (interval, min_rx, and multiplier). If you explicitly enable (or disable) a peer group for BFD that has no BFD parameters configured (e.g. neighbor advertisement interval) using the command, the peer group inherits any peer-group-name...
  • Page 189 show The following examples show the BFD for BGP output displayed for these commands. Figure 9-14. Verifying a BFD for BGP Configuration: show running-config bgp Command R2# show running-config bgp router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1...
  • Page 190 Figure 9-16. Verifying BFD Sessions with BGP Neighbors: show bfd neighbors detail Command R2# show bfd neighbors detail Session Discriminator: 9 Neighbor Discriminator: 10 Local Addr: 1.1.1.3 Local MAC Addr: 00:01:e8:66:da:33 Remote Addr: 1.1.1.2 Remote MAC Addr: 00:01:e8:8a:da:7b Int: TenGigabitEthernet 6/0 State: Up Configured parameters: BFD session parameters: TX (packet transmission), RX...
  • Page 191 Figure 9-17. Displaying BFD Packet Counters: show bfd counters bgp Command R2# show bfd counters bgp Interface TenGigabitEthernet 6/0 Protocol BGP Messages: Registration De-registration Init Down Admin Down Interface TenGigabitEthernet 6/1 Protocol BGP Messages: Registration De-registration Init Down Admin Down Interface TenGigabitEthernet 6/2 Protocol BGP Messages:...
  • Page 192 Figure 9-19. Displaying Routing Sessions with BGP Neighbors: show ip bgp neighbors Command R2# show ip bgp neighbors 2.2.2.2 BGP neighbor is 2.2.2.2, remote AS 1, external link BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 Last read 00:00:30, last write 00:00:30 Hold time is 180, keepalive interval is 60 seconds Received 8 messages, 0 in queue...
  • Page 193: Configuring Bfd For Is-Is

    Configuring BFD for IS-IS BFD for IS-IS is supported on platform: When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager on the RPM. BFD sessions are then established with all neighboring interfaces participating in IS-IS. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the IS-IS protocol that a link state change occurred.
  • Page 194 To establish BFD with all IS-IS neighbors out of a single interface: Step Task Command Syntax Command Mode isis bfd all-neighbors Establish sessions with all IS-IS neighbors out of an INTERFACE interface. show bfd neighbors View the established sessions using the command , as shown in Figure 9-21.
  • Page 195: Configuring Bfd For Vrrp

    Disabling BFD for IS-IS If BFD is disabled globally, all sessions are torn down, and sessions on the remote system are placed in a Down state. If BFD is disabled on an interface, sessions on the interface are torn down, and sessions on the remote system are placed in a Down state (Message 3 on page 179).
  • Page 196 Figure 9-22. Establishing Sessions with VRRP Neighbors VIRTUAL IP Address: 2.2.5.4 R1: BACKUP R2: MASTER 4/25 Force10(config-if-range-gi-4/25)# ip address 2.2.5.1/24 Force10(conf-if-gi-2/3)#ip address 2.2.5.2/24 Force10(config-if-range-gi-4/25)# no shutdown Force10(config-if-gi-2/3)# no shutdown Force10(config-if-range-gi-4/25)# vrrp-group 1 Force10(config-if-range-gi-4/25)# vrrp-group 1 Force10(config-if-range-gi-4/25)# virtual-address 2.2.5.4 Force10(config-if-range-gi-4/25)# virtual-address 2.2.5.4 IP Address: 2.2.5.3 Force10(config-if-range-gi-4/25)# vrrp bfd all-neighbors Force10(config-if-range-gi-4/25)# vrrp bfd all-neighbors...
  • Page 197 Figure 9-23. Viewing Established Sessions for VRRP Neighbors R1(conf-if-gi-4/25)#vrrp bfd all-neighbors R1(conf-if-gi-4/25)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI - ISIS VRRP BFD Sessions Enabled - OSPF - Static Route (RTM) - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients...
  • Page 198: Configuring Bfd For Vlans

    Configuring BFD for VLANs BFD on Dell Force10 systems is a Layer 3 protocol. Therefore, BFD is used with routed VLANs. BFD on VLANs is analogous to BFD on physical ports. If no routing protocol is enabled, and a remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet.
  • Page 199 There is one BFD Agent for VLANs and port-channels, which resides on RP2 as opposed to the other agents which are on the line card. Therefore, the 100 total possible sessions that this agent can maintain is shared for VLANs and port-channels. Configuring BFD for VLANs is a two-step process: 1.
  • Page 200 These parameters are configured per interface; if a configuration change is made, the change affects all sessions on that interface. Caution: When configuring BFD on VLAN or LAG interfaces on the C-Series, Dell Force10 recommends a minimum value of 500 milliseconds for both the transmit and minimum receive time, which yields a final detection time of (500ms *3) 1500 milliseconds.
  • Page 201: Configuring Bfd For Port-Channels

    Configuring BFD for Port-Channels BFD on port-channels is analogous to BFD on physical ports. If no routing protocol is enabled, and a remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet.
  • Page 202 These parameters are configured per interface; if you change a parameter, the change affects all sessions on that interface. Caution: When configuring BFD on VLAN or LAG interfaces on the C-Series, Dell Force10 recommends a minimum value of 500 milliseconds for both the transmit and minimum receive time, which yields a final detection time of (500ms *3) 1500 milliseconds.
  • Page 203: Configuring Protocol Liveness

    To disable BFD for a port-channel: Step Task Command Syntax Command Mode no bfd enable Disable BFD for a port-channel. INTERFACE PORT-CHANNEL Configuring Protocol Liveness Protocol Liveness is a feature that notifies the BFD Manager when a client protocol is disabled. When a client is disabled, all BFD sessions for that protocol are torn down.
  • Page 204 Figure 9-30. debug bfd packet Command Output RX packet dump: 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00:34:13 : Sent packet for session with neighbor 2.2.2.2 on Gi 4/24 TX packet dump: 20 c0 03 18 00 00 00 04 00 00 00 05 00 01 86 a0 00 01 86 a0 00 00 00 00...
  • Page 205: Border Gateway Protocol Ipv4 (Bgpv4)

    C-Series pre-7.7.1.0 E-Series TeraScale This chapter is intended to provide a general description of Border Gateway Protocol version 4 (BGPv4) as it is supported in the Dell Force10 Operating System (FTOS). This chapter includes the following topics: • Protocol Overview •...
  • Page 206: Autonomous Systems (As)

    • Implementing BGP with FTOS • Advertise IGP cost as MED for redistributed routes • Ignore Router-ID for some best-path calculations • 4-Byte AS Numbers • AS4 Number Representation • AS Number Migration • BGP4 Management Information Base (MIB) • Important Points to Remember •...
  • Page 207 A stub AS is one that is connected to only one other AS. A transit AS is one that provides connections through itself to separate networks. For example as seen in Figure 10-1, Router 1 can use Router 2 (the transit AS) to connect to Router 4. ISPs are always transit ASs, because they provide connections from one network to another.
  • Page 208: Sessions And Peers

    Figure 10-2. Full Mesh Examples 4 Routers 6 Routers 8 Routers The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers.
  • Page 209: Route Reflectors

    In order to make decisions in its operations with other BGP peers, a BGP peer uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. For each peer-to-peer session, a BGP implementation tracks which of these six states the session is in. The BGP protocol defines the messages that each peer should exchange in order to change the session from one state to another.
  • Page 210: Confederations

    To illustrate how these rules affect routing, see Figure 10-3 and the following steps.Routers B, C, D, E, and G are members of the same AS - AS100. These routers are also in the same Route Reflection Cluster, where Router D is the Route Reflector. Router E and H are client peers of Router D; Routers B and C and nonclient peers of Router D.
  • Page 211: Bgp Attributes

    BGP Attributes Routes learned via BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection is required for the design of robust networks.
  • Page 212 Figure 10-4. BGP Best Path Selection No, or Not Resulting in a Single Route Locally Highest Lowest Highest Shortest Lowest Learned Lowest Originated Weight Local Pref Origin NEXT-HOP AS Path via EBGP Path Code Cost Tie Breakers Lowest Cluster ID List from Lowest...
  • Page 213 • AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5. Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6. Prefer the path with the lowest Multi-Exit Discriminator (MED) attribute. The following criteria apply: •...
  • Page 214: Weight

    Weight The Weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight will be preferred. The route with the highest weight is installed in the IP routing table. Local Preference Local Preference (LOCAL_PREF) represents the degree of preference within the entire AS.
  • Page 215: Origin

    One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied. In Figure 10-6, AS100 and AS200 connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50.
  • Page 216 Generally, an IGP indicator means that the route was derived inside the originating AS. EGP generally means that a route was learned from an external gateway protocol. An INCOMPLETE origin code generally results from aggregation, redistribution or other indirect ways of installing routes into BGP. In FTOS, these origin codes appear as shown in Figure 10-7.
  • Page 217: Next Hop

    Next Hop The Next Hop is the IP address used to reach the advertising router. For EBGP neighbors, the Next-Hop address is the IP address of the connection between the neighbors. For IBGP, the EBGP Next-Hop address is carried into the local AS. A Next Hop attribute is set when a BGP speaker advertises itself to another BGP speaker outside its local AS.
  • Page 218: Byte As Numbers

    redistribute metric • If the command does not have any configured and BGP Peer out-bound route-map metric-type internal does have configured, BGP advertises the IGP cost as MED. redistribute metric route-map set metric redistribute route-type • If the command has configured ( metric) metric-type internal...
  • Page 219: As4 Number Representation

    4294967295 Where the 2-Byte format is 1-65535, the 4-Byte format is 1- . Enter AS Numbers using the show ip bgp traditional format. If the ASN is greater than 65535, the dot format is shown when using the commands. For example, an ASN entered as 3183856184 will appear in the show commands as 48581.51768;...
  • Page 220 ASDOT representation combines the ASPLAIN and ASDOT+ representations. AS Numbers less than 65536 appear in integer format (asplain); AS Numbers equal to or greater than 65536 appear using the decimal method (asdot+). For example, the AS Number 65526 appears as 65526, and the AS Number 65546 appears as 1.10.
  • Page 221: As Number Migration

    Figure 10-10. Dynamic changes when command is disabled in the show running bgp asnotation config AS NOTATION DISABLED FTOS(conf-router_bgp)#no bgp asnotation FTOS(conf-router_bgp)#sho conf router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 <output truncated> FTOS(conf-router_bgp)#do sho ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS4 SUPPORT DISABLED FTOS(conf-router_bgp)#no bgp four-octet-as-support...
  • Page 222: Before Migration

    Figure 10-11. Local-AS Scenario Router A AS 100 Router C AS 300 Router B AS 200 Before Migration Router A AS 100 Router C AS 100 AS 300 Router B Local AS After Migration, with Local-AS enabled When you complete your migration, and you have reconfigured your network with the new information you must disable this feature.
  • Page 223: Bgp4 Management Information Base (Mib)

    SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Force10 website, www.force10networks.com. Note: See the Dell Force10 iSupport webpage for the Force10-BGP4-V2-MIB and other MIB documentation. Important Points to Remember •...
  • Page 224: Configuration Information

    To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Force10 recommends setting the timeout and retry count values to a relatively higher number. e.g. t = 60 or r = 5.
  • Page 225: Bgp Configuration

    BGP Configuration To enable the BGP process and begin exchanging information, you must assign an AS number and use commands in the ROUTER BGP mode to configure a BGP neighbor. Defaults By default, BGP is disabled. By default, FTOS compares the MED attribute on different paths from within the same AS (the always-compare-med command is not enabled).
  • Page 226 • Configure passive peering • Maintain existing AS numbers during an AS migration • Allow an AS number to appear in its own AS path • Enable graceful restart • Filter on an AS-Path attribute • Configure IP community lists •...
  • Page 227 Use these commands in the following sequence, starting in the CONFIGURATION mode to establish BGP sessions on the router. Step Command Syntax Command Mode Purpose router bgp CONFIGURATION Assign an AS number and enter the as-number ROUTER BGP mode. AS Number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format) Only one AS is supported per system...
  • Page 228 show config Enter in CONFIGURATION ROUTER BGP mode to view the BGP configuration. Use the show ip bgp summary command in EXEC Privilege mode to view the BGP status. Figure 10-12 shows the summary with a 2-Byte AS Number displayed; Figure 10-13 shows the summary with a 4-Byte AS Number displayed.
  • Page 229 Figure 10-14 displays two neighbors, one is an external and the second one is an internal BGP neighbor. The first line of the output for each neighbor displays the AS number and states whether the link is an external or internal. show ip bgp neighbors The third line of the output contains the BGP State.
  • Page 230 Figure 10-15. Command example: show running-config bgp R2#show running-config bgp router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 no shutdown...
  • Page 231 Task Command Syntax Command Mode bgp asnotation asdot Enable ASDOT AS Number CONFIG-ROUTER-BGP representation. Figure 10-17 bgp asnotation asdot+ Enable ASDOT+ AS Number CONFIG-ROUTER-BGP representation.Figure 10-18 Figure 10-16. Command example and output: bgp asnotation asplain FTOS(conf-router_bgp)#bgp asnotation asplain FTOS(conf-router_bgp)#sho conf router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508...
  • Page 232 Configure Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. Another advantage of peer groups is that members of a peer groups inherit the configuration properties of the group and share same update policy. A maximum of 256 Peer Groups are allowed on the system.
  • Page 233 When you add a peer to a peer group, it inherits all the peer group’s configured parameters. A neighbor become part of a peer group if it has any of the following commands are configured: cannot • neighbor advertisement-interval • neighbor distribute-list out •...
  • Page 234: Neighbor Shutdown

    Figure 10-20. Command example: show config (peer-group enabled FTOS(conf-router_bgp)#neighbor zanzibar no shutdown FTOS(conf-router_bgp)#show config Enabling neighbor zanzibar router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor zanzibar no shutdown neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 shutdown neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown FTOS(conf-router_bgp)# To disable a peer group,...
  • Page 235 Figure 10-21. Command example: show ip bgp peer-group FTOS>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is zanzibar, peer-group internal, Number of peers in this group 26 Peer-group members (* - outbound optimized): 10.68.160.1 10.68.161.1...
  • Page 236 The BGP fast fall-over feature is configured on a per-neighbor or peer-group basis and is disabled by default. Command Syntax Command Mode Purpose neighbor { ip-address CONFIG-ROUTER-BGP Enable BGP Fast Fall-Over } fall-over peer-group-name [no] neighbor [neighbor | peer-group] fall-over To disable Fast Fall-Over, use the command in CONFIGURATION ROUTER BGP mode...
  • Page 237 Figure 10-22. Command example: show ip bgp neighbors FTOS#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.5 BGP state ESTABLISHED, in this state for 00:19:15 Last read 00:00:15, last write 00:00:06 Hold time is 180, keepalive interval is 60 seconds Received 52 messages, 0 notifications, 0 in queue...
  • Page 238 Figure 10-23. Command example: show ip bgp peer-group FTOS#sh ip bgp peer-group Peer-group test Fall-over enabled BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is test Number of peers in this group 1 Peer-group members (* - outbound optimized): 100.100.100.100* FTOS#...
  • Page 239 Step Command Syntax Command Mode Purpose neighbor peer-group-name no CONFIG-ROUTER- Enable the peer group. shutdown neighbor peer-group-name CONFIG-ROUTER- Create and specify a remote peer as a BGP remote-as as-number neighbor. Only after the peer group responds to an OPEN message sent on the subnet does its BGP state change to ESTABLISHED.
  • Page 240 Figure 10-24. Local-as information shown R2(conf-router_bgp)#show conf router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in Actual AS Number neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 Local-AS Number 6500...
  • Page 241 Figure 10-25. Allowas-in information shown R2(conf-router_bgp)#show conf router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 local-as 6500...
  • Page 242 • Advertise to all BGP neighbors and peer-groups that the forwarding state of all routes has been saved. This prompts all peers to continue saving the routes they receive from your E-Series and to continue forwarding traffic. • Bring the secondary RPM online as the primary and re-open sessions with all peers operating in “no shutdown”...
  • Page 243 Filter on an AS-Path attribute The BGP attribute, AS_PATH, can be used to manipulate routing policies. The AS_PATH attribute contains a sequence of AS numbers representing the route’s path. As the route traverses an Autonomous System, the AS number is prepended to the route. You can manipulate routes based on their AS_PATH to affect interdomain routing.
  • Page 244 Step Command Syntax Command Mode Purpose { deny | permit } filter CONFIG-AS-PATH Enter the parameter to match BGP AS-PATH for parameter filtering. This is the filter that will be used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions.
  • Page 245 Figure 10-27. Filtering with Regular Expression FTOS(config)#router bgp 99 FTOS(conf-router_bgp)#neigh AAA peer-group FTOS(conf-router_bgp)#neigh AAA no shut FTOS(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown FTOS(conf-router_bgp)#neigh 10.155.15.2 filter-list 1 in FTOS(conf-router_bgp)#ex Create the Access List and Filter FTOS(conf)#ip as-path access-list Eagle...
  • Page 246: Redistribute Routes

    Table 10-4. Regular Expressions Regular Expression Definition ( ) (parenthesis) Specifies patterns for multiple use when followed by one of the multiplier metacharacters: asterisk *, plus sign +, or question mark ? [ ] (brackets) Matches any enclosed character; specifies a range of single characters - (hyphen) Used within brackets to specify a range of AS or community numbers.
  • Page 247 Command Syntax Command Mode Purpose redistribute ospf [ match ROUTER BGP or Include specific OSPF routes in IS-IS. process-id external { 1 | 2 } | match internal ] CONF-ROUTER_BGPv6_ Configure the following parameters: [ metric-type { external | internal }] •...
  • Page 248 Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an IP community list. Step Command Syntax Command Mode Purpose ip community-list CONFIGURATION Create a Community list and enter the community-list-name COMMUNITY-LIST mode. { deny | permit } CONFIG-COMMUNITY- Configure a Community list by denying or permitting | local-AS...
  • Page 249 Figure 10-28. Command example: show ip community-lists FTOS#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20 deny 703:20 deny 704:20 deny 705:20 deny 14551:20 deny 701:112 deny 702:112 deny 703:112 deny 704:112 deny 705:112 deny 14551:112 deny 701:667 deny 702:667 deny 703:667 Use these commands in the following sequence, starting in the CONFIGURATION mode, To use an IP...
  • Page 250 Manipulate the COMMUNITY attribute In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, FTOS does not send the COMMUNITY attribute. Use the following command in the CONFIGURATION ROUTER BGP mode to send the COMMUNITY attribute to BGP neighbors.
  • Page 251: Show Ip Bgp Community

