Dell Force10 E300 Configuration Manual Download Page 123 | Manualshive

Page: 123 / 1262

background image

802.1X |

123

Multi-Host Authentication

Multi-Host Authentication

is available on platforms:

c e

t

s

802.1x assumes that a single end-user is connected to a single authenticator port, as shown in

Figure 7-15

;

this one-to-one mode of authentication is called Single-host mode. If multiple end-users are connected to
the same port, a many-to-one configuration, only the first end-user to respond to the identity request is
authenticated. Subsequent responses are ignored, and a system log is generated to indicate reception of
unexpected 802.1x frames. When a port is authorized, the authenticated supplicant MAC address is
associated with the port, and traffic from any other source MACs is dropped.

Figure 7-15. Single-host Authentication Mode

When multiple end-users are connected to a single authenticator port, Single-host mode authentication
does not authenticate all end-users, and all but one are denied access to the network. For these cases
(

Figure 7-16

), FTOS offers Multi-host mode authentication.

Figure 7-16. Multi-host Authentication Mode

When Multi-host mode authentication is configured, the first client to respond to an identity request is
authenticated, and subsequent responses are still ignored, but since the authenticator expects the possibility
of multiple responses, no system log is generated. After the first supplicant is authenticated, all end-users
attached to the authorized port are allowed to access the network.

If the authorized port becomes unauthorized due to re-authentication failure or the supplicant sends an
EAPOL logoff frame, all attached end-users are denied access to the network.

End-user Device

Force10 switch

RADIUS Server

EAP over LAN (EAPOL)

EAP over RADIUS

End-user Devices

Force10 switch

RADIUS Server

EAP over LAN (EAPOL)

EAP over RADIUS

«
...
121
122
123
124
125
...
»

Summary of Contents for Force10 E300

Page 1: ...FTOS Configuration Guide FTOS 8 4 2 7 E Series TeraScale C Series S Series S50 S25 ...

Page 2: ... Corporation in the U S and other countries AMD R is a registered trademark and AMD Opteron TM AMD Phenom TM and AMD Sempron TM are trademarks of Advanced Micro Devices Inc Microsoft R Windows R Windows Server R Internet Explorer R MS DOS R Windows Vista R and Active Directory R are either trademarks or registered trademarks of Microsoft Corporation in the United States and or other countries Red ...

Page 3: ... C Series and E Series Remotely 47 Access the S Series Remotely 49 Configure the Enable Password 50 Configuration File Management 50 Copy Files to and from the System 51 Save the Running configuration 52 View Files 53 File System Management 55 View command history 56 Upgrading and Downgrading FTOS 56 4 System Management 57 Configure Privilege Levels 57 Create a Custom Privilege Level 57 Apply a Pr...

Page 4: ...tus 73 Recovering from a Forgotten Password 74 Recovering from a Forgotten Enable Password 75 Recovering from a Forgotten Password on S Series 76 Recovering from a Failed Start 77 5 802 1ag 79 Ethernet CFM 79 Maintenance Domains 80 Maintenance Points 80 Maintenance End Points 81 Implementation Information 82 Configure CFM 82 Related Configuration Tasks 82 Enable Ethernet CFM 83 Create a Maintenanc...

Page 5: ...nage Link Layer OAM 106 Enable MIB Retrieval Support Function 106 Adjust the Size of the Link OAM Event Log 106 7 802 1X 107 Protocol Overview 107 The Port authentication Process 109 EAP over RADIUS 110 Configuring 802 1X 111 Related Configuration Tasks 111 Important Points to Remember 112 Enabling 802 1X 112 Configuring Request Identity Re transmissions 114 Configuring a Quiet Period after a Fail...

Page 6: ...iguring Ingress ACLs 149 Configuring Egress ACLs 149 Egress Layer 3 ACL Lookup for Control plane IP Traffic 150 Configuring ACLs to Loopback 151 Applying an ACL on Loopback Interfaces 151 IP Prefix Lists 153 Implementation Information 153 Configuration Task List for Prefix Lists 153 ACL Resequencing 157 Resequencing an ACL or Prefix List 158 Route Maps 160 Implementation Information 160 Important ...

Page 7: ... Hop 217 Multiprotocol BGP 217 Implementing BGP with FTOS 217 4 Byte AS Numbers 218 AS4 Number Representation 219 AS Number Migration 221 BGP4 Management Information Base MIB 223 Important Points to Remember 223 Configuration Information 224 BGP Configuration 225 Configuration Task List for BGP 225 MBGP Configuration 266 BGP Regular Expression Optimization 267 Retain NH in BGP Advertisement 267 De...

Page 8: ...ng 299 CAM Profile Mismatches 299 QoS CAM Region Limitation 300 12 Configuration Replace and Rollback 301 Archived Files 301 Configuring Configuration Replace and Rollback 302 Related Configuration Tasks 302 Important Points to Remember 302 Enabling the Archive Service 302 Archiving a Configuration File 303 Viewing the Archive Directory 303 Replacing the Current Running Configuration 303 Rolling B...

Page 9: ...ANs only 325 Dynamic ARP Inspection 325 Source Address Validation 327 14 Equal Cost Multi Path 331 ECMP for Flow based Affinity E Series 331 Configurable Hash Algorithm E Series 331 Deterministic ECMP Next Hop 332 Configurable Hash Algorithm Seed 332 Configurable ECMP Hash Algorithm C and S Series 334 15 Force10 Resilient Ring Protocol 335 Protocol Overview 335 Ring Status 336 Multiple FRRP Rings ...

Page 10: ...icy and Assign a Test and Action List 363 Additional Policy Configurations 364 FTSA Policy Sample Configurations 364 Debugging FTSA 371 17 GARP VLAN Registration Protocol 373 Protocol Overview 373 Important Points to Remember 373 Configuring GVRP 374 Related Configuration Tasks 375 Enabling GVRP Globally 375 Enabling GVRP on a Layer 2 Interface 376 Configuring GVRP Registration 376 Configuring a G...

Page 11: ... IGMP Group 411 Enabling IGMP Immediate leave 411 IGMP Snooping 412 IGMP Snooping Implementation Information 412 Configuring IGMP Snooping 412 Enabling IGMP Immediate leave 412 Disabling Multicast Flooding 413 Specifying a Port as Connected to a Multicast Router 413 Configuring the Switch as Querier 413 Fast Convergence after MSTP Topology Changes 414 Designating a Multicast Router Interface 414 2...

Page 12: ...me to an interface 447 Show debounce times in an interface 447 Disable ports when one only SFM is available E300 only 447 Disable port on one SFM 448 Link Dampening 448 Important Points to Remember 448 Enable Link Dampening 449 Ethernet Pause Frames 450 Threshold Settings 451 Enable Pause Frames 452 Configure MTU Size on an Interface 453 Port pipes 454 Auto Negotiation on Ethernet Interfaces 455 V...

Page 13: ...tocol Overview 483 Extended Address Space 484 Stateless Autoconfiguration 484 IPv6 Headers 485 Extension Header fields 487 Addressing 488 Implementing IPv6 with FTOS 490 ICMPv6 492 Path MTU Discovery 492 IPv6 Neighbor Discovery 493 IPv6 Neighbor Discovery of MTU packets 494 Advertise Neighbor Prefixes 494 QoS for IPv6 494 IPv6 Multicast 495 SSH over an IPv6 Transport 495 Configuration Task List fo...

Page 14: ... Style in One Level Only 532 Leaking from One Level to Another 534 Sample Configuration 535 24 Link Aggregation Control Protocol 541 Introduction to Dynamic LAGs and LACP 541 Important Points to Remember 542 LACP modes 543 LACP Configuration Commands 543 LACP Configuration Tasks 544 Monitor and Debugging LACP 546 Shared LAG State Tracking 546 Configure Shared LAG State Tracking 547 Important Point...

Page 15: ...dant Pairs 573 Important Points about Configuring Redundant Pairs 574 Restricting Layer 2 Flooding 576 Far end Failure Detection 577 FEFD state changes 577 Important Points to Remember 578 Configuring FEFD 578 Debugging FEFD 580 26 Link Layer Discovery Protocol 583 802 1AB LLDP Overview 583 Protocol Data Units 583 Optional TLVs 585 Management TLVs 585 TIA 1057 LLDP MED Overview 586 TIA Organizatio...

Page 16: ...ber Query Interval 610 Explicit Tracking 610 Configure a Static Group 610 Display the MLD Group Table 611 Clear MLD Groups 611 Change the MLD Version 611 Debug MLD 611 MLD Snooping 611 Enable MLD Snooping 612 Disable MLD Snooping on a VLAN 612 Configure the Switch as a Querier 612 Disable Multicast Flooding 612 Specify a Port as Connected to a Multicast Router 612 Enable Snooping Explicit Tracking...

Page 17: ...le Configurations 638 29 Multiple Spanning Tree Protocol 643 Protocol Overview 643 Implementation Information 644 Configure Multiple Spanning Tree Protocol 644 Related Configuration Tasks 644 Enable Multiple Spanning Tree Globally 645 Add and Remove Interfaces 645 Create Multiple Spanning Tree Instances 645 Influence MSTP Root Selection 647 Interoperate with Non FTOS Bridges 647 Modify Global Para...

Page 18: ...t Tracking Configuration 681 Tracking a Layer 2 Interface 681 Tracking a Layer 3 Interface 682 Tracking an IPv4 IPv6 Route 684 Displaying Tracked Objects 688 32 Open Shortest Path First OSPFv2 and OSPFv3 691 Protocol Overview 692 Autonomous System AS Areas 692 Area Types 693 Networks and Neighbors 694 Router Types 694 Designated and Backup Designated Routers 696 Link State Advertisements LSAs 697 ...

Page 19: ...on Task List for OSPFv3 OSPF for IPv6 726 Enable IPv6 Unicast Routing 727 Assign IPv6 addresses on an interface 727 Assign Area ID on interface 727 Assign OSPFv3 Process ID and Router ID Globally 728 Configure stub areas 728 Configure Passive Interface 729 Redistribute routes 730 Configure a default route 730 Enable OSPFv3 graceful restart 731 OSPFv3 Authentication Using IPsec 734 Troubleshooting ...

Page 20: ...ng Usage Notes 766 PIM SM Snooping 767 Feature Overview 768 Configuration Notes and Restrictions 769 PIM SM Snooping Example 770 PIM SM Snooping Configuration 772 35 PIM Source Specific Mode 777 Implementation Information 779 Important Points to Remember 779 Configure PIM SM 779 Related Configuration Tasks 779 Enable PIM SSM 780 Use PIM SSM with IGMP version 2 Hosts 780 36 Power over Ethernet 785 ...

Page 21: ...oring 813 Important Points to Remember 813 Port Monitoring on E Series 814 E Series TeraScale 815 E Series ExaScale 815 Port Monitoring on C Series and S Series 816 Configuring Port Monitoring 819 Flow based Monitoring 820 Remote Port Mirroring 821 Remote Port Mirroring Example 821 Configuring Remote Port Mirroring 822 Displaying Remote Port Mirroring Configurations 828 Sample Configuration Remote...

Page 22: ...dot1p Priorities for Incoming Traffic 852 Honor dot1p Priorities on Ingress Traffic 853 Configure Port based Rate Policing 854 Configure Port based Rate Limiting 855 Configure Port based Rate Shaping 856 Policy based QoS Configurations 857 Classify Traffic 857 Create a QoS Policy 861 Create Policy Maps 864 QoS Rate Adjustment 869 Strict priority Queueing 870 Weighted Random Early Detection 870 Cre...

Page 23: ... 906 Configure an EdgePort 906 Influence RSTP Root Selection 908 SNMP Traps for Root Elections and Topology Changes 908 Fast Hellos for Link State Detection 909 Configure a Root Guard 910 Configure a Loop Guard 911 Displaying STP Guard Configuration 912 45 Security 913 AAA Accounting 913 Configuration Task List for AAA Accounting 914 AAA Authentication 917 Configuration Task List for AAA Authentic...

Page 24: ... VLAN Stacking for a VLAN 954 Configure the Protocol Type Value for the Outer VLAN Tag 954 FTOS Options for Trunk Ports 955 VLAN Stacking in Multi vendor Networks 956 VLAN Stacking Packet Drop Precedence 962 Enable Drop Eligibility 963 Honor the Incoming DEI Value 963 Mark Egress Packets with a DEI Value 964 Dynamic Mode CoS for VLAN Stacking 965 Layer 2 Protocol Tunneling 967 Implementation Infor...

Page 25: ... Managed Object Values 986 Configure Contact and Location Information using SNMP 987 Subscribe to Managed Object Value Updates using SNMP 988 Copy Configuration Files Using SNMP 990 Manage VLANs using SNMP 997 Create a VLAN 997 Assign a VLAN Alias 997 Display the Ports in a VLAN 997 Add Tagged and Untagged Ports to a VLAN 999 Enable and Disable a Port using SNMP 1001 Fetch Dynamic MAC Entries usin...

Page 26: ...its in an S Series Stack 1035 Create a Virtual Stack Unit on an S Series Stack 1036 Display Information about an S Series Stack 1036 Influence Management Unit Selection on an S Series Stack 1039 Manage Redundancy on an S Series Stack 1039 Reset a Unit on an S Series Stack 1039 Monitor an S Series Stack with SNMP 1040 Troubleshoot an S Series Stack 1040 Recover from Stack Link Flaps 1040 Recover fr...

Page 27: ... Spanning Trees as Hitless 1064 STP Loop Guard 1064 Loop Guard Scenario 1064 Loop Guard Configuration 1067 Displaying STP Guard Configuration 1068 53 System Time and Date 1069 Network Time Protocol 1069 Protocol Overview 1070 Implementation Information 1071 Configuring Network Time Protocol 1071 Enable NTP 1072 Set the Hardware Clock with the Time Derived from NTP 1073 Configure NTP broadcasts 107...

Page 28: ...reate a VLAN 1103 Assign Interfaces to VLANs 1104 Enable Routing between VLANs 1105 Use a Native VLAN on Trunk Ports 1106 Change the Default VLAN ID 1107 Set the Null VLAN as the Default VLAN 1107 Enable VLAN Interface Counters 1108 57 Virtual Routing and Forwarding VRF 1109 VRF Configuration Notes 1110 CAM Profiles 1112 DHCP 1114 IP addressing 1114 VRF Configuration 1114 Load the VRF CAM Profile ...

Page 29: ... Request and Response 1157 The Show Request and Response 1158 Configuration Task List 1158 XML Error Conditions and Reporting 1162 Summary of XML Limitations 1162 Error Messages 1162 Examples of Error Conditions 1163 Using display xml as a Pipe Option 1165 60 C Series Debugging and Diagnostics 1167 Switch Fabric overview 1168 Switch Fabric link monitoring 1168 Runtime hardware status monitoring 11...

Page 30: ... tuning 1189 When to tune buffers 1190 Buffer tuning commands 1191 Sample configuration 1194 61 E Series TeraScale Debugging and Diagnostics 1197 Overview 1198 System health checks 1198 Runtime dataplane loopback check 1198 Disable RPM SFM walk 1200 RPM SFM bring down 1201 Manual loopback test 1201 Power the SFM on off 1202 Reset the SFM 1204 SFM channel monitoring 1204 Respond to PCDFO events 120...

Page 31: ... dumps 1219 62 S Series Debugging and Diagnostics 1221 Offline diagnostics 1221 Important Points to Remember 1222 Running Offline Diagnostics 1222 Trace logs 1225 Auto Save on Crash or Rollover 1226 Hardware watchdog timer 1226 Buffer tuning 1226 Deciding to tune buffers 1228 Buffer tuning commands 1229 Sample buffer profile configuration 1231 Troubleshooting packet loss 1232 Displaying Drop Count...

Page 32: ...32 w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 33: ...tocols it is not intended to be a complete reference This guide is a reference for configuring protocols on Dell Force10 systems For complete information on protocols refer to other documentation including IETF Requests for Comment RFCs The instructions in this guide cite relevant RFCs and Appendix 63 Standards Compliance contains a complete list of the supported RFCs and Management Information Ba...

Page 34: ...ameters within braces must be entered in the CLI X Keywords and parameters within brackets are optional x y Keywords and parameters separated by bar require you to choose one Table 1 1 Information Symbols Symbol Warning Description FTOS Behavior This symbol informs you of an FTOS behavior These behaviors are inherent to the Dell Force10 system or FTOS feature and are non configurable ces Platform ...

Page 35: ...ve the current configuration copy the running configuration to another location Accessing the Command Line Access the command line through a serial console port or a Telnet session Figure 2 1 When the system successfully boots you enter the command line in the EXEC mode Figure 2 1 Logging into the System using Telnet Note Due to a differences in hardware architecture and the continued system devel...

Page 36: ...vel is 15 which is unrestricted You can configure a password for this mode see Configure the Enable Password on page 50 CONFIGURATION mode enables you to configure security features time settings set logging and SNMP functions configure static ARP and MAC addresses and set line cards on the system Beneath CONFIGURATION mode are sub modes that apply to interfaces protocols and features Figure 2 2 i...

Page 37: ...all have the letters conf in the prompt with additional modifiers to identify the mode and slot port information These are shown in Table 2 1 EXEC EXEC Privilege CONFIGURATION ARCHIVE AS PATH ACL INTERFACE GIGABIT ETHERNET 10 GIGABIT ETHERNET INTERFACE RANGE LOOPBACK MANAGEMENT ETHERNET NULL PORT CHANNEL SONET VLAN VRRP IP IPv6 IP COMMUNITY LIST IP ACCESS LIST STANDARD ACCESS LIST EXTENDED ACCESS ...

Page 38: ... ACL FTOS config as path ip as path access list INTERFACE modes Gigabit Ethernet Interface FTOS conf if gi 0 0 interface 10 Gigabit Ethernet Interface FTOS conf if te 0 0 Interface Range FTOS conf if range Loopback Interface FTOS conf if lo 0 Management Ethernet Interface FTOS conf if ma 0 0 Null Interface FTOS conf if nu 0 Port channel Interface FTOS conf if po 0 SONET Interface FTOS conf if so 0...

Page 39: ...panning tree pvst PREFIX LIST FTOS conf nprefixl ip prefix list RAPID SPANNING TREE FTOS config rstp protocol spanning tree rstp REDIRECT FTOS conf redirect list ip redirect list ROUTE MAP FTOS config route map route map ROUTER BGP FTOS conf router_bgp router bgp ROUTER ISIS FTOS conf router_isis router isis ROUTER OSPF FTOS conf router_ospf router ospf ROUTER RIP FTOS conf router_rip router rip S...

Page 40: ...isabled by default Enable them using the no disable command For example in PROTOCOL SPANNING TREE mode enter no disable to enable Spanning Tree Note The following commands cannot be modified by the do command enable disable exit and configure Note Use the help or command as discussed in Obtaining Help command to help you construct the no form of a command FTOS conf do show linecard all Line cards ...

Page 41: ...ords You must enter the minimum number of letters to uniquely identify a command For example cl cannot be entered as a partial keyword because both the clock and class map commands begin with the letters cl clo however can be entered as a partial keyword because only one command begins with those three letters The TAB key auto completes keywords in commands You must enter the minimum number of let...

Page 42: ... Combination Action CNTL A Moves the cursor to the beginning of the command line CNTL B Moves the cursor back one character CNTL D Deletes character at cursor CNTL E Moves the cursor to the end of the line CNTL F Moves the cursor forward one character CNTL I Completes a keyword CNTL K Deletes all characters from the cursor to the end of the command line CNTL L Re enters the previous command CNTL N...

Page 43: ...g a non capitalized ethernet Executing the command show run grep Ethernet ignore case would return instances containing both Ethernet and ethernet grep displays only the lines containing specified text Figure 2 9 shows this command used in combination with the command show linecard all Figure 2 9 Filtering Command Outputs with the grep Command except displays text that does not match the specified...

Page 44: ...n which the connection was established For example On the system that telnets into the switch Message 1 appears On the system that is connected over the console Message 2 appears If either of these messages appears Dell Force10 recommends that you coordinate with the users listed in the message so that you do not unintentionally overwrite each other s configuration changes Note You can filter a si...

Page 45: ... Route Processor Module RPM Switch Fabric Module SFM and line card status LEDs blink green The system then loads FTOS and boot messages scroll up the terminal window during this process No user interaction is required if the boot process proceeds without interruption When the boot process is complete the RPM and line card status LEDs remain online green and the console monitor displays the Force10...

Page 46: ...PM0 P CP CHMGR 5 CARDDETECTED Line card 1 present DSA Card Init 00 00 11 RPM0 P CP POEMGR 4 POE_POWER_USAGE_ABOVE_THRESHOLD Inline power used is exceeded 90 o available inline power 00 00 12 RPM0 P CP CHMGR 5 CARDDETECTED Line card 2 present 00 00 12 RPM0 P CP TSM 6 SFM_SWITCHFAB_STATE Switch Fabric UP 00 00 12 RPM0 P CP TSM 6 SFM_FULL_PARTIAL_STATE SW_FAB_UP_1 SFM in the system 00 00 13 RPM0 P CP...

Page 47: ...management port and a management routing table that is separate from the IP routing table The S Series does not have a dedicated management port but is managed from any port It does not have a separate management routing table Access the C Series and E Series Remotely Configuring the system for Telnet is a three step process 1 Configure an IP address for the management port See Configure the Manag...

Page 48: ...t Step Task Command Syntax Command Mode 1 Enter INTERFACE mode for the Management port interface ManagementEthernet slot port slot range 0 to 1 port range 0 CONFIGURATION 2 Assign an IPv4 or IPv6 address to the interface ip address ipv4 address ipv6 address mask ipv4 address an address in dotted decimal format A B C D ipv6 address an address in hexadecimal format X X X X X mask a subnet mask in pr...

Page 49: ...re 3 3 Configuring the S Series for Remote Access Step Task Command Syntax Command Mode 1 Configure a username and password to access the system remotely username username password encryption type password encryption type specifies how you are inputting the password is 0 by default and is not required 0 is for inputting the password in clear text 7 is for inputting a password that is already encry...

Page 50: ... both the internal and external Flash memory MMC cards support a maximum of 100 files The E Series TeraScale and ExaScale platforms architecture use Compact Flash for the internal and external Flash memory It has a space limitation but does not limit the number of files it can contain Task Command Syntax Command Mode Create a password to access EXEC Privilege mode enable password secret level leve...

Page 51: ...only be used if a DNS server is configured Note See the FTOS Command Reference for a detailed description of the copy command Table 3 1 Forming a copy Command source file url Syntax destination file url Syntax Local File Location Internal flash primary RPM copy flash filename flash filename standby RPM copy rpm 0 1 flash filename rpm 0 1 flash filename External flash primary RPM copy rpm 0 1 slot0...

Page 52: ... The system uses the startup configuration during boot up to configure the system The startup configuration is stored in the internal flash on the primary RPM by default but it can be saved onto an external flash on an RPM or a remote server To save the running configuration Note The commands in this section follow the same format as those in Copy Files to and from the System on page 51 but use th...

Page 53: ...tip hostname filepath filename a TFTP server copy running config tftp hostip hostname filepath filename an SCP server copy running config scp hostip hostname filepath filename Note When copying to a server a hostname can only be used if a DNS server is configured Save the running configuration to the startup configuration on the internal flash of the primary RPM Then copy the new startup config fi...

Page 54: ...yntax Command Mode 1 View the EXEC Privilege contents of a file in the internal flash of an RPM show file rpm 0 1 flash filename contents of a file in the external flash of an RPM show file rpm 0 1 slot0 filename running configuration show running config startup configuration show startup config FTOS dir Directory of flash 1 drw 32768 Jan 01 1980 00 00 00 2 drwx 512 Jul 23 2007 00 38 44 3 drw 8192...

Page 55: ...xample You can change the default file system so that file management commands apply to a particular device or memory To change the default storage location Task Command Syntax Command Mode View information about each file system show file systems EXEC Privilege Task Command Syntax Command Mode Change the default directory cd directory EXEC Privilege FTOS show running config Current Configuration ...

Page 56: ...rading and Downgrading FTOS Note To upgrade or downgrade FTOS see the release notes for the version you want to load on the system FTOS cd slot0 FTOS copy running config test FTOS copy run test 7419 bytes successfully copied FTOS dir Directory of slot0 1 drw 32768 Jan 01 1980 00 00 00 2 drwx 512 Jul 23 2007 00 38 44 3 0 Jan 01 1970 00 00 00 DCIM 4 rw 7419 Jul 23 2007 20 44 40 test 5 0 Jan 01 1970 ...

Page 57: ...vilege Levels Privilege levels restrict access to commands based on user or terminal line There are 16 privilege levels of which three are pre defined The default privilege level is 1 Level 0 Access to the system begins at EXEC mode and EXEC mode commands are limited to enable disable and exit Level 1 Access to the system begins at EXEC mode and all commands are available Level 15 Access to the sy...

Page 58: ...ant to allow access using the command privilege configure level level In the command specify the privilege level of the user or terminal line and specify all keywords in the command to which you want to allow access Allow Access to INTERFACE LINE ROUTE MAP and ROUTER mode 1 Similar to allowing access to CONFIGURATION mode to allow access to INTERFACE LINE ROUTE MAP and ROUTER modes you must first ...

Page 59: ...ows access to CONFIGURATION mode with the banner command and allows access to INTERFACE and LINE modes are allowed with no commands Allow access to INTERFACE LINE ROUTE MAP and or ROUTER mode Specify all keywords in the command privilege configure level level interface line route map router command keyword command keyword CONFIGURATION Allow access to a CONFIGURATION INTERFACE LINE ROUTE MAP and o...

Page 60: ... EXEC show Show running system information output omitted FTOS config output omitted FTOS conf do show priv Current privilege level is 3 FTOS conf end Exit from configuration mode exit Exit from configuration mode interface Select an interface to configure line Configure a terminal line linecard Set line card type FTOS conf interface fastethernet Fast Ethernet interface gigabitethernet Gigabit Eth...

Page 61: ...mand Mode Configure a privilege level for a user username username privilege level CONFIGURATION Task Command Syntax Command Mode Configure a privilege level for a terminal line privilege level level LINE Note When you assign a privilege level between 2 and 15 access to the system begins at EXEC mode but the prompt is hostname rather than hostname Task Command Syntax Command Mode Disable all loggi...

Page 62: ...er on page 63 Disable System Logging By default logging is enabled and log messages are sent to the logging buffer all terminal lines console and syslog servers Enable and disable system logging using the following commands Message 1 BootUp Events BOOTUP RPM0 CP PORTPIPE INIT SUCCESS Portpipe 0 enabled Task Command Syntax Command Mode Disable all logging except on the console no logging on CONFIGU...

Page 63: ... and the storage location The default is to log all messages up to debug level Task Command Syntax Command Mode Specify the server to which you want to send system messages You can configure up to eight syslog servers which may be IPv4 and or IPv6 addressed logging ip address ipv6 address hostname CONFIGURATION Task Command Syntax Command Mode Specify the minimum severity level for logging to the ...

Page 64: ...ng Configuration Display the current contents of the logging buffer and the logging settings for the system using the show logging command from EXEC Privilege mode as shown in Figure 4 2 Task Command Syntax Command Mode Specify the size of the logging buffer Note When you decrease the buffer size FTOS deletes all messages stored in the buffer Increasing the buffer size does not affect messages in ...

Page 65: ...GR 5 CARDDETECTED Line card 12 present TSM 6 SFM_DISCOVERY Found SFM 0 TSM 6 SFM_DISCOVERY Found SFM 1 TSM 6 SFM_DISCOVERY Found SFM 2 TSM 6 SFM_DISCOVERY Found SFM 3 TSM 6 SFM_DISCOVERY Found SFM 4 TSM 6 SFM_DISCOVERY Found SFM 5 TSM 6 SFM_DISCOVERY Found SFM 6 TSM 6 SFM_DISCOVERY Found SFM 7 TSM 6 SFM_SWITCHFAB_STATE Switch Fabric UP TSM 6 SFM_DISCOVERY Found SFM 8 TSM 6 SFM_DISCOVERY Found 9 SF...

Page 66: ...stem scheduler messages daemon for system daemons kern for kernel messages local0 for local use local1 for local use local2 for local use local3 for local use local4 for local use local5 for local use local6 for local use local7 for local use This is the default lpr for line printer system messages mail for mail system messages news for USENET news messages sys9 system use sys10 system use sys11 s...

Page 67: ...d Syntax Command Mode 1 Enter the LINE mode Configure the following parameters for the virtual terminal lines number range zero 0 to 8 end number range 1 to 8 You can configure multiple virtual terminals at one time by entering a number followed by an end number line console 0 vty number end number aux 0 CONFIGURATION 2 Set a level and the maximum number of messages to be printed The following par...

Page 68: ... 4 4 show running config ftp Command Example Configure FTP server parameters To configure FTP server parameters Task Command Syntax Command Mode Make the system an FTP server ftp server enable CONFIGURATION Task Command Syntax Command Mode Specify the directory for users using FTP to reach the system The default is the internal flash ftp server topdir dir CONFIGURATION Specify a user name for all ...

Page 69: ...uch as modems Deny and Permit Access to a Terminal Line Force 10 recommends applying only standard ACLs to deny and permit access to VTY lines Layer 3 ACL deny all traffic that is not explicitly permitted but in the case of VTY lines an ACL with no rules does not deny any traffic You cannot use show ip accounting access list to display the contents of an ACL that is applied only to a VTY line To a...

Page 70: ... RADIUS server to authenticate tacacs Prompt for a username and password and use a TACACS server to authenticate To configure authentication for a terminal line FTOS Behavior Prior to FTOS version 7 4 2 0 in order to deny access on a VTY line you must apply an ACL and AAA authentication to the line Then users are denied access only after they enter a username and password Beginning in FTOS version...

Page 71: ...e password LINE Task Command Syntax Command Mode Set the number of minutes and seconds Default 10 minutes on console 30 minutes on VTY Disable EXEC timeout by setting the timeout period to 0 exec timeout minutes seconds LINE Return to the default timeout values no exec timeout LINE Step Task Command Syntax Command Mode FTOS conf aaa authentication login myvtymethodlist line FTOS conf line vty 0 2 ...

Page 72: ...If you do not enter an IP address FTOS enters a Telnet dialog that prompts you for one Enter an IPv4 address in dotted decimal format A B C D Enter an IPv6 address in the format 0000 0000 0000 0000 0000 0000 0000 0000 Elision of zeros is supported Note Telnet to link local addresses is not supported telnet ipv4 address ipv6 address EXEC Privilege FTOS conf line con 0 FTOS config line console exec ...

Page 73: ...ation Lock Status If you attempt to enter CONFIGURATION mode when another user has locked it you may view which user has control of CONFIGURATION mode using the command show configuration lock from EXEC Privilege mode Message 1 CONFIGURATION mode Locked Error Error User on line console0 is in exclusive configuration mode Message 2 Cannot Lock CONFIGURATION mode Error Error Can t lock configuration...

Page 74: ...the power modules and then switching them back on 3 Abort bootup by sending the break signal when prompted Ctrl Shift 6 Figure 4 10 Entering BOOT_USER mode 4 Enter BOOT_ADMIN mode using the command enable admin Enter ncorerulz when prompted for a password enable admin BOOT_USER Figure 4 11 Entering BOOT_ADMIN mode 5 Rename the startup config so it does not load on the next system reload rename fla...

Page 75: ...ching off all of the power modules and then switching them back on 4 Abort bootup by sending the break signal when prompted See Figure 4 10 Ctrl Shift 6 5 Configure the system to ignore the enable password on bootup Note This command only bypasses the enable password once You must repeat this procedure to bypass it again ignore enable password BOOT_USER Figure 4 13 Ignoring the Enable Password 6 R...

Page 76: ...hassis by unplugging the power cord 3 Abort bootup by sending the break signal when prompted any key Figure 4 14 Entering BOOT_USER mode 4 Configure the system to ignore the startup config which prevents the system from prompting you for a password to enter EXEC mode Note This command only bypasses the password once You must repeat this procedure to bypass it again ignore startup config BOOT_USER ...

Page 77: ...is not available Enter default to configure boot parameters used if the secondary operating system boot parameter selection is not available The default location should always be the internal flash device flash and a verified image should be stored there boot change primary secondary default After entering the keywords and desired option press Enter The software prompts you to enter the following ...

Page 78: ...has only become available on the S Series with FTOS 7 8 1 0 and its accompanying boot code In addition to installing FTOS 7 8 1 0 you must separately install that new boot code For installation details see the S Series and FTOS Release Notes for Version 7 8 1 0 Task Command Syntax Command Mode Configure the system to routinely boot from the designated location After entering rpm0 or rpm1 enter one...

Page 79: ...e provider through multiple network operators Layer 2 Ethernet networks usually cannot be managed with IP tools such as ICMP Ping and IP Traceroute Traditional IP tools often fail because there are complex interactions between various Layer 2 and Layer 3 protocols such as STP LAG VRRP and ECMP configurations Ping and traceroute are not designed to verify data connectivity in the network and within...

Page 80: ...unique maintenance level 0 to 7 to each domain to define the hierarchical relationship between domains Domains can touch or nest but cannot overlap or intersect as that would require management by multiple entities Figure 5 1 OAM Domains Maintenance Points Domains are comprised of logical entities called Maintenance Points A maintenance point is an interface demarcation that confines CFM frames to...

Page 81: ...r or provider edge on Dell Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine Down MEP monitors the forwarding path external another bridge Configure Up MEPs on ingress ports ports that send traffic towards the bridge relay Configure Down MEPs on egress ports ports that send traffic away from the bridge relay Figure 5 3 Up MEP versus Down MEP Ethern...

Page 82: ... CAM region using the cam acl command See Configure Ingress Layer 2 ACL Sub partitions 2 Enable Ethernet CFM See page 83 3 Create a Maintenance Domain See page 83 4 Create a Maintenance Association See page 84 5 Create Maintenance Points See page 84 6 Use CFM tools a Continuity Check Messages on page 87 b Loopback Message and Response on page 88 c Linktrace Message and Response on page 88 Related ...

Page 83: ...e Ethernet CFM without stopping the CFM process disable ETHERNET CFM Step Task Command Syntax Command Mode 1 Create maintenance domain domain name md level number Range 0 7 ETHERNET CFM 2 Display maintenance domain information show ethernet cfm domain name brief EXEC Privilege FTOS show ethernet cfm domain Domain Name customer Level 7 Total Service 1 Services MA Name VLAN CC Int X CHK Status My_MA...

Page 84: ...between all devices so that each device can monitor the layers under its responsibility Create a Maintenance End Point A Maintenance End Point MEP is a logical entity that marks the end point of a domain There are two types of MEPs defined in 802 1ag for an 802 1 bridge Up MEP monitors the forwarding path internal to an bridge on the customer or provider edge on Dell Force10 systems the internal f...

Page 85: ...intenance points local mep MPID Domain Name Level Type Port CCM Status MA Name VLAN Dir MAC 100 cfm0 7 MEP Gi 4 10 Enabled test0 10 DOWN 00 01 e8 59 23 45 200 cfm1 6 MEP Gi 4 10 Enabled test1 20 DOWN 00 01 e8 59 23 45 300 cfm2 5 MEP Gi 4 10 Enabled test2 30 DOWN 00 01 e8 59 23 45 Task Command Syntax Command Mode Create an MIP ethernet cfm mip domain name level ma name name INTERFACE Display config...

Page 86: ...ed waiting EXEC Privilege FTOS show ethernet cfm maintenance points remote detail MAC Address 00 01 e8 58 68 78 Domain Name cfm0 MA Name test0 Level 7 VLAN 10 MP ID 900 Sender Chassis ID FTOS MEP Interface status Up MEP Port status Forwarding Receive RDI FALSE MP Status Active Display the MIP Database show ethernet cfm mipdb EXEC Privilege Task Command Syntax Command Mode Set the amount of time th...

Page 87: ...ctivity failure is then defined as 1 Loss of 3 consecutive CCMs from any of the remote MEP which indicates a network failure 2 Reception of a CCM with an incorrect CCM transmission interval which indicates a configuration error 3 Reception of CCM with an incorrect MEP ID or MAID which indicates a configuration or cross connect error This could happen when different VLANs are cross connected due to...

Page 88: ...ast LTR Intermediate MIPs forward the LTM toward the target MEP Step Task Command Syntax Command Mode 1 Enable CCM no ccm disable Default Disabled ECFM DOMAIN 2 Configure the transmit interval mandatory The interval specified applies to all MEPs in the domain ccm transmit interval seconds Default 10 seconds ECFM DOMAIN Task Command Syntax Command Mode Enable cross checking mep cross check enable D...

Page 89: ...at you can view it later without retracing Task Command Syntax Command Mode Send a Linktrace message Since the LTM is a Multicast message sent to the entire ME there is no need to specify a destination traceroute ethernet domain EXEC Privilege Task Command Syntax Command Mode Enable Link Trace caching traceroute cache CONFIGURATION Set the amount of time a trace result is cached traceroute cache h...

Page 90: ...ilege Task Command Syntax Command Mode Enable SNMP trap messages for Ethernet CFM snmp server enable traps ecfm CONFIGURATION Table 5 2 ECFM SNMP Traps Cross connect defect ECFM 5 ECFM_XCON_ALARM Cross connect fault detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000 Error CCM defect ECFM 5 ECFM_ERROR_ALARM Error CCM Defect detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000 MAC Stat...

Page 91: ...Name My_Name MD Index 1 Level 0 Total Service 1 Services MA Index MA Name VLAN CC Int X CHK Status 1 test 0 1s enabled Domain Name Your_Name MD Index 2 Level 2 Total Service 1 Services MA Index MA Name VLAN CC Int X CHK Status 1 test 100 1s enabled Display Ethernet CFM Statistics Task Command Syntax Command Mode Display MEP CCM statistics show ethernet cfm statistics domain name level vlan id vlan...

Page 92: ...rnet cfm port statistics interface gigabitethernet 0 5 Port statistics for port Gi 0 5 RX Statistics Total CFM Pkts 75394 CCM Pkts 75394 LBM Pkts 0 LTM Pkts 0 LBR Pkts 0 LTR Pkts 0 Bad CFM Pkts 0 CFM Pkts Discarded 0 CFM Pkts forwarded 102417 TX Statistics Total CFM Pkts 10303 CCM Pkts 0 LBM Pkts 0 LTM Pkts 3 LBR Pkts 0 LTR Pkts 0 Task Command Syntax Command Mode ...

Page 93: ...ucture deployments It consists of three main areas 1 Service Layer OAM IEEE 802 1ag Connectivity Fault Management CFM 2 Link Layer OAM IEEE 802 3ah Ethernet in the First Mile EFM OAM 3 Ethernet Local management Interface MEF 16 E LMI Link Layer OAM Overview Link Layer OAM introduces the toolset required to effectively monitor the link between the customer and service provider which is called the f...

Page 94: ...the peer s Local Information TLV Event Notification carries TLVs for each concurrent link fault Variable Request carries MIB object descriptors for which the remote peer should return values Variable Response carries the requested MIB object values Loopback Control carries the loopback control command enable and disable Organization Specific contains and OUI followed by data the format and functio...

Page 95: ...If the link is not in Fault state Active mode systems send Information OAMPDUs that contain only the Local Information TLV 2 Once a system receives an Information OAMPDU it responds with an Information OAMPDU that contains the Local and Remote Information TLV Negotiation is complete when both systems have received their peer s information and are satisfied with it to be satisfied both peers on the...

Page 96: ...are either symbol errors or frame errors and are communicated using Link Event TLVs Symbol Errors a symbol is an electrical or optical pulse on the physical medium that represents one or more bits A symbol error occurs when a symbol degrades in transit so that the receiver is not able to decode it Gigabit and 10 Gigabit Ethernet have and expect symbol rate also called Baud Frame Errors frame error...

Page 97: ...eters on page 99 Display Link Layer OAM Configuration and Statistics on page 104 Manage Link Layer OAM on page 106 Enable Link Layer OAM Link Layer OAM is disabled by default Enabling it places the system in Active mode and initiates OAM discovery Both peers on the link must be have link performance event monitoring enabled for discovery to complete Task Command Syntax Command Mode Enable Ethernet...

Page 98: ...DU revision 1 Remote client ___________ MAC address 0030 88fe 87de Vendor OUI 0x00 0x00 0x0C Administrative configurations Mode active Unidirection not supported Link monitor supported Remote loopback not supported MIB retrieval not supported Mtu size 1500 Display Link Layer OAM sessions show ethernet oam summary EXEC Privilege FTOS show ethernet oam summary Output format Symbols Master Loopback S...

Page 99: ... the High Threshold on page 102 Enable Error Monitoring The polling interval for Link Performance Monitoring is 100 milliseconds Task Command Syntax Command Mode Specify a the maximum or minimum number of OAMPDUs to be sent per second ethernet oam max rate value min rate value Range 1 10 Default 10 INTERFACE Set the transmission mode to active or passive ethernet oam mode active passive Default Ac...

Page 100: ... Frame Errors per Frame Period the number of frame errors within the last N frames exceeds a threshold Frame Error Seconds per Time Period an error second is a 1 second period with at least one frame error The Frame Error Seconds per Time Period error occurs when the number of error seconds within the last M seconds exceeds a threshold Symbol Errors per Second Task Command Syntax Command Mode Spec...

Page 101: ...period or disable the high threshold ethernet oam link monitor frame period threshold high frames none Range 1 65535 Default None INTERFACE Specify the low threshold for frame errors per frame period ethernet oam link monitor frame period threshold low frames Range 0 65535 Default 1 INTERFACE Specify the frame period for frame errors per frame period condition ethernet oam link monitor frame perio...

Page 102: ...ical Event notification is not supported on S Series When a link fault dying gasp or critical event occurs the system sets an associated bit in subsequent OAMPDUs until the error is resolved polling occurs every 100ms and you can configure the system to take an additional action Specify the time period for error second per time period condition ethernet oam link monitor frame seconds window millis...

Page 103: ...L3 protocols to stop control traffic Task Command Syntax Command Mode Enable support for the OAM loopback capability on an interface so that it can exchange information with a remote peer ethernet oam remote loopback supported Default Enabled INTERFACE Configure the maximum amount of time the local peer waits for a frame to be returned before considering the remote peer to be non operational ether...

Page 104: ...acket per second Link timeout 5 seconds High threshold action no action Link Monitoring ____________ Status supported on Symbol Period Error Window 1 million symbols Low threshold 1 error symbol s High threshold none Frame Error Window 1 million symbols Low threshold 1 error symbol s High threshold none Frame Period Error Window 1 x 100 000 frames Low threshold 1 error symbol s High threshold none...

Page 105: ...orted OAMPDU Tx 0 Unsupported OAMPDU Rx 0 Frame Lost due to OAM 0 Local Faults 0 Link Fault Records 0 Dying Gasp Records Total dying Gasps 2 Time Stamp 00 40 23 Total dying Gasps 1 Time Stamp 00 41 23 0 Critical Event Records Remote Faults _________ 0 Link Fault Records 0 Dying Gasp Records 0 Critical Event Records Local Event Logs _____________ 0 Errored Symbol Period Records 0 Errored Frame Reco...

Page 106: ...ot include the ability to set write remote MIB variables You must enable MIB retrieval support and the MIB retrieval function Adjust the Size of the Link OAM Event Log Task Command Syntax Command Mode Enable MIB retrieval support and or the MIB retrieval function ethernet oam mib retrieval supported on Default Disabled INTERFACE Task Command Syntax Command Mode Configure the size of the OAM event ...

Page 107: ...Assignment with Port Authentication on page 119 Guest and Authentication Fail VLANs on page 121 Multi Host Authentication on page 123 Multi Supplicant Authentication on page 125 MAC Authentication Bypass on page 127 Dynamic CoS with 802 1X on page 130 Protocol Overview 802 1X is a method of port security A device connected to a port that is enabled with 802 1X is disallowed from sending or receivi...

Page 108: ...ch the supplicant communicates is the authenticator The authenicator is the gate keeper of the network It translates and forwards requests and responses between the authentication server and the supplicant The authenticator also changes the status of the port based on the results of the authentication process The Dell Force10 switch is the authenticator Note FTOS supports 802 1X with EAP MD5 EAP O...

Page 109: ...it in a RADIUS Access Request frame and forwards the frame to the authentication server 4 The authentication server replies with an Access Challenge The Access Challenge is request that the supplicant prove that it is who it claims to be using a specified method an EAP Method The challenge is translated and forwarded to the supplicant by the authenticator 5 The supplicant can negotiate the authent...

Page 110: ...LV format The Type value for EAP messages is 79 Figure 7 3 RADIUS Frame Format Supplicant Authenticator Authentication Server Request Identity Response Identity Access Request Access Challenge EAP over LAN EAPOL EAP over RADIUS EAP Request EAP Reponse Access Request Access Accept Reject EAP Sucess Failure Code Identifier Length Message Authenticator Attribute EAP Message Attribute Range 1 4 Codes ...

Page 111: ... 121 Configuring an Authentication Fail VLAN on page 122 Table 7 1 802 1X Supported RADIUS Attributes Attribute Name Description 1 User Name the name of the supplicant to be authenticated 4 NAS IP Address 5 NAS Port the physical port number by which the authenticator is connected to the supplicant 24 State 30 Called Station Id 31 Calling Station Id relays the supplicant MAC address to the authenti...

Page 112: ...ation on the port If you enable multi supplicant authorization on a port configure a maximum number of supplicants that can be authenticated and enable periodic re authentication if some of the supplicants fail re authentication these unauthorized supplicants are still counted in the total number of supplicants that can access the port Traffic may be transmitted on an 802 1X enabled port before th...

Page 113: ...ace or a range of interfaces dot1x authentication INTERFACE FTOS show running config find dot1x dot1x authentication output omitted interface GigabitEthernet 2 1 ip address 2 2 2 2 24 dot1x authentication no shutdown interface GigabitEthernet 2 2 ip address 1 0 0 1 24 dot1x authentication no shutdown More 802 1X Enabled 802 1X Enabled on FTOS show dot1x interface gigabitethernet 2 1 802 1x informa...

Page 114: ... but this period can be configured To configure the quiet period after a failed authentication Note There are several reasons why the supplicant might fail to respond the supplicant might have been booting when the request arrived there might be a physical layer problem or the supplicant might not be 802 1x capable Step Task Command Syntax Command Mode 1 Configure the amount of time that the authe...