    Step Command Syntax Command Mode Purpose exit CONFIG-ROUTE-MAP Return to the CONFIGURATION mode. router bgp CONFIGURATION Enter the ROUTER BGP mode. as-number neighbor { ip-address CONFIG-ROUTER-BGP Apply the route map to the neighbor or peer group’s incoming or outgoing routes. peer-group-name route-map { in |...
  • Page 252 Use any or all of the following commands in the CONFIGURATION ROUTER BGP mode to change how the MED attribute is used. Command Syntax Command Mode Purpose bgp always-compare-med CONFIG-ROUTER- Enable MED comparison in the paths from neighbors with different ASs. By default, this comparison is not performed.
  • Page 253 Step Command Syntax Command Mode Purpose router bgp CONFIGURATION Enter the ROUTER BGP mode. as-number neighbor { CONFIG-ROUTER-BGP Apply the route map to the neighbor or peer ip-address } route-map group’s incoming or outgoing routes. peer-group-name { in | out } map-name show config To view the BGP configuration, use the...
  • Page 254 You can also use route maps to change this and other BGP attributes. For example, you can include the following command in a route map to specify the next hop address: Command Syntax Command Mode Purpose set weight weight CONFIG-ROUTE-MAP Sets weight for the route.
  • Page 255 Refer to Chapter 8, “IP Access Control Lists (ACL), Prefix Lists, and Route-maps,” on page 133 configuration information on prefix lists, AS-PATH ACLs, and route maps. Note: When you configure a new set of BGP policies, always reset the neighbor or peer group by entering the clear ip bgp command in EXEC Privilege mode.
  • Page 256 Use these commands in the following sequence, starting in the CONFIGURATION mode to filter routes using a route map. Step Command Syntax Command Mode Purpose route-map [ permit | map-name CONFIGURATION Create a route map and assign it a name. deny ] [ sequence-number { match | set }...
  • Page 257 Step Command Syntax Command Mode Purpose neighbor { CONFIG-ROUTER-B Filter routes based on the criteria in the ip-address } filter-list peer-group-name configured route map. Configure the following { in | out } as-path-name parameters: • ip-address peer-group-name: enter the neighbor’s IP address or the peer group’s name.
  • Page 258 Aggregate routes FTOS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active. Use the following command in the CONFIGURATION ROUTER BGP mode to aggregate routes. Command Syntax Command Mode Purpose...
  • Page 259 Use the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP confederations. Command Syntax Command Mode Purpose bgp confederation identifier CONFIG-ROUTER- Specifies the confederation ID. as-number AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) bgp confederation peers CONFIG-ROUTER- Specifies which confederation sub-AS are peers. as-number [...
  • Page 260 Figure 10-31. Setting Reuse and Restart Route Values FTOS(conf-router_bgp)#bgp dampening ? Set time before <1-45> Half-life time for the penalty (default = 15) value decrements route-map Route-map to specify criteria for dampening <cr> Set readvertise value FTOS(conf-router_bgp)#bgp dampening 2 ? <1-20000>...
  • Page 261 To set dampening parameters via a route map, use the following command in CONFIGURATION ROUTE-MAP mode: Command Syntax Command Mode Purpose set dampening CONFIG-ROUTE-MAP Enter the following optional parameters to half-life reuse suppress max-suppress-time configure route dampening parameters: • range: 1 to 45. Number of minutes after half-life which the Penalty is decreased.
  • Page 262 Use the following command in EXEC Privilege mode to clear information on route dampening and return suppressed routes to active state. Command Syntax Command Mode Purpose clear ip bgp dampening [ ip-address EXEC Privilege Clear all information or only information on a specific mask route.
  • Page 263 Change BGP timers Use either or both of the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP timers. Command Syntax Command Mode Purpose neighbors { ip-address CONFIG-ROUTER- Configure timer values for a BGP neighbor or peer } timers group.
  • Page 264 clear ip bgp Use the command in EXEC Privilege mode to reset a BGP connection using BGP soft reconfiguration. Command Syntax Command Mode Purpose neighbor {ipv4-address | ipv6-address | CONFIG-ROUTER- Enable inbound soft-reconfiguration for the peer-group-name} soft-reconfiguration specified BGP neighbor. BGP stores all updates inbound received by the neighbor but does not reset the peer session.
  • Page 265 Route map continue continue The BGP route map feature (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the ). If the sequence number is not specified, the sequence number continue feature moves to the next sequence number (also known as an implied continue). If a match continue clause exists, the feature executes only after a successful match occurs.
  • Page 266: Mbgp Configuration

    MBGP Configuration MBGP for IPv6 unicast is supported on platforms MBGP for IPv4 Multicast is supported on platform MBGP is not supported on the E-Series ExaScale x platform. Multiprotocol BGP (MBGP) is an enhanced BGP that carries IP multicast routes. BGP carries two sets of routes: one set for unicast routing and one set for multicast routing.
  • Page 267: Bgp Regular Expression Optimization

    BGP Regular Expression Optimization BGP policies that contain regular expressions to match against as-paths and communities might take a lot show bgp of CPU processing time, thus affect BGP routing convergence. Also, commands that get filtered through regular expressions can to take a lot of CPU cycles, especially when the database is large. FTOS optimizes processing time when using regular expressions by caching and re-using regular expression evaluated results, at the expense of some memory in RP1 processor.
  • Page 268: Storing Last And Bad Pdus

    Command Syntax Command Mode Purpose debug ip bgp ip-address EXEC Privilege Enable soft-reconfiguration debug. Enable soft-reconfiguration soft-reconfiguration debug. peer-group-name To enhance debugging of soft reconfig, use the following command only when route-refresh is not negotiated to avoid the peer from resending messages: bgp soft-reconfig-backup show ip In-BGP is shown via the...
  • Page 269: Capturing Pdus

    Figure 10-34. Viewing the Last Bad PDU from BGP Peers FTOS(conf-router_bgp)#do show ip bgp neighbors 1.1.1.2 BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 2.4.0.1 BGP state ESTABLISHED, in this state for 00:00:01 Last read 00:00:00, last write 00:00:01 Hold time is 90, keepalive interval is 30 seconds Received 1404 messages, 0 in queue...
  • Page 270 The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction. Setting the buffer size to a value lower than the current max, might cause captured PDUs to be freed to set the new limit.
  • Page 271: Pdu Counters

    With full internet feed (205K) captured, approximately 11.8MB is required to store all of the PDUs, as shown in Figure 10-36. Figure 10-36. Required Memory for Captured PDUs FTOS(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 Incoming packet capture enabled for BGP neighbor 172.30.1.250 Available buffer size 29165743, 192991 packet(s) captured using 11794257 bytes [.
  • Page 272 Figure 10-37. Sample Configuration Illustration Physical Links AS 99 Virtual Links GigE 1/21 GigE 2/11 10.0.1.21 /24 10.0.1.22 /24 Peer Group AAA Loopback 1 192.168.128.2 /24 Loopback 1 ck 1 192.168.128.1 /24 GigE 2/31 GigE 1/31 10.0.2.2 /24 10.0.3.31 /24 GigE 3/11 GigE 3/21 10.0.3.33 /24...
  • Page 273 Figure 10-38. Enable BGP - Router 1 R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int gig 1/21 R1(conf-if-gi-1/21)#ip address 10.0.1.21/24 R1(conf-if-gi-1/21)#no shutdown R1(conf-if-gi-1/21)#show config interface GigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown R1(conf-if-gi-1/21)#int gig 1/31...
  • Page 274 Figure 10-39. Enable BGP - Router 2 R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.2/24 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.2/24 no shutdown R2(conf-if-lo-0)#int gig 2/11 R2(conf-if-gi-2/11)#ip address 10.0.1.22/24 R2(conf-if-gi-2/11)#no shutdown R2(conf-if-gi-2/11)#show config interface GigabitEthernet 2/11 ip address 10.0.1.22/24 no shutdown R2(conf-if-gi-2/11)#int gig 2/31...
  • Page 275 Figure 10-40. Enable BGP - Router 3 R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int gig 3/11 R3(conf-if-gi-3/11)#ip address 10.0.3.33/24 R3(conf-if-gi-3/11)#no shutdown R3(conf-if-gi-3/11)#show config interface GigabitEthernet 3/11 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int gig 3/21...
  • Page 276 Figure 10-41. Enable Peer Group - Router 1 R1#conf R1(conf)#router bgp 99 R1(conf-router_bgp)# network 192.168.128.0/24 R1(conf-router_bgp)# neighbor AAA peer-group R1(conf-router_bgp)# neighbor AAA no shutdown R1(conf-router_bgp)# neighbor BBB peer-group R1(conf-router_bgp)# neighbor BBB no shutdown R1(conf-router_bgp)# neighbor 192.168.128.2 peer-group AAA R1(conf-router_bgp)# neighbor 192.168.128.3 peer-group BBB R1(conf-router_bgp)# R1(conf-router_bgp)#show config router bgp 99...
  • Page 277 Figure 10-42. Enable Peer Groups - Router 1 continued Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer...
  • Page 278 Figure 10-43. Enable Peer Groups - Router 2 R2#conf R2(conf)#router bgp 99 R2(conf-router_bgp)# neighbor CCC peer-group R2(conf-router_bgp)# neighbor CC no shutdown R2(conf-router_bgp)# neighbor BBB peer-group R2(conf-router_bgp)# neighbor BBB no shutdown R2(conf-router_bgp)# neighbor 192.168.128.1 peer AAA R2(conf-router_bgp)# neighbor 192.168.128.1 no shut R2(conf-router_bgp)# neighbor 192.168.128.3 peer BBB R2(conf-router_bgp)# neighbor 192.168.128.3 no shut R2(conf-router_bgp)#show conf...
  • Page 279 Figure 10-44. Enable Peer Group - Router 3 R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.2 no shutdown R3(conf-router_bgp)# neighbor 192.168.128.1 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.1 no shutdown R3(conf-router_bgp)#...
  • Page 280 Figure 10-45. Enable Peer Groups - Router 3 continued Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 2, neighbor version 2 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer...
  • Page 281: Content Addressable Memory

    Content Addressable Memory (CAM) is a type of memory that stores information in the form of a lookup table. On Dell Force10 systems, the CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACL), flows, and routing policies. On Dell Force10 systems, there are one or two CAM (Dual-CAM) modules per port-pipe depending on the type of line card.
  • Page 282: Cam Profiles

    Either ExaScale 10G or 40G CAM line cards can be used in a system. CAM Profiles Dell Force10 systems partition each CAM module so that it can store the different types of information. The size of each partition is specified in the CAM profile. A CAM profile is stored on every card, including each RPM.
  • Page 283 Table 11-1. CAM Profile Descriptions CAM Profile Description Default An all-purpose profile that allocates CAM space according to the way Dell Force10 systems are most commonly used. Available Microcodes: default, lag-hash-align, lag-hash-mpls, l2-switched-pbr eg-default For EG-series line cards only. EG series line cards have two CAM modules per Port-pipe.
  • Page 284: Microcode

    Microcode Microcode is a compiled set of instructions for a CPU. On Dell Force10 systems, the microcode controls how packets are handled. There is a default microcode, and several other microcodes are available, so that you can adjust packet handling according to your application.
  • Page 285: Cam Profiling For Acls

    Table 11-3. Microcode Descriptions Microcode Description lag-hash-mpls For hashing based on MPLS labels (up to five labels deep). With the default microcode, MPLS packets are distributed over a port-channel based on the MAC source and destination address. With the lag-hash-mpls microcode, MPLS packets are distributed across the port-channel based on IP source and destination address and IP protocol.
  • Page 286: Boot Behavior

    Table 11-4. Layer 2 ACL CAM Sub-partition Sizes Partition % Allocated L2PT FRRP You can re-configure the amount of space, in percentage, allocated to each sub-partition As with the IPv4Flow partition, you can configure the Layer 2 ACL partition from EXEC Privilege mode or CONFIGURATION mode.
  • Page 287: When To Use Cam Profiling

    Message 2 EH Line Card with EG Chassis Profile Error # Before reload: 01:09:56: %RPM0-P:CP %CHMGR-4-EH_PROFILE_WARN: If EH CAM profile is selected, non-EJ cards will be in problem state after reload # After reload: 00:04:46: %RPM0-P:CP %CHMGR-3-PROFILE_MISMATCH: Mismatch: line card 1 has mismatch CAM profile or microcode Figure 11-1.
  • Page 288: Differences Between Etherscale And Terascale

    • Optimize the VLAN ACL Group feature, which permits group VLANs for IP egress ACLs. See profile for the VLAN ACL group feature on page 299. Important Points to Remember • CAM Profiling is available on the E-Series TeraScale with FTOS versions 6.3.1.1 and later. •...
  • Page 289: Cam Allocation

    To change the CAM profile on the entire system: Step Task Command Syntax Command Mode cam-profile microcode profile CONFIGURATION Select a CAM profile microcode Note: If selecting a cam-profile for VRF ( ), implement the command cam-profile ipv4-vrf or ipv4-v6-vrf in the CONFIGURATION mode only.
  • Page 290: Test Cam Usage

    ipv6acl vman-dual-qos allocations must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges. write-mem or copy run start You must save the new CAM settings to the startup-config ( ) then reload the system for the new settings to take effect.
  • Page 291: View Cam Profiles

    View CAM Profiles show cam-profile View the current CAM profile for the chassis and each component using the command as shown in Figure 11-4. This command also shows the profile that will be loaded upon the next chassis or component reload. Figure 11-4.
  • Page 292: View Cam Usage

    Figure 11-6. View CAM-ACl settings on C-Series and S-Series FTOS# show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) L2Acl Ipv4Acl Ipv6Acl Ipv4Qos L2Qos L2PT IpMacAcl VmanQos VmanDualQos -- Line card 0 -- Current Settings(in block sizes) L2Acl Ipv4Acl Ipv6Acl Ipv4Qos...
  • Page 293: Configure Ipv4Flow Sub-Partitions

    Figure 11-7. Viewing CAM Usage Information R1#show cam-usage Linecard|Portpipe| CAM Partition | Total CAM Used CAM |Available CAM ========|========|=================|=============|=============|============== | IN-L2 ACL 1008 | IN-L2 FIB 32768 1132 31636 | IN-L3 ACL 12288 12286 | IN-L3 FIB 262141 262127 | IN-L3-SysFlow 2878 2833 | IN-L3-TrcList...
  • Page 294 cam-ipv4flow • The IPv4Flow configuration is applied to entire system when you enter the command from CONFIGURATION mode, however, you must save the running-configuration to affect the change. The amount of space that is allocated among the sub-partitions must be equal to the amount of CAM space allocated to IPv4Flow by the selected CAM profile (see Table 11-1.);...
  • Page 295: Configure Ingress Layer 2 Acl Sub-Partitions

    Figure 11-8. Configuring IPv4Flow on the Entire System FTOS(conf)#cam-ipv4flow default FTOS#copy running-config startup-config File with same name already exist. Proceed to copy the file [confirm yes/no]: yes 3914 bytes successfully copied FTOS#sh cam-ipv4flow -- Chassis Cam Ipv4Flow -- Current Settings Next Boot Multicast Fib/Acl : System Flow...
  • Page 296 Table 11-6. Layer 2 ACL CAM Sub-partition Sizes (continued) Partition % Allocated L2PT FRRP You can re-configure the amount of space, in percentage, allocated to each sub-partition cam-l2acl • Apply the Ingress Layer 2 ACL configuration to entire system by entering the command from CONFIGURATION mode, however, you must save the running-configuration to affect the change.
  • Page 297: Return To The Default Cam Configuration

    Figure 11-9. Configuring Ingress Layer 2 ACL on the Entire System FTOS(conf)#do show cam-l2acl | find “Line card 1” -- Line card 1 -- Current Settings(in percent) Sysflow L2Acl Pvst L2pt Frrp [output omitted] FTOS(conf)#cam-l2acl system-flow 100 l2acl 0 p 0 q 0 l 0 f 0 FTOS(conf)#do show cam-l2acl | find “Line card 1”...
  • Page 298: Cam Optimization

    Figure 11-10. Returning to the default Configuration FTOS(conf)#cam-profile ? default Enable default CAM profile eg-default Enable eg-default CAM profile ipv4-320k Enable 320K CAM profile ipv4-egacl-16k Enable CAM profile with 16K IPv4 egress ACL ipv6-extacl Enable CAM profile with extended ACL l2-ipv4-inacl Enable CAM profile with 32K L2 and 28K IPv4 ingress ACL unified-default...
  • Page 299: Lag Hashing Based On Bidirectional Flow

    In this case, manually adjust the CAM configuration on the card to match the system configuration. Dell Force10 recommends the following to prevent mismatches: • Use the eg-default CAM profile in a chassis that has only EG Series line cards. If this profile is used in a chassis with non-EG line cards, the non-EG line cards enter a problem state.
  • Page 300: Qos Cam Region Limitation

    QoS CAM Region Limitation The default CAM profile allocates a partition within the IPv4Flow region to store QoS service policies. If the QoS CAM space is exceeded, messages similar to the ones in Message 5 are displayed. Message 5 QoS CAM Region Exceeded %EX2YD:12 %DIFFSERV-2-DSA_QOS_CAM_INSTALL_FAILED: Not enough space in L3 Cam(PolicyQos) for class 2 (Gi 12/20) entries on portpipe 1 for linecard 12 %EX2YD:12 %DIFFSERV-2-...
  • Page 301: Configuration Replace And Rollback

    The reboot process takes several minutes by default, and if your startup-configuration is extensive, the process can take several minutes more. As a result, when the Dell Force10 system is deployed in production environment, you must wait for a maintenance window to load a new configuration.
  • Page 302: Configuring Configuration Replace And Rollback

    Configuring Configuration Replace and Rollback Configuring Configuration Replace and Rollback is a three-step process: 1. Enable the archive service. See page 302. 2. Archive a running-configuration. See page 303. 3. Replace the running-configuration with an archived configuration. See page 303. Related Configuration Tasks •...
  • Page 303: Archiving A Configuration File

    You do not have to enable the archive service again if you save the running configuration after completing task. If you reload the system or upgrade your FTOS version without saving the running configuration you must enable the archive service again. Archiving a Configuration File archive config Archive the current running configuration file using the command...
  • Page 304: Rolling Back To The Previous Configuration

    1. The hostname of the Dell Force10 system is changed from “R1” to “FTOS.” 2. The running configuration is replaced with archive_0, in which the hostname is “R1.” Figure 12-3. Replacing the Running-configuration with and Archived Configuration R1#config R1(conf)#hostname FTOS...
  • Page 305: Configuring An Archive File Maximum

    Figure 12-5. Configuring FTOS to Rollback to a Previous Configuration FTOS#configure replace archive_0 time ? <60-1800> Time value (in seconds) FTOS#configure replace archive_0 time 60 This will apply all nessesary additions and deletions to replace the current running-config with the contents of the specified configuration file, which is assumed to be complete configuration, not a partial configuration...
  • Page 306: Configuring Auto-Archive

    Figure 12-8. Configuring the Maximum Number of Archive Files (continued) R1#archive config configuration archived as archive_1 R1#show archive Archive directory: flash:/CFGARCH_DIR Archive Date Time Size Comment archive_0 11/20/2007 09:45:24 6120 Archived archive_1 11/20/2007 10:54:12 6120 Most recently archived R1#archive config configuration archived as archive_2 R1#show archive Archive directory: flash:/CFGARCH_DIR...
  • Page 307: Copying And Deleting An Archive File

    Figure 12-9. Configuring an Archive Time-period R1(conf-archive)#time-period 5 R1(conf-archive)#show config archive maximum 2 time-period 5 R1(conf-archive)# Copying and Deleting an Archive File archive backup Copy an archive file to another location using the command , as shown in Figure 12-10. archive delete Delete an archive file using the command from CONFIG ARCHIVE mode.
  • Page 308: Viewing The Difference Between Configuration Files

    Figure 12-10. Viewing an Archive File R1#archive backup archive_2 flash://archive_2 6120 bytes successfully copied R1#dir Directory of flash: drw- 32768 Jan 01 1980 00:00:00 drwx Nov 16 2007 13:20:22 drw- 8192 Mar 11 2007 00:23:40 TRACE_LOG_DIR drw- 8192 Mar 11 2007 00:23:40 CRASH_LOG_DIR drw- 8192...
  • Page 309 Figure 12-11. Viewing the Difference between Configuration Files R1#archive config configuration archived as archive_3 R1(conf)#hostname FTOS FTOS(conf)#do show run diff archive_3 running-config ------- < hostname FTOS flash:/CFGARCH_DIR/archive_3 ------- > hostname R1 FTOS(conf)# Configuration Replace and Rollback | 309...
  • Page 310 Configuration Replace and Rollback...
  • Page 311: Dynamic Host Configuration Protocol

    Dynamic Host Configuration Protocol c e s Dynamic Host Configuration Protocol is available on platforms: This chapter contains the following sections: • Protocol Overview on page 311 • Implementation Information on page 314 • Configuration Tasks on page 314 • Configure the System to be a DHCP Server on page 314 •...
  • Page 312: Dhcp Packet Format And Options

    DHCP Packet Format and Options DHCP uses UDP as its transport protocol. The server listens on port 67 and transmits to port 68; the client listens on port 68 and transmits to port 67. The configuration parameters are carried as options in the DHCP packet in Type, Length, Value (TLV) format;...
  • Page 313: Assigning An Ip Address Using Dhcp

    Assigning an IP Address using DHCP When a client joins a network: 1. The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters.
  • Page 314: Configuration Tasks

    Implementation Information • The Dell Force10 implementation of DHCP is based on RFC 2131 and RFC 3046. • DHCP is available on VLANs and Private VLANs. • IP Source Address Validation is a sub-feature of DHCP Snooping; FTOS uses ACLs internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP Source Address Validation.
  • Page 315: Configure The Server For Automatic Address Allocation

    IP address ranges, lease length specifications, and configuration data that DHCP hosts need. Configuring the Dell Force10 system to be a DHCP server is a 3-step process: Configure the Server for Automatic Address Allocation Specify a Default Gateway...
  • Page 316: Specify A Default Gateway

    To create an address pool: Step Task Command Syntax Command Mode ip dhcp server Access the DHCP server CLI context. CONFIGURATION pool name Create an address pool and give it a name. DHCP network network /prefix-length Specify the range of IP addresses from which the DHCP <POOL>...
  • Page 317: Enable Dhcp Server

    Display the current DHCP configuration. DHCP Figure 13-3, an IP phone is powered by PoE and has acquired an IP address from the Dell Force10 show ip dhcp binding, system, which is advertising LLDP-MED. The leased IP address is displayed using...
  • Page 318: Allocate Addresses To Bootp Clients

    Specify the NetBIOS node type for a Microsoft DHCP <POOL> DHCP client. Dell Force10 recommends specifying clients as hybrid. Allocate Addresses to BOOTP Clients Network segments may have both BOOTP and DHCP clients. In this kind of environment, there might be a BOOTP server and a DHCP server to serve the two types of clients separately.
  • Page 319: Check For Address Conflicts

    To create a manual binding: Step Task Command Syntax Command Mode pool name Create an address pool DHCP host address Specify the client IP address. DHCP <POOL> hardware-address hardware-address type Specify the client hardware address or DHCP <POOL> client-identifier. client-identifier unique-identifier •...
  • Page 320: Dhcp Clear Commands

    Routers do not forward broadcasts, so if there are no DHCP servers on the subnet, the client does not receive a response to its request and therefore cannot access the network. You can configure an interface on the Dell Force10 system to relay the DHCP messages to a specific ip helper-address dhcp-address...
  • Page 321: Configure Secure Dhcp

    Figure 13-4. Configuring Dell Force10 Systems as a DHCP Relay Device DHCP Server 10.11.2.5 Broadcast Unicast DHCP Server Source IP : 10.11.1.5 Source IP : 10.11.1.5 10.11.1.5 Destination IP: 255.255.255.255 Destination IP: 10.11.0.3 Source Port: 67 Source Port: 67 Destination Port: 68...
  • Page 322: Option 82

    • DHCP Snooping on page 322 • Dynamic ARP Inspection on page 325 • Source Address Validation on page 327 Option 82 RFC 3046 (Relay Agent Information option, or Option 82) is used for class-based IP address assignment. The code for the Relay Agent Information option is 82, and is comprised of two sub-options, Circuit ID and Remote ID.
  • Page 323: Enable Dchp Snooping

    When DHCP Snooping is enabled, the relay agent builds a binding table—using DHCPACK messages— containing the client MAC address, IP addresses, IP address lease time, port, VLAN ID, and binding type. Every time the relay agent receives a DHCPACK on an trusted port, it adds an entry to the table. The relay agent then checks all subsequent DHCP client-originated IP traffic (DHCPRELEASE, DHCPNACK, and DHCPDECLINE) against the binding table to ensure that the MAC-IP address pair is legitimate, and that the packet arrived on the correct port;...
  • Page 324: Add A Static Entry In The Binding Table

    Add a static entry in the binding table Task Command Syntax Command Mode ip dhcp snooping binding mac Add a static entry in the binding table. EXEC Privilege Clear the binding table Task Command Syntax Command Mode clear ip dhcp snooping binding Delete all of the entries in the binding EXEC Privilege table...
  • Page 325: Drop Dhcp Packets On Snooped Vlans Only

    Drop DHCP packets on snooped VLANs only Binding table entries are deleted when a lease expires, or the relay agent encounters a DHCPRELEASE. Starting with FTOS Release 8.2.1.1, line cards maintain a list of snooped VLANs. When the binding table fills, DHCP packets are dropped only on snooped-VLANs, while such packets will be forwarded across non-snooped VLANs.
  • Page 326 packets to it. Likewise, the attacker sends the gateway an ARP message containing the attacker’s MAC address and the client’s IP address. The gateway then thinks that the attacker is the client, and forwards all packets addressed to the client to it. As a result, the attacker is able to sniff all packets to and from the client.
  • Page 327: Source Address Validation

    show arp inspection database View the number of entries in the ARP database with the command. Figure 13-8. Command example: show arp inspection database FTOS#show arp inspection database Protocol Address Age(min) Hardware Address Interface VLAN ---------------------------------------------------------------------------- Internet 10.1.1.251 00:00:4d:57:f2:50 Gi 0/2 Vl 10 Internet 10.1.1.252...
  • Page 328: Ip Source Address Validation

    • DHCP MAC Source Address Validation on page 328 verifies a DHCP packet’s source hardware address matches the client hardware address field (CHADDR) in the payload. • IP+MAC Source Address Validation on page 328 verifies that the IP source address and MAC source address are a legitimate pair.
  • Page 329 IP Source Address Validation validates the IP source address of an incoming packet against the DHCP Snooping binding table. IP+MAC Source Address Validation ensures that the IP source address and MAC source address are a legitimate pair, rather validating each attribute individually. IP+MAC Source Address Validation cannot be configured with IP Source Address Validation.
  • Page 330 Dynamic Host Configuration Protocol...
  • Page 331: Equal Cost Multi-Path

    Equal Cost Multi-Path This chapter describes how to configure: • ECMP for Flow-based Affinity (E-Series), including the configurable hash algorithm • Configurable ECMP Hash Algorithm (C- and S-Series) ECMP for Flow-based Affinity (E-Series) ECMP for Flow-based Affinity (E-Series) is available on platform: The hashing algorithm on E-Series TeraScale and E-Series ExaScale are different: •...
  • Page 332: Deterministic Ecmp Next Hop

    FTOS Behavior: In FTOS versions prior to 8.2.1.2, the ExaScale default hash-algorithm is 0. Beginning with version 8.2.1.2, the default hash-algorithm is 24. For information on the load-balancing criteria used by the hash algorithm to distribute traffic among ECMP paths and LAG members on an E-Series system, see E-Series load-balancing on page 436.
  • Page 333 Task Command Syntax Command Mode hash-algorithm seed value linecard number Specify the hash algorithm seed. CONFIGURATION port-set number Range: 0 - 4095 Figure 14-1, Core Router 1 is an E-Series TeraScale and Core Router 2 is an E-Series ExaScale. They have similar configurations and have routes for prefix P with two possible next-hops.
  • Page 334: Configurable Ecmp Hash Algorithm (C- And S-Series)

    Configurable ECMP Hash Algorithm (C- and S-Series) Configurable ECMP Hash Algorithm (C- and S-Series) is available on platforms: hash-algorithm On C-Series and S-Series, the command is specific to ECMP groups and has a different default from the E-Series (see Configurable Hash Algorithm (E-Series)).
  • Page 335: Force10 Resilient Ring Protocol

    Force10 Resilient Ring Protocol c e s Force10 Resilient Ring Protocol is supported on platforms The E-Series ExaScale platform is supported with FTOS 8.1.1.0 and later. Force10 Resilient Ring Protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a Metropolitan Area Network (MAN) or large campuses. FRRP is similar to what can be achieved with the Spanning Tree Protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) may require 4 to 5 seconds to reconverge.
  • Page 336: Ring Status

    Each Transit node is also configured with a Primary port and a Secondary port on the ring, but the port distinction is ignored as long as the node is configured as a Transit node. If the ring is complete, the Master node logically blocks all data traffic in the transmit and receive directions on the Secondary port to prevent a loop.
  • Page 337: Multiple Frrp Rings

    If the Master node does not receive the Ring Health Frame (RHF) before the fail-period timer expires (a configurable timer), the Master node moves from the Normal state to the Ring-Fault state and unblocks its Secondary port. The Master node also clears its forwarding table and sends a control frame to all other nodes, instructing them to also clear their forwarding tables.
  • Page 338: Important Frrp Points

    In the example shown in Figure 15-2, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups.
  • Page 339: Important Frrp Concepts

    • Ring Status Check Frames are transmitted by the Master Node at specified intervals. • Multiple physical rings can be run on the same switch. • One Master node is supported per ring. All other nodes are Transit nodes. • Each node has 2 member interfaces: Primary and Secondary.
  • Page 340: Implementing Frrp

    • FRRP is media and speed independent. • FRRP is a Dell Force10 proprietary protocol that does not interoperate with any other vendor. • Spanning Tree must be disabled on both Primary and Secondary interfaces before FRRP is enabled. •...
  • Page 341: Frrp Configuration

    • The Control VLAN is used to carry any data traffic; it carries only RHFs. • The Control VLAN cannot have members that are not ring ports. • If multiple rings share one or more member VLANs, they cannot share any links between them. •...
  • Page 342 • All VLANS must be in Layer 2 mode. • Only ring nodes can be added to the VLAN. • A Control VLAN can belong to one FRRP group only. • Control VLAN ports must be tagged. • All ports on the ring must use the same VLAN ID for the Control VLAN. •...
  • Page 343 Step Command Syntax Command Mode Purpose member-vlan vlan-id CONFIG-FRRP Identify the Member VLANs for this FRRP {range} group VLAN-ID, Range: VLAN IDs for the ring’s Member VLANS. no disable CONFIG-FRRP Enable FRRP Configure and add the Member VLANs Control and Member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands.
  • Page 344 Step Command Syntax Command Mode Purpose interface primary int CONFIG-FRRP Assign the Primary and Secondary ports, and the slot/port secondary int Control VLAN for the ports on the ring. slot/port control-vlan Interface: vlan id • For a 10/100/1000 Ethernet interface, enter GigabitEthernet the keyword keyword followed by the slot/port information.
  • Page 345: Troubleshooting Frrp

    Command Syntax Command Mode Purpose clear frrp EXEC PRIVELEGED Clear the counters associated with all FRRP groups Show FRRP configuration Use the following command to view the configuration for the FRRP group. Command Syntax Command Mode Purpose show configuration CONFIG-FRRP Show the configuration for this FRRP group Show FRRP information Use one of the following commands show general FRRP information.
  • Page 346 Figure 15-3 is an example of a basic FRRP topology. Below the figure are the associated CLI commands. Figure 15-3. Basic Topology and CLI commands TRANSIT Primary Secondary Forwarding Forwarding GigE 2/14 GigE 2/31 Primary Primary Forwarding Forwarding GigE 3/21 GigE 1/24 Secondary Secondary...
  • Page 347: Force10 Service Agent

    Force10 Service Agent (FTSA) is designed automate data collection to relieve these issues. It periodically monitors Dell Force10 or user-specified system variables. If a match condition exists, it triggers data show collection via the CLI.
  • Page 348: Configure Force10 Service Agent

    Configure Force10 Service Agent The minimal FTSA configuration is four steps: 1. Enable FTSA. See page 348. 2. Specify the SMTP server to which FTSA will send E-mails upon a trigger event. See page 349. 3. Specify the source E-mail address that FTSA should use when generating E-mails. See page 349. 4.
  • Page 349: Specify An Smtp Server For Ftsa

    Enter the administrator’s full E-mail address, in the form: username@domain.com, or • Enter the username without the domain name. Dell Force10 recommends using the system name for username your company’s domain name for domain. domain-name If you did not enter the domain name when entering...
  • Page 350: Ftsa Messaging Service

    FTSA Messaging Service The purpose of FTSA is to automatically send information about the switch to the network administrators or Dell Force10 TAC, so that when there is a network problem, the relevant information is collected at the time the problem manifests.
  • Page 351: Add Additional Recipients Of Ftsa E-Mails

    Enable messaging for a individual recipient. enable CALLHOME <SERVER-LABEL> Add Additional Recipients of FTSA E-mails You can add four more recipients for FTSA E-mails, in addition to Dell Force10 TAC and the administrator, for a total of five recipients. Force10 Service Agent | 351...
  • Page 352: Encrypt Ftsa Messages

    E-mail parameters for the recipient. For example, the default recipient is Dell Force10 TAC and the label for this recipient is Force10. FTOS creates the context conf-callhome-Force10 in which you can configure the parameters for E-mails destined for Dell Force10...
  • Page 353: Provide Administrator Contact Information

    Export the public key to a file. Provide Administrator Contact Information Dell Force10 recommends that you provide administrator contact information so that it can be included in Type 3 or greater E-mails. Task Command...
  • Page 354: Set The Frequency Of Ftsa Type 3 Messages

    Set the Frequency of FTSA Type 3 Messages When messaging is enabled, FTSA sends an E-mail every 24 hours containing inventory information to all recipients. There is no facility for setting the frequency for individual recipients. Task Command Command Mode frequency Set the frequency at which FTSA generates CALLHOME...
  • Page 355: Ftsa Message Types

    Task Command Command Mode message-format { xml | text } All E-mails are generated in XML format by CALLHOME ACTIONLIST default. For Type 5 messages only, you may generate E-mails in clear text format. The configuration is per action list. FTOS Behavior: FTOS versions prior to 8.2.1.0 diverted Type 5 messages to the internal flash root directory when you enter the command log-only.
  • Page 356: Show Inventory

    Figure 16-5. FTSA Type 2 Message <AgentInfo> <messagetype>Type - 2</messagetype> <time>00:25:36.893 UTC Thu Feb 19 2009</time> <serialnum>0036232 </serialnum> <hostname>Force10</hostname> <messagenum>0</messagenum> </AgentInfo> show inventory FTSA periodically generates Type 3 messages, which contain the output of the command Figure 16-6. FTSA Type 3 Message ---------------------------------Message Body------------------------------------------ <AgentInfo>...
  • Page 357: Ftsa Policies

    Figure 16-7. FTSA Type 4 Messages ---------------------------------Message Body------------------------------------------ <AgentInfo> <messagetype>Type - 4</messagetype> <time>01:57:46.453 UTC Fri Feb 20 2009</time> <serialnum>0036232 </serialnum> <hostname>Force10</hostname> <messagenum>0</messagenum> </AgentInfo> ---------------------------------Message Attachment------------------------------------ Chassis Type : E300 Chassis Mode : TeraScale Software Version : 7.8.1.0 <log_messages> how logging severity 7 session 1 | display xml <?xml version="1.0"...
  • Page 358: Create An Ftsa Policy Test List

    2. Create the list of actions that FTSA should take if any of the conditions exist. See Create a Policy Action List on page 361. 3. Create a policy and assign a test list and action list. See Create a Policy and Assign a Test and Action List on page 363.
  • Page 359 Table 16-2 shows the test conditions that are available to add to a custom policy test list. See the Dell Force10 MIB for further description of the given Object Identifiers (OID). You may only specify one test condition within a policy.
  • Page 360 Table 16-2. Custom Policy Test Conditions Condition Keyword Description memory-free Memory Per-CPU free memory in Megabytes. chSysProcessorMemSize * (1 - Usage chRpmMemUsageUtil) memory-free-percent Per-CPU total free memory in 1 - chRpmMemUsageUtil percent. memory-used Per-CPU total memory usage in chSysProcessorMemSize * Megabytes.
  • Page 361: Create A Policy Action List

    • increase—If the difference between successive samples, calculated by subtracting the first value from the last, is greater than or equal to the previously sampled value, then the action list is executed. • less-than—If the value of the probed system variable is less than the specified value, then the action list is executed.
  • Page 362 Add actions to a policy action list Once you create a policy action list, FTOS enters the CALLHOME ACTIONLIST context. The list you created is initially empty. You may choose one of three pre-defined action lists and add an unlimited number of custom actions.
  • Page 363: Create A Policy And Assign A Test And Action List

    To add a pre-defined list of actions to your policy action list: Task Command Command Mode default-action [ exception | hardware Add a pre-defined list of actions to CALLHOME ACTIONLIST | software ] your policy action list. You may add an unlimited number of three types of custom actions: Task Command Command Mode...
  • Page 364: Additional Policy Configurations

    Associate a Dell Force10 TAC case number with the CALLHOME POLICY policy. Configure a case number only if you already have a case open with Dell Force10 for the policy. This case number is included in action-list messages sent to Dell Force10.
  • Page 365 Figure 16-9. Configuring an FTSA Policy for a Linecard Down call-home admin-email pubsadmin@training10.com smtp server-address 192.168.1.1 no enable-all server Force10 recipient pubslab@training10.com keyadd Force10DefaultPublicKey no encrypt enable log-messages delay 60 severity 6 policy lcdown action-list lcdown test-list lcdown policy-test-list lcdown default-test hardware policy-action-list lcdown default-action hardware...
  • Page 366 Figure 16-11. FTSA Type 5 Message for a Linecard Down Policy ---------------------------------Message Body------------------------------------------ <AgentInfo> <messagetype>Type - 5</messagetype> <time>23:19:37.209 UTC Wed Feb 25 2009</time> <serialnum>0036232 </serialnum> <hostname>R6_E300</hostname> <messagenum>0</messagenum> </AgentInfo> ---------------------------------Message Attachment------------------------------------ <action_list_message> <AgentInfo> <messagetype>Type - 5</messagetype> <time>23:19:37.230 UTC Wed Feb 25 2009</time> <serialnum>0036232 </serialnum>...
  • Page 367 Figure 16-12. FTSA Type 5 Message for a Linecard Down Policy (continued) </item> <item> <item_name>show logging driverlog linecard 1</item_name> <item_time>23:19:46.191 UTC Wed Feb 25 2009</item_time> <item_output> show logging driverlog linecard 1 [output omitted] </item_output> </item> <item> <item_name>show logging driverlog linecard 4</item_name> <item_time>23:19:46.577 UTC Wed Feb 25 2009</item_time>...
  • Page 368 Figure 16-13. FTSA Type 5 Message for a Linecard Down Policy (continued) </item> <item> <item_name>remote-exec cp dhsTestCp</item_name> <item_time>23:19:54.597 UTC Wed Feb 25 2009</item_time> <item_output> remote-exec cp dhsTestCp [output omitted] </item_output> </item> <item> <item_name>remote-exec cp dhsTestCp</item_name> <item_time>23:20:00.663 UTC Wed Feb 25 2009</item_time> <item_output>...
  • Page 369 Figure 16-14. FTSA Type 5 Message for a BGP Peer Down Policy ---------------------------------Message Body------------------------------------------ <AgentInfo> <messagetype>Type - 5</messagetype> <time>17:14:28.394 UTC Thu Feb 26 2009</time> <serialnum>0036232 </serialnum> <hostname>R6_E300</hostname> <messagenum>0</messagenum> </AgentInfo> ---------------------------------Message Attachment------------------------------------ <action_list_message> <AgentInfo> <messagetype>Type - 5</messagetype> <time>17:14:28.415 UTC Thu Feb 26 2009</time> <serialnum>0036232 </serialnum>...
  • Page 370 Figure 16-15. Configuring an FTSA Policy for an Excessive CRC-error Condition call-home admin-email pubsadmin@training10.com smtp server-address 192.168.1.1 no enable-all server Force10 recipient pubslab@training10.com keyadd Force10DefaultPublicKey no encrypt enable no log-messages policy crcerror action-list crcerror test-list crcerror policy-test-list crcerror test-condition interface-crc 1 greater-than number 500 policy-action-list crcerror no log-only message-format text...
  • Page 371: Debugging Ftsa