Page 115: ...wn the port Any attempt by the supplicant to initiate authentication is ignored Auto is an unauthorized state by default A device connected to this port is this state is subjected to the authentication process If the process is successful the port is authorized and the connected device can communicate on the network All ports are placed in the auto state by default Note On the C Series traffic may...

Page 116: ...ntax Command Mode 1 Place a port in the ForceAuthorized ForceUnauthorized or Auto state dot1x port control force authorized force unauthorized auto Default auto INTERFACE Step Task Command Syntax Command Mode 1 Configure the authenticator to periodically re authenticate the supplicant dot1x reauthentication interval seconds Range 1 65535 Default 60 INTERFACE FTOS conf if gi 2 1 dot1x port control ...

Page 117: ...t1x reauth max number Range 1 10 Default 2 INTERFACE Step Task Command Syntax Command Mode 1 Terminate the authentication process due to an unresponsive supplicant dot1x supplicant timeout seconds Range 1 300 Default 30 INTERFACE FTOS conf if gi 2 1 dot1x reauthentication interval 7200 FTOS conf if gi 2 1 dot1x reauth max 10 FTOS conf if gi 2 1 do show dot1x interface gigabitethernet 2 1 802 1x in...

Page 118: ...ormula dot1x server timeout seconds radius server retransmit seconds 1 radius server timeout seconds Where the default values are as follows dot1x server timeout 30 seconds radius server retransmit 3 seconds and radius server timeout 5 seconds For example FTOS conf radius server host 10 11 197 105 timeout 6 FTOS conf radius server host 10 11 197 105 retransmit 4 FTOS conf interface gigabitethernet...

Page 119: ...and ingress port number 3 The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using Tunnel Private Group ID The dynamic VLAN assignment from the RADIUS server always overrides the configuration on the switch for the given port This applies to ports already configured with a non default VLAN To configure dynamic VLAN assignment with 802 1x port a...

Page 120: ...t VLAN G GVRP VLANs Q U Untagged T Tagged x Dot1x untagged X Dot1x tagged G GVRP tagged NUM Status Description Q Ports 1 Inactive 300 Inactive U Gi 1 11 400 Inactive After authentication Force10 show vlan Codes Default VLAN G GVRP VLANs Q U Untagged T Tagged x Dot1x untagged X Dot1x tagged G GVRP tagged NUM Status Description Q Ports 1 Inactive 300 In active 400 Active x Gi 1 11 After disconnectio...

Page 121: ... with regard to external users If the supplicant fails authentication a specified number of times the authenticator places the port in the Authentication fail VLAN If a port is already forwarding on the Guest VLAN when 802 1X is enabled then the port is moved out of the Guest VLAN and the authentication process begins Configuring a Guest VLAN If the supplicant does not respond to a Request Identit...

Page 122: ... configuration using the command show config from INTERFACE mode as shown in Figure 7 12 or using the command show dot1x interface command from EXEC Privilege mode as shown in Figure 7 14 Figure 7 14 Viewing Guest and Authentication fail VLAN Configurations FTOS conf if gi 1 2 dot1x auth fail vlan 100 max attempts 5 FTOS conf if gi 1 2 show config interface GigabitEthernet 1 2 switchport dot1x gue...

Page 123: ...e authenticator port Single host mode authentication does not authenticate all end users and all but one are denied access to the network For these cases Figure 7 16 FTOS offers Multi host mode authentication Figure 7 16 Multi host Authentication Mode When Multi host mode authentication is configured the first client to respond to an identity request is authenticated and subsequent responses are s...

Page 124: ...1x host mode to return to Single host mode dot1x host mode multi host Default Single host mode INTERFACE FTOS conf if gi 2 1 dot1x port control force authorized FTOS conf if gi 2 1 do show dot1x interface gigabitethernet 2 1 802 1x information on Gi 2 1 Dot1x Status Enable Port Control FORCE_AUTHORIZED Port Auth Status UNAUTHORIZED Re Authentication Disable Untagged VLAN id None Guest VLAN Enable ...

Page 125: ...device to respond and then both devices could access the network However if you wanted to place them in different VLANs a VOIP VLAN and a data VLAN you would need to authenticate the devices separately so that the RADIUS server can send each device s VLAN assignment during that devices authentication process Task Command Syntax Command Mode Configure Single host Authentication mode on a port dot1x...

Page 126: ... Authentication Disable Untagged VLAN id None Guest VLAN Disable Guest VLAN id NONE Auth Fail VLAN Disable Auth Fail VLAN id NONE Auth Fail Max Attempts NONE Tx Period 30 seconds Quiet Period 60 seconds ReAuth Max 2 Supplicant Timeout 30 seconds Server Timeout 30 seconds Re Auth Interval 3600 seconds Max EAP Req 2 Host Mode MULTI AUTH Auth PAE State Initialize Backend State Initialize Supplicants ...

Page 127: ...any colons If the server authenticates successfully the port is dynamically assigned to a MAB VLAN using a RADIUS attribute 81 or is assigned to the untagged VLAN of the port Afterwards packets from any other MAC address are dropped If authentication fails the authenticator waits the quiet period and then restarts the authentication process MAC authentication bypass works in conjunction and in com...

Page 128: ...hentication mode If any supplicant that has been authenticated using MAB starts to speak EAPoL the switch re authenticates that supplicant using 802 1X first while keeping the MAC authorized through the re authentication process Note On the C Series and S Series if the switch is in multi host mode a MAC address that was MAB authenticated but later was disabled from MAB authentication is not denied...

Page 129: ...e EXEC Privilege FTOS show dot1x int Gi 2 32 802 1X information on Gi 2 32 Dot1x Status Enable Port Control AUTO Port Auth Status UNAUTHORIZED Re Authentication Disable Untagged VLAN id None Guest VLAN Enable Guest VLAN id 10 Auth Fail VLAN Enable Auth Fail VLAN id 11 Auth Fail Max Attempts 3 Mac Auth Bypass Enable Tx Period 30 seconds Quiet Period 60 seconds ReAuth Max 2 Supplicant Timeout 30 sec...

Page 130: ...uld instead need to push the CoS configuration to the switches based on the application the server is running Dynamic CoS uses RADIUS attribute 59 called User Priority Table to specify the priority value for incoming frames Attribute 59 has an 8 octet field that maps the incoming dot1p values to new values it is essentially a dot1p re mapping table The position of each octet corresponds to a prior...

Page 131: ...ed Dot1p 0 2 1 6 2 5 3 4 4 3 5 2 6 1 7 0 After being re tagged by dynamic CoS for 802 1X packets are forwarded in the switch according to their new CoS priority When a supplicant logs off from an 802 1X authentication session the dynamic CoS table is deleted or reset When an 802 1x session is re authenticated the previously assigned CoS table is retained through the re authentication process If th...

Page 132: ...132 802 1X w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 133: ...ocessed in sequence so that if a packet does not match the criterion in the first filter the second filter if configured is applied When a packet matches a filter the switch drops or forwards the packet based on the filter s specified action If the packet does not match any of the filters in the ACL the packet is dropped implicit deny The number of ACLs supported on a system depends on your CAM si...

Page 134: ...rt number For extended ACL TCP and UDP filters you can match criteria on specific or ranges of TCP or UDP ports For extended ACL TCP filters you can also match criteria on established TCP sessions When creating an access list the sequence of the filters is important You have a choice of assigning sequence numbers to the filters as you enter them or FTOS will assign numbers in the order the filters...

Page 135: ...ions for several types of information Table 8 1 lists the sub partition and the percentage of the Layer 2 ACL CAM partition that FTOS allocates to each by default You can re configure the amount of space in percentage allocated to each sub partition As with the IPv4Flow partition you can configure the Layer 2 ACL partition from EXEC Privilege mode or CONFIGURATION mode The amount of space that you...

Page 136: ...settings to take effect CAM optimization CAM optimization is supported on platforms c s When this command is enabled if a Policy Map containing classification rules ACL and or dscp ip precedence rules is applied to more than one physical interface on the same port pipe only a single copy of the policy is written only 1 FP entry will be used When the command is disabled the system behaves as descri...

Page 137: ...stalled in the ACL CAM on the port pipe The entry would look for the incoming VLAN in the packet Whereas if you apply an ACL on individual ports of a VLAN separate copies of the ACL entries would be installed for each port belonging to a port pipe When you use the log keyword CP processor will have to log details about the packets that match Depending on how many packets match the log entry and at...

Page 138: ... The order can range from 0 to 254 FTOS writes to the CAM ACL rules with lower order numbers order numbers closer to 0 before rules with higher order numbers so that packets are matched as you intended By default all ACL rules have an order of 254 Figure 8 2 Using the Order Keyword in ACLs IP Fragment Handling FTOS supports a configurable option to explicitly deny IP fragmented packets particularl...

Page 139: ...ctually installed the offending rule in CAM IP fragments ACL examples The following configuration permits all packets both fragmented non fragmented with destination IP 10 1 1 1 The second rule does not get hit at all To deny second subsequent fragments use the same rules in a different order These ACLs deny all second subsequent fragments with destination IP 10 1 1 1 but permit the first fragment...

Page 140: ...rs packets it looks at the Fragment Offset FO to determine whether or not it is a fragment FO 0 means it is either the first fragment or the packet is a non fragment FO 0 means it is dealing with the fragments of the original packet Permit ACL line with L3 information only and the fragments keyword is present If a packet s L3 information matches the L3 information in the ACL line the packet s frag...

Page 141: ... message is shown if IPv6 microcode is configured and an ACL is entered with a TCP filter included FTOS conf ipv6 acl seq 8 permit tcp any any urg May 5 08 32 34 E90MJ 0 ACL_AGENT 2 ACL_AGENT_ENTRY_ERROR Unable to write seq 8 of list test as individual TCP flags are not supported on linecard 0 Step Command Syntax Command Mode Purpose 1 ip access list standard access listname CONFIGURATION Enter IP...

Page 142: ...ey were configured for example the first filter was given the lowest sequence number The show config command in the IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10 Figure 8 5 Standard IP ACL To view all configured IP ACLs use the show ip accounting access list command Figure 229 in the EXEC Privilege mode Step Command Syntax Command Mode Purpose 1 ip access list sta...

Page 143: ...On E Series ExaScale systems TCP ACL flags are not supported in standard or extended ACLs with IPv6 microcode An error message is shown if IPv6 microcode is configured and an ACL is entered with a TCP filter included FTOS conf ipv6 acl seq 8 permit tcp any any urg May 5 08 32 34 E90MJ 0 ACL_AGENT 2 ACL_AGENT_ENTRY_ERROR Unable to write seq 8 of list test as individual TCP flags are not supported o...

Page 144: ... udp source mask any host ip address destination mask any host ip address operator port port count byte log order monitor fragments CONFIG EXT NACL Configure a drop or forward filter log and monitor options are supported on E Series only Step Command Syntax Command Mode Purpose 1 ip access list extended access list name CONFIGURATION Create an extended IP ACL and assign it a unique name 2 seq sequ...

Page 145: ...become busy as it has to log these packets details Note When assigning sequence numbers to filters keep in mind that you might need to insert a new filter To prevent reconfiguring multiple filters assign sequence numbers in multiples of five or another number Command Syntax Command Mode Purpose deny permit source mask any host ip address count byte log order monitor fragments CONFIG EXT NACL Confi...

Page 146: ... functionality of est use the following ACLs permit tcp any any rst permit tcp any any ack Configuring Layer 2 and Layer 3 ACLs on an Interface Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode If both L2 and L3 ACLs are applied to an interface the following rules apply The packets routed by FTOS are governed by the L3 ACL only since they are not filtered against an L...

Page 147: ...CL ABCD and apply it using the in keyword and it becomes an ingress access list If you apply the same ACL using the out keyword it becomes an egress access list If you apply the same ACL to the loopback interface it becomes a loopback access list This chapter covers the following topics Configuring Ingress ACLs on page 149 Configuring Egress ACLs on page 149 Configuring ACLs to Loopback on page 15...

Page 148: ... to an interface Step Command Syntax Command Mode Purpose 1 interface interface slot port CONFIGURATION Enter the interface number 2 ip address ip address INTERFACE Configure an IP address for the interface placing it in Layer 3 mode 3 ip access group access list name in out implicit permit vlan vlan range INTERFACE Apply an IP ACL to traffic entering or exiting an interface out configure the ACL ...

Page 149: ...tack malicious and incidental by explicitly allowing only authorized traffic These system wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results By localizing target traffic it is a simpler implementation 3 View the number of packets matching the ACL using the show ip accounting access list from EXEC Privilege mode Step Task FTOS conf interface gige 0 0 FTOS c...

Page 150: ...CPU generated and CPU forwarded traffic Using permit rules with the count option you can track on a per flow basis whether CPU generated and CPU forwarded packets were transmitted successfully Task Command Syntax Command Mode Apply Egress ACLs to IPv4 system traffic ip control plane egress filter CONFIGURATION Apply Egress ACLs to IPv6 system traffic ipv6 control plane egress filter CONFIGURATION ...

Page 151: ...s the risk of attack Loopback interfaces do not support ACLs using the IP fragment option If you configure an ACL with the fragments option and apply it to a loopback interface the command is accepted but the ACL entries are not actually installed the offending rule in CAM See also Loopback Interfaces in the Interfaces chapter Applying an ACL on Loopback Interfaces ACLs can be applied on Loopback ...

Page 152: ...3 ip access list standard extended name CONFIGURATION Apply rules to the new ACL 4 ip access group name in INTERFACE Apply an ACL to traffic entering loopback in configure the ACL to filter incoming traffic Note ACLs for loopback can only be applied to incoming traffic Note See also the section VTY Line Local Authentication and Authorization on page 948 Step Command Syntax Command Mode Purpose FTO...

Page 153: ...for specific routes using the le and ge parameters where x x x x x represents a route prefix To deny only 8 prefixes enter deny x x x x x ge 8 le 8 To permit routes with the mask greater than 8 but less than 12 enter permit x x x x x ge 8 le 12 To deny routes with a mask less than 24 enter deny x x x x x le 24 To permit routes with a mask greater than 20 enter permit x x x x x ge 20 The following ...

Page 154: ...ow config command displays the filters in the correct order Figure 8 13 Command Example seq Note the last line in the prefix list Juba contains a permit all statement By including this line in a prefix list you specify that all routes not matching any criteria in the prefix list are forwarded To delete a filter use the no seq sequence number command in the PREFIX LIST mode Step Command Syntax Comm...

Page 155: ...er of the filter you want to delete then use the no seq sequence number command in the PREFIX LIST mode To view all configured prefix lists use either of the following commands in the EXEC mode Step Command Syntax Command Mode Purpose 1 ip prefix list prefix name CONFIGURATION Create a prefix list and assign it a unique name 2 deny permit ip prefix ge min prefix length le max prefix length CONFIG ...

Page 156: ... a prefix list to filter the network prefixes in incoming route updates You can specify an interface If you enter the name of a nonexistent prefix list all routes are forwarded distribute list prefix list name out interface connected static ospf CONFIG ROUTER RIP Apply a prefix list to filter network prefixes advertised in outgoing route updates You can specify an interface or type of route If you...

Page 157: ...hat are numbered in increments of 1 No new rules can be placed between these so apply resequencing to create numbering space as shown in Table 8 4 In the same example apply resequencing if more than two rules must be placed between rules 7 and 10 Command Syntax Command Mode Purpose router ospf CONFIGURATION Enter OSPF mode distribute list prefix list name in interface CONFIG ROUTER OSPF Apply a co...

Page 158: ... 2 and incrementing by 2 Note ACL Resequencing does not affect the rules or remarks or the order in which they are applied It merely renumbers them so that new rules can be placed within the list as desired Table 8 3 ACL Resequencing Example Insert New Rules seq 5 permit any host 1 1 1 1 seq 6 permit any host 1 1 1 2 seq 7 permit any host 1 1 1 3 seq 10 permit any host 1 1 1 4 Table 8 4 ACL Resequ...

Page 159: ...original positions FTOS config ext nacl show config ip access list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1 1 1 1 seq 5 permit ip any host 1 1 1 1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1 1 1 2 seq 10 permit ip any host 1 1 1 2 seq 15 permit ip any host 1 1 1 3 seq 20 permit ip any host 1 1 1 4 FTOS end FTOS resequence access li...

Page 160: ...tributed Implementation Information The FTOS implementation of route maps allows route maps with no match command or no set command When there is no match command all traffic matches the route map and the set command applies FTOS config ext nacl show config ip access list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1 1 1 1 seq 5 permit ip any host 1 1 1 1 remark ...

Page 161: ...ROUTER OSPF modes The following list includes the configuration tasks for route maps Create a route map on page 161 mandatory Configure route map filters on page 163 optional Configure a route map for route redistribution on page 166 optional Configure a route map for route tagging on page 167 optional Create a route map Route maps ACLs and prefix lists are similar in composition because all three...

Page 162: ... To delete all instances of that route map use the no route map map name command To delete just one instance add the sequence number to the command syntax Figure 8 24 Figure 8 23 Deleting One Instance of a Route Map Figure 8 24 shows an example of a route map with multiple instances The show config command displays only the configuration of the current route map instance To view all instances of a...

Page 163: ...h ONLY if there is a match among ALL match commands The following example explains better Example 1 In the above route map if a route has any of the tag value specified in the match commands then there is a match Example 2 In the above route map only if a route has both the characteristics mentioned in the route map it is matched Explaining further the route must have a tag value of 1000 and a met...

Page 164: ... interface interface CONFIG ROUTE MAP Match routes whose next hop is a specific interface The parameters are For a Fast Ethernet interface enter the keyword FastEthernet followed by the slot port information For a 1 Gigabit Ethernet interface enter the keyword gigabitEthernet followed by the slot port information For a loopback interface enter the keyword loopback followed by a number between zero...

Page 165: ...utes with a specific value match origin egp igp incomplete CONFIG ROUTE MAP Match BGP routes based on the ORIGIN attribute match route type external type 1 type 2 internal level 1 level 2 local CONFIG ROUTE MAP Match routes specified as internal or external to OSPF ISIS level 1 ISIS level 2 or locally generated match tag tag value CONFIG ROUTE MAP Match routes with a specific tag Command Syntax Co...

Page 166: ...be changed include the metric type for example external and internal route types in OSPF and route tag Use the redistribute command in OSPF RIP ISIS and BGP to set some of these attributes for routes that are redistributed into those protocols Route maps add to that redistribution capability by allowing you to match specific routes and set or change more attributes when redistributing those routes...

Page 167: ...tinue clause Normally when a match is found set clauses are executed and the packet is then forwarded no more route map modules are processed If the continue command is configured at the end of a module the next module or a specified module is processed even after a match is found Figure 8 27 shows a continue clause at the end of a route map module In this example if a match is found in the route ...

Page 168: ...CL Prefix Lists and Route maps w w w d e l l c o m s u p p o r t d e l l c o m Figure 8 27 Command Example continue route map test permit 10 match commu comm list1 set community 1 1 1 2 1 3 set as path prepend 1 2 3 4 5 continue 30 ...

Page 169: ...illiseconds rather than seconds as with conventional routing protocol hellos It is independent of routing protocols and as such provides a consistent method of failure detection when used across a network Networks converge faster because BFD triggers link state changes in the routing protocol sooner and more consistently because BFD can eliminate the use of multiple protocol dependent timers and m...

Page 170: ... the BFD Agent changes the session state to Down It then notifies the BFD Manager of the change and sends a control packet to the neighbor that indicates the state change though it might not be received if the link or receiving interface is faulty The BFD Manager notifies the routing protocols that are registered with it clients that the forwarding path is down and a link state change is triggered...

Page 171: ...between control packets that the local system is capable of supporting The minimum interval between control packets that the local system is capable of supporting Random number generated by remote system to identify a session Random number generated by remote system to identify a session The intervals at which the local system would like to transmit control packets The intervals at which the local...

Page 172: ...ssible without regard to its transmit interval The responding system clears the poll bit and sets the final bit in its response The poll and final bits are used during the handshake and Demand mode see BFD sessions Note FTOS does not currently support multi point sessions Demand mode authentication or control plane independence these bits are always clear Detection Multiplier The number of packets...

Page 173: ... systems are exchanging control packets The session is declared down if A control packet is not received within the detection time Sufficient echo packets are lost Demand mode is active and a control packet is not received in response to a poll packet BFD three way handshake A three way handshake must take place between the systems that will participate in the BFD session The handshake shown in Fi...

Page 174: ...urable Required Min RX Interval User configurable Required Min Echo RX Interval User configurable Init State Change Version 1 Diag Code 0 assumes no previous session State Init Flag F 1 Detect Multiplier User configurable My Discriminator Y Passsive System Session ID Your Discriminator X Desired Min TX Interval User configurable Required Min RX Interval User configurable Required Min Echo RX Inter...

Page 175: ...p and virtual links Protocol Liveness is supported for routing protocols only FTOS supports only OSPF ISIS E Series only and VRRP protocols as BFD clients Configuring Bidirectional Forwarding Detection The remainder of this chapter is divided into the following sections Configuring BFD for Physical Ports on page 176 Configuring BFD for Static Routes on page 180 Configuring BFD for OSPF on page 182...

Page 176: ...ted configuration tasks Change session parameters See page 178 Disable or re enable BFD on an interface See page 179 Enabling BFD globally BFD must be enabled globally on both routers as shown in Figure 9 5 To enable BFD globally Verify that BFD is enabled globally using the command show running bfd as shown in Figure 9 4 Figure 9 4 Enabling BFD Globally Establishing a session on physical ports To...

Page 177: ... address INTERFACE 3 Identify the neighbor with which the interface will participate in the BFD session bfd neighbor ip address INTERFACE R1 ACTIVE Role R2 ACTIVE Role Force10 config bfd enable Force10 config interface gigabitethernet 4 24 Force10 conf if gi 2 1 ip address 2 2 2 1 24 Force10 conf if gi 2 1 bfd neighbor 2 2 2 2 fnC0038mp 2 1 4 24 Force10 config bfd enable Force10 config interface g...

Page 178: ...nged session state to Down for neighbor 2 2 2 2 on interface Gi 4 24 diag 0 00 36 02 RPM0 P RP2 BFDMGR 1 BFD_STATE_CHANGE Changed session state to Up for neighbor 2 2 2 2 on interface Gi 4 24 diag 0 Step Task Command Syntax Command Mode 1 Change session parameters for all sessions on an interface bfd interval milliseconds min_rx milliseconds multiplier value role active passive INTERFACE R1 conf i...

Page 179: ...te Change due to Local State Admin Down R2 01 32 53 RPM0 P RP2 BFDMGR 1 BFD_STATE_CHANGE Changed session state to Down for neighbor 2 2 2 1 on interface Gi 2 1 diag 7 R1 conf if gi 4 24 bfd interval 100 min_rx 100 multiplier 4 role passive R1 conf if gi 4 24 do show bfd neighbors detail Session Discriminator 1 Neighbor Discriminator 1 Local Addr 2 2 2 1 Local MAC Addr 00 01 e8 09 c3 e5 Remote Addr...