    Figure 16-17. FTSA Type 5 Message for an Excessive CRC-error Condition ---------------------------------Message Body------------------------------------------ <AgentInfo> <messagetype>Type - 5</messagetype> <time>21:10:04.678 UTC Tue Mar 10 2009</time> <serialnum>0036232 </serialnum> <hostname>R6_E300</hostname> <messagenum>0</messagenum> </AgentInfo> ---------------------------------Message Attachment------------------------------------ <action_list_message> <AgentInfo> <messagetype>Type - 5</messagetype> <time>21:10:04.686 UTC Tue Mar 10 2009</time> <serialnum>0036232 </serialnum>...
  • Page 372 Figure 16-18. Call-home Debug All during Type 5 Message Generation #02:13:49 : CALL-HOME: Sending the following email 02:13:49 : From: pubsadmin@training10.com pubslab@training10.com Subject: <messagetype>Type - 5</messagetype> Attachment: ramdisk:/crcerror-21_10_04.685.txt 02:13:49 : Message: <AgentInfo> <messagetype>Type - 5</messagetype> <time>21:10:04.678 UTC Tue Mar 10 2009</time> <serialnum>0036232 </serialnum>...
  • Page 373: Garp Vlan Registration Protocol

    GARP VLAN Registration Protocol c e s GARP VLAN Registration Protocol is supported on platform GVRP is supported on the E-Series ExaScale platform with FTOS 8.1.1.0 and later. Protocol Overview Typical VLAN implementation involves manually configuring each Layer 2 switch that participates in a given VLAN.
  • Page 374: Configuring Gvrp

    Figure 17-1. GVRP Compatibility Error Message FTOS(conf)#protocol spanning-tree pvst FTOS(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST..FTOS(conf)#protocol spanning-tree mstp FTOS(conf-mstp)#no disable % Error: GVRP running. Cannot enable MSTP..FTOS(conf)#protocol gvrp FTOS(conf-gvrp)#no disable % Error: PVST running. Cannot enable GVRP. % Error: MSTP running.
  • Page 375: Related Configuration Tasks

    Figure 17-2. GVRP Configuration Overview GVRP is configured globally and on all VLAN trunk ports for the edge and core switches. Edge Switches Edge Switches Core Switches VLANs 10-20 VLANs 70-80 VLANs 30-50 VLANs 10-20 VLANs 70-80 VLANs 30-50 NOTES: VLAN 1 mode is always fixed and cannot be configured All VLAN trunk ports must be configured for GVRP All VLAN trunk ports must be configured as 802.1Q...
  • Page 376: Enabling Gvrp On A Layer 2 Interface

    Figure 17-3. Enabling GVRP Globally FTOS(conf)#protocol gvrp FTOS(config-gvrp)#no disable FTOS(config-gvrp)#show config protocol gvrp no disable FTOS(config-gvrp)# Enabling GVRP on a Layer 2 Interface gvrp enable Enable GVRP on a Layer 2 interface using the command in INTERFACE mode, as shown in show config Figure 17-4.
  • Page 377: Configuring A Garp Timer

    Based on the configuration in the example shown in Figure 17-5, the interface 1/21 will not be removed from VLAN 34 or VLAN 35 despite receiving a GVRP Leave message. Additionally, the interface will not be dynamically added to VLAN 45 or VLAN 46, even if a GVRP Join message is received. Figure 17-5.
  • Page 378 FTOS displays Message 1 if an attempt is made to configure an invalid GARP timer. Message 1 GARP Timer Error FTOS(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. GARP VLAN Registration Protocol...
  • Page 379: High Availability

    High Availability c e s High Availability is supported on platforms: High availability is a collection of features that preserves system continuity by maximizing uptime and minimizing packet loss during system disruptions. To support all the features within the HA collection, you should have the latest boot code. The following table lists the boot code requirements as of this FTOS release.
  • Page 380: Component Redundancy

    Component Redundancy Dell Force10 systems eliminates single points of failure by providing dedicated or load-balanced redundancy for each component. RPM Redundancy The current version of FTOS supports 1+1 hitless Route Processor Module (RPM) redundancy. The primary RPM performs all routing, switching, and control operations while the standby RPM monitors the primary RPM.
  • Page 381 Boot the chassis with dual RPMs When you boot the system with two RPMs installed, the RPM in slot R0 is the primary RPM by default. Both RPMs should be running the same version of FTOS. You can configure either RPM to be the primary redundancy primary upon the next chassis reboot using the command from CONFIGURATION mode.
  • Page 382 Automatic and manual RPM failover RPM failover is the process of the standby RPM becoming the primary RPM. FTOS fails over to the standby RPM when: 1. communication is lost between the standby and primary RPMs 2. you request a failover via the CLI 3.
  • Page 383 Communication between RPMs E-Series RPMs have three CPUs: Control Processor (CP), Routing Processor 1 (RP1), and Routing Processor 2 (RP2). The CPUs use Fast Ethernet connections to communicate to each other and to the line card CPUs (LP) using Inter-Processor Communication (IPC). The CP monitors the health status of the other processors by sending a heartbeat message.
  • Page 384 Table 18-2. Failover Behaviors Platform Failover Trigger Failover Behavior RP task or kernel crash on the CP on the primary RPM detects the RP IPC timeout and notifies the primary RPM standby RPM. The standby RPM initiates a failover. FTOS saves an RP application or kernel core dump, the CP trace log, and the CP IPC-related system status.
  • Page 385 RPM synchronization Data between the two RPMs is synchronized immediately after bootup. Once the two RPMs have done an initial full synchronization (block sync), thereafter FTOS only updates changed data (incremental sync). The data that is synchronized consists of configuration data, operational data, state and status, and statistics depending on the FTOS version.
  • Page 386 Figure 18-3. Using the redundancy force-failover rpm Command to Copy Software between RPMs FTOS#redundancy force-failover rpm Peer RPM's SW version is different but HA compatible. Failover can be done by warm or hitless upgrade. All linecards will be reset during warm upgrade. Specify hitless upgrade or warm upgrade [confirm hitless/warm]:hitless Proceed with warm upgrade [confirm yes/no]: Specify an Auto-failover Limit...
  • Page 387: Online Insertion And Removal

    Line Card Online Insertion and Removal on page 387 RPM Online Insertion and Removal Dell Force10 systems are functional with only one RPM. If a second RPM is inserted, it comes online as the standby RPM, as shown in Figure 18-4.
  • Page 388 Figure 18-5. Inserting and Removing a Line Card FTOS(conf)#do show linecard all Line cards Slot Status NxtBoot ReqTyp CurTyp Version Ports --------------------------------------------------------------------------- not present [output omitted] FTOS(conf)# %RPM0-P:CP %CHMGR-5-CARDDETECTED: Line card 0 present FTOS(conf)# do show linecard Line cards Slot Status NxtBoot ReqTyp...
  • Page 389: Hitless Behavior

    Replace a line card If you are replacing a line card with a line card of the same type, you may replace the card without any additional configuration. If you are replacing a line card with a line card of a different type, remove the card and then remove the no linecard existing line card configuration using the command .
  • Page 390: Graceful Restart

    Hitless behavior is defined in the context of an RPM failover only and does not include line card, SFM, and power module failures. • On the E-Series: Failovers triggered by software exception, hardware exception, forced failover via the CLI, and manual removal of the primary RPM are all hitless. •...
  • Page 391: Runtime System Health Check

    Runtime System Health Check Runtime System Health Check is supported on platform: FTOS runs a system health check to detect data transfer errors within the system. FTOS performs the check during normal operation by interspersing among, test frames among the data frames that carry user and system data.
  • Page 392: Software Component Health Monitoring

    (CRC failures, packet loss, etc.) are measured, and upon exceeding a threshold can be used to initiate recovery mechanism. Failure and Event Logging Dell Force10 systems provides multiple options for logging failures and events. Trace Log Developers interlace messages with software code to track a the execution of a program. These messages are called trace messages;...
  • Page 393: Hot-Lock Behavior

    • The kernel is the central component of an operating system that manages system processors and memory allocation and makes these facilities available to applications. A kernel core dump is the contents of the memory in use by the kernel at the time of an exception. •...
  • Page 394: Configure Cache Boot

    If you attempt an SFM auto upgrade, you must reload the chassis to recover. The Dell Force10 system has the ability to boot the chassis using a cached FTOS image. FTOS stores the system image on the bootflash for each processor so that: •...
  • Page 395 Figure 18-8. Determining your System Pre-requisites for Cache Boot FTOS#show rpm -- RPM card 0 -- Status : active Next Boot : online Card Type : RPM - Route Processor Module (LC-EF3-RPM) Hardware Revision 2.1 or later Hardware Rev : 2.2i Num Ports Up Time : 1 day, 4 hr, 25 min...
  • Page 396 Select the FTOS image that you want to cache using the command , as shown in Figure 18-9. Dell Force10 recommends using the keyword with this command to avoid any mis-matched configurations. Note: The cache boot feature is not enabled by default; you must copy the running configuration to the...
  • Page 397 Figure 18-10. Viewing the Cache Boot Configuration FTOS#show boot system all Current system image information in the system: ============================================= Type Boot Type ---------------------------------------------------------------- DOWNLOAD BOOT 4.7.5.427 invalid DOWNLOAD BOOT 4.7.5.427 invalid DOWNLOAD BOOT 4.7.5.427 invalid linecard 0 DOWNLOAD BOOT 4.7.5.427 invalid linecard 1 is not present.
  • Page 398: In-Service Modular Hot-Fixes

    In-Service Modular Hot-Fixes In-Service Modular Hot-Fixes are supported on platforms: In-Service Modular Hot-Fixes provides a tool whereby you can install a patch while the system is on-line and running. This feature allows a patch to be added to a running FTOS process to obtain debugging information or to resolve a software issue in a deployed system.
  • Page 399: Process Restartability

    Note: The command can be used on both the primary and secondary RPMs, as shown here: show patch FTOS(standby)#show patch Patch version Module Timestamp E.1.1.bgp.1.0 Mon Jun 22 06:51:23 PDT 2009 E.2.1.l2mgr.1.0 l2mgr Mon Jun 22 07:11:15 PDT 2009 FTOS(standby)# Process Restartability c e s Process Restartability...
  • Page 400 You can select which process may attempt to restart, and the number of consecutive restart attempts before failover, but by default, every process causes a system reload or RPM failover. Task Command Syntax Command Mode process restartable count number period Enable Process Restartability for a process CONFIGURATION...
  • Page 401 FTOS Behavior: When is enabled, and the respective process restarts, debug tacacs debug radius FTOS does not continue to print debug messages after the restart; you must execute debug tacacs again. This is because debugging is not saved to the running configuration, rather, FTOS debug radius marks the process for debugging with a flag that is cleared during the restart.
  • Page 402 High Availability...
  • Page 403: Internet Group Management Protocol

    • Dell Force10 systems cannot serve as an IGMP host or an IGMP version 1 IGMP Querier. • FTOS automatically enables IGMP on interfaces on which you enable a multicast routing protocol.
  • Page 404: Igmp Version 2

    IGMP version 2 IGMP version 2 improves upon version 1 by specifying IGMP Leave messages, which allows hosts to notify routers that they no longer care about traffic for a particular group. Leave messages reduce the amount of time that the router takes to stop forwarding traffic for a group to a subnet (leave latency) after the last host leaves the group.
  • Page 405: Igmp Version 3

    Sending an Unsolicited IGMP Report A host does not have to wait for a general query to join a group. It may send an unsolicited IGMP Membership Report, also called an IGMP Join message, to the querier. Leaving a Multicast Group 1.
  • Page 406: Joining And Filtering Groups And Sources

    Figure 19-3. IGMP version 3 Membership Report Packet Format Version Flags Src IP Addr Dest IP Addr IGMP Packet Total Length Frag Offset Protocol Header Options Padding (0xc0) Checksum (224.0.0.22) (Router Alert) Type Reserved Checksum Reserved Number of Group Group Record 1 Group Record 2 Group Record N Records...
  • Page 407: Leaving And Staying In Groups

    Figure 19-4. IGMP Membership Reports: Joining and Filtering Membership Reports: Joining and Filtering IGMP Group-and-Source Specific Query Interface Multicast Group Filter Source Source Non-Querier Querier Address Timer Mode Timer Type: 0x11 224.1.1.1 GMI Exclude Group Address: 244.1.1.1 None Number of Sources: 1 224.1.1.1 Include 10.11.1.1 GMI...
  • Page 408: Configuring Igmp

    Figure 19-5. IGMP Membership Queries: Leaving and Staying in Groups Membership Queries: Leaving and Staying Querier Non-Querier Interface Multicast Group Filter Source Source Non-querier builds identical table Address Timer Mode Timer and waits Other Querier Present 224.1.1.1 Include Interval to assume Querier role 10.11.1.1 LQMT 10.11.1.2 LQMT 224.2.2.2 GMI Exclude None...
  • Page 409: Selecting An Igmp Version

    Figure 19-6. Viewing IGMP-enabled Interfaces FTOS#show ip igmp interface gig 7/16 GigabitEthernet 7/16 is up, line protocol is up Internet address is 10.87.3.2/24 IGMP is enabled on interface IGMP query interval is 60 seconds IGMP querier timeout is 300 seconds IGMP max query response time is 10 seconds Last member query response interval is 199 ms IGMP activity: 0 joins, 0 leaves...
  • Page 410: Adjusting Timers

    Figure 19-8. Viewing Static and Learned IGMP Groups FTOS(conf-if-gi-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224.1.1.1 GigabitEthernet 1/0 00:00:03 Never 224.1.2.1 GigabitEthernet 1/0 00:56:55 00:01:22 1.1.1.2 Adjusting Timers show ip igmp interface View the current value of all IGMP timers using the command...
  • Page 411: Configuring A Static Igmp Group

    Note: The timeout value for an IGMP querier is calculated differently on Dell Force10 FTOS routers than on Cisco IOS routers. As a result, if the IGMP querier in a subnet goes down, a Cisco IOS router may be elected as the new querier before a Dell Force10 FTOS router.
  • Page 412: Igmp Snooping

    IGMP Snooping Multicast packets are addressed with multicast MAC addresses, which represent a group of devices, rather than one unique device. Switches forward multicast frames out of all ports in a VLAN by default, even though there may be only some interested hosts, which is a waste of bandwidth. IGMP Snooping enables switches to use information in IGMP packets to generate a forwarding table that associates ports with multicast groups so that when they receive multicast frames, they can forward them only to interested receivers.
  • Page 413: Disabling Multicast Flooding

    Figure 19-10. Enabling IGMP Snooping FTOS(conf-if-vl-100)#show config interface Vlan 100 no ip address ip igmp snooping fast-leave shutdown FTOS(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN.
  • Page 414: Fast Convergence After Mstp Topology Changes

    • When enabled, IGMP snooping Querier starts after one query interval in case no IGMP general query (with IP SA lower than its VLAN IP address) is received on any of its VLAN members. Adjusting the Last Member Query Interval When the querier receives a leave message from a receiver, it sends a group-specific query out of the ports specified in the forwarding table.
  • Page 415: Interfaces

    Interfaces This chapter describes interface types, both physical and logical, and how to configure them with FTOS. 10/100/1000 Mbps Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet interfaces are supported on c e s platforms SONET interfaces are only supported on platform and are covered in the SONET/SDH chapter.
  • Page 416: Interface Types

    Interface Types Modes Requires Interface Type Possible Default Mode Creation Default State Physical L2, L3 Unset Shutdown (disabled) Management No Shutdown (enabled) Loopback No Shutdown (enabled) Null Enabled Port Channel L2, L3 Shutdown (disabled) VLAN L2, L3 Yes (except L2 - No Shutdown (enabled) default) L3 - Shutdown (disabled) View Basic Interface Information...
  • Page 417: Show Interfaces Configured

    Figure 20-1. show interfaces Command Example FTOS#show interfaces tengigabitethernet 1/0 TenGigabitEthernet 1/0 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:05:f3:6a Current address is 00:01:e8:05:f3:6a Pluggable media present, XFP type is 10GBASE-LR. Medium is MultiRate, Wavelength is 1310nm XFP receive power reading is -3.7685 Interface index is 67436603 Internet address is 65.113.24.238/28...
  • Page 418: Enable A Physical Interface

    Figure 20-3. Interfaces listed in the show running-config Command (Partial) FTOS#show running Current Configuration ... interface GigabitEthernet 9/6 no ip address shutdown interface GigabitEthernet 9/7 no ip address shutdown interface GigabitEthernet 9/8 no ip address shutdown interface GigabitEthernet 9/9 no ip address shutdown Enable a Physical Interface After determining the type of physical interfaces available, the user may enter the INTERFACE mode by...
  • Page 419: Physical Interfaces

    show config To confirm that the interface is enabled, use the command in the INTERFACE mode. exit To leave the INTERFACE mode, use the command or command. The user can not delete a physical interface. Physical Interfaces The Management Ethernet interface, is a single RJ-45 Fast Ethernet port on the Route Processor Module (RPM) of the C-Series and E-Series, and provides dedicated management access to the system.
  • Page 420: Overview Of Layer Modes

    Overview of Layer Modes On all systems running FTOS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode. Table 20-1. Interfaces Types Possible Requires Type of Interface Modes Creation...
  • Page 421: Configure Layer 3 (Network) Mode

    For information on enabling and configuring Spanning Tree Protocol, see Chapter 10, Layer 2, on page show interfaces switchport To view the interfaces in Layer 2 mode, use the command in the EXEC mode. Configure Layer 3 (Network) Mode ip address When you assign an IP address to a physical interface, you place it in Layer 3 mode.
  • Page 422 Command Syntax Command Mode Purpose ip address [ secondary ] ip-address mask INTERFACE Configure a primary IP address and mask on the interface. The must be in ip-address dotted-decimal format (A.B.C.D) and the must be in slash format (/xx). mask Add the keyword secondary if the IP address is the interface’s backup IP address.
  • Page 423: Management Interfaces

    Management Interfaces Configure Management Interfaces on the E-Series and C-Series On the E-Series and C-Series, the dedicated Management interface is located on the RPM and provides management access to the system. You can configure this interface with FTOS, but the configuration options on this interface are limited.
  • Page 424: Configure Management Interfaces On The S-Series

    Important Things to Remember — virtual-ip virtual-ip • is a CONFIGURATION mode command. You may enter an IPv4 or IPv6 address. • When applied, the management port on the primary RPM assumes the virtual IP address. Entering the show interfaces show ip interface brief commands on the primary RPM management interface will display both the virtual IP address and the actual IP address configured on the interface (see...
  • Page 425: Displaying Information On A Management Interface

    Displaying Information on a Management Interface show interface To view information about the primary RPM management port, use the Managementethernet command in EXEC or EXEC Privilege mode. If there are two RPMs on the system, you cannot view information on the interface. Figure 20-9.
  • Page 426: Vlan Interfaces

    VLAN Interfaces VLANs are logical interfaces and are, by default, in Layer 2 mode. Physical interfaces and port channels can be members of VLANs. For more information on VLANs and Layer 2, refer to Chapter 10, Layer 2, on page 47.
  • Page 427: Loopback Interfaces

    Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Since this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place Loopback interfaces in default Layer 3 mode. To configure a Loopback interface, use the following command in the CONFIGURATION mode: Command Syntax Command Mode...
  • Page 428: Port Channel Interfaces

    Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • Port channel definition and standards on page 428 • Port channel benefits on page 428 • Port channel implementation on page 428 •...
  • Page 429 • Dynamic—Port channels that are dynamically configured using Link Aggregation Control Protocol (LACP). For details, see Chapter 24, Link Aggregation Control Protocol. Table 20-2. Number of Port-channels per Platform Platform Port-channels Members/Channel E-Series C-Series S-Series: S50 and S25 S-Series: S55, S60 and S4810 Table 20-3.
  • Page 430: Configuration Task List For Port Channel Interfaces

    The common speed is determined when the port channel is first enabled. At that time, the software checks the first interface listed in the port channel configuration. If that interface is enabled, its speed configuration becomes the common speed of the port channel. If the other interfaces configured in that port channel are configured with a different speed, FTOS disables them.
  • Page 431: Add A Physical Interface To A Port Channel

    The port channel is now enabled and you can place the port channel in Layer 2 or Layer 3 mode. Use the switchport command to place the port channel in Layer 2 mode or configure an IP address to place the port channel in Layer 3 mode.
  • Page 432 Figure 20-13. show interfaces port-channel brief Command Example FTOS#show int port brief LAG Mode Status Uptime Ports L2L3 00:06:03 Gi 13/6 (Up) * Gi 13/12 (Up) L2L3 00:06:03 Gi 13/7 (Up) * Gi 13/8 (Up) Gi 13/13 (Up) Gi 13/14 (Up) FTOS# Figure 20-14...
  • Page 433: Reassign An Interface To A New Port Channel

    Figure 20-15. Error Message FTOS(conf-if-portch)#show config interface Port-channel 5 no ip address switchport channel-member GigabitEthernet 1/6 FTOS(conf-if-portch)#int gi 1/6 FTOS(conf-if)#ip address 10.56.4.4 /24 % Error: Port is part of a LAG Gi 1/6. Error message FTOS(conf-if)# Reassign an interface to a new port channel An interface can be a member of only one port channel.
  • Page 434: Add Or Remove A Port Channel From A Vlan

    Figure 20-16. Command Example from Reassigning an Interface to a Different Port Channel FTOS(conf-if-portch)#show config interface Port-channel 4 no ip address channel-member GigabitEthernet 1/8 no shutdown FTOS(conf-if-portch)#no chann gi 1/8 FTOS(conf-if-portch)#int port 5 FTOS(conf-if-portch)#channel gi 1/8 FTOS(conf-if-portch)#sho conf interface Port-channel 5 no ip address channel-member GigabitEthernet 1/8 shutdown...
  • Page 435: Assign An Ip Address To A Port Channel

    To add a port channel to a VLAN, use either of the following commands: Command Syntax Command Mode Purpose tagged port-channel id number INTERFACE Add the port channel to the VLAN as a tagged VLAN interface. An interface with tagging enabled can belong to multiple VLANs.
  • Page 436 Load balancing through port channels FTOS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among ECMP paths and LAG members. The distribution is based on a flow, except for packet-based hashing. A flow is identified by the hash and is assigned to one link. In packet-based hashing, a single flow can be distributed on the LAG and uses one link.
  • Page 437 On the E-Series, to change the 5-tuple default to 3-tuple, MAC, or packet-based, use the following command in CONFIGURATION mode: Command Syntax Command Mode Purpose [ no ] load-balance [ ip-selection CONFIGURATION To designate a method to balance traffic over a port { 3-tuple | packet-based }] [ mac ] channel.
  • Page 438 IPv4, IPv6, and non-IP traffic handling on the E-Series load-balance The table below presents the combinations of the command and their effect on traffic types. Table 20-7. The load-balance Commands and Port Channel Types Routed Switched Switched Configuration Commands IP Traffic IP Traffic Non-IP Traffic (IPv4 only)
  • Page 439 Hash algorithm load-balance command discussed above selects the hash criteria applied to port channels. hash-algorithm If even distribution is not obtained with the load-balance command, the command can be used to select the hash scheme for LAG, ECMP and NH-ECMP. The 12 bit Lag Hash can be rotated or shifted till the desired hash is achieved.
  • Page 440: Bulk Configuration

    dest-ip • — uses destination IP address as part of the hash key • — always uses the least significant bit of the hash key to compute the egress port To change to another method, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose...
  • Page 441: Bulk Configuration Examples

    show configuration command is also available under the interface range mode. This command allows you to display the running configuration only for interfaces that are part of interface range. Bulk Configuration Examples interface range The following are examples of using the command for bulk configuration: •...
  • Page 442: Overlap Port Ranges

    Figure 20-23. Interface Range Prompt Excluding a Smaller Port Range FTOS(conf)#interface range gigabitethernet 2/0 - 23 , gigab 2/1 - 10 FTOS(conf-if-range-gi-2/0-23)# Overlap port ranges If overlapping port ranges are specified, the port range is extended to the smallest start port number and largest end port number: Figure 20-24.
  • Page 443: Interface Range Macros

    Interface Range Macros The user can define an interface-range macro to automatically select a range of interfaces for configuration. Before you can use the macro keyword in the interface-range macro command string, you must define the macro. To define an interface-range macro, enter this command: Command Syntax Command Mode Purpose...
  • Page 444: Choose An Interface-Range Macro

    Choose an Interface-range Macro interface range To use an interface-range macro in the command, enter this command: Command Syntax Command Mode Purpose interface range macro name CONFIGURATION Selects the interfaces range to be configured using the values saved in a named interface-range macro. The example below shows how to change to the interface-range configuration mode using the interface-range macro named “test”.
  • Page 445: Maintenance Using Tdr

    FTOS# Maintenance using TDR The Time Domain Reflectometer (TDR) is supported on all Dell Force10 switch/routers. TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs. TDR sends a signal onto the physical cable and examines the reflection of the signal that returns.
  • Page 446: Link Debounce Timer

    tdr-cable-test To test the condition of cables on 10/100/1000 BASE-T modules, use the command: Step Command Syntax Command Mode Usage tdr-cable-test gigabitethernet EXEC Privilege To test for cable faults on the GigabitEthernet <slot>/ <port> cable. • Between two ports, the user must not start the test on both ends of the cable.
  • Page 447: Assign A Debounce Time To An Interface

    • Changes made do not affect any ongoing debounces. The timer changes take affect from the next debounce onward. Assign a debounce time to an interface Command Syntax Command Mode Purpose link debounce time [milliseconds] INTERFACE Enter the time to delay link status change notification on this interface.
  • Page 448: Disable Port On One Sfm

    When an E300 system boots up and a single SFM is active this configuration, any ports configured with this feature will be shut down. All other ports are booted up. Similarly, if an SFM fails (or is removed) in an E300 system with two SFM, ports configured with this feature will be shut down.
  • Page 449: Enable Link Dampening

    Enable Link Dampening dampening Enable link dampening using the command from INTERFACE mode, as shown in Figure 20-30. Figure 20-30. Configuring Link Dampening R1(conf-if-gi-1/1)#show config interface GigabitEthernet 1/1 ip address 10.10.19.1/24 dampening 1 2 3 4 no shutdown R1(conf-if-gi-1/1)#exit show config View the link dampening configuration on an interface using the command , or view show interfaces...
  • Page 450: Ethernet Pause Frames

    Figure 20-33. Clearing Dampening Counters FTOS# clear dampening interface Gi 0/1 FTOS# show interfaces dampening GigabitEthernet0/0 InterfaceState Flaps Penalty Half-LifeReuse SuppressMax-Sup Gi 0/1 Up 1500 Link Dampening Support for XML | display xml View the output of the following show commands in XML by adding to the end of the command: •...
  • Page 451: Threshold Settings

    The globally assigned 48-bit Multicast address 01-80-C2-00-00-01 is used to send and receive pause frames. To allow full duplex flow control, stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to this multicast address. The PAUSE frame is defined by IEEE 802.3x and uses MAC Control frames to carry the PAUSE commands.
  • Page 452: Enable Pause Frames

    Note: On the C-Series and S-Series platforms, Ethernet Pause Frames TX should be enabled only after consulting with the Dell Force10 Technical Assistance Center. Ethernet Pause Frames flow control must be enabled on all ports on a chassis or a line card. If not, the system may exhibit unpredictable behavior.
  • Page 453: Configure Mtu Size On An Interface

    Configure MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be large enough to include the Layer 2 header. For example, for VLAN packets, if the IP MTU is 1400 bytes, the Link MTU must 1422 bytes or greater to accommodate the 22-byte VLAN header: 1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU On the E-Series and C-Series, you configure the Link MTU size on an interface by entering the...
  • Page 454: Port-Pipes

    Port-pipes A port pipe is a Dell Force10 specific term for the hardware path that packets follow through a system. Port pipes travel through a collection of circuits (ASICs) built into line cards and RPMs on which various processing events for the packets occur. One or two port pipes process traffic for a given set of physical interfaces or a port-set.
  • Page 455: Auto-Negotiation On Ethernet Interfaces

    Note: As a best practice, Dell Force10 recommends keeping auto-negotiation enabled. Auto-negotiation should only be disabled on switch ports that attach to devices not capable of supporting negotiation or where connectivity issues arise from interoperability issues.
  • Page 456 Note: The show interfaces status command displays link status, but not administrative status. For link and administrative status, use show ip interface [ interface | brief | linecard slot-number ] [ configuration ]. Figure 20-34. show interfaces status Command Example FTOS#show interfaces status Port Description Status Speed...
  • Page 457: View Advanced Interface Information

    Figure 20-36. Setting Auto-Negotiation Options FTOS(conf)# int gi 0/0 FTOS(conf-if)#neg auto FTOS(conf-if-autoneg)# ? Exit from configuration mode exit Exit from autoneg configuration mode mode Specify autoneg mode Negate a command or set its defaults speed duplex negotiation auto For details on the , and commands, see the Interfaces chapter of the FTOS...
  • Page 458: Configure Interface Sampling Size

    Figure 20-37. show Commands with configured Keyword Examples FTOS#show interfaces configured FTOS#show interfaces linecard 0 configured FTOS#show interfaces gigabitEthernet 0 configured FTOS#show ip interface configured FTOS#show ip interface linecard 1 configured FTOS#show ip interface gigabitEthernet 1 configured FTOS#show ip interface br configured FTOS#show ip interface br linecard 1 configured FTOS#show ip interface br gigabitEthernet 1 configured FTOS#show running-config interfaces configured...
  • Page 459 Figure 20-39. Configuring Rate Interval Example FTOS#show interfaces TenGigabitEthernet 10/0 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:01:9e:d9 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10000 Mbit ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface"...
  • Page 460: Dynamic Counters

    Dynamic Counters By default, counting for the following four applications is enabled: • IPFLOW • IPACL • L2ACL • L2FIB For remaining applications, FTOS automatically turns on counting when the application is enabled, and is turned off when the application is disabled. Please note that if more than four counter-dependent applications are enabled on a port pipe, there is an impact on line rate performance.
  • Page 461: Clear Interface Counters

    Clear interface counters show interfaces clear counters The counters in the command are reset by the command. This command does not clear the counters captured by any SNMP program. To clear the counters, use the following command in the EXEC Privilege mode: Command Syntax Command Mode Purpose...
  • Page 462 Interfaces...
  • Page 463: Ipv4 Addressing

    IPv4 Addressing c e s IPv4 Addressing is supported on platforms IPv4 addressing is supported on the E-Series ExaScale platform with FTOS 8.1.1.0 and later. FTOS supports various IP addressing features. This chapter explains the basics of Domain Name Service (DNS), Address Resolution Protocol (ARP), and routing principles and their implementation in FTOS.
  • Page 464: Configuration Task List For Ip Addresses

    At its most basic level, an IP address is 32-bits composed of network and host portions and represented in dotted decimal format. For example, 00001010110101100101011110000011 is represented as 10.214.87.131 For more information on IP addressing, refer to 791, Internet Protoco Implementation Information In FTOS, you can configure any IP address as a static route except IP addresses already assigned to interfaces.
  • Page 465 To assign an IP address to an interface, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose interface Enter the keyword interface followed by the type of CONFIGURATION interface interface and slot/port information: •...
  • Page 466: Configure Static Routes

    FTOS#show ip int gi 0/8 GigabitEthernet 0/8 is up, line protocol is up Internet address is 10.69.8.1/24 Broadcast address is 10.69.8.255 Address determined by config file MTU is 1554 bytes Inbound access list is not set Proxy ARP is enabled Split Horizon is enabled Poison Reverse is disabled ICMP redirects are not sent...
  • Page 467: Configure Static Routes For The Management Interface

    Figure 21-3. show ip route static Command Example (partial) FTOS#show ip route static Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- 2.1.2.0/24 Direct, Nu 0 00:02:30 6.1.2.0/24 via 6.1.20.2, Te 5/0 00:02:30 6.1.2.2/32 via 6.1.20.2, Te 5/0 00:02:30 6.1.2.3/32 via 6.1.20.2, Te 5/0 00:02:30 6.1.2.4/32...
  • Page 468: Directed Broadcast

    show ip management-route To view the configured static routes for the management port, use the command in the EXEC privilege mode. Figure 21-4. show ip management-route Command Example FTOS>show ip management-route Destination Gateway State ----------- ------- ----- 1.1.1.0/24 172.31.1.250 Active 172.16.1.0/24 172.31.1.250 Active...
  • Page 469: Specify Local System Domain And A List Of Domains

    Command Syntax Command Mode Purpose ip domain-lookup CONFIGURATION Enable dynamic resolution of host names. ip name-server CONFIGURATION Specify up to 6 IPv4 or IPv6 name servers. The order you ipv4-address entered the servers determines the order of their use. You ipv4-address2 ipv4-address6 may have IPv4 and IPv6 name servers configured at the...
  • Page 470: Dns With Traceroute

    Command Syntax Command Mode Purpose ip domain-list CONFIGURATION Configure names to complete unqualified host names. name Configure this command up to 6 times to specify a list of possible domain names. FTOS searches the domain names in the order they were configured until a match is found or the list is exhausted.
  • Page 471: Configuration Task List For Arp

    FTOS uses two forms of address resolution: ARP and Proxy ARP. Address Resolution Protocol (ARP) runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network. Over time, FTOS creates a forwarding table mapping the MAC addresses to their corresponding IP address.
  • Page 472: Enable Proxy Arp

    Command Syntax Command Mode Purpose CONFIGURATION Configure an IP address and MAC address mapping ip-address mac-address interface for an interface. • ip-address: IP address in dotted decimal format (A.B.C.D). • MAC address in nnnn.nnnn.nnnn mac-address: format • interface: enter the interface type slot/port information.
  • Page 473: Arp Learning Via Gratuitous Arp

    Command Syntax Command Mode Purpose clear arp-cache [ interface | ip EXEC privilege Clear the ARP caches for all interfaces or for a specific ip-address] [ no-refresh ] interface by entering the following information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information.
  • Page 474: Arp Learning Via Arp Request

    Beginning with version 8.3.1.0, when a Gratuitous ARP is received, FTOS installs an ARP entry on all 3 CPUs. Task Command Syntax Command Mode Enable ARP learning via gratuitous ARP. arp learn-enable CONFIGURATION ARP Learning via ARP Request In FTOS versions prior to 8.3.1.0, FTOS learns via ARP Requests only if the Target IP specified in the packet matches the IP address of the receiving router interface.
  • Page 475: Configurable Arp Retries

    Configurable ARP Retries In FTOS versions prior to 8.3.1.0 the number of ARP retries is set to 5 and is not configurable. After 5 retries, FTOS backs off for 20 seconds before it sends a new request. Beginning with FTOS version 8.3.1.0, the number of ARP retries is configurable.
  • Page 476: Udp Helper

    Enable ICMP unreachable messages By default, ICMP unreachable messages are disabled. When enabled ICMP unreachable messages are no ip unreachable created and sent out all interfaces. To disable ICMP unreachable messages, use the command. To reenable the creation of ICMP unreachable messages on the interface, use the following command in the INTERFACE mode: Command Syntax Command Mode...
  • Page 477: Configuring Udp Helper

    Configuring UDP Helper Configuring FTOS to direct UDP broadcast is a two-step process: 1. Enable UDP helper and specify the UDP ports for which traffic is forwarded. See Enabling UDP Helper on page 477. 2. Configure a broadcast address on interfaces that will receive UDP broadcast traffic. See Configuring a Broadcast Address on page 478.
  • Page 478: Configuring A Broadcast Address

    Configuring a Broadcast Address ip udp-broadcast-address Configure a broadcast address on an interface using the command , as shown in Figure 21-12. Figure 21-12. Configuring a Broadcast Address FTOS(conf-if-vl-100)#ip udp-broadcast-address 1.1.255.255 FTOS(conf-if-vl-100)#show config interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.255 untagged GigabitEthernet 1/2 no shutdown show interfaces...
  • Page 479: Udp Helper With Broadcast-All Addresses

    UDP Helper with Broadcast-all Addresses When the destination IP address of an incoming packet is the IP broadcast address, FTOS rewrites the address to match the configured broadcast address. Figure 21-14: 1. Packet 1 is dropped at ingress if no UDP helper address is configured. ip udp-helper udp-port 2.
  • Page 480: Udp Helper With Configured Broadcast Addresses

    Figure 21-15, Packet 1 has the destination IP address 1.1.1.255, which matches the subnet broadcast address of VLAN 101. If UDP helper is configured and the packet matches the specified UDP port, then the system changes the address to the configured IP broadcast address and floods the packet on VLAN 101.
  • Page 481: Udp Helper With No Configured Broadcast Addresses

    UDP Helper with No Configured Broadcast Addresses • If the incoming packet has a broadcast destination IP address, then the unaltered packet is routed to all Layer 3 interfaces. • If the Incoming packet has a destination IP address that matches the subnet broadcast address of any interface, then the unaltered packet is routed to the matching interfaces.
  • Page 482 IPv4 Addressing...
  • Page 483: Ipv6 Addressing

    IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief discussion of the differences between IPv4 and IPv6, and the Dell Force10 support of IPv6. This chapter discusses the following, but is not intended to be a comprehensive discussion of IPv6.
  • Page 484: Extended Address Space

    Some key changes in IPv6 are: • Extended Address Space • Stateless Autoconfiguration • Header Format Simplification • Improved Support for Options and Extensions Extended Address Space The address format is extended from 32 bits to 128 bits. This not only provides room for all anticipated needs, it allows for the use of a hierarchical address space structure to optimize global addressing.
  • Page 485: Ipv6 Headers

    IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This provides 16 bytes each for Source and Destination information, and 8 bytes for general header information. The IPv6 header includes the following fields: • Version (4 bits) •...
  • Page 486 Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet Source. Sending and forwarding routers use this field to identify different IPv6 classes and priorities. Routers understand the priority settings and handle them appropriately during conditions of congestion.
  • Page 487: Extension Header Fields

    Table 22-1. Next Header field values (continued) Value Description No Next Header Destinations option header Note: This is not a comprehensive table of Next Header field values. Refer to the Internet Assigned Numbers Authority (IANA) web page http://www.iana.org/assignments/protocol-numbers for a complete and current listing. Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing.
  • Page 488: Addressing

    Hop-by-Hop Options header The Hop-by-Hop options header contains information that is examined by every router along the packet’s path. It follows the IPv6 header and is designated by the Next Header value 0 (zero) (Table 22-1). When a Hop-by-Hop Options header is not included, the router knows that it does not have to process any router specific information and immediately processes the packet to its final destination.
  • Page 489 • 2001:0db8:0000:0000:0000:0000:1428:57ab • 2001:0db8:0000:0000:0000::1428:57ab • 2001:0db8:0:0:0:0:1428:57ab • 2001:0db8:0:0::1428:57ab • 2001:0db8::1428:57ab • 2001:db8::1428:57ab IPv6 networks are written using Classless Inter-Domain Routing (CIDR) notation. An IPv6 network (or subnet) is a contiguous group of IPv6 addresses the size of which must be a power of two; the initial bits of addresses, which are identical for all hosts in the network, are called the network's prefix.
  • Page 490: Implementing Ipv6 With Ftos