Page 180: ...n parameters See page 181 Disable BFD for all static routes See page 181 Establishing sessions for static routes Sessions are established for all neighbors that are the next hop of a static route Figure 9 9 Enabling BFD for Static Routes Step Task Command Syntax Command Mode 1 Enable BFD on an interface bfd enable INTERFACE 2 2 2 1 24 fnC0039mp 4 24 2 1 2 2 6 0 Force10 config interface gigabitethe...

Page 181: ...ion parameters using the command show bfd neighbors detail as shown in Figure 9 8 on page 179 Disabling BFD for static routes If BFD is disabled all static route BFD sessions are torn down A final Admin Down packet is sent to all neighbors on the remote systems and those neighbors change to the Down state Message 3 on page 179 Step Task Command Syntax Command Mode 1 Establish BFD sessions for all ...

Page 182: ...change occurred Configuring BFD for OSPF is a two step process 1 Enable BFD globally See Enabling BFD globally on page 176 2 Establish sessions for all or particular OSPF neighbors See page 182 Related configuration tasks Change session parameters See page 184 Disable BFD sessions for OSPF See page 184 Establishing sessions with OSPF neighbors BFD sessions can be established with all OSPF neighbor...

Page 183: ...fig router_ospf bfd all neighbors Force10 conf if gi 2 2 ip address 2 2 3 1 24 Force10 conf if gi 2 2 no shutdown Force10 conf if gi 2 2 exit Force10 config router ospf 1 Force10 config router_ospf network 2 2 3 0 24 area 1 Force10 config router_ospf bfd all neighbors Force10 conf if gi 6 1 ip address 2 2 4 1 24 Force10 conf if gi 6 1 no shutdown Force10 conf if gi 6 1 exit Force10 config router o...

Page 184: ...emote system are placed in a Down state If BFD is disabled on an interface sessions on the interface are torn down and sessions on the remote system are placed in a Down state Message 3 on page 179 Disabling BFD does not trigger a change in BFD clients a final Admin Down packet is sent before the session is terminated To disable BFD sessions with all OSPF neighbors To disable BFD sessions with all...

Page 185: ...rs Figure 9 13 shows a sample BFD configuration on Router 1 and Router 2 that use eBGP in a transit network to interconnect AS1 and AS2 The eBGP routers exchange information with each other as well as with iBGP routers to maintain connectivity and accessibility within each autonomous system Figure 9 13 BFD Session Between BGP Neighbors AS 1 AS 2 Router 1 Router 2 Interior BGP Exterior BGP Interior...

Page 186: ... as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection the BFD session remains up and BGP maintains its adjacencies If a BFD for BGP neighbor does not receive a control packet within the detection interval the router informs any clients of the BFD session other routing protocols about the failure It then depends on the individual routin...

Page 187: ... BGP neighbor for BFD that belongs to a peer group The neighbor does not inherit the BFD enable disable values configured with the bfd all neighbors command or configured for the peer group to which the neighbor belongs 5 Configure parameters for a BFD session established with all neighbors discovered by BGP OR Establish a BFD session with a specified BGP neighbor or peer group using the default B...

Page 188: ... on a router enter one of the following show commands Task Command Command Mode Verify a BFD for BGP configuration show running config bgp Figure 9 14 EXEC Privilege Verify that a BFD for BGP session has been successfully established with a BGP neighbor A line by line listing of established BFD adjacencies is displayed show bfd neighbors interface detail Figure 9 15 and Figure 9 16 EXEC Privilege ...

Page 189: ...fig bgp router bgp 2 neighbor 1 1 1 2 remote as 1 neighbor 1 1 1 2 no shutdown neighbor 2 2 2 2 remote as 1 neighbor 2 2 2 2 no shutdown neighbor 3 3 3 2 remote as 1 neighbor 3 3 3 2 no shutdown bfd all neighbors R2 show bfd neighbors Active session role Ad Dn Admin Down B BGP C CLI I ISIS O OSPF R Static Route RTM M MPLS V VRRP LocalAddr RemoteAddr Interface State Rx int Tx int Mult Clients 1 1 1...

Page 190: ...hbor 4490 Number of state changes 2 Number of messages from IFA about port state change 0 Number of messages communicated b w Manager and Agent 5 Session Discriminator 10 Neighbor Discriminator 11 Local Addr 2 2 2 3 Local MAC Addr 00 01 e8 66 da 34 Remote Addr 2 2 2 2 Remote MAC Addr 00 01 e8 8a da 7b Int TenGigabitEthernet 6 1 State Up Configured parameters TX 100ms RX 100ms Multiplier 3 Neighbor...

Page 191: ...ion 4 Init 0 Up 6 Down 0 Admin Down 2 Interface TenGigabitEthernet 6 2 Protocol BGP Messages Registration 1 De registration 0 Init 0 Up 1 Down 0 Admin Down 2 R2 show ip bgp summary BGP router identifier 10 0 0 1 local AS number 2 BGP table version is 0 main routing table version 0 BFD is enabled Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor s using 24168 bytes of memory Neighbor AS M...

Page 192: ...rawn 0 by peer martian prefixes ignored 0 Prefixes advertised 0 denied 0 withdrawn 0 from peer Connections established 1 dropped 0 Last reset never Local host 2 2 2 3 Local port 63805 Foreign host 2 2 2 2 Foreign port 179 E1200i_ExaScale R2 show ip bgp neighbors 2 2 2 3 BGP neighbor is 2 2 2 3 remote AS 1 external link Member of peer group pg1 for session parameters BGP version 4 remote router ID ...

Page 193: ...4 24 2 1 AREA 1 AREA 2 Force10 conf router isis Force10 conf router_isis net 01 1921 6800 1001 00 Force10 conf router_isis interface gigabitethernet 4 24 Force10 config if gi 4 24 ip address 2 2 2 1 24 Force10 config if gi 4 24 ip router isis Force10 config if gi 4 24 exit Force10 conf router isis Force10 conf router_isis bfd all neighbors Force10 conf router isis Force10 conf router_isis net 02 1...

Page 194: ... all IS IS sessions To change parameters for IS IS sessions on an interface View session parameters using the command show bfd neighbors detail as shown in Figure 9 8 on page 179 Step Task Command Syntax Command Mode 1 Establish sessions with all IS IS neighbors out of an interface isis bfd all neighbors INTERFACE Step Task Command Syntax Command Mode 1 Change parameters for all IS IS sessions bfd...

Page 195: ...ighboring interface fails the BFD agent on the line card notifies the BFD manager which in turn notifies the VRRP protocol that a link state change occurred Configuring BFD for VRRP is a three step process 1 Enable BFD globally See Enabling BFD globally on page 176 2 Establish VRRP BFD sessions with all VRRP participating neighbors 3 On the master router establish a VRRP BFD sessions with the back...

Page 196: ...Establish sessions with all VRRP neighbors vrrp bfd all neighbors INTERFACE Step Task Command Syntax Command Mode 1 Establish a session with a particular VRRP neighbor vrrp bfd neighbor ip address INTERFACE fnC0042mp 4 25 Force10 config if range gi 4 25 ip address 2 2 5 1 24 Force10 config if range gi 4 25 no shutdown Force10 config if range gi 4 25 vrrp group 1 Force10 config if range gi 4 25 vir...

Page 197: ...mmand Mode 1 Change parameters for all VRRP sessions vrrp bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive INTERFACE R1 conf if gi 4 25 vrrp bfd all neighbors R1 conf if gi 4 25 do show bfd neighbor Active session role Ad Dn Admin Down C CLI I ISIS O OSPF R Static Route RTM V VRRP LocalAddr RemoteAddr Interface State Rx int Tx int Mult Clients 2 2 5 ...

Page 198: ...with routed VLANs BFD on VLANs is analogous to BFD on physical ports If no routing protocol is enabled and a remote system fails the local system does not remove the connected route until the first failed attempt to send a packet If BFD is enabled the local system removes the route when it stops receiving periodic control packets from the remote system Step Task Command Syntax Command Mode 1 Chang...

Page 199: ...to match Figure 9 25 Establishing Sessions with VLAN Neighbors To establish a BFD session with a VLAN neighbor View the established sessions using the command show bfd neighbors as shown in Figure 9 26 Step Task Command Syntax Command Mode 1 Establish sessions with a VLAN neighbor bfd neighbor ip address INTERFACE VLAN fnC0043mp Force10 config if gi 4 25 switchport Force10 config if gi 4 25 no shu...

Page 200: ... is sent to all neighbors and sessions on the remote system change to the Down state Message 3 on page 179 To disable BFD on a VLAN interface Caution When configuring BFD on VLAN or LAG interfaces on the C Series Dell Force10 recommends a minimum value of 500 milliseconds for both the transmit and minimum receive time which yields a final detection time of 500ms 3 1500 milliseconds Step Task Comma...

Page 201: ...ion tasks Change session parameters See page 202 Disable BFD a port channel See page 202 Establishing sessions on port channels To establish a session BFD must be enabled at interface level on both ends of the link as shown in Figure 9 5 The session parameters do not need to match Figure 9 27 Establishing Sessions on Port Channels fnC0044mp 4 24 4 24 Force10 config if range gi 4 24 5 port channel ...

Page 202: ...sions on the interface are torn down A final Admin Down control packet is sent to all neighbors and sessions on the remote system are placed in a Down state Message 3 on page 179 Step Task Command Syntax Command Mode 1 Establish a session on a port channel bfd neighbor ip address INTERFACE PORT CHANNEL Caution When configuring BFD on VLAN or LAG interfaces on the C Series Dell Force10 recommends a...

Page 203: ...Syntax Command Mode 1 Disable BFD for a port channel no bfd enable INTERFACE PORT CHANNEL Step Task Command Syntax Command Mode 1 Enable Protocol Liveness bfd protocol liveness CONFIGURATION R1 conf if gi 4 24 00 54 38 RPM0 P RP2 BFDMGR 1 BFD_STATE_CHANGE Changed session state to Down for neighbor 2 2 2 2 on interface Gi 4 24 diag 0 00 54 38 Sent packet for session with neighbor 2 2 2 2 on Gi 4 24...

Page 204: ...0 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00 34 13 Sent packet for session with neighbor 2 2 2 2 on Gi 4 24 TX packet dump 20 c0 03 18 00 00 00 04 00 00 00 05 00 01 86 a0 00 01 86 a0 00 00 00 00 00 34 14 Received packet for session with neighbor 2 2 2 2 on Gi 4 24 RX packet dump 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00 34 14 Sent packe...

Page 205: ...way Protocol version 4 BGPv4 as it is supported in the Dell Force10 Operating System FTOS This chapter includes the following topics Protocol Overview Autonomous Systems AS Sessions and Peers Route Reflectors Confederations BGP Attributes Best Path Selection Criteria Weight Local Preference Multi Exit Discriminators MEDs AS Path Next Hop Multiprotocol BGP FTOS version Platform support 8 1 1 0 E Se...

Page 206: ...OSPF or RIP allowing you to communicate to external ASs smoothly BGP adds reliability to network connections be having multiple paths from one router to another Autonomous Systems AS BGP Autonomous Systems ASs are a collection of nodes under common administration with common network routing policies Each AS has a number already assigned by an internet authority You do not assign the BGP number AS ...

Page 207: ...P routers to maintain connectivity and accessibility Figure 10 1 BGP Autonomous Zones BGP version 4 BGPv4 supports classless interdomain routing and aggregate routes and AS paths BGP is a path vector protocol a computer network in which BGP maintains the path that update information takes as it diffuses through the network Updates traveling through the network and returning to the same node are ea...

Page 208: ...lly Network management quickly becomes impossible Sessions and Peers When two routers communicate using the BGP protocol a BGP session is started The two end points of that session are Peers A Peer is also called a Neighbor Establishing a session Information exchange between peers is driven by events and timers The focus in BGP is on the traffic routing policies 4 Routers 6 Routers 8 Routers ...

Page 209: ...tablished state Keepalive messages continue to be sent at regular periods established by the Keepalive timer to verify connections Once established the router can now send receive Keepalive Update and Notification messages to from its peer Peer Groups Peer Groups are neighbors grouped according to common routing policies They enable easier system configuration and management by allowing groups of ...

Page 210: ... not advertise it to any peer because its only other peer is Router D an iBGP peer and Router D has already learned it through iBGP from Router B 3 Router D does not advertise the route to Router C because Router C is a nonclient peer and the route advertisement came from Router B who is also a non client peer 4 Router D does reflect the advertisement to Routers E and G because they are client pee...

Page 211: ... path is selected at a time If any of the criteria results in more than one path BGP moves on to the next option in the list For example two paths may have the same weights but different local preferences BGP sees that the Weight criteria results in two potential best paths and moves to local preference to reduce the options If a number of best paths is determined this selection criteria is applie...

Page 212: ...ate address command 4 Prefer the path with the shortest AS_PATH unless the bgp bestpath as path ignore command is configured then AS_PATH is not considered The following criteria apply An AS_SET has a path length of 1 no matter how many ASs are in the set A path with no AS_PATH configured has a path length of 0 AS_CONFED_SET is not included in the AS_PATH length Highest Weight Highest Local Pref L...

Page 213: ... ID is the same for multiple paths because the routes were received from the same route skip this step If the Router ID is NOT the same for multiple paths Prefer the path that was first received as the Best Path The path selection algorithm should return without performing any of the checks outlined below 11 Prefer the path originated from the BGP router with the lowest router ID For paths contain...

Page 214: ...gure 10 4 For this example assume that LOCAL_PREF is the only attribute applied In Figure 10 5 AS100 has two possible paths to AS 200 Although the path through the Router A is shorter one hop instead of two the LOCAL_PREF settings have the preferred path go through Router B and AS300 This is advertised to all routers within AS100 causing all BGP speakers to prefer the path through Router B Figure ...

Page 215: ...AS200 Note that the MEDs are advertised across both links so that if a link goes down AS 1 still has connectivity to AS300 and AS400 Figure 10 6 MED Route Example Origin The Origin indicates the origin of the prefix or how the prefix came into BGP There are three Origin codes IGP EGP INCOMPLETE IGP indicated the prefix originated from information learned through an interior gateway protocol EGP in...

Page 216: ...owing the AS Path information Figure 10 8 AS Path attribute reported FTOS show ip bgp BGP table version is 0 local router ID is 10 101 15 13 Status codes s suppressed d damped h history valid best Path source I internal a aggregate c confed external r redistributed n network Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 7 0 0 0 29 10 114 8 33 0 0 18508 7 0 0 0 30 1...

Page 217: ...Multicast capable routers to be exchanged separately from the topology of normal IPv4 and IPv6 unicast routers It allows a multicast routing topology different from the unicast routing topology Implementing BGP with FTOS Advertise IGP cost as MED for redistributed routes When using multipath connectivity to an external AS you can advertise the MED value selectively to each peer for redistributed r...

Page 218: ...network disruption caused by routing and forwarding plane changes and allows for faster convergence 4 Byte AS Numbers FTOS Version 7 7 1 and later support 4 Byte 32 bit format when configuring Autonomous System Numbers ASNs The 4 Byte support is advertised as a new BGP capability 4 BYTE AS in the OPEN message If a 4 Byte BGP speaker has sent and received this capability from another speaker all th...

Page 219: ...2 bit binary AS number is translated into a decimal value All AS Numbers between 0 65535 are represented as a decimal number when entered in the CLI as well as when displayed in the show command outputs AS Numbers larger than 65535 are represented using ASPLAIN notation as well 65546 is represented as 65546 ASDOT representation splits the full binary 4 byte AS number into two words of 16 bits sepa...

Page 220: ...ommand in the show running config ASDOT FTOS conf router_bgp bgp asnotation asdot FTOS conf router_bgp show conf router bgp 100 bgp asnotation asdot bgp four octet as support neighbor 172 30 1 250 local as 65057 output truncated FTOS conf router_bgp do show ip bgp BGP table version is 24901 local router ID is 172 30 1 57 output truncated ASDOT FTOS conf router_bgp bgp asnotation asdot FTOS conf ro...

Page 221: ...re Router A Router B and Router C belong to AS 100 200 300 respectively Router A acquired Router B Router B has Router C as its customer When Router B is migrating to Router A it needs to maintain the connection with Router C without immediately updating Router C s configuration Local AS allows this to happen by allowing Router B to appear as if it still belongs to Router B s old network AS 200 as...

Page 222: ...d to the first AS segment in the AS PATH If an inbound route map is used to prepend the as path to the update from the peer the local as is added first For example consider the topology described in Figure 10 11 If Router B has an inbound route map applied on Router C to prepend 65001 65002 to the as path the following events will take place on Router B 1 Receive and validate the update 2 Prepend ...

Page 223: ...lookup Inbound BGP soft reconfiguration must be configured on a peer for f10BgpM2PrefixInPrefixesRejected to display the number of prefixes filtered due to a policy If BGP soft reconfig is not enabled the denied prefixes are not accounted for F10BgpM2AdjRibsOutRoute stores the pointer to the NLRI in the peer s Adj Rib Out PA Index f10BgpM2PathAttrIndex field in various tables is used to retrieve s...

Page 224: ...rely if the index does not increment lexicographically Dell Force10 recommends using options to ignore such errors Multiple BPG process instances are not supported Thus the F10BgpM2PeerInstance field in various tables is not used to locate a peer Multiple instances of the same NLRI in the BGP RIB are not supported and are set to zero in the SNMP query response F10BgpM2NlriIndex and f10BgpM2AdjRibs...

Page 225: ... tasks for BGP Enable BGP Configure AS4 Number Representations Configure Peer Groups BGP fast fall over Note In FTOS all newly configured neighbors and peer groups are disabled You must enter the neighbor ip address peer group name no shutdown command to enable a neighbor or peer group Table 10 3 FTOS BGP Defaults Item Default BGP Neighbor Adjacency changes All BGP neighbor changes are logged Fast...

Page 226: ...u must assign the AS Number ASN To establish BGP sessions and route traffic you must configure at least one BGP neighbor or peer In BGP routers with an established TCP connection are called neighbors or peers Once a connection is established the neighbors exchange full BGP routing tables with incremental updates afterwards In addition neighbors exchange KEEPALIVE messages to maintain the connectio...

Page 227: ... must be enabled first Disable 4 Byte support and return to the default 2 Byte format by using the no bgp four octet as support command You cannot disable 4 Byte support if you currently have a 4 Byte ASN configured Disabling 4 Byte AS Numbers also disables ASDOT and ASDOT number representation All AS Numbers will be displayed in ASPLAIN format 1b address family ipv4 ipv6 CONFIG ROUTER B GP Enable...

Page 228: ...onfig bgp R2 show ip bgp summary BGP router identifier 192 168 10 2 local AS number 65123 BGP table version is 1 main routing table version 1 1 network entrie s using 132 bytes of memory 1 paths using 72 bytes of memory BGP RIB over all using 73 bytes of memory 1 BGP path attribute entrie s using 72 bytes of memory 1 BGP AS PATH entrie s using 47 bytes of memory 5 neighbor s using 23520 bytes of m...

Page 229: ... notifications 0 in queue Received 18549 updates Sent 11562 updates Minimum time between advertisement runs is 30 seconds For address family IPv4 Unicast BGP table version 216613 neighbor version 201190 130195 accepted prefixes consume 520780 bytes Prefix advertised 49304 rejected 0 withdrawn 36143 Connections established 1 dropped 0 Last reset never Local host 10 114 8 39 Local port 1037 Foreign ...

Page 230: ...pported at a time You cannot combine the types of representations within an AS Note The ASDOT and ASDOT representations are supported only in conjunction with the 4 Byte AS Numbers feature If 4 Byte AS Numbers are not implemented only ASPLAIN representation is supported Task Command Syntax Command Mode Enable ASPLAIN AS Number representation Figure 10 16 bgp asnotation asplain CONFIG ROUTER BGP No...

Page 231: ...d6017873cfd9a267c04957 neighbor 172 30 1 250 no shutdown 5332332 9911991 65057 18508 12182 7018 46164 i FTOS conf router_bgp bgp asnotation asdot FTOS conf router_bgp sho conf router bgp 100 bgp asnotation asdot bgp four octet as support neighbor 172 30 1 250 remote as 18508 neighbor 172 30 1 250 local as 65057 neighbor 172 30 1 250 route map rmap1 in neighbor 172 30 1 250 password 7 5ab3eb9a15ed0...

Page 232: ... are found at the end of this chapter Step Command Syntax Command Mode Purpose 1 neighbor peer group name peer group CONFIG ROUTER BGP Create a peer group by assigning a name to it 2 neighbor peer group name no shutdown CONFIG ROUTER BGP Enable the peer group By default all peer groups are disabled 3 neighbor ip address remote as as number CONFIG ROUTER BGP Create a BGP neighbor 4 neighbor ip addr...

Page 233: ...R BGP mode to view the configuration When you create a peer group it is disabled shutdown Figure 10 19 shows the creation of a peer group zanzibar Figure 10 19 Command example show config creating peer group Use the neighbor peer group name no shutdown command in the CONFIGURATION ROUTER BGP mode to enable a peer group Note When you configure a new set of BGP policies for a peer group always reset...

Page 234: ...p all the peers within the peer group that are in ESTABLISHED state are moved to IDLE state Use the show ip bgp peer group command in EXEC Privilege mode Figure 10 21 to view the status of peer groups FTOS conf router_bgp neighbor zanzibar no shutdown FTOS conf router_bgp show config router bgp 45 bgp fast external fallover bgp log neighbor changes neighbor zanzibar peer group neighbor zanzibar no...

Page 235: ...ither address becomes unreachable for example no active route exists in the routing table for peer IPv6 destinations local address BGP brings down the session with the peer FTOS show ip bgp peer group Peer group zanzibar remote AS 65535 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family IPv4 Unicast BGP neighbor is zanzibar peer group internal Number of peers in ...

Page 236: ...neighbor neighbor peer group fall over command in CONFIGURATION ROUTER BGP mode Use the show ip bgp neighbors command as shown in Figure 10 22 to verify that fast fall over is enabled on a particular BGP neighbor Note that since Fast Fall Over is disabled by default it will appear only if it has been enabled Command Syntax Command Mode Purpose neighbor ip address peer group name fall over CONFIG R...

Page 237: ...uest received 0 sent 0 Minimum time between advertisement runs is 5 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 Capabilities advertised to neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 Fall over enabled Update source set to Loopback 0 ...

Page 238: ...atch af CONFIG ROUTER BGP Configure a peer group that does not initiate TCP connections with other peers Optional Enter the match af keyword to restrict the peer adjacency established in the passive peer group match af requires that a peer s address family matches the address family of the subnet assigned to the peer group Step 2 before a peering session is brought up 2 neighbor peer group name su...

Page 239: ...isable this feature using the no neighbor local as command in CONFIGURATION ROUTER BGP mode 3 neighbor peer group name no shutdown CONFIG ROUTER BGP Enable the peer group 4 neighbor peer group name remote as as number CONFIG ROUTER BGP Create and specify a remote peer as a BGP neighbor Command Syntax Command Mode Purpose neighbor IP address peer group name local as as number no prepend CONFIG ROUT...

Page 240: ...is neighbor ID to use the AS path the specified number of times Format IP Address A B C D Peer Group Name 16 characters Number 1 10 You must Configure Peer Groups before assigning it to an AS R2 conf router_bgp show conf router bgp 65123 bgp router id 192 168 10 2 network 10 10 21 0 24 network 10 10 32 0 24 network 100 10 92 0 24 network 192 168 10 0 24 bgp four octet as support neighbor 10 10 21 ...