    Implementing IPv6 with FTOS FTOS supports both IPv4 and IPv6, and both may be used simultaneously in your system. Note: Dell Force10 recommends that you use FTOS version 7.6.1.0 or later when implementing IPv6 functionality on an E-Series system. Table 22-2 lists the FTOS Version in which an IPv6 feature became available for each platform.
  • Page 491 Table 22-2. FTOS and IPv6 Feature Support (continued) IS-IS for IPv6 7.5.1 8.2.1 8.4.2 8.4.2 Chapter 23, “Intermediate System to Intermediate System,” on page 507 in the FTOS Configuration Guide IPv6 IS-IS in the FTOS Command Line Reference Guide IS-IS for IPv6 support 7.6.1 8.2.1 8.4.2...
  • Page 492: Icmpv6

    Table 22-2. FTOS and IPv6 Feature Support (continued) PIM-SSM for IPv6 7.5.1 8.2.1 8.4.2 8.4.2 IPv6 Multicast in this chapter IPv6 PIM in the FTOS Command Line Reference Guide MLDv1/v2 7.4.1 8.2.1 8.4.2 8.4.2 IPv6 Multicast in this chapter Multicast IPv6 in the FTOS Command Line Reference Guide MLDv1 Snooping 7.4.1...
  • Page 493: Ipv6 Neighbor Discovery

    largest packet size that can traverse a Path MTU (Maximum Transmission Unit) defines the transmission path without suffering fragmentation. Path MTU for IPv6 uses ICMPv6 Type-2 messages to discover the largest MTU along the path from source to destination and avoid the need to fragment the packet.
  • Page 494: Ipv6 Neighbor Discovery Of Mtu Packets

    Figure 22-3. NDP Router Redistribution Router C Network 2001:db8::1428:57ab Network 2001:db8::1428:57ab Send a Packet to Network 2001:db8::1428:57ab Router A Router B Local Link Packet Destination (2001:db8::1428:57ab) ICMPv6 Redirect (Data: Use Router C) Packet Destination (Destination 2001:db8::1428:57ab) IPv6 Neighbor Discovery of MTU packets With FTOS 8.3.1.0, you can set the MTU advertised through the RA packets to incoming routers, without ip nd mtu altering the actual MTU setting on the interface.
  • Page 495: Ipv6 Multicast

    FTOS IPv6 supports quality of service based on DSCP field. You can configure FTOS to honor the DSCP value on incoming routed traffic and forward the packets with the same value. Refer to Chapter 41, Quality of Service for details. Refer also to the Honor DSCP values on ingress trust diffserv packets...
  • Page 496: Configuration Task List For Ipv6

    Configuration Task List for IPv6 This section contains information regarding the following: • Change your CAM-Profile on an E-Series system (mandatory) • Adjust your CAM-Profile on an C-Series or S-Series • Assign an IPv6 Address to an Interface • Assign a Static IPv6 Route •...
  • Page 497: Adjust Your Cam-Profile On An C-Series Or S-Series

    Figure 22-5. Command Example: (E-Series show cam profile FTOS#show cam-profile -- Chassis CAM Profile -- CamSize : 18-Meg : Current Settings : Next Boot Profile Name : IPV6-ExtACL : IPV6-ExtACL L2FIB : 32K entries : 32K entries L2ACL : 1K entries : 1K entries IPv4FIB : 192K entries...
  • Page 498: Assign An Ipv6 Address To An Interface

    write-mem or copy run start Save the new CAM settings to the startup-config ( ) then reload the system for the new settings to take effect. Command Syntax Command Mode Purpose cam-acl { default | l2acl CONFIGURATION Allocate space for IPV6 ACLs. Enter the CAM ipv4acl number...
  • Page 499: Assign A Static Ipv6 Route

    Assign a Static IPv6 Route c e s IPv6 Static Routes are supported on platforms ipv6 route Use the command to configure IPv6 static routes. Command Syntax Command Mode Purpose ipv6 route prefix type {slot/ CONFIGURATION Set up IPv6 static routes port} forwarding router tag prefix: IPv6 route prefix type {slot/port}: interface type and slot/port...
  • Page 500: Snmp Over Ipv6

    Command Syntax Command Mode Purpose telnet ipv6 address EXEC or Enter the IPv6 Address for the device. EXEC Privileged ipv6 address : x:x:x:x::x mask : prefix length 0-128 IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:).
  • Page 501: Show An Ipv6 Interface

    Command Syntax Command Mode Purpose FTOS#show ipv6 ? accounting IPv6 accounting information cam linecard IPv6 CAM Entries for Line Card fib linecard IPv6 FIB Entries for Line Card interface IPv6 interface information mbgproutes MBGP routing table MLD information mroute IPv6 multicast-routing table neighbors IPv6 neighbor information ospf...
  • Page 502: Show Ipv6 Routes

    Figure 22-6. Command Example: show ipv6 interface FTOS#show ipv6 interface gi 2/2 GigabitEthernet 2/2 is down, line protocol is down IPV6 is enabled Link Local address: fe80::201:e8ff:fe06:95a3 Global Unicast address(es): 3:4:5:6::8, subnet is 3::/24 Global Anycast address(es): Joined Group address(es): ff02::1 ff02::2 ff02::1:ff00:8...
  • Page 503 show ipv6 route Figure 22-7 illustrates the command output. Figure 22-7. Command Example: show ipv6 route FTOS#show ipv6 route Codes: C - connected, L - local, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1,...
  • Page 504: Show The Running-Configuration For An Interface

    Show the Running-Configuration for an Interface View the configuration for any interface with the following command. Command Syntax Command Mode Purpose show running-config EXEC Show the currently running configuration for the interface type {slot/port} specified interface interface Enter the keyword followed by the type of interface and slot/port information: •...
  • Page 505 Command Syntax Command Mode Purpose IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter. IPv6 Addressing | 505...
  • Page 506 IPv6 Addressing...
  • Page 507: Intermediate System To Intermediate System

    Intermediate System to Intermediate System is supported on platform: Intermediate System to Intermediate System (IS-IS) protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Force10 supports both IPv4 and IPv6 versions of IS-IS, as described in this chapter. •...
  • Page 508: Is-Is Addressing

    routing information directly with external routers located outside of the routing domains. Level 1-2 systems manage both inter-area and intra-area traffic by maintaining two separate link databases; one for Level 1 routes and one for Level 2 routes. A Level 1-2 router does not advertise Level 2 routes to a Level 1 router.
  • Page 509: Multi-Topology Is-Is

    Multi-Topology IS-IS FTOS 7.8.1.0 and later support Multi-Topology Routing IS-IS. E-Series ExaScale platform x supports Multi-Topology IS-IS with FTOS 8.2.1.0 and later. Multi-Topology IS-IS (MT IS-IS) allows you to create multiple IS-IS topologies on a single router with separate databases. This feature is used to place a virtual physical topology into logical routing domains, which can each support different routing and security policies.
  • Page 510: Adjacencies

    Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement Multi-Topology (MT) extensions. If a local router does not participate in certain MTs, it will not advertise those MT IDs in its IIHs and so will not include that neighbor within its LSPs. If an MT ID is not detected in the remote side's IIHs, the local router does not include that neighbor within its LSPs.
  • Page 511: Implementation Information

    By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. FTOS does not support ISO CLNS routing; however, the ISO NET format is supported for addressing. To support IPv6, the Dell Force10 implementation of IS-IS performs the following tasks: •...
  • Page 512: Configuration Information

    Table 23-1 displays the default values for IS-IS. Table 23-1. IS-IS Default Values IS-IS Parameter Default Value Complete Sequence Number PDU (CSNP) interval 10 seconds IS-to-IS hello PDU interval 10 seconds IS-IS interface metric Metric style Narrow Designated Router priority Circuit Type Level 1 and Level 2 IS Type...
  • Page 513: Configuration Task List For Is-Is

    Configuration Task List for IS-IS The following list includes the configuration tasks for IS-IS: • Enable IS-IS on page 513 • Configure Multi-Topology IS-IS (MT IS-IS) on page 516 • Configure IS-IS Graceful Restart on page 517 • Change LSP attributes on page 520 •...
  • Page 514 Step Task Command Syntax Command Mode interface Enter the interface configuration mode. Enter the keyword interface CONFIGURATION interface followed by the type of interface and slot/port information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. •...
  • Page 515 Figure 23-2. Command Example: show isis protocol FTOS#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 GigabitEthernet 4/22 Loopback 0 Redistributing: Distance: 115 Generate narrow metrics: level-1-2 Accept narrow metrics:...
  • Page 516 Configure Multi-Topology IS-IS (MT IS-IS) Step Task Command Syntax Command Mode multi-topology [ Enable Multi-Topology IS-IS for transition ROUTER ISIS AF IPV6 IPv6. transition Enter the keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After every router has been configured with the transition...
  • Page 517 Configure Multi-Topology IS-IS (MT IS-IS) Step Task Command Syntax Command Mode multi-topology [ Enable Multi-Topology IS-IS for ROUTER ISIS AF IPV6 transition IPv6. transition Enter the keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After every router has been configured with the transition...
  • Page 518 Command Syntax Command Mode Purpose graceful-restart restart- wait seconds ROUTER-ISIS Enable the Graceful Restart maximum wait time before a restarting peer comes up. Be sure to set the timer to adjacency on the restarting router when implementing this command. Range: 5-120 seconds Default: 30 seconds graceful-restart t1 {interval seconds | ROUTER-ISIS...
  • Page 519: Show Isis Interface

    show isis graceful-restart detail Use the command in EXEC Privilege mode to view all Graceful Restart related configuration. Figure 23-4. Command Example: show isis graceful-restart detail FTOS#show isis graceful-restart detail Configured Timer Value ====================== Graceful Restart : Enabled Interval/Blackout time : 1 min T3 Timer : Manual...
  • Page 520 Figure 23-5. Command Example: show isis interface show isis interface G1/34 GigabitEthernet 2/10 is up, line protocol is up MTU 1497, Encapsulation SAP Routing Protocol: IS-IS Circuit Type: Level-1-2 Interface Index 0x62cc03a, Local circuit ID 1 Level-1 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.01 Hello Interval: 10, Hello Multiplier: 3, CSNP Interval: 10 Number of active level-1 adjacencies: 1 Level-2 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.01...
  • Page 521 Figure 23-6. Command Example: show running-config isis FTOS#show running-config isis router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00 FTOS# Configure IS-IS metric style and cost All IS-IS links or interfaces are associated with a cost that is used in the SPF calculations. The possible cost varies depending on the metric style supported.
  • Page 522 Figure 23-7. Command Example: show isis protocol FTOS#show isis protocol IS-IS Router: <Null Tag> System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.0001 Interfaces supported by IS-IS: Vlan 2 GigabitEthernet 4/22 Loopback 0 Redistributing: Distance: 115 Generate narrow metrics: level-1-2 IS-IS metrics...
  • Page 523: Configuring The Distance Of A Route

    Table 23-3. Correct Value Range for the isis metric command Metric Style Correct Value Range narrow transition 0 to 63 transition 0 to 63 Configuring the distance of a route distance Configure the distance for a route using the command from ROUTER ISIS mode. Change the IS-type You can configure the system to act as one of the following: •...
  • Page 524 Figure 23-8. Command Example: show isis database FTOS#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL B233.00-00 0x00000003 0x07BF 1088 0/0/0 eljefe.00-00 * 0x00000009 0xF76A 1126 0/0/0 eljefe.01-00 * 0x00000001 0x68DF 1122 0/0/0 eljefe.02-00 * 0x00000001...
  • Page 525 Distribute Routes Another method of controlling routing information is to filter the information through a prefix list. Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or FTOS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS.
  • Page 526: Ipv6 Routes

    Command Syntax Command Mode Purpose distribute-list out [ bgp prefix-list-name ROUTER ISIS Apply a configured prefix list to all outgoing | connected | ospf | rip | IPv4 IS-IS routes. You can configure one of as-number process-id static ] the optional parameters: connected: for directly connected routes.
  • Page 527 Command Syntax Command Mode Purpose distribute-list out [ bgp ROUTER ISIS-AF Apply a configured prefix list to all outgoing prefix-list-name | connected | ospf | rip | as-number process-id IPV6 IPv6 IS-IS routes. You can configure one of static ] the optional parameters: connected: for directly connected routes.
  • Page 528 Command Syntax Command Mode Purpose redistribute ospf level-1 level-1-2 ROUTER ISIS Include specific OSPF routes in IS-IS. process-id level-2 [ metric ] [ match external { 1 | 2 } | Configure the following parameters: value match internal ] [ metric-type { external | •...
  • Page 529 show running-config isis Use the command in EXEC Privilege mode to view IS-IS configuration globally show config (including both IPv4 and IPv6 settings), or the command in ROUTER ISIS mode to view the show config current IPv4 IS-IS configuration, or the command in ROUTER ISIS-ADDRESS FAMILY IPV6 mode to view the current IPv6 IS-IS configuration Configure authentication passwords...
  • Page 530 When the bit is set, a 1 is placed in the OL column in the show isis database command output. In Figure 23-9, the overload bit is set in both the Level-1 and Level-2 database because the IS type for the router is Level-1-2 Figure 23-9.
  • Page 531: Is-Is Metric Styles

    Command Syntax Command Mode Purpose debug isis snp-packets [ EXEC Privilege View IS-IS SNP packets, include CSNPs and interface PSNPs. To view specific information, enter one of the following optional parameters: • Enter the type of interface and slot/port interface: information to view IS-IS information on that interface only.
  • Page 532: Configure Metric Values

    Configure Metric Values The following topics are covered in this section: • Maximum Values in the Routing Table on page 532 • Changing the IS-IS Metric Style in One Level Only on page 532 • Leaking from One Level to Another on page 534 isis metric For any level (Level-1, Level-2, or Level-1-2), the value range possible in the command in...
  • Page 533 Table 23-5. Metric Value when Metric Style Changes Beginning metric style Final metric style Resulting IS-IS metric value wide narrow transition default value (10) if the original value is greater than A message is sent to the console. wide wide transition original value narrow wide...
  • Page 534: Leaking From One Level To Another

    Table 23-6. Metric Value when Metric Style Changes Multiple Times Beginning next isis resulting isis metric style metric style metric value Next metric style final isis metric value wide transition truncated value narrow default value (10) A message is sent to the logging buffer wide transition transition truncated value...
  • Page 535: Sample Configuration

    Sample Configuration The following configurations are examples for enabling IPv6 IS-IS. These are not comprehensive directions. They are intended to give you a some guidance with typical configurations. Note: Only one IS-IS process can run on the router, even if both IPv4 and IPv6 routing is being used.
  • Page 536 Figure 23-10. IS-IS Sample Configuration Router 1 R1(conf)#interface Loopback 0 R1(conf-if-lo-0)#ip address 192.168.1.1/24 R1(conf-if-lo-0)#ipv6 address 2001:db8:9999:1::/48 R1(conf-if-lo-0)#ip router isis 9999 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#router isis 9999 R1(conf-router_isis)#is-type level-1 R1(conf-router_isis)#net FF.F101.0002.0C00.1111.00 R1(conf-router_isis)#ipv6 route 2001:db8:9999:2::/128 2001:db8:1021:2:: R1(conf)#ipv6 route 2001:db8:9999:3::/128 2001:db8:1022:3:: R1(conf)#ip route 192.168.1.2/32 10.0.12.2 R1(conf)#ip route 192.168.1.3/32 10.0.13.3 R1(conf)#interface GigabitEthernet 1/21 R1(conf-if-gi-1/21)#ip address 10.0.12.1/24...
  • Page 537 Figure 23-11. IS-IS Sample Configuration continued Router 2 R2(conf)#interface Loopback 0 R2(conf-if-lo-0)#ip address 192.168.1.1/24 R2(conf-if-lo-0)#ipv6 address 2001:db8:9999:1::/48 R2(conf-if-lo-0)#ip router isis 9999 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#router isis 9999 R2(conf-router_isis)#int gi 2/11 R2(conf-if-gi-2/11)#ip address 10.0.12.2/24 R2(conf-if-gi-2/11)#ipv6 address 2001:db8:9999:2::/48 R2(conf-if-gi-2/11)#ip router isis 9999 R2(conf-if-gi-2/11)#isis network point-to-point R2(conf-if-gi-2/11)#no shutdown R2(conf-if-gi-2/11)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.0.23.2/24...
  • Page 538 Figure 23-12. IS-IS Sample Configuration continued Router 3 R3(conf)#interface Loopback 0 R3(conf-if-lo-0)#ip address 192.168.1.3/24 R3(conf-if-lo-0)#ipv6 address 2001:db8:9999:3::/48 R3(conf-if-lo-0)#ip router isis 9999 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#router isis 9999 R3(conf-router_isis)#net FF.F101.0002.0C00.1133.00 R3(conf-router_isis)#ipv6 route 2001:db8:9999:1::/128 2001:db8:1022:1:: R3(conf)#ipv6 route 2001:db8:9999:2::/128 2001:db8:1023:2:: R3(conf)#ip route 192.168.1.1/32 10.0.13.1 R3(conf)#interface GigabitEthernet 3/14 R3(conf-if-gi-3/14)#ip address 10.0.13.3/24 R3(conf-if-gi-3/14)#ipv6 address 2001:db8:1022:3::/48...
  • Page 539 Figure 23-13. IPv6 IS-IS Sample Topography Loopback 0 Loopback 0 2001:0db8:9999:2:: /48 2001:0db8:9999:2:: /48 (192.168.1.2 /24) (192.168.1.2 /24) GigE 2/11 GigE 2/31 2001:0db8:1021:2:: /48 2001:0db8:1023:2:: /48 (10.0.12.2 /24) (10.0.23.2 /24) GigE 1/21 GigE 3/21 2001:0db8:1021:1:: /48 2001:0db8:1023:3:: /48 (10.0.12.1 /24) (10.0.23.3 /24) Loopback 0 Loopback 0...
  • Page 540 Intermediate System to Intermediate System...
  • Page 541: Link Aggregation Control Protocol

    Link Aggregation Control Protocol c e s Link Aggregation Control Protocol is supported on platforms LACP addressing is supported on the E-Series ExaScale platform with FTOS 8.1.1.0 and later. The major sections in the chapter are: • Introduction to Dynamic LAGs and LACP on page 541 •...
  • Page 542: Important Points To Remember

    LACP functions by constantly exchanging custom MAC PDUs across LAN Ethernet links. The protocol packets are only exchanged between ports that are configured as LACP capable. Important Points to Remember • On ExaScale, LACP is supported on 200 physical ports. Use static LAGs for the remaining ports to avoid unpredictable results.
  • Page 543: Lacp Modes

    LACP modes FTOS provides the following three modes for configuration of LACP: • Off—In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state. •...
  • Page 544: Lacp Configuration Tasks

    LACP Configuration Tasks The tasks covered in this section are: • Create a LAG • Configure the LAG interfaces as dynamic on page 544 • Set the LACP long timeout on page 545 • Monitor and Debugging LACP on page 546 •...
  • Page 545: Set The Lacp Long Timeout

    Figure 24-3. Creating a Dynamic LAG Example FTOS(conf)#interface Gigabitethernet 3/15 FTOS(conf-if-gi-3/15)#no shutdown FTOS(conf-if-gi-3/15)#port-channel-protocol lacp FTOS(conf-if-gi-3/15-lacp)#port-channel 32 mode active FTOS(conf)#interface Gigabitethernet 3/16 FTOS(conf-if-gi-3/16)#no shutdown FTOS(conf-if-gi-3/16)#port-channel-protocol lacp FTOS(conf-if-gi-3/16-lacp)#port-channel 32 mode active FTOS(conf)#interface Gigabitethernet 4/15 FTOS(conf-if-gi-4/15)#no shutdown FTOS(conf-if-gi-4/15)#port-channel-protocol lacp FTOS(conf-if-gi-4/15-lacp)#port-channel 32 mode active FTOS(conf)#interface Gigabitethernet 4/16 FTOS(conf-if-gi-4/16)#no shutdown FTOS(conf-if-gi-4/16)#port-channel-protocol lacp...
  • Page 546: Monitor And Debugging Lacp

    Figure 24-4. Invoking the LACP Long Timeout FTOS(conf)# interface port-channel 32 FTOS(conf-if-po-32)#no shutdown FTOS(conf-if-po-32)#switchport FTOS(conf-if-po-32)#lacp long-timeout FTOS(conf-if-po-32)#end FTOS# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.45a5 Actor Admin Key 1, Oper Key 1, Partner Oper Key 1 LACP LAG 1 is an aggregatable link A - Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout...
  • Page 547: Configure Shared Lag State Tracking

    Figure 24-5. LAGs using ECMP without Shared LAG State Tracking Po 1 failure Po 2 over-subscribed fnC0049mp To avoid packet loss, traffic must be re-directed through the next lowest-cost link (R3 to R4). FTOS has the ability to bring LAG 2 down in the event that LAG 1 fails, so that traffic can be re-directed, as described. This is what is meant by Shared LAG State Tracking.
  • Page 548: Important Points About Shared Lag State Tracking

    Figure 24-8, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down upon the failure. This effect is logged by Message 2, in which a console message declares both LAGs down at the same time. Figure 24-8.
  • Page 549: Configure Lacp As Hitless

    Configure LACP as Hitless is supported only on platforms: LACP on Dell Force10 systems can be configured to be hitless. When configured as hitless, there is no noticeable impact on dynamic LAG state upon an RPM failover. Critical LACP state information is synchronized between the two RPMs.
  • Page 550: Configuring A Lag On Alpha

    Figure 24-11. LACP Sample Topology Port Channel 10 ALPHA BRAVO Gig 2/31 Gig 3/21 Gig 2/32 Gig 3/22 Gig 3/23 Gig 2/33 Configuring a LAG on ALPHA Figure 24-12. Creating a LAG on ALPHA Alpha(conf)#interface port-channel 10 Alpha(conf-if-po-10)#no ip address Alpha(conf-if-po-10)#switchport Alpha(conf-if-po-10)#no shutdown Alpha(conf-if-po-10)#show config...
  • Page 551 Figure 24-13. Inspecting a LAG Port Configuration on ALPHA Alpha#sh int gig 2/31 GigabitEthernet 2/31 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface index is 109101113 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes...
  • Page 552 Figure 24-14. Inspecting Configuration of LAG 10 on ALPHA Indicates the MAC address assigned to the LAG. This does NOT match any of the Alpha#show int port-channel 10 physical interface MAC addresses. Port-channel 10 is up, line protocol is up Created by LACP protocol Hardware address is 00:01:e8:06:96:63, Current address is 00:01:e8:06:96:63 Interface index is 1107755018...
  • Page 553 Figure 24-15. Using the show lacp Command to Verify LAG 10 Status on ALPHA Alpha#sho lacp 10 Port-channel 10 admin up, oper up, mode lacp Shows LAG status Actor System ID: Priority 32768, Address 0001.e806.953e Partner System ID: Priority 32768, Address 0001.e809.c24a Actor Admin Key 10, Oper Key 10, Partner Oper Key 10 LACP LAG 10 is an aggregatable link A - Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout...
  • Page 554: Summary Of The Configuration On Alpha

    Summary of the configuration on ALPHA Figure 24-16. Summary of the configuration on ALPHA Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/31)#shutdown Alpha(conf-if-gi-2/31)#port-channel-protocol lacp Alpha(conf-if-gi-2/31-lacp)#port-channel 10 mode active Alpha(conf-if-gi-2/31-lacp)#no shut Alpha(conf-if-gi-2/31)#show config interface GigabitEthernet 2/31 no ip address port-channel-protocol LACP port-channel 10 mode active no shutdown Alpha(conf-if-gi-2/31)#...
  • Page 555: Summary Of The Configuration On Bravo

    Summary of the configuration on BRAVO Figure 24-17. Summary of the configuration on BRAVO Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config interface Port-channel 10 no ip address switchport no shutdown Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/21)#port-channel-protocol lacp...
  • Page 556 Figure 24-18. Using the show interface Command to Inspect a LAG Port on BRAVO Shows the status of this nterface. Also shows it is part of LAG 10. Bravo#show int gig 3/21 GigabitEthernet 3/21 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:09:c3:82 Current address is 00:01:e8:09:c3:82...
  • Page 557 Figure 24-19. Using the show interfaces port-channel Command to Inspect LAG 10 This does NOT match any of the physical interface MAC addresses. Force10#sh int port 10 Port-channel 10 is up, line protocol is up Created by LACP protocol Hardware address is 00:01:e8:09:c4:ef, Current address is 00:01:e8:09:c4:ef Interface index is 1107755018 Confirms the number of links to bring up Minimum number of links to bring Port-channel up is 1...
  • Page 558 Figure 24-20. Using the show lacp Command to Inspect LAG Status Force10#show lacp 10 Port-channel 10 admin up, oper up, mode lacp Shows LAG status Actor System ID: Priority 32768, Address 0001.e809.c24a Partner System ID: Priority 32768, Address 0001.e806.953e Actor Admin Key 10, Oper Key 10, Partner Oper Key 10 LACP LAG 10 is an aggregatable link A - Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout E - Aggregatable Link, F - Individual Link, G - IN_SYNC, H - OUT_OF_SYNC...
  • Page 559: Layer

    Layer 2 c e s Layer 2 features are supported on platforms The E-Series ExaScale platform is supported with FTOS 8.1.1.0 and later. This chapter describes the following Layer 2 features: • Managing the MAC Address Table on page 559 •...
  • Page 560: Clear The Mac Address Table

    Clear the MAC Address Table You may clear the MAC address table of dynamic entries: Task Command Syntax Command Mode clear mac-address-table dynamic Clear a MAC address table of dynamic entries. EXEC Privilege all | interface | vlan address address •...
  • Page 561: Configure A Static Mac Address

    Configure a Static MAC Address A static entry is one that is not subject to aging. Static entries must be entered manually: Task Command Syntax Command Mode Create a static MAC address entry in the MAC address table. mac-address-table static CONFIGURATION Display the MAC Address Table To display the contents of the MAC address table:...
  • Page 562: Mac Learning Limit

    MAC Learning Limit This section has the following sub-sections: • mac learning-limit dynamic on page 563 • mac learning-limit station-move on page 563 • mac learning-limit no-station-move on page 564 • mac learning-limit sticky on page 564 • Displaying MAC Learning-Limited Interfaces on page 566 •...
  • Page 563: Mac Learning-Limit Dynamic

    mac learning-limit dynamic After you enable a MAC learning limit, MAC addresses learned on the port and entered in the MAC dynamic address table are static by default. If you configure the MAC learning option, learned MAC addresses are stored in the dynamic region of the table and are subject to aging. Entries created before this option is set are not affected.
  • Page 564: Mac Learning-Limit No-Station-Move

    mac learning-limit no-station-move Note: Sticky MAC is not supported on the S25 or S50 in FTOS release 8.4.2.6. no-station-move option, also known as “sticky MAC,” provides additional port security by preventing a station move. When this option is configured, the first entry in the table is maintained instead no-station-move of creating a new entry on the new interface.
  • Page 565 FTOS Behavior: The following conditions apply when you enable the sticky-MAC address option for MAC learning on an interface: • When you enable the sticky MAC learning option, all dynamically-learned MAC addresses that you save to the start-up configuration are converted to statically-configured MAC addresses when you reboot the switch.
  • Page 566: Displaying Mac Learning-Limited Interfaces

    Displaying MAC Learning-Limited Interfaces To display a list of all interfaces with a MAC learning limit: Task Command Syntax Command Mode show mac learning-limit Display a list of all interfaces with a MAC learning EXEC Privilege limit. Learning Limit Violation Actions Learning Limit Violation Actions are supported only on platform: You can configure the system to take an action when the MAC learning limit is reached on an interface and mac learning-limit...
  • Page 567: Recovering From Learning Limit And Station Move Violations

    To display a list of interfaces configured with MAC learning limit or station move violation actions: Task Command Syntax Command Mode Display a list of all of the interfaces show mac learning-limit violate-action CONFIGURATION configured with MAC learning limit or station move violation.
  • Page 568 Figure 25-1. Per-VLAN MAC Learning Limit Internet Exchange Point interface GigabitEthernet 1/1 mac learning-limit 1 vlan 10 mac learning-limit 1 vlan 20 ISP A, B, and C are all public peers through VLAN 10. In addition, ISP A and C are private peers on a separate VLAN, VLAN 20.
  • Page 569: Nic Teaming

    Dell Force10 switch at the time that NIC teaming is being configured on the server. Note: If this command is not configured, traffic continues to be forwarded to the failed NIC until the ARP entry on the switch times out.
  • Page 570: Mac Move Optimization

    When an ARP request is sent to a server cluster, either the active server or all of the servers send a reply, depending on the cluster configuration. If the active server sends a reply, the Dell Force10 switch learns the active server’s MAC address.
  • Page 571: Configuring The Switch For Microsoft Server Clustering

    Configuring the Switch for Microsoft Server Clustering To preserve failover and balancing, the Dell Force10 switch must learn the cluster’s virtual MAC address, and it must forward traffic destined for the server cluster out all member ports in the VLAN connected to vlan-flooding the cluster.
  • Page 572: Enable And Disable Vlan Flooding

    Figure 25-6. Server Cluster: Failover and Balancing Preserved with the vlan-flooding Command Source MAC: MAC S1 Source IP: IP S1 Destination MAC: MAC Client Source MAC: MAC Cluster Type: 0x0806 IP S1 Server1: Ethernet Frame Header ARP Reply MAC S1 Client VLAN 1 IP S2...
  • Page 573: Configuring Redundant Pairs

    Configuring Redundant Pairs Configuring Redundant Pairs is supported: c e s • On physical interfaces on platforms c e s • On static and dynamic port-channel interfaces on platforms The Redundant Pairs feature allows you to provide redundancy for Layer 2 links without using Spanning Tree (STP).
  • Page 574: Important Points About Configuring Redundant Pairs

    To ensure that existing network applications see no difference when a primary interface in a redundant pair transitions to the backup interface, be sure to apply identical configurations of other traffic parameters to each interface. If you remove an interface in a redundant link (remove the line card of a physical interface or delete a port no interface port-channel channel with the command), the redundant pair configuration is also removed.
  • Page 575 Figure 25-8, interface 3/41 is a backup interface for 3/42, and 3/42 is DOWN as shown in message Message 1. If 3/41 fails, 3/42 transitions to the UP state, which makes the backup link active. A message similar to Message 1 appears whenever you configure a backup port.
  • Page 576: Restricting Layer 2 Flooding

    Restricting Layer 2 Flooding Restricting Layer 2 Flooding is supported only on platform: When Layer 2 multicast traffic must be forwarded on a VLAN that has multiple ports with different speeds on the same port-pipe, forwarding is limited to the speed of the slowest port. Restricted Layer 2 Flooding prevents slower ports from lowering the throughput of multicast traffic on faster ports by restricting flooding to ports with a speed equal to or above a link speed you specify.
  • Page 577: Far-End Failure Detection

    Far-end Failure Detection Far-end Failure Detection is supported only on platform: Far-end Failure Detection (FEFD) is a protocol that senses remote data link errors in a network. It responds by sending a unidirectional report that triggers an echoed response after a specified time interval. Figure 25-10.
  • Page 578: Configuring Fefd

    5. If the FEFD system has been set to Aggressive mode and neighboring echoes are not received after three intervals, the state changes to Err-disabled. All interfaces in the Err-disabled state must be [interface] fefd reset manually reset using the command in EXEC privilege mode (it can be done globally or one interface at a time) before the FEFD enabled system can become operational again.
  • Page 579 Step Task Command Syntax Command Mode no shutdown Activate the necessary ports INTERFACE administratively fefd interval Enable fefd globally CONFIGURATION mode show fefd Entering the command in EXEC privilege mode displays information about the state of each interface. Figure 25-11. Show FEFD global outputs FTOS#show fefd FEFD is globally 'ON', interval is 3 seconds, mode is 'Normal'.
  • Page 580: Debugging Fefd

    Figure 25-12. FEFD enabled interface configuration FTOS(conf-if-gi-1/0)#show config interface GigabitEthernet 1/0 no ip address switchport fefd mode normal no shutdown FTOS(conf-if-gi-1/0)#do show fefd | grep 1/0 Gi 1/0 Normal Unknown Debugging FEFD debug fefd events By entering the command in EXEC privilege mode, output is displayed whenever events occur that initiate or disrupt an FEFD enabled connection.
  • Page 581 During an RPM Failover In the event that an RPM failover occurs, FEFD will become operationally down on all enabled ports for approximately 8-10 seconds before automatically becoming operational again. Figure 25-15. FEFD state change during an RPM failover 02-05-2009 12:40:38 Local7.Debug 10.16.151.12...
  • Page 582 Layer 2...
  • Page 583: Link Layer Discovery Protocol

    Link Layer Discovery Protocol c e s Link Layer Discovery Protocol is supported only on platforms: LLDP is supported on the E-Series ExaScale platform with FTOS 8.1.1.0 and later. This chapter contains the following sections: • 802.1AB (LLDP) Overview on page 583 •...
  • Page 584 Figure 26-1. Type, Length, Value (TLV) Segment TLV Header TLV Type TLV Length Value (1-127) 7 bits 9 bits 0-511 octets Chassis ID Sub-type Chassis ID fnC0057mp 1- 255 octets 1 octet TLVs are encapsulated in a frame called an LLDP Data Unit (LLDPDU) (Figure 26-2), which is transmitted from one LLDP-enabled device to its LLDP-enabled neighbors.
  • Page 585: Optional Tlvs

    Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups (Table 26-2) as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Force10 system to advertise any or all of these TLVs. Table 26-2. Optional TLV Types...
  • Page 586: Tia-1057 (Lldp-Med) Overview

    On Dell Force10 systems, indicates the untagged VLAN to which a port belongs Port and Protocol VLAN ID On Dell Force10 systems, indicates the tagged VLAN to which a port belongs (and the untagged VLAN to which a port belongs if the port is in hybrid mode) VLAN Name Indicates the user-defined alphanumeric string that identifies the VLAN.
  • Page 587: Tia Organizationally Specific Tlvs

    LLDP-MED is designed for, but not limited to, VoIP endpoints. TIA Organizationally Specific TLVs The Dell Force10 system is an LLDP-MED Network Connectivity Device (Device Type 4). Network connectivity devices are responsible for: • transmitting an LLDP-MED capabilities TLV to endpoint devices •...
  • Page 588 26-4). • The possible values of the LLDP-MED Device Type is listed in Table 26-5. The Dell Force10 system is a Network Connectivity device, which is Type 4. advertise med When you enable LLDP-MED in FTOS (using the command ) the system begins transmitting this TLV.
  • Page 589 Table 26-5. LLDP-MED Device Types Value Device Type Endpoint Class 3 Network Connectivity 5-255 Reserved LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations, specifically: •...
  • Page 590: Extended Power Via Mdi Tlv

    802.3af powered, LLDP-MED endpoint device. • Power Type—there are two possible power types: Power Sourcing Entity (PSE) or Power Device (PD). The Dell Force10 system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification. •...
  • Page 591: Configuring Lldp

    Dell Force10 systems support up to 8 neighbors per interface. • Dell Force10 systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by 8 exceeds the maximum, the system will not configure more than 8000.
  • Page 592: Enabling Lldp

    Figure 26-7. Configuration and Interface mode LLDP Commands R1(conf)#protocol lldp R1(conf-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol globally Exit from configuration mode exit Exit from LLDP configuration mode hello LLDP hello configuration mode LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuration Negate a command or set its defaults...
  • Page 593 • If you configure an interface, only the interface will send LLDPDUs with the specified TLVs. If LLDP is configured both globally and at interface level, the interface level configuration overrides the global configuration. To advertise TLVs: Command Step Task Command Mode protocol lldp...
  • Page 594: Viewing The Lldp Configuration

    Viewing the LLDP Configuration show config Display the LLDP configuration using the command in either CONFIGURATION or INTERFACE mode, as shown in Figure 26-9 Figure 26-10, respectively Figure 26-9. Viewing LLDP Global Configurations R1(conf)#protocol lldp R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description hello 10...
  • Page 595: Configuring Lldpdu Intervals

    Figure 26-12. Viewing All Information Advertised by Adjacent LLDP Agent R1#show lldp neighbors detail ======================================================================== Local Interface Gi 1/21 has 1 neighbor Total Frames Out: 6547 Total Frames In: 4136 Total Neighbor information Age outs: 0 Total Frames Discarded: 0 Total In Error Frames: 0 Total Unrecognized TLVs: 0 Total TLVs Discarded: 0...
  • Page 596: Configuring Transmit And Receive Mode

    R1(conf-lldp)# Configuring Transmit and Receive Mode Once LLDP is enabled, Dell Force10 systems transmit and receive LLDPDUs by default. You can configure the system—at CONFIGURATION level or INTERFACE level—to transmit only by executing mode tx mode rx...
  • Page 597: Configuring A Time To Live

    Figure 26-14. Configuring LLDPDU Transmit and Receive Mode R1(conf)#protocol lldp R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? Rx only Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx...
  • Page 598: Debugging Lldp

    Figure 26-15. Configuring LLDPDU Time to Live R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#multiplier ? <2-10> Multiplier (default=4) R1(conf-lldp)#multiplier 5 R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description multiplier 5 no disable...
  • Page 599: Relevant Management Objects

    Figure 26-16. debug lldp detail—LLDPDU Packet Dissection Force10# debug lldp interface gigabitethernet 1/2 packet detail tx Force10#1w1d19h : Transmit timer blew off for local interface Gi 1/2 1w1d19h : Forming LLDP pkt to send out of interface Gi 1/2 1w1d19h : TLV: Chassis ID, Len: 7, Subtype: Mac address (4), Value: 00:01:e8:0d:b6:d6 1w1d19h : TLV: Port ID, Len: 20, Subtype: Interface name (5), Value: GigabitEthernet 1/2...
  • Page 600 Table 26-7. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether the local LLDP agent is enabled for transmit, receive, or both msgTxHold lldpMessageTxHoldMultiplier Multiplier value msgTxInterval lldpMessageTxInterval Transmit Interval value rxInfoTTL lldpRxInfoTTL Time to Live for received TLVs...
  • Page 601 Table 26-8. LLDP System MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object Chassis ID chassis ID subtype Local lldpLocChassisIdSubtype Remote lldpRemChassisIdSubtype chassid ID Local lldpLocChassisId Remote lldpRemChassisId Port ID port subtype Local lldpLocPortIdSubtype Remote lldpRemPortIdSubtype port ID Local lldpLocPortId Remote...
  • Page 602 Table 26-9. LLDP 802.1 Organizationally Specific TLV MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object Port-VLAN ID PVID Local lldpXdot1LocPortVlanId Remote lldpXdot1RemPortVlanId Port and Protocol port and protocol VLAN supported Local lldpXdot1LocProtoVlanSupported VLAN ID Remote lldpXdot1RemProtoVlanSupported port and protocol VLAN enabled Local lldpXdot1LocProtoVlanEnabled...
  • Page 603 Table 26-10. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object LLDP-MED LLDP-MED Capabilities Local lldpXMedPortCapSupported Capabilities lldpXMedPortConfigTLVsTx Enable Remote lldpXMedRemCapSupported, lldpXMedRemConfigTLVsTx Enable LLDP-MED Class Type Local lldpXMedLocDeviceClass Remote lldpXMedRemDeviceClass Network Policy Application Type Local lldpXMedLocMediaPolicyApp Type Remote...
  • Page 604 Table 26-10. LLDP-MED System MIB Objects (continued) TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Extended Power via Power Device Type Local lldpXMedLocXPoEDeviceTyp Remote lldpXMedRemXPoEDeviceTy Power Source Local lldpXMedLocXPoEPSEPower Source, lldpXMedLocXPoEPDPowerS ource Remote lldpXMedRemXPoEPSEPowe rSource, lldpXMedRemXPoEPDPower Source Power Priority Local lldpXMedLocXPoEPDPowerP riority,...
  • Page 605: Multicast Listener Discovery