Page 241: ...tes the peer has been updated with all routes in the local RIB If you configure your system to do so FTOS can perform the following actions during a hot failover Save all FIB and CAM entries on the line card and continue forwarding traffic while the secondary RPM is coming online Note By default BGP graceful restart is disabled R2 conf router_bgp show conf router bgp 65123 bgp router id 192 168 10...

Page 242: ...ut supporting the feature itself You can implement BGP graceful restart either by neighbor or by BGP peer group For more information please see the following table or the FTOS Command Line Interface Reference Command Syntax Command Mode Usage bgp graceful restart CONFIG ROUTER BGP Enable graceful restart for the BGP node bgp graceful restart restart time time in seconds CONFIG ROUTER BGP Set maxim...

Page 243: ...N mode to configure an AS PATH ACL to filter a specific AS_PATH value Step Command Syntax Command Mode Purpose 1 ip as path access list as path name CONFIGURATION Assign a name to a AS PATH ACL and enter AS PATH ACL mode FTOS show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path 0x4014154 0 3 18508 701 3549 19421 i 0x4013914 0 3 18508 701 7018 14990 i 0x5166d6c 0 3 18508 209 4637 1...

Page 244: ...expression to deny routes originating in AS 32 2 deny permit filter parameter CONFIG AS PATH Enter the parameter to match BGP AS PATH for filtering This is the filter that will be used to match the AS path The entries can be any format letters numbers or regular expressions This command can be entered multiple times if multiple filters are desired See Table 10 4 for accepted expressions 3 exit AS ...

Page 245: ...config router bgp 99 FTOS conf router_bgp neigh AAA peer group FTOS conf router_bgp neigh AAA no shut FTOS conf router_bgp show conf router bgp 99 neighbor AAA peer group neighbor AAA no shutdown neighbor 10 155 15 2 remote as 32 neighbor 10 155 15 2 shutdown FTOS conf router_bgp neigh 10 155 15 2 filter list 1 in FTOS conf router_bgp ex FTOS conf ip as path access list Eagle FTOS config as path d...

Page 246: ...ts Matches any enclosed character specifies a range of single characters hyphen Used within brackets to specify a range of AS or community numbers _ underscore Matches a a a comma a space a or a Placed on either side of a string to specify a literal and disallow substring matching Numerals enclosed by underscores can be preceded or followed by any of the characters listed above pipe Matches charac...

Page 247: ...ined as follows All routes with the NO_EXPORT_SUBCONFED 0xFFFFFF03 community attribute are not sent to CONFED EBGP or EBGP peers but are sent to IBGP peers within CONFED SUB AS All routes with the NO_ADVERTISE 0xFFFFFF02 community attribute must not be advertised All routes with the NO_EXPORT 0xFFFFFF01 community attribute must not be advertised outside a BGP confederation boundary but are sent to...

Page 248: ...list by denying or permitting specific community numbers or types of community community number use AA NN format where AA is the AS number 2 or 4 Bytes and NN is a value specific to that autonomous system local AS routes with the COMMUNITY attribute of NO_EXPORT_SUBCONFED no advertise routes with the COMMUNITY attribute of NO_ADVERTISE no export routes with the COMMUNITY attribute of NO_EXPORT quo...

Page 249: ...se 1 route map map name permit deny sequence number CONFIGURATION Enter the ROUTE MAP mode and assign a name to a route map 2 match community community list name exact extcommunity extcommunity list name exact CONFIG ROUTE MAP Configure a match filter for all routes meeting the criteria in the IP Community or Extended Community list 3 exit CONFIG ROUTE MAP Return to the CONFIGURATION mode 4 router...

Page 250: ...hbor ip address peer group name send community CONFIG ROUTER BGP Enable the software to send the router s COMMUNITY attribute to the BGP neighbor or peer group specified Step Command Syntax Command Mode Purpose 1 route map map name permit deny sequence number CONFIGURATION Enter the ROUTE MAP mode and assign a name to a route map 2 set comm list community list name delete CONFIG ROUTE MAP Configur...

Page 251: ...utgoing routes Step Command Syntax Command Mode Purpose FTOS show ip bgp community BGP table version is 3762622 local router ID is 10 114 8 48 Status codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path i 3 0 0 0 8 195 171 0 16 100 0 209 701 80 i i 4 2 49 12 30 195 171 0 16 100 0 209 i i 4 21 132 0 23 195 171 0 1...

Page 252: ...FIGURATION mode to change the default value of the LOCAL_PREF attribute for specific routes Command Syntax Command Mode Purpose bgp always compare med CONFIG ROUTER BGP Enable MED comparison in the paths from neighbors with different ASs By default this comparison is not performed bgp bestpath med confed missing as best CONFIG ROUTER BGP Change the bestpath MED selection to one of the following co...

Page 253: ...in CONFIGURATION ROUTER BGP mode to change the how the WEIGHT attribute is used Use the show config command in CONFIGURATION ROUTER BGP mode or the show running config bgp command in EXEC Privilege mode to view BGP configuration 4 router bgp as number CONFIGURATION Enter the ROUTER BGP mode 5 neighbor ip address peer group name route map map name in out CONFIG ROUTER BGP Apply the route map to the...

Page 254: ...hile AS Path ACLs filter routes based on the Autonomous System number Route maps can filter and set conditions change attributes and assign update policies For inbound and outbound updates the order of preference is prefix lists using neighbor distribute list command AS PATH ACLs using neighbor filter list command route maps using neighbor route map command Prior to filtering BGP routes you must c...

Page 255: ...prefix list detail or show ip prefix list summary commands in EXEC Privilege mode Note When you configure a new set of BGP policies always reset the neighbor or peer group by entering the clear ip bgp command in EXEC Privilege mode Step Command Syntax Command Mode Purpose 1 ip prefix list prefix name CONFIGURATION Create a prefix list and assign it a name 2 seq sequence number deny permit any ip p...

Page 256: ...ss Control Lists ACL Prefix Lists and Route maps on page 133 for information on configuring route maps 3 exit CONFIG ROUTE MAP Return to the CONFIGURATION mode 4 router bgp as number CONFIGURATION Enter ROUTER BGP mode neighbor ip address peer group name route map map name in out CONFIG ROUTER BGP Filter routes based on the criteria in the configured route map Configure the following parameters ip...

Page 257: ...rivilege mode When you enable a route reflector FTOS automatically enables route reflection to all clients To disable route reflection between all clients in this reflector use the no bgp client to client reflection command in CONFIGURATION ROUTER BGP mode All clients should be fully meshed before you disable route reflection 5 neighbor ip address peer group name filter list as path name in out CO...

Page 258: ...S the IBGP neighbors are fully meshed and the MED NEXT_HOP and LOCAL_PREF attributes are maintained between confederations Command Syntax Command Mode Purpose aggregate address ip address mask advertise map map name as set attribute map map name summary only suppress map map name CONFIG ROUTER BGP Assign the IP address and mask of the prefix to be aggregated Optional parameters are advertise map m...

Page 259: ... flap the penalty value decrements or is decayed However if the route flaps again it is assigned another penalty The penalty value is cumulative and penalty is added under following cases Withdraw Readvertise Attribute change When dampening is applied to a route its path is described by one of the following terms history entry an entry that stores information on a downed route dampened path a path...

Page 260: ... routes are removed from history state Default 750 suppress range 1 to 20000 This number is compared to the flapping route s Penalty value If the Penalty value is greater than the suppress value the flapping route is no longer advertised that is it is suppressed Default 2000 max suppress time range 1 to 255 The maximum number of minutes a route can be suppressed The default is four times the half ...

Page 261: ...ue If the Penalty value is less than the reuse value the flapping route is once again advertised or no longer suppressed Default 750 suppress range 1 to 20000 This number is compared to the flapping route s Penalty value If the Penalty value is greater than the suppress value the flapping route is no longer advertised that is it is suppressed Default 2000 max suppress time range 1 to 255 The maxim...

Page 262: ... BGP mode to change the path selection from the default mode deterministic to non deterministic Command Syntax Command Mode Purpose clear ip bgp dampening ip address mask EXEC Privilege Clear all information or only information on a specific route Command Syntax Command Mode Purpose show ip bgp flap statistics ip address mask filter list as path name regexp regular expression EXEC EXEC Privilege V...

Page 263: ... due to the hard reset of the BGP cache and the time it takes to re establish the session BGP soft reconfiguration allows you to re apply policies to a session without resetting the BGP session You can perform soft reconfiguration on a per neighbor basis for either inbound or outbound policies BGP soft reconfiguration clears and reapplies policies without resetting the TCP connection Command Synta...

Page 264: ...lowing example Figure 10 33 shows how to enable inbound soft reconfiguration for the neighbor 10 108 1 1 All updates received from this neighbor are stored unmodified regardless of the inbound policy When inbound soft reconfiguration is performed later the stored information is used to generate a new set of inbound updates Figure 10 33 Command example router bgp Command Syntax Command Mode Purpose...

Page 265: ...or is A successful match with a continue clause the route map executes the set clauses and then goes to the specified route map entry upon execution of the continue clause If the next route map entry contains a continue clause the route map executes the continue clause if a successful match occurs If the next route map entry does not contain a continue clause the route map evaluates normally If a ...

Page 266: ...Multicast as a supported AFI SAFI Subsequent Address Family Identifier If the corresponding capability is received in the peer s Open message BGP will mark the peer as supporting the AFI SAFI When exchanging updates with the peer BGP sends and receives IPv4 Multicast routes if the peer is marked as supporting that AFI SAFI Exchange of IPv4 Multicast route information occurs through the use of two ...

Page 267: ...o retain the NEXT_HOP attribute when advertising to internal BGP peer Debugging BGP Use any of the commands in EXEC Privilege mode to enable BGP debugging Command Syntax Command Mode Purpose debug ip bgp ip address peer group peer group name in out EXEC Privilege View all information on BGP including BGP events keepalives notifications and updates debug ip bgp dampening in out EXEC Privilege View ...

Page 268: ...g Storing Last and Bad PDUs FTOS stores the last notification sent received and the last bad PDU received on per peer basis The last bad PDU is the one that causes a notification to be issued These PDUs are shown in the output of the command show ip bgp neighbor as shown in Figure 10 34 debug ip bgp ip address peer group name soft reconfiguration EXEC Privilege Enable soft reconfiguration debug En...

Page 269: ...nds Capabilities received from neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 Capabilities advertised to neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 For address family IPv4 Unicast BGP table version 1395 neighbor version 1394 Prefixes accepted 1 consume 4 bytes 0 withdrawn by peer Prefixes advertised 0 rejected 0 0 withdraw...

Page 270: ...n a PDU needs to be captured FTOS show capture bgp pdu neighbor 20 20 20 2 Incoming packet capture enabled for BGP neighbor 20 20 20 2 Available buffer size 40958758 26 packet s captured using 680 bytes PDU 1 len 101 captured 00 34 51 ago ffffffff ffffffff ffffffff ffffffff 00650100 00000013 00000000 00000000 419ef06c 00000000 00000000 00000000 00000000 00000000 0181a1e4 0181a25c 41af92c0 00000000...

Page 271: ... graphic illustration of the configurations shown on the following pages These configurations show how to create BGP areas using physical and virtual links They include setting up the interfaces and peers groups with each other FTOS conf router_bgp do show capture bgp pdu neighbor 172 30 1 250 Incoming packet capture enabled for BGP neighbor 172 30 1 250 Available buffer size 29165743 192991 packe...

Page 272: ...on GigE 1 31 10 0 3 31 24 Loopback 1 192 168 128 1 24 GigE 2 31 10 0 2 2 24 Loopback 1 192 168 128 2 24 Physical Links Virtual Links GigE 1 21 10 0 1 21 24 ck 1 24 GigE 2 11 10 0 1 22 24 Lo 19 GigE 3 11 10 0 3 33 24 Loopback 1 192 168 128 3 24 GigE 3 21 10 0 2 3 24 AS 99 AS 100 P e e r G r o u p B B B Peer Group AAA Peer Group CCC ...

Page 273: ...192 168 128 2 update source loop 0 R1 conf router_bgp neighbor 192 168 128 3 remote 100 R1 conf router_bgp neighbor 192 168 128 3 no shut R1 conf router_bgp neighbor 192 168 128 3 update source loop 0 R1 conf router_bgp show config router bgp 99 network 192 168 128 0 24 neighbor 192 168 128 2 remote as 99 neighbor 192 168 128 2 update source Loopback 0 neighbor 192 168 128 2 no shutdown neighbor 1...

Page 274: ...gp neighbor 192 168 128 1 update source loop 0 R2 conf router_bgp neighbor 192 168 128 3 remote 100 R2 conf router_bgp neighbor 192 168 128 3 no shut R2 conf router_bgp neighbor 192 168 128 3 update loop 0 R2 conf router_bgp show config router bgp 99 bgp router id 192 168 128 2 network 192 168 128 0 24 bgp graceful restart neighbor 192 168 128 1 remote as 99 neighbor 192 168 128 1 update source Lo...

Page 275: ...68 128 1 no shut R3 conf router_bgp neighbor 192 168 128 1 update source loop 0 R3 conf router_bgp neighbor 192 168 128 2 remote 99 R3 conf router_bgp neighbor 192 168 128 2 no shut R3 conf router_bgp neighbor 192 168 128 2 update loop 0 R3 conf router_bgp show config router bgp 100 network 192 168 128 0 24 neighbor 192 168 128 1 remote as 99 neighbor 192 168 128 1 update source Loopback 0 neighbo...

Page 276: ... no shutdown R1 R1 show ip bgp summary BGP router identifier 192 168 128 1 local AS number 99 BGP table version is 1 main routing table version 1 1 network entrie s using 132 bytes of memory 3 paths using 204 bytes of memory BGP RIB over all using 207 bytes of memory 2 BGP path attribute entrie s using 96 bytes of memory 2 BGP AS PATH entrie s using 74 bytes of memory 2 neighbor s using 8672 bytes...

Page 277: ... 168 128 3 remote AS 100 external link Member of peer group BBB for session parameters BGP version 4 remote router ID 192 168 128 3 BGP state ESTABLISHED in this state for 00 00 37 Last read 00 00 36 last write 00 00 36 Hold time is 180 keepalive interval is 60 seconds Received 30 messages 0 in queue 4 opens 2 notifications 4 updates 20 keepalives 0 route refresh requests Sent 29 messages 0 in que...

Page 278: ...hutdown R2 conf router_bgp end R2 R2 show ip bgp summary BGP router identifier 192 168 128 2 local AS number 99 BGP table version is 2 main routing table version 2 1 network entrie s using 132 bytes of memory 3 paths using 204 bytes of memory BGP RIB over all using 207 bytes of memory 2 BGP path attribute entrie s using 128 bytes of memory 2 BGP AS PATH entrie s using 90 bytes of memory 2 neighbor...

Page 279: ... State Pfx 192 168 128 1 99 93 99 1 0 0 00 00 15 1 192 168 128 2 99 122 120 1 0 0 00 00 11 1 R3 show ip bgp neighbor BGP neighbor is 192 168 128 1 remote AS 99 external link Member of peer group BBB for session parameters BGP version 4 remote router ID 192 168 128 1 BGP state ESTABLISHED in this state for 00 00 21 Last read 00 00 09 last write 00 00 08 Hold time is 180 keepalive interval is 60 sec...

Page 280: ...64 Foreign host 192 168 128 1 Foreign port 179 BGP neighbor is 192 168 128 3 remote AS 100 external link Member of peer group BBB for session parameters BGP version 4 remote router ID 192 168 128 3 BGP state ESTABLISHED in this state for 00 18 51 Last read 00 00 45 last write 00 00 44 Hold time is 180 keepalive interval is 60 seconds Received 138 messages 0 in queue 7 opens 2 notifications 7 updat...

Page 281: ... IPv4Flow Sub partitions on page 293 Configure Ingress Layer 2 ACL Sub partitions on page 295 Return to the Default CAM Configuration on page 297 CAM Optimization on page 298 Applications for CAM Profiling on page 298 Troubleshoot CAM Profiling on page 299 Content Addressable Memory Content Addressable Memory CAM is a type of memory that stores information in the form of a lookup table On Dell For...

Page 282: ...the chassis There is a default CAM profile and several other CAM profiles available so that you can partition the CAM according to your performance requirements For example the default profile has 1K Layer 2 ingress ACL entries If you need more memory for Layer 2 ingress ACLs select the profile l2 ipv4 inacl Table 11 1 describes the available profiles The default profile is an all purpose profile ...

Page 283: ...nformation Base FIB and reduces the IPv4 Flow partition to 12K Available Microcodes default lag hash mpls l2 switched pbr ipv4 egacl 16k Provides 16K entries for egress ACLs Available Microcodes acl group ipv6 extacl Provides IPv6 functionality Available Microcodes ipv6 extacl l2 ipv4 inacl Provides 32K entries for Layer 2 ingress ACLs and 28K entries for Layer 3 IPv4 ingress ACLs Available Microc...

Page 284: ... 32K 2K 320K 12K 12K 1K 1K 4K 0 0 0 0 pv4 egacl 16k 32K 2K 192K 8K 24K 0 16K 8K 0 0 0 0 ipv6 extacl 32K 2K 192K 12K 8K 1K 1K 2K 6K 3K 4K 2K l2 ipv4 inacl 32K 33K 64K 27K 8K 2K 2K 2K 0 0 0 0 unified default 32K 3K 192K 9K 8K 2K 2K 2K 6K 2K 4K 2K IPv4 VRF 32K 3K 160K 2K 12K 1K 12K 2K 0 0 0 0 IPv4 v6 VRF 32K 3K 64K 1K 12K 1K 11K 2K 18K 4K 3K 1K ipv4 64k ipv6 32K 2K 64K 12K 24K 1K 1K 8K 16K 3K 4K 1K N...

Page 285: ...packets are distributed across the port channel based on IP source and destination address and IP protocol This is applicable for MPLS packets with up to five labels When the IP header is not available after the 5th label hashing for default load balance is based on MPLS labels For packets with more than 5 labels hashing is always based on the MAC source and destination address ipv6 extacl Use thi...

Page 286: ...h The following points describe line card boot behavior when the line card profile does not match the chassis profile A microcode mismatch constitutes a profile mismatch When the line card profile and chassis profile are of the same type single CAM or dual CAM but their CAM profiles do not match the line card must load a new profile and therefore takes longer to come online If you insert a single ...

Page 287: ...0 P CP CHMGR 4 EH_PROFILE_WARN If EH CAM profile is selected non EJ cards will be in problem state after reload After reload 00 04 46 RPM0 P CP CHMGR 3 PROFILE_MISMATCH Mismatch line card 1 has mismatch CAM profile or microcode R1 show linecard 1 brief Line card 1 Status card problem mismatch cam profile Next Boot online Required Type E48TF 48 port 10 100 1000Base T line card with RJ 45 interfaces...

Page 288: ...entry depending on complexity For example TCP and UDP rules with port range options might require more than one CAM entry See Pre calculating Available QoS CAM Space on page 874 After you install a secondary RPM copy the running configuration to the startup configuration so that the new RPM has the correct CAM profile Differences Between EtherScale and TeraScale Only one CAM profile and microcode ...

Page 289: ...profile cam profile profile microcode microcode CONFIGURATION Note If selecting a cam profile for VRF cam profile ipv4 vrf or ipv4 v6 vrf implement the command in the CONFIGURATION mode only If you use EXEC Privilege mode the linecards may go into an error state 2 Save the running configuration copy running config startup config EXEC Privilege 3 Verify that the new CAM profile will be written to t...

Page 290: ...erify the actual CAM space required Figure 11 3 gives a sample of the output shown when executing the command The status column indicates whether or not the policy can be enabled Figure 11 3 Command Example test cam usage C Series Step Task Command Syntax Command Mode 1 Select a cam acl action cam acl default l2acl CONFIGURATION Note Selecting default resets the CAM entries to the default settings...

Page 291: ...eries systems chassis and each component using the command show cam acl as shown in Figure 11 6 Note If you select the CAM profile from CONFIGURATION mode the output of this command does not reflect any changes until you save the running configuration and reload the chassis FTOS show cam profile Chassis CAM Profile CamSize 18 Meg Current Settings Next Boot Profile Name Default Default L2FIB 32K en...

Page 292: ... command show cam usage from EXEC Privilege mode as shown in Figure 11 7 FTOS show cam acl Chassis Cam ACL Current Settings in block sizes L2Acl 2 Ipv4Acl 2 Ipv6Acl 2 Ipv4Qos 2 L2Qos 2 L2PT 1 IpMacAcl 2 VmanQos 0 VmanDualQos 0 Line card 0 Current Settings in block sizes L2Acl 2 Ipv4Acl 2 Ipv6Acl 2 Ipv4Qos 2 L2Qos 2 L2PT 1 IpMacAcl 2 VmanQos 0 VmanDualQos 0 Line card 6 Current Settings in block siz...

Page 293: ...on Sizes Partition Space Allocated EtherScale Space Allocated TeraScale Space Allocated ExaScale ACL 8K Multicast FIB ACL 9K 3K 3K PBR 1K 1K 1K QoS 8K 2K 2K System Flow 5K 5K 5K Trace Lists 1 1K 1K R1 show cam usage Linecard Portpipe CAM Partition Total CAM Used CAM Available CAM 1 0 IN L2 ACL 1008 320 688 IN L2 FIB 32768 1132 31636 IN L3 ACL 12288 2 12286 IN L3 FIB 262141 14 262127 IN L3 SysFlow ...

Page 294: ...ect The minimum amount of space that can be allocated to any sub partition is 1K except for System flow for which the minimum is 4K To re allocate CAM space within the IPv4Flow partition on the entire system Message 3 IPv4Flow Configuration Error Error Total size must add up to match IPv4flow size of 24K required by the configured profile Step Task Command Syntax Command Mode 1 Re allocate CAM spa...

Page 295: ... partition Sizes Partition Allocated Sysflow 6 L2ACL 14 PVST 50 QoS 12 FTOS conf cam ipv4flow default FTOS copy running config startup config File with same name already exist Proceed to copy the file confirm yes no yes 3914 bytes successfully copied FTOS sh cam ipv4flow Chassis Cam Ipv4Flow Current Settings Next Boot Multicast Fib Acl 8K 9K Pbr 2K 1K Qos 7K 8K System Flow 6K 5K Trace Lists 1K 1K ...

Page 296: ...the entire system Figure 11 9 L2PT 13 FRRP 5 Message 4 Layer 2 ACL Configuration Error Error Sum of all regions does not total to 100 Note You must allocate at least number of VLANs Number of switching ports per port pipe entries at least when employing PVST For example the default CAM Profile allocates 1000 entries to the Ingress Layer 2 ACL CAM region and a 48 port linecard has two port pipes wi...

Page 297: ...2pt 13 Frrp 5 output omitted FTOS conf cam l2acl system flow 100 l2acl 0 p 0 q 0 l 0 f 0 FTOS conf do show cam l2acl find Line card 1 Line card 1 Current Settings in percent Sysflow 6 L2Acl 14 Pvst 50 Qos 12 L2pt 13 Frrp 5 output omitted FTOS conf do copy run start File with same name already exist Proceed to copy the file confirm yes no yes 8676 bytes successfully copied 02 00 49 RPM0 P CP FILEMG...

Page 298: ...s are treated as follows When MPLS IP packets are received FTOS looks up to 5 labels deep for the IP header When an IP header is present hashing is based on IP 3 tuple source IP address destination IP address and IP protocol If an IP header is not found after the 5th label hashing is based on the MPLS labels FTOS conf cam profile default Enable default CAM profile eg default Enable eg default CAM ...

Page 299: ...by copying the correct profile to the card and rebooting the card If three resets do not bring up the card or if the system is running an FTOS version prior to 6 3 1 1 the system presents an error message In this case manually adjust the CAM configuration on the card to match the system configuration Dell Force10 recommends the following to prevent mismatches Use the eg default CAM profile in a ch...

Page 300: ...Pre calculating Available QoS CAM Space on page 874 Message 5 QoS CAM Region Exceeded EX2YD 12 DIFFSERV 2 DSA_QOS_CAM_INSTALL_FAILED Not enough space in L3 Cam PolicyQos for class 2 Gi 12 20 entries on portpipe 1 for linecard 12 EX2YD 12 DIFFSERV 2 DSA_QOS_CAM_INSTALL_FAILED Not enough space in L3 Cam PolicyQos for class 5 Gi 12 22 entries on portpipe 1 for linecard 12 Step Task 1 Verify that you ...

Page 301: ...Dell Force10 system is deployed in production environment you must wait for a maintenance window to load a new configuration The Configuration Replace and Rollback feature allows you to archive your running configuration and at a later time replace your running configuration with the archived one without rebooting the chassis During replacement FTOS calculates and applies only the difference betwe...

Page 302: ...GURATION mode on page 72 Therefore when using this feature no other user may be in CONFIGURATION mode The lock is released when the replace or rollback operation is complete Configuration Replace and Rollback cannot remove some FTOS configuration statements See the release notes for your FTOS version for details Enabling the Archive Service Before you can archive a configuration you must enter ARC...

Page 303: ...e directory is a hidden directory that FTOS does not display in the output of the command dir View the archive directory using the command show archive from EXEC Privilege mode as shown in Figure 12 2 Replacing the Current Running Configuration Replace the current running configuration with an archived configuration using the command configure replace from EXEC Privilege mode In Figure 12 3 R1 arc...

Page 304: ...on wait for the specified time to expire as shown in Figure 12 5 If you like the configuration enter the command configure confirm from EXEC Privilege mode before the specified time as shown in Figure 12 6 R1 config R1 conf hostname FTOS FTOS configure replace archive_0 This will apply all nessesary additions and deletions to replace the current running config with the contents of the specified co...

Page 305: ...ditions and deletions to replace the current running config with the contents of the specified configuration file which is assumed to be complete configuration not a partial configuration Please confirm if you want to proceed yes no yes 3d4h45m RPM0 P CP CLI 6 RBACKSTART start rollback to file flash CFGARCH_DIR archive_0 3d4h45m RPM0 P CP SYS 5 CONFIG_LOAD Loading configuration file 3d4h45m RPM0 P...

Page 306: ...e running configuration is not archived and periodic archiving pauses it resumes when you make a change to the running configuration R1 archive config configuration archived as archive_1 R1 show archive Archive directory flash CFGARCH_DIR Archive Date Time Size Comment 0 archive_0 11 20 2007 09 45 24 6120 Archived 1 archive_1 11 20 2007 10 54 12 6120 Most recently archived 2 3 4 5 6 7 8 9 10 11 12...

Page 307: ...ou cannot view or edit the contents of archived files FTOS disallows these functions to ensure that archived configurations are error free when they are used in a replace or rollback function You can however copy the file to another location using the command archive backup and then view and edit the copy If you copy the file to another location on FTOS then you can view the contents of the file u...

Page 308: ...ar 11 2007 00 23 40 ADMIN_DIR 8 rw 6115 Nov 19 2007 18 35 32 startup config 9 rw 32999090 Jun 11 2007 20 22 32 FTOS EF 7 4 1 0 bin 10 rw 33059550 May 31 2007 20 58 56 FTOS EF 7 4 2 0 bin 11 rw 23234380 May 30 2007 06 38 14 FTOS EF 6 5 4 0 bin 12 rw 6115 Nov 19 2007 18 15 00 startup config bak 13 rw 34 Nov 19 2007 19 23 00 arc_delta cfg 14 rw 6120 Nov 20 2007 11 17 52 archive_2 flash 520962048 byte...

Page 309: ...12 11 Viewing the Difference between Configuration Files R1 archive config configuration archived as archive_3 R1 conf hostname FTOS FTOS conf do show run diff archive_3 running config hostname FTOS flash CFGARCH_DIR archive_3 hostname R1 FTOS conf ...

Page 310: ...310 Configuration Replace and Rollback w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 311: ...ation policies determined by network administrators DHCP relieves network administrators of manually configuring hosts which is a can be a tedious and error prone process when hosts often join leave and change locations on the network reclaims IP addresses that are no longer in use to prevent address exhaustion DHCP is based a client server model A host discovers the DHCP server and requests an IP...

Page 312: ...Specifies the the DNS servers that are available to the client Domain Name 15 Specifies the domain name that client should use when resolving hostnames via DNS IP Address Lease Time 51 Specifies the amount of time that the client is allowed to use an assigned IP address DHCP Message Type 53 1 DHCPDISCOVER 2 DHCPOFFER 3 DHCPREQUEST 4 DHCPDECLINE 5 DHCPACK 6 DHCPNACK 7 DHCPRELEASE 8 DHCPINFORM Param...

Page 313: ...sage which signals to the client that it may begin using the assigned parameters 5 When the client leaves the network or the lease time expires returns its IP address to the server in a DHCPRELEASE message There are additional messages that are used in case the DHCP negotiation deviates from the process previously described and shown in Figure 13 2 DHCPDECLINE A client sends this message to the se...

Page 314: ...pool FTOS displays an error message for configurations that exceed the allocated memory E Series supports 16K DHCP Snooping entries across 500 VLANs C Series and S Series support 4K DHCP Snooping entries All platforms support DAI on 16 VLANs per system Configuration Tasks Configure the System to be a DHCP Server on page 314 Configure the System to be a Relay Agent on page 320 Configure Secure DHCP...

Page 315: ...istrator must first set up a DHCP server and provide it with configuration parameters and policy information including IP address ranges lease length specifications and configuration data that DHCP hosts need Configuring the Dell Force10 system to be a DHCP server is a 3 step process 1 Configure the Server for Automatic Address Allocation 2 Specify a Default Gateway 3 Enable DHCP Server Related Co...

Page 316: ... the client Step Task Command Syntax Command Mode 1 Access the DHCP server CLI context ip dhcp server CONFIGURATION 2 Create an address pool and give it a name pool name DHCP 3 Specify the range of IP addresses from which the DHCP server may assign addresses network is the subnet address prefix length specifies the number of bits used for the network portion of the address you specify network netw...

Page 317: ...HCP clients with parameters for two methods of hostname resolution Address Resolution using DNS A domain is a group of networks DHCP clients query DNS IP servers when they need to correlate host names to IP addresses Step Task Command Syntax Command Mode 1 Enter the DHCP command line context ip dhcp server CONFIGURATION 2 Enable DHCP server no disable Default Disabled DHCP 3 Display the current DH...

Page 318: ... client The DHCP server assign the client an available IP address automatically and then creates a entry in the binding table However the administrator can manually create an entry for a client manual bindings are useful when you want to guarantee that particular network device receives a particular IP address Manual bindings can be considered single host address pools There is no limit on the num...

Page 319: ...host address DHCP POOL 3 Specify the client hardware address or client identifier hardware address is the client MAC address type is the protocol of the hardware platform The default protocol is Ethernet client identifier is required for Microsoft clients instead of a hardware addresses The client identifier is formed by concatenating the media type and the MAC address of the client Refer to the A...

Page 320: ...m the server are unicast back to the relay agent on port 68 and the relay agent rewrites the destination address and forwards the packet to the client subnet via broadcast Task Command Syntax Command Mode Clear DHCP binding entries for the entire binding table clear ip dhcp binding EXEC Privilege Clear a DHCP binding entry for an individual IP address clear ip dhcp binding ip address EXEC Privileg...

Page 321: ...wn 1 3 Unicast DHCP Server 10 11 1 5 DHCP Server 10 11 2 5 Broadcast Source IP 10 11 1 5 Destination IP 255 255 255 255 Source Port 67 Destination Port 68 Unicast Source IP 0 0 0 0 Destination IP 10 11 1 5 Source Port 68 Destination Port 67 Relay Agent Address 10 11 0 3 1 4 Unicast Source IP 10 11 1 5 Destination IP 10 11 0 3 Source Port 67 Destination Port 68 Broadcast Source IP 0 0 0 0 Destinati...

Page 322: ...nt MAC addresses with a relay agent to prevent offering an IP address to a client spoofing the same MAC address on a different relay agent assign IP addresses according to the relay agent This prevents generating DHCP offers in response to requests from an unauthorized relay agent The server echoes the option back to the relay agent in its response and the relay agent can use the information in th...

Page 323: ...ELEASE Starting with FTOS Release 8 2 1 2 line cards maintain a list of snooped VLANs When the binding table is exhausted DHCP packets are dropped on snooped VLANs while these packets are forwarded across non snooped VLANs Since DHCP packets are dropped no new IP address assignments are made However DHCPRELEASE and DHCPDECLINE packets are allowed so that the DHCP snooping table can decrease in siz...

Page 324: ...ding EXEC Privilege Task Command Syntax Command Mode Display the contents of the binding table show ip dhcp snooping EXEC Privilege FTOS show ip dhcp snooping IP DHCP Snooping Enabled IP DHCP Snooping Mac Verification Disabled IP DHCP Relay Information option Disabled IP DHCP Relay Trust Downstream Disabled Database write delay In minutes 0 DHCP packets information Relay Information option packets...

Page 325: ...ication mechanism Network devices accepts ARP request and replies from any device and ARP replies are accepted even when no request was sent If a client receives an ARP message for which a relevant entry already exists in its ARP cache it overwrites the existing entry with the new information The lack of authentication in ARP makes it vulnerable to spoofing ARP spoofing is a technique attackers us...

Page 326: ...locates only 9 entries to the L2SysFlow region for DAI You can configure 10 to 16 DAI enabled VLANs by allocating more CAM space to the L2SysFlow region before enabling DAI SystemFlow has 102 entries by default This region is comprised of two sub regions L2Protocol and L2SystemFlow L2Protocol has 87 entries and L2SystemFlow has 15 entries Six L2SystemFlow entries are used by Layer 2 protocols leav...

Page 327: ... IP Source Address Validation on page 328 prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP binding table Task Command Syntax Command Mode Specify an interface as trusted so that ARPs are not validated against the binding table arp inspection trust INTERFACE FTOS Behavior Introduced in FTOS version 8 2 1 0 Dynamic ARP Inspection DAI was available for Laye...

Page 328: ...n which the requesting client is attached When IP Source Address Validation is enabled on a port the system verifies that the source IP address is one that is associated with the incoming port If an attacker is impostering as a legitimate client the source address appears on the wrong ingress port and the system drops the packet Likewise if the IP address is fake the address will not be on the lis...

Page 329: ...an ACL entry for each IP MAC address pair in the binding table and applies it to the interface Step Task Command Syntax Command Mode 1 Allocate at least one FP block to the ipmacacl CAM region cam acl l2acl CONFIGURATION 2 Save the running config to the startup config copy running config startup config EXEC Privilege 3 Reload the system reload EXEC Privilege 4 Enable IP MAC Source Address Validati...

Page 330: ...330 Dynamic Host Configuration Protocol w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 331: ...tained by an ExaScale and TeraScale chassis they must both use the same hashing algorithm and seed value and ECMP must deterministically choose a next hop To reconfigure these values see Configurable Hash Algorithm E Series on page 331 Configurable Hash Algorithm Seed on page 332 Deterministic ECMP Next Hop on page 332 Configurable Hash Algorithm E Series TeraScale has one algorithm that is used f...

Page 332: ...every chassis This means that for a given flow even though the prefixes are sorted two unrelated chassis will select different hops FTOS provides a CLI based solution for modifying the hash seed to ensure that on each configured system the ECMP selection is same When configured the same seed is set for ECMP LAG and NH and is used for incoming traffic only FTOS Behavior In FTOS versions prior to 8 ...

Page 333: ...ed are configured the same each flow is consistently sent to the same next hop even though they are routed through two different chassis Figure 14 1 Deterministic ECMP Next Hop Configurable Hash Algorithm Seed Task Command Syntax Command Mode Specify the hash algorithm seed hash algorithm seed value linecard number port set number Range 0 4095 CONFIGURATION Backbone router Prefix P Next hop 1 Next...

Page 334: ...to compute the egress port dest ip Uses destination IP address as part of the hash key lsb Always uses the least significant bit of the hash key to compute the egress port To change to a different hash scheme for ECMP use the following command in the CONFIGURATION mode The different hash algorithms for ECMP are based on the number of ECMP group members and packet values The default hash algorithm ...

Page 335: ...ning spanning tree protocol With its two way path to destination configuration FRRP provides protection against any single link switch failure and thus provides for greater network uptime Protocol Overview FRRP is built on a ring topology Up to 255 rings can be configured on a system FRRP uses one Master node and multiple Transit nodes in each ring There is no limit to the number of nodes on a rin...

Page 336: ...ual LAN VLAN is configured on all node ports in the ring All ring ports must be members of the Member VLAN and the Control VLAN The Member VLAN is the VLAN used to transmit data as described earlier The Control VLAN is used to perform the health checks on the ring The Control VLAN can always pass through all ports in the ring including the secondary port of the Master node Ring Status The Ring Fai...

Page 337: ... the Secondary port clears its own forwarding table and sends a control frame to the Transit nodes instructing them to clear their forwarding tables and re learn the topology During the time between the Transit node detecting that its link is restored and the Master node detecting that the ring is restored the Master node s Secondary port is still forwarding traffic This can create a temporary loo...

Page 338: ...s FRRP provides a convergence time that can generally range between 150ms and 1500ms The Master node originates a high speed frame that circulates around the ring This frame appropriately sets up or breaks down the ring A single FRRP flap will occur wen a line card is reset or a stack unit fails over to the standby Primary Forwarding Primary Forwarding Secondary Forwarding Primary Forwarding Secon...

Page 339: ...ode only Topology Change RHF Triggered updates Processed at all nodes Important FRRP Concepts Table 15 1 lists some important FRRP concepts Table 15 1 FRRP Components Concept Explanation Ring ID Each ring has a unique 8 bit ring ID through which the ring is identified e g FRRP 101 and FRRP 202 as shown in Figure 15 2 Control VLAN Each ring has a unique Control VLAN through which tagged Ring Health...

Page 340: ...n the VLAN Ring Protocol Timers Hello Interval The interval when ring frames are generated from the Master node s Primary interface default 500 ms The Hello interval is configurable in 50 ms increments from 50 ms to 2000 ms Dead Interval The interval when data traffic is blocked on a port The default is 3 times the Hello interval rate The dead interval is configurable in 50 ms increments from 50 m...

Page 341: ... the Member VLANs Configure Primary and Secondary ports Configure the Master node Configure a Transit node Set FRRP Timers optional Enable FRRP Other FRRP related commands are Clear FRRP counters Create the FRRP group The FRRP group must be created on each switch in the ring Use the commands in the following sequence to create the FRRP group Configure the Control VLAN Control and Member VLANS are ...

Page 342: ... 100 1000 Ethernet interface enter the keyword keyword GigabitEthernet followed by the slot port information For a Gigabit Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet followed by the slot port information Slot Port Range Slot and Port ID for the interface Range is entered Slot Po...

Page 343: ...tify the Member VLANs for this FRRP group VLAN ID Range VLAN IDs for the ring s Member VLANS 6 no disable CONFIG FRRP Enable FRRP Step Command Syntax Command Mode Purpose 1 interface vlan vlan id CONFIGURATION Create a VLAN with this ID number VLAN ID 1 4094 2 tagged interface slot port range CONFIG INT VLAN Tag the specified interface or range of interfaces to this VLAN Interface For a 10 100 100...

Page 344: ...enGigabitEthernet followed by the slot port information Slot Port Slot and Port ID for the interface VLAN ID Identification number of the Control VLAN 4 mode transit CONFIG FRRP Configure a Transit node 5 member vlan vlan id range CONFIG FRRP Identify the Member VLANs for this FRRP group VLAN ID Range VLAN IDs for the ring s Member VLANs 6 no disable CONFIG FRRP Enable this FRRP group on this swit...

Page 345: ...mary and Secondary interfaces when FRRP is enabled When the interface ceases to be a part of any FRRP process if Spanning Tree is enabled globally it must be enabled explicitly for the interface The maximum number of rings allowed on a chassis is 255 Sample Configuration and Topology clear frrp EXEC PRIVELEGED Clear the counters associated with all FRRP groups Command Syntax Command Mode Purpose s...

Page 346: ...ess switchport no shutdown interface Vlan 101 no ip address tagged GigabitEthernet 2 14 31 no shutdown interface Vlan 201 no ip address tagged GigabitEthernet 2 14 31 no shutdown protocol frrp 101 interface primary GigabitEthernet 2 14 secondary GigabitEthernet 2 31 control vlan 101 member vlan 201 mode transit no disable R3 TRANSIT interface GigabitEthernet 3 14 no ip address switchport no shutdo...

Page 347: ...gers data collection via the CLI For example you can configure FTSA to search for a specific value in the show command for output throttles on an interface if CPU usage exceeds 85 FTSA then automatically E mails the information in XML format to network administrators and or the Dell Force10 Technical Assistance Center Implementation Information It is possible to omit the admin email and smtp serve...

Page 348: ... enabled FTSA Messaging Service on page 350 FTSA Policies on page 357 Debugging FTSA on page 371 Enable Force10 Service Agent FTSA is disabled by default The system displays Message 1 when you enable or disable FTSA Figure 16 1 shows the default FTSA configuration Task Command Syntax Command Mode Enable FTSA If FTSA is disabled when you execute this command then FTOS starts the FTSA service and en...

Page 349: ...ator E mail address is the one that FTSA uses to originate E mails Enter the administrator s full E mail address in the form username domain com or Enter the username without the domain name Dell Force10 recommends using the system name for username your company s domain name for domain admin email email address CALLHOME 2 If you did not enter the domain name when entering the administrator E mail...

Page 350: ...n page 354 Set Parameters FTSA Type 5 Messages on page 354 Enable the FTSA Messaging Service There are five FTSA message types see FTSA Message Types on page 355 for examples Type 0 Call Home Enable Type 1 Call Home Disable Type 2 Chassis failover Type 3 Inventory Type 4 System Log Type 5 Action List The E mail body of every message always contains the message type chassis name transmission time a...

Page 351: ... CALLHOME context For example the default label is Force10 Enter the context conf callhome Force10 by entering the command server Force10 as shown in Figure 16 2 You may enable messaging for all recipients at once or enable messaging for each recipient individually Add Additional Recipients of FTSA E mails You can add four more recipients for FTSA E mails in addition to Dell Force10 TAC and the ad...

Page 352: ...supported only on platforms c e Step Task Command Command Mode 1 Create a mnemonic label for the recipient server label CONFIGURATION 2 Enter the recipient E mail address in the form username domain name com recipient email address CONFIGURATION FTOS conf callhome show config call home no enable all server Force10 recipient ftsa force10networks com keyadd Force10DefaultPublicKey encrypt no enable ...

Page 353: ...E mails to the recipient encrypt CALLHOME SERVER LABEL Step Task 1 Use a PGP5 compatible program such as PGP or GnuPG to generate the public or private key The user name that you choose in the program will be the one that you use in the server command 2 Export the public key to a file Task Command Command Mode Provide the postal service mailing address at which the network administrator can be con...

Page 354: ...configurable parameters Task Command Command Mode Set the frequency at which FTSA generates inventory E mails Range 2 to 10080 minutes Default 1440 minutes 24 hours frequency minutes CALLHOME Step Task Command Command Mode 1 Ensure that system logging is on and verify the logging severity level logging on do show running config logging CONFIGURATION 2 Collect and E mail system log messages If you ...

Page 355: ...r action list message format xml text CALLHOME ACTIONLIST FTOS Behavior FTOS versions prior to 8 2 1 0 diverted Type 5 messages to the internal flash root directory when you enter the command log only Beginning in version 8 2 1 0 FTOS stores these messages in CALL HOME LOGs on the internal flash Message 2 FTSA Message Sent RPM0 P CP CALL HOME HELPER 3 CALLHOME Callhome service sent a message to Fo...

Page 356: ...essagenum 0 messagenum AgentInfo Message Body AgentInfo messagetype Type 3 messagetype time 00 30 46 172 UTC Thu Feb 19 2009 time serialnum 0036232 serialnum hostname Force10 hostname messagenum 0 messagenum AgentInfo Message Attachment Chassis Type E300 Chassis Mode TeraScale Software Version 7 8 1 0 hardware E300 0036232 7520009603 D 1 LC EF3 GE 48T 0029961 7520009704 01 0 LC EF3 RPM FX000017082...

Page 357: ...0036232 serialnum hostname Force10 hostname messagenum 0 messagenum AgentInfo Message Attachment Chassis Type E300 Chassis Mode TeraScale Software Version 7 8 1 0 log_messages how logging severity 7 session 1 display xml xml version 1 0 encoding UTF 8 response MajorVersion 1 MinorVersion 0 action syslog_properties logging enabled logging console_level debugging console_level monitor_level debuggin...

Page 358: ...ist Table 16 1 and specify additional test conditions Table 16 2 To create a new empty policy test list Choose test conditions for a policy test list Once you create a policy test list FTOS enters the CALLHOME TESTLIST context The list you created is initially empty You may choose one of three pre defined condition lists or create your own The three pre defined condition lists are shown in Table 1...

Page 359: ... show environment Software SWP Timeout IPC Timeout IRC timeout CPU 85 Memory usage 85 Task Command Command Mode Add a pre defined list of conditions to your policy test list default test exception hardware software CALLHOME TESTLIST Table 16 2 Custom Policy Test Conditions Condition Keyword Description OID CPU Usage cpu 1 min CPU utilization in percentage for the last 1 minute chRpmCpuUtil1Min cpu...

Page 360: ...Per CPU total memory usage in percent chRpmMemUsageUtil Match String cli show text Match a string within a command output N A WRED drops wred drops A count of the frames that are dropped using a WRED policy because of excessive traffic f10IfOutWredDrops Condition Command Command Mode CPU Usage test condition cpu 1 min cpu 5 min boolean comparison value sample number CALLHOME TESTLIST Interface Rat...

Page 361: ...ctions is saved in a local file with the same name as the action list and a date and time stamp appended to the filename FTSA does not overwrite files from previous executions While an action list is executing pending action lists do not execute until the current action list completes For example if a test list matches a condition and triggers an action list and during the execution of the action ...

Page 362: ...fic x3 10s interval Hardware hardware show tech support show trace show trace hardware show logging driverlog linecard all line cards show logging driverlog cp show console lp all line cards show pcdfo show command history show cpu interface stats cp x2 5s interval show environment all show environment linecard voltage Software software show tech support show trace show trace hardware show process...