    Multicast Listener Discovery Multicast Listener Discovery is supported only on platform: MLD Snooping is supported only on platform: Multicast Listener Discovery (MLD) is a Layer 3 protocol that IPv6 routers use to learn of the multicast receivers that are directly connected to them and the groups in which the receivers are interested. Multicast routing protocols (like PIM) use the information learned from MLD to route multicast traffic to all interested receivers.
  • Page 606: Mld Querier Router

    • Maximum Response Delay—the maximum amount of time that the Querier waits to receive a response to a General or Multicast-Address-Specific Query. The value is zero in reports and Done messages. • Multicast Address — set to zero in General Queries, and set to the relevant multicast address in multicast-address-specific queries and done messages.
  • Page 607: Leaving A Multicast Group

    Leaving a Multicast Group A receiver that is no longer interested in traffic for a particular group should leave the group by sending a Done message to the link-scope all-routers multicast address, FF02::02. When a Querier receives a Done message, it sends a Multicast-Address-Specific Query addressed to the relevant multicast group.
  • Page 608: Enabling Mld

    Figure 27-3. MLDv2 Multicast Listener Report Padding Start Frame Source MAC IPv6 Packet Preamble Destination MAC Ethernet Type Delimiter Header Extension Options Version Traffic Class Flow Label Hop Limit Next Header Payload Length Next Header ICMPv6 Packet Length (Router Alert) (58) Type Code...
  • Page 609: Change Mld Timer Values

    • Debug MLD on page 611 • MLD Snooping on page 611 Change MLD Timer Values All non-queriers have a timer that is refreshed when it hears a General Query. If the timer expires, then the router can assume that the Querier is not present, and so it assumes the role of Querier. The Other Querier Present Interval, or Querier Timeout Interval, is the amount of time that passes before a non-querier router assumes that there is no longer a Querier on the link.
  • Page 610: Last Member Query Interval

    Last Member Query Interval The Querier sends a Multicast-Address-Specific Query upon receiving a Done message to ascertain whether there are any remain receivers for a group. The Last Listener Query Interval is the Maximum Response Delay for a Multicast-Address-Specific Query, and also the amount of time between Multicast-Address-Specific Query retransmissions.
  • Page 611: Display The Mld Group Table

    Display the MLD Group Table Task Command Syntax Command Mode show ipv6 mld groups interface Display MLD groups. Group information EXEC Privilege can be filtered, see the FTOS Command Line Reference for the options available with this command. Clear MLD Groups Clear a specific group or all groups on an interface from the multicast routing table using the command clear ipv6 mld groups from EXEC Privilege mode.
  • Page 612: Enable Mld Snooping

    Enable MLD Snooping MLD is automatically enabled when you enable IPv6 PIM, but MLD Snooping must be explicitly enabled. Task Command Syntax Command Mode ipv6 mld snooping enable Enable MLD Snooping CONFIGURATION Disable MLD Snooping on a VLAN When MLD is enabled globally, it is by default enabled on all VLANs. Disable snooping on a VLAN, no ipv6 mld snooping using the command from INTERFACE VLAN mode.
  • Page 613: Enable Snooping Explicit Tracking

    show ipv6 mld snooping mrouter View the ports that are connected to multicast routers using the command from EXEC Privilege mode. Enable Snooping Explicit Tracking The switch can be a querier, and therefore also has the option of updating the group table through explicit-tracking (see Explicit Tracking on page 610).
  • Page 614 Figure 27-4. Port Inheritance on Mixed-mode VLANs Snooping Table IGMP MLDv2 (*,G) (*,G) VLAN 10 1, 3 (S,G) 1*, 3 exclude (*,G) include (S,G) Figure 27-4, the host on Port 1 sends an exclude—that is, exclude nothing—report to join group G and receive traffic from all transmitting sources for the group.
  • Page 615: Multicast Source Discovery Protocol

    Multicast Source Discovery Protocol Multicast Source Discovery Protocol is supported only on platform MSDP addressing is supported on the E-Series ExaScale platform with FTOS 8.1.1.0 and later. Protocol Overview Multicast Source Discovery Protocol (MSDP) is a Layer 3 protocol that connects IPv4 PIM-SM domains. A domain in the context of MSDP is contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as BGP.
  • Page 616: Implementation Information

    Figure 28-1. Multicast Source Discovery Protocol AS X PC 2 PC 3 Area 0 Source Receiver AS Y Area 0 4/31 2/11 3/21 3/41 1/21 PC 1 Receiver RPs advertise each (S,G) in its domain in Type, Length, Value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count”...
  • Page 617: Configuring Multicast Source Discovery Protocol

    Configuring Multicast Source Discovery Protocol Configuring MSDP is a three-step process: 1. Enable an exterior gateway protocol (EGP) with at least two routing domains. Figure 28-5 MSDP Sample Configurations on page 638 show the OSPF-BGP configuration used in this chapter for MSDP. Otherwise, see Chapter 32, Open Shortest Path First (OSPFv2 and OSPFv3), on page 691 Chapter 10, Border Gateway Protocol IPv4 (BGPv4), on page...
  • Page 618 Figure 28-3. Configuring Interfaces for MSDP Multicast Source Discovery Protocol...
  • Page 619 Figure 28-4. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol | 619...
  • Page 620 Figure 28-5. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol...
  • Page 621 Figure 28-6. Configuring MSDP Multicast Source Discovery Protocol | 621...
  • Page 622: Enable Msdp

    Enable MSDP Enable MSDP by peering RPs in different administrative domains. Step Task Command Syntax Command Mode ip multicast-msdp Enable MSDP. CONFIGURATION ip msdp peer connect-source PeerPIM systems in different CONFIGURATION administrative domains. Figure 28-7. Configuring an MSDP Peer R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr...
  • Page 623: View The Source-Active Cache

    • RPs can transmit SA messages periodically to prevent SA storms, and • only sources that are in the cache are advertised in the SA to prevent transmitting multiple copies of the same source information. View the Source-active Cache Task Command Syntax Command Mode show ip msdp sa-cache...
  • Page 624: Accept Source-Active Messages That Fail The Rfp Check

    • the peer RP is unreachable, • or because of an SA message format error. Task Command Syntax Command Mode ip msdp cache-rejected-sa Cache rejected sources. CONFIGURATION Accept Source-active Messages that fail the RFP Check A default peer is a peer from which active sources are accepted even though they fail the RFP check. •...
  • Page 625 Figure 28-10. MSDP Default Peer Scenario 1 Scenario 2 (S4, G4) (S4, G4) (S5, G5) (S5, G5) (S2, G2) (S2, G2) (S3, G3) (S3, G3) Interface A Interface B Interface B Interface A Group Source Peer Group Source Peer RP2 R2 R3 RPF-Fail RP3 R3 RP3 R3...
  • Page 626: Limit The Source-Active Messages From A Peer

    Task Command Syntax Command Mode ip msdp default-peer ip-address list Specify the forwarding-peer and originating-RP from CONFIGURATION which all active sources are accepted without regard for the the RPF check. If you do not specify an access list, the peer accepts all sources advertised by that peer. All sources from RPs denied by the ACL are subjected to the normal RPF check.
  • Page 627: Prevent Msdp From Caching A Local Source

    Prevent MSDP from Caching a Local Source You can prevent MSDP from caching an active source based on source and/or group. Since the source is not cached, it is not advertised to remote RPs. Task Command Syntax Command Mode ip msdp cache-rejected-sa OPTIONAL: Cache sources that are denied by the CONFIGURATION redistribute list in the rejected SA cache.
  • Page 628: Prevent Msdp From Caching A Remote Source

    Prevent MSDP from Caching a Remote Source Task Command Syntax Command Mode ip msdp cache-rejected-sa OPTIONAL: Cache sources that are denied by the CONFIGURATION SA filter in the rejected SA cache. ip msdp sa-filter list out peer list ext-acl Prevent the system from caching remote sources CONFIGURATION learned from a specific peer based on source and group.
  • Page 629: Prevent Msdp From Advertising A Local Source

    Prevent MSDP from Advertising a Local Source Task Command Syntax Command Mode ip msdp sa-filter list in peer list ext-acl Prevent an RP from advertising a source in the SA CONFIGURATION cache. Figure 28-14, R1 stops advertising source 10.11.4.2. Since it is already in the SA cache of R3, the entry remains there until it expires.
  • Page 630: Log Changes In Peership States

    Log Changes in Peership States Task Command Syntax Command Mode ip msdp log-adjacency-changes Log peership state changes. CONFIGURATION Terminate a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with the higher IP address listens on port 639. Task Command Syntax Command Mode...
  • Page 631: Clear Peer Statistics

    Clear Peer Statistics Task Command Syntax Command Mode clear ip msdp peer peer-address Reset the TCP connection to the peer and clear all peer CONFIGURATION statistics. Figure 28-16. Clearing Peer Statistics R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.3(639) Connect Source: Lo 0 State: Established...
  • Page 632: Debug Msdp

    Debug MSDP Task Command Syntax Command Mode Display the information exchanged between peers. debug ip msdp CONFIGURATION Figure 28-17. Debugging MSDP R1_E600(conf)#do debug ip msdp All MSDP debugging has been turned on R1_E600(conf)#03:16:08 : MSDP-0: Peer 192.168.0.3, sent Keepalive msg 03:16:09 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:16:27 : MSDP-0: Peer 192.168.0.3,...
  • Page 633: Interface Loopback

    Figure 28-18. MSDP with Anycast RP (10.11.4.2, 239.0.0.1), uptime 00:00:52, expires 00:03:20, flags: Incoming interface: GigabitEthernet 2/1, RPF neighbor 0.0.0.0 Outgoing interface list: GigabitEthernet 2/11 Forward/Sparse 00:00:50/00:02:40 GigabitEthernet 2/31 Forward/Sparse 00:00:50/00:02:40 AS X PC 2 PC 3 Area 0 Source Receiver AS Y Area 0...
  • Page 634: Reducing Source-Active Message Flooding

    Reducing Source-active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, the RPs forward received active source information back to the originating RP, which violates the RFP rule. You can prevent this unnecessary flooding by creating a mesh-group. A mesh in this context is a topology in which each RP in a set of RPs has a peership with all other RPs in the set.
  • Page 635 Figure 28-19. R1 Configuration for MSDP with Anycast RP ip multicast-routing interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32...
  • Page 636 Figure 28-20. R2 Configuration for MSDP with Anycast RP ip multicast-routing interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown interface Loopback 0 ip pim sparse-mode...
  • Page 637 Figure 28-21. R3 Configuration for MSDP with Anycast RP ip multicast-routing interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown router ospf 1 network 10.11.6.0/24 area 0...
  • Page 638: Msdp Sample Configurations

    MSDP Sample Configurations The following figures show the running-configurations for the routers shown in figures Figure 28-5, Figure 28-4, Figure 28-5, Figure 28-6. Figure 28-22. MSDP Sample Configuration: R1 Running-config ip multicast-routing interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown interface GigabitEthernet 1/2 ip address 10.11.2.1/24...
  • Page 639 Figure 28-23. MSDP Sample Configuration: R2 Running-config ip multicast-routing interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown interface Loopback 0 ip address 192.168.0.2/32...
  • Page 640 Figure 28-24. MSDP Sample Configuration: R3 Running-config ip multicast-routing interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown interface ManagementEthernet 0/0 ip address 10.11.80.3/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown...
  • Page 641 Figure 28-25. MSDP Sample Configuration: R4 Running-config ip multicast-routing interface GigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown interface GigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown interface GigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown interface Loopback 0 ip address 192.168.0.4/32 no shutdown router ospf 1...
  • Page 642 Multicast Source Discovery Protocol...
  • Page 643: Multiple Spanning Tree Protocol

    Multiple Spanning Tree Protocol c e s Multiple Spanning Tree Protocol is supported on platforms: MSTP addressing is supported on the E-Series ExaScale platform with FTOS 8.1.1.0 and later. Protocol Overview Multiple Spanning Tree Protocol (MSTP)—specified in IEEE 802.1Q-2003—is an RSTP-based spanning tree variation that improves on PVST+.
  • Page 644: Configure Multiple Spanning Tree Protocol

    FTOS supports three other variations of Spanning Tree, as shown in Table Table 29-1. FTOS Supported Spanning Tree Protocols Dell Force10 Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.1w Multiple Spanning Tree Protocol 802.1s Per-VLAN Spanning Tree Plus...
  • Page 645: Enable Multiple Spanning Tree Globally

    Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP: Step Task Command Syntax Command Mode protocol spanning-tree mstp Enter PROTOCOL MSTP mode. CONFIGURATION no disable Enable MSTP. PROTOCOL MSTP show config Verify that MSTP is enabled using the command from PROTOCOL MSTP mode, as shown in Figure 29-2.
  • Page 646 Figure 29-3. Mapping VLANs to MSTI Instances FTOS(conf)#protocol spanning-tree mstp FTOS(conf-mstp)#msti 1 vlan 100 FTOS(conf-mstp)#msti 2 vlan 200-300 FTOS(conf-mstp)#show config protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP region must have the same VLAN-to-instance mapping. View to which instance a show spanning-tree mst vlan VLAN is mapped using the command from EXEC Privilege mode, as shown...
  • Page 647: Influence Mstp Root Selection

    For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for name and revision will match on all Dell Force10 FTOS equipment. If you have non-FTOS equipment that will participate in MSTP, ensure these values to match on all the equipment.
  • Page 648: Modify Global Parameters

    Max-hops is the maximum number of hops a BPDU can travel before a receiving switch discards it. Note: Dell Force10 recommends that only experienced network administrators change MSTP parameters. Poorly planned modification of MSTP parameters can negatively impact network performance.
  • Page 649 Command Mode hello-time seconds Change the hello-time parameter. PROTOCOL MSTP Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds max-age seconds Change the max-age parameter.
  • Page 650: Modify Interface Parameters

    Modify Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port: • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port will be selected to be a forwarding port.
  • Page 651: Configure An Edgeport

    Configure an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should bpduguard behave otherwise; it does not go through the Learning and Listening states. The shutdown-on-violation option causes the interface hardware to be shutdown when it receives a BPDU.
  • Page 652: Configure A Root Guard

    Configure a Root Guard Use the Root Guard feature in a Layer 2 MSTP network to avoid bridging loops. You enable root guard on a per-port or per-port-channel basis. FTOS Behavior: The following conditions apply to a port enabled with root guard: •...
  • Page 653: Configure A Loop Guard

    Configure a Loop Guard The Loop Guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault. When a cable or interface fails, a participating STP link may become unidirectional (STP requires links to be bidirectional) and an STP port does not receive BPDUs.
  • Page 654: Flush Mac Addresses After A Topology Change

    Flush MAC Addresses after a Topology Change FTOS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes. However, tc-flush-standard you may activate the flushing mechanism defined by 802.1Q-2003 using the command which flushes MAC addresses upon every topology change notification.
  • Page 655: Mstp Sample Configurations

    MSTP Sample Configurations The running-configurations in Figure 29-11, Figure 29-12, and Figure 29-12 support the topology shown Figure 29-10. The configurations are from FTOS systems. An S50 system using SFTOS, configured as shown Figure 29-14, could be substituted for an FTOS router in this sample following topology and MSTP would function as designed.
  • Page 656 Figure 29-11. Router 1 Running-configuration protocol spanning-tree mstp no disable Enable MSTP globally name Tahiti Set Region Name and Revision revision 123 Map MSTP Instances to VLANs MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 interface GigabitEthernet 1/21 no ip address switchport Assign Layer-2 interfaces no shutdown...
  • Page 657 Figure 29-12. Router 2 Running-configuration protocol spanning-tree mstp no disable Enable MSTP globally name Tahiti Set Region Name and Revision revision 123 Map MSTP Instances to VLANs MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 interface GigabitEthernet 2/11 no ip address switchport no shutdown Assign Layer-2 interfaces...
  • Page 658 Figure 29-13. Router 3 Running-configuration protocol spanning-tree mstp no disable Enable MSTP globally name Tahiti Set Region Name and Revision revision 123 Map MSTP Instances to VLANs MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 interface GigabitEthernet 3/11 no ip address switchport no shutdown Assign Layer-2 interfaces...
  • Page 659 Figure 29-14. SFTOS Example Running-Configuration spanning-tree spanning-tree configuration name Tahiti spanning-tree configuration revision 123 spanning-tree MSTi instance 1 Enable MSTP globally spanning-tree MSTi vlan 1 100 Set Region Name and Revision spanning-tree MSTi instance 2 Map MSTP Instances to VLANs spanning-tree MSTi vlan 2 200 spanning-tree MSTi vlan 2 300 interface...
  • Page 660: Debugging And Verifying Mstp Configuration

    Debugging and Verifying MSTP Configuration debug spanning-tree mstp bpdu Display BPDUs using the command from EXEC Privilege mode. Display debug spanning-tree mstp events MSTP-triggered topology change messages Figure 29-15. Displaying BPDUs and Events FTOS#debug spanning-tree mstp bpdu 1w1d17h : MSTP: Sending BPDU on Gi 1/31 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x68 CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 20000 Regional Bridge Id: 32768:0001.e809.c24a, CIST Port Id: 128:384...
  • Page 661 Figure 29-16. Sample Output for command show running-configuration spanning-tree mstp FTOS#show run spanning-tree mstp protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 Figure 29-17. Displaying BPDUs and Events - Debug Log of Successful MSTP Configuration FTOS#debug spanning-tree mstp bpdu MSTP debug bpdu is ON FTOS#...
  • Page 662 Multiple Spanning Tree Protocol...
  • Page 663: Multicast Features

    Multicast Features c e s Multicast Features are supported on platforms: Multicast is supported on the E-Series ExaScale platform with FTOS 8.1.1.0 and later. This chapter contains the following sections: • Enable IP Multicast on page 663 • Multicast with ECMP on page 664 •...
  • Page 664: Multicast With Ecmp

    CONFIGURATION Multicast with ECMP Dell Force10 multicast uses Equal-cost Multi-path (ECMP) routing to load-balance multiple streams across equal cost links. When creating the shared-tree Protocol Independent Multicast (PIM) uses routes from all configured routing protocols to select the best route to the rendezvous point (RP). If there are multiple, equal-cost paths, the PIM selects the route with the least number of currently running multicast streams.
  • Page 665: Multicast Policies

    Implementation Information • Because protocol control traffic in FTOS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, FTOS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic. As the upper five bits of an IP Multicast address are dropped in the translation, 32 different multicast group IDs all map to the same Ethernet address.
  • Page 666 Limit the Number of Multicast Routes Task Command Syntax Command Mode Limit the total number of multicast routes on the system. ip multicast-limit CONFIGURATION Range: 1-50000 Default: 15000 When the limit is reached, FTOS does not process any IGMP or MLD joins to PIM—though it still processes leave messages—until the number of entries decreases below 95% of the limit.
  • Page 667 Prevent a Host from Joining a Group You can prevent a host from joining a particular group by blocking specific IGMP reports. Create an ip igmp access-group extended access list containing the permissible source-group pairs. Use the command from INTERFACE mode to apply the access li access-list-name Note: For rules in IGMP access lists, is the multicast source, not the source of the IGMP packet.
  • Page 668 Figure 30-2. Preventing a Host from Joining a Group Multicast Features...
  • Page 669 Rate Limit IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which ip igmp group-join-limit new groups can be joined using the command from INTERFACE mode. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied.
  • Page 670 Figure 30-3. Preventing a Source from Transmitting to a Group Prevent a PIM Router from Processing a Join Permit or deny PIM Join/Prune messages on an