Page 363: ...ted and under this condition the recovery action will never execute seq number cli action command CALLHOME ACTIONLIST Execute a show debug when FTSA discovers a test condition While debug is running FTSA will execute other pending action list items seq number cli debug debug command time seconds CALLHOME ACTIONLIST Execute a show command when FTSA discovers a test condition seq number cli show sho...

Page 364: ...Y Associate a Dell Force10 Problem Report PR number with the policy Configure a PR number only if you already have a case open with Dell Force10 for the policy This PR number is included in action list messages sent to Dell Force10 pr number number CALLHOME POLICY Execute the action list contingent upon the state of CPU utilization The CPU utilization is calculated in percentage using the 1 minute...

Page 365: ...o log only message format text cli show show linecard 4 grep Status repeat 1 delay 1 R6_E300 conf callhome do offline linecard 4 2d9h24m RPM0 P CP CHMGR 2 CARD_DOWN Line card 4 down card offline 2d9h24m RPM0 P CP IFMGR 1 DEL_PORT Removed port Gi 4 0 47 R6_E300 conf callhome 2d9h24m RPM1 S CP IFMGR 1 DEL_PORT Removed port Gi 4 0 47 2d9h24m RPM0 P CP CALL HOME 6 CALLHOME Call home executes remote ex...

Page 366: ...o contact_info F10_info policy_name lcdown policy_name F10_info action_list_name lcdown action_list_name test_list_match match test_condition hardware test_condition test_value Line card 4 down test_value match test_list_match content item item_name show tech support item_name item_time 23 19 37 232 UTC Wed Feb 25 2009 item_time item_output show tech support output omitted item_output item item it...

Page 367: ...6 879 UTC Wed Feb 25 2009 item_time item_output show logging driverlog cp output omitted item_output item item item_name show console lp 1 item_name item_time 23 19 47 141 UTC Wed Feb 25 2009 item_time item_output show console lp 1 output omitted item_output item item item_name show console lp 4 item_name item_time 23 19 50 686 UTC Wed Feb 25 2009 item_time item_output show console lp 4 output omi...

Page 368: ...put remote exec cp dhsTestCp output omitted item_output item item item_name remote exec cp dhsTestCp item_name item_time 23 20 00 663 UTC Wed Feb 25 2009 item_time item_output remote exec cp dhsTestCp output omitted item_output item item item_name show linecard 4 grep Status item_name item_time 23 20 07 755 UTC Wed Feb 25 2009 item_time item_output show linecard 4 grep Status Status offline Power ...

Page 369: ...genum 0 messagenum AgentInfo Message Attachment action_list_message AgentInfo messagetype Type 5 messagetype time 17 14 28 415 UTC Thu Feb 26 2009 time serialnum 0036232 serialnum AgentInfo contact_info contact_info F10_info policy_name bgpdown policy_name F10_info action_list_name bgpdown action_list_name test_list_match match test_condition show logging 10 test_condition test_value Search string...

Page 370: ...ition interface crc 1 greater than number 500 policy action list crcerror no log only message format text cli show show int gig 1 2 grep CRC repeat 1 delay 1 R6_E300 conf do show int gig 1 2 grep CRC 0 CRC 0 overrun 0 discarded R6_E300 conf do show int gig 1 2 grep CRC 105 CRC 0 overrun 105 discarded R6_E300 conf do show int gig 1 2 grep CRC 183 CRC 0 overrun 183 discarded R6_E300 conf do show int...

Page 371: ... messagetype Type 5 messagetype time 21 10 04 686 UTC Tue Mar 10 2009 time serialnum 0036232 serialnum AgentInfo contact_info F10_info policy_name crcerror policy_name F10_info action_list_name crcerror action_list_name test_list_match match test_condition interface crc test_condition test_value The current value 501 is greater than the configured value 500 test_value match test_list_match content...

Page 372: ...ment ramdisk crcerror 21_10_04 685 txt 02 13 49 Message AgentInfo messagetype Type 5 messagetype time 21 10 04 678 UTC Tue Mar 10 2009 time serialnum 0036232 serialnum hostname R6_E300 hostname messagenum 0 messagenum AgentInfo 02 13 49 RPM0 P CP CALL HOME HELPER 3 CALLHOME Callhome service sent a message to Force10 at pubslab training10 com 02 13 49 Removing text file ramdisk crcerror 21_10_04 68...

Page 373: ...P is to simplify but not eliminate static configuration The idea is to configure switches at the edge and have the information dynamically propagate into the core As such the edge ports must still be statically configured with VLAN membership information and they do not run GVRP It is this information that is propagated to create dynamic VLAN membership in the core of the network Important Points ...

Page 374: ...nformation exchanged In Figure 17 2 that kind of port is referred to as a VLAN trunk port but it is not necessary to specifically identify to FTOS that the port is a trunk port as described in Chapter 18 VLAN Stacking on page 367 FTOS conf protocol spanning tree pvst FTOS conf pvst no disable Error GVRP running Cannot enable PVST FTOS conf protocol spanning tree mstp FTOS conf mstp no disable Erro...

Page 375: ...able GVRP for the entire switch using the command gvrp enable in CONFIGURATION mode as shown in Figure 17 3 Use the show gvrp brief command to inspect the global configuration VLANs 10 20 VLANs 10 20 VLANs 30 50 VLANs 70 80 VLANs 70 80 VLANs 30 50 GVRP is configured globally and on all VLAN trunk ports for the edge and core switches Edge Switches Core Switches Edge Switches NOTES VLAN 1 mode is al...

Page 376: ...r example if an interface is statically configured via the CLI to belong to a VLAN it should not be un configured when it receives a Leave PDU So the registration mode on that interface is FIXED Forbidden Mode Disables the port to dynamically register VLANs and to propagate VLAN information except information about VLAN 1 A port with forbidden registration type thus allows only VLAN 1 to pass thro...

Page 377: ... timer expires the information is de registered The Leave timer must be greater than or equal to 3x the Join timer The FTOS default is 600ms LeaveAll Upon startup a GARP device globally starts a LeaveAll timer Upon expiration of this interval it will send out a LeaveAll message so that other GARP devices can re register all relevant attribute information The device then restarts the LeaveAll timer...

Page 378: ...ocol w w w d e l l c o m s u p p o r t d e l l c o m FTOS displays Message 1 if an attempt is made to configure an invalid GARP timer Message 1 GARP Timer Error FTOS conf garp timers join 300 Error Leave timer should be 3 Join timer ...

Page 379: ...ents as of this FTOS release The features in this collection are Component Redundancy on page 380 Online Insertion and Removal on page 387 Hitless Behavior on page 389 Graceful Restart on page 390 Software Resiliency on page 390 Warm Upgrade on page 393 Hot lock Behavior on page 393 In Service Modular Hot Fixes Process Restartability Component Boot Code E Series TeraScale RPM 2 4 2 1 E Series Tera...

Page 380: ... the chassis with dual RPMs on page 381 Automatic and manual RPM failover on page 382 Support for RPM redundancy by FTOS version on page 384 RPM synchronization on page 385 Boot the chassis with a single RPM You can boot the chassis with one RPM and later add a second RPM which automatically becomes the standby RPM FTOS displays Message 1 when the standby RPM is online On the C Series since the RP...

Page 381: ...e is warm upgrade FTOS displays Message 2 different FTOS versions with first two digits not matching Primary 7 6 1 0 Standby 7 5 1 0 The link to the standby RPM is down and the standby RPM is in a boot loop FTOS displays Message 3 and a boot fail prompt different FTOS versions with only first three digits matching Primary 7 4 2 0 Standby 7 4 2 1 The link to the peer RPM is up and FTOS performs a c...

Page 382: ...boot process and configure a different boot location with the boot change or boot system commands For more information see Recovering from a Failed Start on page 77 FTOS show redundancy RPM Status RPM Slot ID 0 RPM Redundancy Role Primary RPM State Active RPM SW Version 7 6 1 0 Link to Peer Up PEER RPM Status RPM State Standby RPM SW Version 7 6 1 0 RPM Redundancy Configuration Primary RPM rpm0 Au...

Page 383: ...y assuming the role of primary RPM and FTOS displays message similar to message Message 5 IPC and IRC timeouts and failover behavior IPC or IRC timeouts can occur because heartbeat messages and acknowledgements are lost or arrive out of sequence or a software or hardware failure occurs that impacts IPC or IRC Table 18 2 describes the failover behavior for the possible failure scenarios Message 4 R...

Page 384: ...s standby RPM Standby RPM initiates a failover FTOS saves an RP application core dump RP IPC related system status a CP trace log record and the CP IPC related system status Then the new primary RPM reboots the failed RPM c e Hardware error detected on the primary RPM FTOS detects the hardware error on the primary RPM and notifies the standby RPM The standby RPM initiates a failover FTOS saves a C...

Page 385: ...running config redundancy from EXEC Privilege mode as shown in Figure 18 2 Figure 18 2 Selecting a Primary RPM Force an RPM failover Trigger an RPM failover between RPMs using the command redundancy force failover rpm from EXEC Privilege mode Use this feature when you are replacing an RPM and you are performing a warm upgrade Failover Type Synchronized Data Platform Warm Failover some NVRAM inform...

Page 386: ...anually synchronize RPMs at any time using the command redundancy synchronize full from EXEC Privilege mode Switch Fabric Module redundancy Switch Fabric Module Redundancy is supported on platform c Since the RPM on the C Series also contains the switch fabric even though the second RPM comes online as the standby the switch fabric is active and is automatically available for routing Change this b...

Page 387: ...ry RPM is inserted When this command is executed the logical SFM on the standby RPM is immediately taken offline and the SFM state set as standby Use the command show sfm all to see SFM status information Figure 18 4 Inserting a Second RPM into an Online System Line Card Online Insertion and Removal FTOS detects the line card type when you insert a line card into a online chassis FTOS writes the l...

Page 388: ...utput omitted FTOS conf RPM0 P CP CHMGR 5 CARDDETECTED Line card 0 present FTOS conf do show linecard all Line cards Slot Status NxtBoot ReqTyp CurTyp Version Ports 0 online online E48VB E48VB 7 5 1 71 48 output omitted FTOS conf RPM0 P CP CHMGR 2 CARD_DOWN Line card 0 down card removed FTOS conf do show linecard all Line cards Slot Status NxtBoot ReqTyp CurTyp Version Ports 0 not present E48VB ou...

Page 389: ... 2 1 0 and later Hitless is a protocol based system behavior that makes an RPM failover on the local system transparent to remote systems The system synchronizes protocol information on the standby and primary RPMs such that the event of an RPM failover there is no need to notify remote systems of a local state change Message 6 Line card Mismatch Error RPM0 P CP CHMGR 3 CARD_MISMATCH Mismatch line...

Page 390: ...g Detection line card ports See Bidirectional Forwarding Detection on page 169 Graceful Restart Graceful Restart is supported on platform e c s Graceful restart also called non stop forwarding is a protocol based mechanism that preserves the forwarding table of the restarting router and its neighbors for a specified period to minimize the loss of packets A graceful restart router does not immediat...

Page 391: ... the overall status of the backplane and can identifies a faulty SFM If three consecutive RPM loopbacks fail then the software initiates a fault isolation procedure that sequentially disables one SFM at a time and performs the same loopback test Refer to the Chapter 61 E Series TeraScale Debugging and Diagnostics for details on the different system checks performed SFM Channel Monitoring PCDFO is ...

Page 392: ...e execution of a program These messages are called trace messages they are primarily used for debugging and provide lower level information than event messages which are primarily used by system administrators FTOS retains executed trace messages for hardware and software and stores them in files logs on the internal flash NV Trace Log contains line card bootup trace messages that FTOS never overw...

Page 393: ...rules from an Access Control List that is already written to CAM This behavior is enabled by default and is available for both standard and extended ACLs on ingress and egress For information on configuring ACLs see Chapter 8 IP Access Control Lists ACL Prefix Lists and Route maps on page 133 Hot lock PBR supported on E Series only allows you to append rules to and delete rules from a redirect lis...

Page 394: ...nfigured it when the system is offline The bootflash is partitioned so that two separate images can be cached one for each RPM Cache Boot Pre requisites The system must meet two requirements before you can use the cache boot feature 1 On the E Series the cache boot feature requires RPM hardware revision 2 1 or later Use the show rpm command Figure 18 8 to determine the version of your RPM There is...

Page 395: ...d 2 3 2 1 E Series ExaScale RPM 2 5 0 3 E Series ExaScale Line Card 2 9 0 5 C Series RPM 2 7 1 1 C Series Line Card 2 6 0 1 Message 7 Boot Code Upgrade Required for Cache Boot Error Error linecard 0 doesn t have cache boot aware bootCode FTOS show rpm RPM card 0 Status active Next Boot online Card Type RPM Route Processor Module LC EF3 RPM Hardware Rev 2 2i Num Ports 1 Up Time 1 day 4 hr 25 min La...

Page 396: ...tartup configuration copy running config startup config after selecting a cache boot image in order to enable it FTOS upgrade system image all A flash FTOS EF 7 8 1 0 bin Current cache boot information in the system Type A B CP invalid invalid RP1 invalid b n invalid RP2 invalid invalid linecard 0 invalid invalid linecard 1 is not present linecard 2 is not present linecard 3 is not present linecar...

Page 397: ...d 3 is not present linecard 4 DOWNLOAD BOOT 4 7 5 427 6 5 1 8 linecard 5 is not present FTOS FTOS copy running config startup config File with same name already exist Proceed to copy the file confirm yes no yes 10496 bytes successfully copied 1d6h32m RPM0 P CP FILEMGR 5 FILESAVED Copied running config to startup config in flash by default R4_E300 show bootvar PRIMARY IMAGE FILE system 4 7 5 427 SE...

Page 398: ... patchversion rtp For example a patch labeled 7 8 1 0 EH rp2 l2mgr 1 rtp identifies that this patch applies to FTOS version 7 8 1 0 on the E Series platform for RP2 addressing the layer 2 management process and this is the first version of this patch Use the following to add a patch to the system Step Task Command Syntax Command Mode 1 If not already done copy the patch to the Runtime Patch direct...

Page 399: ...rces restarts the failed process and then updates the restart counter By default a process can be restarted a maximum of 3 times within 1 hour If this limit is exceeded the FTOS reloads the system reloads or fails over to the secondary RPM The processes that can be restarted are Management related processes TACACS RADIUS CLI SSH Telnet Console Aux TACACS RADIUS FTOS restarts the process and reappl...

Page 400: ...RATION FTOS conf process restartable radius count Specify max number of auto restarts default 3 cr FTOS conf process restartable radius count 1 3 number of times value to auto restarts FTOS conf process restartable radius count 3 period Specify time span for auto restart count default 1 cr Display the processes and tasks configured for restartability show process restartable history EXEC Privilege...

Page 401: ...tive process restarts FTOS does not continue to print debug messages after the restart you must execute debug tacacs or debug radius again This is because debugging is not saved to the running configuration rather FTOS marks the process for debugging with a flag that is cleared during the restart ...

Page 402: ...402 High Availability w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 403: ...versions 1 or 2 on the same subnet IGMP on FTOS supports up to 512 interfaces on E Series 31 interfaces on C Series and S Series and an unlimited number of groups on all platforms Dell Force10 systems cannot serve as an IGMP host or an IGMP version 1 IGMP Querier FTOS automatically enables IGMP on interfaces on which you enable a multicast routing protocol IGMP Protocol Overview IGMP has three ver...

Page 404: ...spond to a general query from its querier or it may send an unsolicited report to its querier Responding to an IGMP Query 1 One router on a subnet is elected as the querier The querier periodically multicasts to all multicast systems address 224 0 0 1 a general query to all hosts on the subnet 2 A host that wants to join a multicast group responds with an IGMP Membership Report that contains the m...

Page 405: ...e there are no interested receivers To enable filtering routers must keep track of more state information that is the list of sources that must be filtered An additional query type the Group and Source Specific Query keeps track of state changes while the Group Specific and General queries still refresh existing state Reporting is more efficient and robust hosts do not suppress query responses non...

Page 406: ...ified sources 3 The host s third message indicates that it is only interested in traffic from sources 10 11 1 1 and 10 11 1 2 Since this request again prevents all other sources from reaching the subnet the router sends another group and source query so that it can satisfy all other hosts There are no other interested hosts so the request is recorded fnC0071mp Type Reserved Reserved Checksum Numbe...

Page 407: ... 1 4 Host 2 responds to the periodic general query so the querier refreshes the state information for that group 1 1 Type 0x22 Number of Group Records 1 Record Type 4 Number of Sources 0 Multicast Address 224 1 1 1 Interface Multicast Group Filter Source Source Address Timer Mode Timer 1 1 224 1 1 1 GMI Exclude None 1 1 224 1 1 1 Include 10 11 1 1 GMI 1 1 224 1 1 1 Include 10 11 1 1 GMI 10 11 1 2 ...

Page 408: ...atically enabled with IGMP View IGMP enabled interfaces using the command show ip igmp interface command in the EXEC Privilege mode 1 1 Querier Non Querier Membership Queries Leaving and Staying Type 0x17 Number of Group Records 1 Record Type 6 Number of Sources 2 Multicast Address 224 1 1 1 Source Addresses 10 11 1 1 10 11 1 2 IGMP Leave message Type 0x11 Group Address 224 1 1 1 Number of Sources...

Page 409: ...on interface IGMP query interval is 60 seconds IGMP querier timeout is 300 seconds IGMP max query response time is 10 seconds Last member query response interval is 199 ms IGMP activity 0 joins 0 leaves IGMP querying router is 10 87 3 2 this system IGMP version is 2 FTOS FTOS conf if gi 1 13 ip igmp version 3 FTOS conf if gi 1 13 do show ip igmp interface GigabitEthernet 1 13 is up line protocol i...

Page 410: ...ime expires Inversely increasing this value decreases burstiness at the expense of leave latency Adjust the period between queries using the command ip igmp query interval from INTERFACE mode Adjust the Maximum Response Time using the command ip igmp query max resp time from INTERFACE mode When the querier receives a leave message from a host it sends a group specific query to the subnet If no res...

Page 411: ...ere are no members in the group View the static groups using the command show ip igmp groups from EXEC Privilege mode Static groups have an expiration value of Never and a Last Reporter value of CLI as shown in Figure 19 8 Enabling IGMP Immediate leave If the querier does not receive a response to a group specific or group and source query it sends another Querier Robustness Value Then after no re...

Page 412: ...neral query on the interface that transitions to the forwarding state Configuring IGMP Snooping Configuring IGMP Snooping is a one step process That is enable it on a switch using the command ip igmp snooping enable from CONFIGURATION mode View the configuration using the command show running config from CONFIGURATION mode as shown in Figure 19 9 You can disable snooping on for a VLAN using the co...

Page 413: ...ally specify a port in a VLAN as connected to a multicast router using the command ip igmp snooping mrouter from INTERFACE VLAN mode View the ports that are connected to multicast routers using the command show ip igmp snooping mrouter from EXEC Privilege mode Configuring the Switch as Querier Hosts that do not support unsolicited reporting wait for a general query before sending a membership repo...

Page 414: ... VLAN mode Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change FTOS sends a general query out of all ports except the multicast router ports The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire When an IGMP snooping switch i...

Page 415: ...Interface Configuration Interface Types View Basic Interface Information Enable a Physical Interface Physical Interfaces Management Interfaces VLAN Interfaces Loopback Interfaces Null Interfaces on page 427 Port Channel Interfaces Advanced Interface Configuration Bulk Configuration Interface Range Macros on page 443 Monitor and Maintain Interfaces Link Debounce Timer Link Dampening Ethernet Pause ...

Page 416: ... interfaces configured in the port channel Figure 20 1 displays the configuration and status information for one interface Interface Type Modes Possible Default Mode Requires Creation Default State Physical L2 L3 Unset No Shutdown disabled Management N A N A No No Shutdown enabled Loopback L3 L3 Yes No Shutdown enabled Null N A N A No Enabled Port Channel L2 L3 L3 Yes Shutdown disabled VLAN L2 L3 ...

Page 417: ...rrent address is 00 01 e8 05 f3 6a Pluggable media present XFP type is 10GBASE LR Medium is MultiRate Wavelength is 1310nm XFP receive power reading is 3 7685 Interface index is 67436603 Internet address is 65 113 24 238 28 MTU 1554 bytes IP MTU 1500 bytes LineSpeed 10000 Mbit Mode full duplex Master ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 09 54 Queueing stra...

Page 418: ...gabitEthernet followed by the slot port information For a Gigabit Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For the Management interface on the RPM enter the keyword ManagementEthernet followed by the slot port information For a SONET interface enter the keyword sonet followed by slot port information For a 10 Gigabit Ethernet interface enter the ke...

Page 419: ...irtual interfaces such as VLANs or port channels Link detection on ExaScale line cards is interrupt based rather than poll based which enables ExaScale cards to bring up and take down links faster For more information on VLANs see Bulk Configuration on page 440 and for more information on port channels see Port Channel Interfaces on page 428 Configuration Task List for Physical Interfaces By defau...

Page 420: ... a Layer 2 Interface To configure an interface in Layer 2 mode use these commands in the INTERFACE mode Table 20 1 Interfaces Types Type of Interface Possible Modes Requires Creation Default State 10 100 1000 Ethernet Gigabit Ethernet 10 Gigabit Ethernet Layer 2 Layer 3 No Shutdown disabled SONET PPP encapsulation Layer 3 No Shutdown disabled Management n a No Shutdown disabled Loopback Layer 3 Ye...

Page 421: ...and displays an example of a Layer 3 interface Figure 20 5 show config Command Example of a Layer 3 Interface If an interface is in the incorrect layer mode for a given command an error message is displayed to the user For example in Figure 20 6 the command ip address triggered an error message because the interface is in Layer 2 mode and the ip address command is a Layer 3 command only Figure 20 ...

Page 422: ...mple show ip interface ip address ip address mask secondary INTERFACE Configure a primary IP address and mask on the interface The ip address must be in dotted decimal format A B C D and the mask must be in slash format xx Add the keyword secondary if the IP address is the interface s backup IP address Command Syntax Command Mode Purpose FTOS show ip int vlan 58 Vlan 58 is up line protocol is up I...

Page 423: ... interface from the local LAN To access the Management interface from another LAN the management route command must be configured to point to the Management interface Alternatively you can use virtual ip to manage a system with one or two RPMs A virtual IP is an IP address assigned to the system not to any management interfaces and is a CONFIGURATION mode command You may enter an IPv4 or IPv6 addr...

Page 424: ...ser can manage the S Series from any port Configure an IP address for the port using the ip address command and enable it using the command no shutdown The user may use the command description from INTERFACE mode to note that the interface is the management interface There is no separate management routing table so the user must configure all routes in the IP routing table the ip route command As ...

Page 425: ... 0 ManagementEthernet 0 0 is up line protocol is up Hardware is Force10Eth address is 00 01 e8 5d b7 4c Current address is 00 01 e8 5d b7 4c Pluggable media not present Interface index is 503595208 Internet address is 10 11 197 97 16 Link local IPv6 address fe80 201 e8ff fe5d b74c 64 Global IPv6 address fdaa bbbb cccc 1004 50 64 Virtual IP address is 10 11 197 99 16 Virtual IP IPv6 address is fdaa...

Page 426: ...ure 20 12 shows a sample configuration of a VLAN participating in an OSPF process Figure 20 12 Sample Layer 3 Configuration of a VLAN Note To monitor VLAN interfaces use the Management Information Base for Network Management of TCP IP based internets MIB II RFC 1213 Monitoring VLAN interfaces via SNMP is supported only on E Series Note An IP address cannot be assigned to the Default VLAN which by ...

Page 427: ...syntax in the CONFIGURATION mode Many of the same commands found in the physical interface are found in Loopback interfaces See also Configuring ACLs to Loopback on page 151 Null Interfaces The Null interface is another virtual interface created by the E Series software There is only one Null interface It is always up but no traffic is transmitted through this interface To enter the INTERFACE mode...

Page 428: ...l provides redundancy by aggregating physical interfaces into one logical interface If one physical interface goes down in the port channel another physical interface carries the traffic Port channel benefits For the E Series a port channel interface provides many benefits including easy management link redundancy and sharing Port channels are transparent to network configurations and can be modif...

Page 429: ...TOS disables the interfaces that do match the interface speed set by the first channel member That first interface may be the first interface that is physically brought up or was physically operating when interfaces were added to the port channel For example if the first operational interface in the port channel is a Gigabit Ethernet interface all interfaces at 1000 Mbps are kept up and all 10 100...

Page 430: ...e port channel here by setting the speed of the Gi 0 0 interface to 1000 Mb s Configuration task list for port channel interfaces To configure a port channel LAG you use the commands similar to those found in physical interfaces By default no port channels are configured in the startup configuration Create a port channel mandatory Add a physical interface to a port channel on page 431 mandatory Re...

Page 431: ...ge mode enter the show running config interface interface command When an interface is added to a port channel FTOS recalculates the hash algorithm To add a physical interface to a port channel use these commands in the following sequence in the INTERFACE mode of a port channel To view the port channel s status and channel members in a tabular format use the show interfaces port channel brief Figu...

Page 432: ...strates interface GigabitEthernet 1 6 is part of port channel 5 which is in Layer 2 mode and an error message appeared when an IP address was configured FTOS show int port brief LAG Mode Status Uptime Ports 1 L2L3 up 00 06 03 Gi 13 6 Up Gi 13 12 Up 2 L2L3 up 00 06 03 Gi 13 7 Up Gi 13 8 Up Gi 13 13 Up Gi 13 14 Up FTOS FTOS show interface port channel 20 Port channel 20 is up line protocol is up Har...

Page 433: ... port channel Figure 20 16 displays an example of moving the GigabitEthernet 1 8 interface from port channel 4 to port channel 3 Step Command Syntax Command Mode Purpose 1 no channel member interface INTERFACE PORT CHANNEL Remove the interface from the first port channel 2 interface port channel id number INTERFACE PORT CHANNEL Change to the second port channel INTERFACE mode 3 channel member inte...

Page 434: ...el from a VLAN As with other interfaces you can add Layer 2 port channel interfaces to VLANs To add a port channel to a VLAN you must place the port channel in Layer 2 mode by using the switchport command Command Syntax Command Mode Purpose minimum links number INTERFACE Enter the number of links in a LAG that must be in oper up status Default 1 FTOS conf if portch show config interface Port chann...

Page 435: ...ax Command Mode Purpose tagged port channel id number INTERFACE VLAN Add the port channel to the VLAN as a tagged interface An interface with tagging enabled can belong to multiple VLANs untagged port channel id number INTERFACE VLAN Add the port channel to the VLAN as an untagged interface An interface without tagging enabled can belong to only one VLAN Command Syntax Command Mode Purpose no tagg...

Page 436: ...llows you to modify the hashing algorithms used for flows and for fragments The load balance and hash algorithm commands are available for modifying the distribution algorithms Their syntax and implementation are somewhat different between the E Series and the C Series and S Series E Series load balancing On the E Series the default load balance criteria are a 5 tuple as follows IP source address ...

Page 437: ...cket based mac CONFIGURATION To designate a method to balance traffic over a port channel By default IP 5 tuple is used to distribute traffic over members port channel ip selection 3 tuple Distribute IP traffic based on IP source address IP destination address and IP protocol type ip selection packet based Distribute IPV4 traffic based on the IP Identification field in the IPV4 header mac Distribu...

Page 438: ...c Default IP 5 tuple IP 5 tuple lower 32 bits IP 5 tuple MAC based load balance ip selection 3 tuple IP 3 tuple lower 32 bits IP 3 tuple MAC based load balance ip selection mac MAC based IP 5 tuple MAC based load balance ip selection 3 tuple load balance ip selection mac MAC based IP 3 tuple MAC based load balance ip selection packet based Packet based IPV4 No distribution IPV6 Packet based MAC ba...

Page 439: ...to compute the egress port Other options for ECMP hash algorithms are crc upper uses the upper 32 bits of the hash key to compute the egress port Command Syntax Command Mode Purpose hash algorithm algorithm number ecmp checksum crc xor number lag checksum crc xor number nh ec mp checksum crc xor number linecard number ip sa mask value ip da mask value CONFIGURATION Change the default 0 to another ...

Page 440: ... configuration any non existing interfaces from an interface range A default VLAN may be configured only if the interface range being configured consists of only VLAN ports The interface range command allows you to create an interface range allowing other commands to be applied to that range of interfaces The interface range prompt offers the interface with slot and port information for valid inte...

Page 441: ...e Figure 20 21 Creating a Multiple Range Prompt Exclude duplicate entries Duplicate single interfaces and port ranges are excluded from the resulting interface range prompt Figure 20 22 Interface Range Prompt Excluding Duplicate Entries Exclude a smaller port range If interface range has multiple port ranges the smaller port range is excluded from prompt FTOS config interface range gigabitethernet...

Page 442: ...nd 1 2 Figure 20 25 Multiple Range Bulk Configuration Gigabit Ethernet and Ten Gigabit Ethernet Add ranges The example below shows how to use commas to add VLAN and port channel interfaces to the range Figure 20 26 Multiple Range Bulk Configuration with VLAN and Port channel FTOS conf interface range gigabitethernet 2 0 23 gigab 2 1 10 FTOS conf if range gi 2 0 23 FTOS conf inte ra gi 2 1 11 gi 2 ...

Page 443: ...ined interface range macro configuration use the command show running config in the EXEC mode The example below shows how to display the defined interface range macro named test Command Syntax Command Mode Purpose FTOS config define interface range macro_name vlan vlan_ID vlan_ID gigabitethernet tengigabitethernet slot interface interface vlan vlan_ID vlan_ID gigabitethernet tengigabitethernet slo...

Page 444: ...ge to be configured using the values saved in a named interface range macro Command Syntax Command Mode Purpose monitor interface interface EXEC Privilege View the interface s statistics Enter the type of interface and slot port information For a 10 100 1000 Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For a Gigabit Ethernet interface enter the keyword...

Page 445: ...it is important to shut down the port on the far end of the cable Otherwise it may lead to incorrect test results Note TDR is an intrusive test Do not run TDR on a link that is up and passing traffic FTOS monitor interface gi 3 1 FTOS uptime is 1 day s 4 hour s 31 minute s Monitor time 00 00 00 Refresh Intvl 2s Interface Gi 3 1 Disabled Link is Down Linespeed is 1000 Mbit Traffic statistics Curren...

Page 446: ... this period no notification goes to the upper layers so that the switch remains unaware of the change Important Points to Remember about Link Debounce Timer Link Debounce Timer is configurable on physical ports only Only 1G fiber 10 100 1000 copper 10G fiber 10G copper are supported This feature is not supported on management interfaces or SONET interfaces Link Debounce takes effect only when the...

Page 447: ...er is 100 ms show interface debounce type slot port EXEC Privilege Show the debounce time for the specified interface Enter the interface type keyword followed by the type of interface and slot port information For a 10 100 1000 Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For a Gigabit Ethernet interface enter the keyword GigabitEthernet followed by t...

Page 448: ...t are affected by the change in state and these protocols go through momentous task of re converging Flapping therefore puts the status of entire network at risk of transient loops and black holes Link dampening minimizes the risk created by flapping by imposing a penalty for each interface flap and decaying the penalty exponentially Once the penalty exceeds certain threshold the interface is put ...

Page 449: ...mary from EXEC Privilege mode as shown in Figure 20 32 Figure 20 32 Viewing a System wide Dampening Summary Clear Dampening Counters Clear dampening counters and accumulated penalties using the command clear dampening as shown in Figure 20 33 R1 conf if gi 1 1 show config interface GigabitEthernet 1 1 ip address 10 10 19 1 24 dampening 1 2 3 4 no shutdown R1 conf if gi 1 1 exit FTOS show interface...

Page 450: ...U is defined as the entire Ethernet packet Ethernet header FCS payload Since different networking vendors define MTU differently check their documentation when planing MTU sizes across a network Table 20 8 lists the range for each transmission media Ethernet Pause Frames Ethernet Pause Frames is supported on platforms c e s Threshold Settings are supported only on platforms c s Ethernet Pause Fram...

Page 451: ... duplex when flowcontrol is on config ignored Threshold Settings Threshold Settings are supported only on platforms c s When the transmission pause is set tx on 3 thresholds can be set to define the controls more closely Ethernet Pause Frames flow control can be triggered when either the flow control buffer threshold or flow control packet pointer threshold is reached The thresholds are Number of ...

Page 452: ...lowed by no shut on the interface and then check the running config of the port Command Syntax Command Mode Purpose flowcontrol rx off on tx off on threshold 1 2047 1 2013 1 2013 INTERFACE Control how the system responds to and generates 802 3x pause frames on 1 and 10Gig line cards Defaults C Series rx off tx off E Series rx on tx on S Series rx off tx off Parameters rx on Enter the keywords rx o...

Page 453: ...d the same IP MTU value The port channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members Example If the members have a link MTU of 2100 and an IP MTU 2000 the port channel s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU VLANs All members of a VLAN must have the same IP MTU value Members can have differ...

Page 454: ... cards have only one port pipe on the line card For the purposes of diagnostics the major difference between the E Series platforms is the number of port pipes per slot E1200 and E600 Each slot has two port pipes Each portpipe has nine 3 125Gbps channels to the backplane one to each SFM E300 Each slot has one portpipe Each port pipe has eight 3 125Gbps channels to the backplane with four channels ...

Page 455: ... to 1000 or auto To discover whether the remote and local interface require manual speed synchronization and to manually synchronize them if necessary use the following command sequence see Figure 20 35 on page 456 Note Starting with FTOS 7 8 1 0 when a copper SFP2 module with catalog number GP SFP2 1T is used in the S25P model of the S Series its speed can be manually set with the speed command W...

Page 456: ...d of the node is configured as forced master and the other is configured as forced slave If both are configured the same that is both as forced master or both as forced slave the show interface command will flap between an auto neg error and forced master slave states FTOS show interfaces status Port Description Status Speed Duplex Vlan Gi 0 0 Up 1000 Mbit Auto Gi 0 1 Down Auto Auto 1 Gi 0 2 Down ...

Page 457: ... Information Display Only Configured Interfaces The following options have been implemented for show ip running config interfaces commands for only linecard interfaces When the configured keyword is used only interfaces that have non default configurations are displayed Dummy linecard interfaces created with the linecard command are treated like any other physical interface Figure 20 37 lists the ...

Page 458: ...ry 15 seconds So for example if you enter 19 you will actually get a sample of the past 15 seconds All LAG members inherit the rate interval configuration from the LAG Figure 20 39 shows how to configure rate interval when changing the default value FTOS show interfaces configured FTOS show interfaces linecard 0 configured FTOS show interfaces gigabitEthernet 0 configured FTOS show ip interface co...

Page 459: ...ime since last interface status change 1d23h40m FTOS conf interface tengigabitethernet 10 0 FTOS conf if te 10 0 rate interval 100 FTOS show interfaces TenGigabitEthernet 10 0 is down line protocol is down Hardware is Force10Eth address is 00 01 e8 01 9e d9 Internet address is not set MTU 1554 bytes IP MTU 1500 bytes LineSpeed 10000 Mbit ARP type ARPA ARP Timeout 04 00 00 Last clearing of show int...

Page 460: ...tically turns on counting when the application is enabled and is turned off when the application is disabled Please note that if more than four counter dependent applications are enabled on a port pipe there is an impact on line rate performance The following counter dependent applications are supported by FTOS Egress VLAN Ingress VLAN Next Hop 2 Next Hop 1 Egress ACLs ILM IP FLOW IP ACL IP FIB L2...

Page 461: ... Port Channel interface enter the keyword port channel followed by a number from 1 to 255 for TeraScale and ExaScale 1 to 32 for EtherScale For the management interface on the RPM enter the keyword ManagementEthernet followed by slot port information The slot range is 0 1 and the port range is 0 For a SONET interface enter the keyword sonet followed by the slot port information For a 10 Gigabit Et...

Page 462: ...462 Interfaces w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 463: ...n page 471 ICMP on page 475 UDP Helper on page 476 Table 21 1 lists the defaults for the IP addressing features described in this chapter IP Addresses FTOS supports IP version 4 as described in RFC 791 It also supports classful routing and Variable Length Subnet Masks VLSM With VLSM one network can be can configured with different masks Supernetting which increases the number of subnets is also su...

Page 464: ...rface on page 464 mandatory Configure static routes on page 466 optional Configure static routes for the management interface on page 467 optional For a complete listing of all commands related to IP addressing refer to FTOS Command Line Interface Reference Assign IP addresses to an interface Assign primary and secondary IP addresses to physical or logical for example VLAN or port channel interfac...

Page 465: ...nge is 0 1 and the port range is 0 For a port channel interface enter the keyword port channel followed by a number from 1 to 255 for TeraScale and ExaScale 1 to 32 for EtherScale For a SONET interface enter the keyword sonet followed by the slot port information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet followed by the slot port information For a VLAN interface ente...

Page 466: ...GURATION Configure a static IP address Use the following required and optional parameters ip address Enter an address in dotted decimal format A B C D mask Enter a mask in slash prefix length format X interface Enter an interface type followed by slot port information distance range 1 to 255 optional permanent Keep the static route in the routing table if interface option is used even if the inter...

Page 467: ...the management port use the following command in the CONFIGURATION mode Command Syntax Command Mode Purpose management route ip address mask forwarding router address ManagementEthernet slot port CONFIGURATION Assign a static route to point to the management interface or forwarding router FTOS show ip route static Destination Gateway Dist Metric Last Change S 2 1 2 0 24 Direct Nu 0 0 0 00 02 30 S ...

Page 468: ...This feature simplifies such commands as Telnet and FTP by allowing you to enter a name instead of an IP address Dynamic resolution of host names is disabled by default Unless the feature is enabled the system resolves only host names entered into the host table with the ip host or ipv6 host command Enable dynamic resolution of host names on page 468 Specify local system domain and a list of domai...

Page 469: ...onfigure a domain name use the following command in the CONFIGURATION mode To configure a list of domain names use the following command in the CONFIGURATION mode Command Syntax Command Mode Purpose ip domain lookup CONFIGURATION Enable dynamic resolution of host names ip name server ipv4 address ipv4 address2 ipv4 address6 ipv6 name server ipv6 address ipv6 address2 ipv6 address6 CONFIGURATION Sp...

Page 470: ...p name server ipv4 address ipv4 address2 ipv4 address6 ipv6 name server ipv6 address ipv6 address2 ipv6 address6 CONFIGURATION Specify up to 6 IPv4 or IPv6 name servers The order you entered the servers determines the order of their use You may have IPv4 and IPv6 name servers configured at the same time traceroute host ipv4 address ipv6 address CONFIGURATION When you enter the traceroute command w...

Page 471: ...gnorant of the network including subnetting For more information on Proxy ARP refer to RFC 925 Multi LAN Address Resolution and RFC 1027 Using ARP to Implement Transparent Subnet Gateways Configuration Task List for ARP The following list includes configuration tasks for ARP Configure static ARP entries on page 471 optional Enable Proxy ARP on page 472 optional Clear ARP cache on page 472 optional...

Page 472: ...nd in the INTERFACE mode If it is not listed in the show config command output it is enabled Only nondefault information is displayed in the show config command output Clear ARP cache To clear the ARP cache of dynamically learnt ARP information use the following command in the EXEC privilege mode Command Syntax Command Mode Purpose arp ip address mac address interface CONFIGURATION Configure an IP...

Page 473: ...esh EXEC privilege Clear the ARP caches for all interfaces or for a specific interface by entering the following information For a 1 Gigabit Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For a port channel interface enter the keyword port channel followed by a number from 1 to 255 for TeraScale and ExaScale 1 to 32 for EtherScale For a SONET interface e...

Page 474: ...a Gratuitous ARP is enabled the system installs a new ARP entry or updates an existing entry for all received ARP requests Figure 21 9 Learning via Gratuitous ARP Whether ARP Learning via Gratuitous ARP is is enabled or disabled the system does not look up the Target IP It only updates the ARP entry for the Layer 3 interface with the source IP of the request Task Command Syntax Command Mode Enable...

Page 475: ...RP entries learned via gratuitous ARP show arp retries EXEC Privilege FTOS Behavior Due to ARP Pruning the total number of ARP requests sent might exceed but is never less than the configured number of ARP retries This occurs when the ARP Pruning timer expires while ARP retry is in progress ARP Pruning is a mechanism that clears stale entries every 1 minute A stale entry is an IP address for which...

Page 476: ...created and sent out all interfaces To disable ICMP redirect messages use the no ip redirect command To reenable the creation of ICMP redirect messages on the interface use the following command in the INTERFACE mode To view if ICMP redirect messages are sent on the interface use the show config command in the INTERFACE mode If it is not listed in the show config command output it is enabled Only ...

Page 477: ...atible with IP helper ip helper address UDP broadcast traffic with port number 67 or 68 are unicast to the DHCP server per the ip helper address configuration whether or not the UDP port list contains those ports If the UDP port list contains ports 67 or 68 UDP broadcast traffic forwarded on those ports Enabling UDP Helper Enable UPD helper using the command ip udp helper udp ports as shown in Fig...

Page 478: ...lper with Broadcast all Addresses on page 479 UDP Helper with Subnet Broadcast Addresses on page 479 UDP Helper with Configured Broadcast Addresses on page 480 UDP Helper with No Configured Broadcast Addresses on page 481 FTOS conf if vl 100 ip udp broadcast address 1 1 255 255 FTOS conf if vl 100 show config interface Vlan 100 ip address 1 1 0 1 24 ip udp broadcast address 1 1 255 255 untagged Gi...

Page 479: ...he destination address because the forwarding process is Layer 2 2 If UDP helper is enabled the system changes the destination IP address to the configured broadcast address 1 1 255 255 and forwards the packet to VLAN 100 3 Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured Figure 21 14 UDP helper with All...

Page 480: ...VLANs with an unchanged destination address Packet 2 is sent from a host on VLAN 101 It has broadcast MAC address and a destination IP address that matches the configured broadcast address on VLAN 101 In this case Packet 2 is flooded on VLAN 101 with the destination address unchanged because the forwarding process is Layer 2 If UDP helper is enabled the packet is flooded on VLAN 100 as well Figure...

Page 481: ...Debugging IP Helper with UDP Helper FTOS conf debug ip udp helper 01 20 22 Pkt rcvd on Gi 5 0 with IP DA 0xffffffff will be sent on Gi 5 1 Gi 5 2 Vlan 3 01 44 54 Pkt rcvd on Gi 7 0 is handed over for DHCP processing Packet 0 0 0 0 68 255 255 255 255 67 TTL 128 2005 11 05 11 59 35 RELAY I PACKET BOOTP REQUEST Unicast received at interface 172 21 50 193 BOOTP Request XID 0x9265f901 secs 0 hwaddr 00 ...

Page 482: ...482 IPv4 Addressing w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 483: ...otocol Overview on page 483 Extended Address Space Stateless Autoconfiguration IPv6 Headers Implementing IPv6 with FTOS on page 490 Table 22 2 FTOS and IPv6 Feature Support ICMPv6 Path MTU Discovery IPv6 Neighbor Discovery QoS for IPv6 IPv6 Multicast SSH over an IPv6 Transport Configuration Task List for IPv6 on page 496 Protocol Overview IPv6 is an evolution of IPv4 IPv6 is generally installed as...

Page 484: ... Detection DAD Before configuring its IPv6 address an IPv6 host node device checks whether that address is used anywhere on the network using this mechanism Prefix Renumbering Useful in transparent renumbering of hosts in the network when an organization changes its service provider FTOS manipulation of IPv6 stateless auto configuration supports the router side only Neighbor Discovery ND messages ...

Page 485: ... for Extension Headers Extension Headers are used only if necessary There can be no extension headers one extension header or more than one extension header in an IPv6 packet Extension Headers are defined in the Next Header field of the preceding IPv6 header IPv6 header fields The 40 bytes of the IPv6 header are ordered as show in Figure 22 1 Figure 22 1 IPv6 Header Fields Version 4 bits The Versi...

Page 486: ...cifies the packet payload This is the length of the data following the IPv6 header IPv6 Payload Length only includes the data following the header not the header itself The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB However the Jumbogram option type Extension header supports larger packet sizes when required Next Header 8 bits The Next Header field identifies...

Page 487: ... severely impact performance Each Extension headers s lengths vary but they are always a multiple of 8 bytes Each extension header is identified by the Next Header field in the IPv6 header that precedes it Extension headers are viewed only by the destination router identified in the Destination Address field If the Destination Address is a multicast address the Extension headers are examined by al...

Page 488: ...Option type and directs the router how to handle the option The second byte contains the Option Data Length The third byte specifies whether the information can change en route to the destination The value is 1 if it can change the value is 0 if it cannot change Addressing IPv6 addresses are normally written as eight groups of four hexadecimal digits where each group is separated by a colon For ex...

Page 489: ...y the operating system s IP layer for each network interface This provides instant automatic network connectivity for any IPv6 host and means that if several hosts connect to a common hub or switch they have an instant communication path via their link local IPv6 address Link local addresses cannot be routed to the public Internet Static and Dynamic Addressing Static IP addresses are manually assi...

Page 490: ...ale E Series ExaScale C Series S Series Basic IPv6 Commands 7 4 1 8 2 1 7 8 1 7 8 1 IPv6 Basic Commands in the FTOS Command Line Interface Reference Guide IPv6 Basic Addressing IPv6 address types Unicast 7 4 1 8 2 1 7 8 1 7 8 1 Extended Address Space in this chapter IPv6 neighbor discovery 7 4 1 8 2 1 7 8 1 7 8 1 IPv6 Neighbor Discovery in this chapter IPv6 stateless autoconfiguration 7 4 1 8 2 1 ...

Page 491: ...ost Multipath for IPv6 7 4 1 8 2 1 7 8 1 7 8 1 IPv6 Services and Management Telnet client over IPv6 outbound Telnet 7 5 1 8 2 1 7 8 1 7 8 1 Telnet with IPv6 in this chapter Control and Monitoring in the FTOS Command Line Reference Guide Telnet server over IPv6 inbound Telnet 7 4 1 8 2 1 7 8 1 7 8 1 Telnet with IPv6 in this chapter Control and Monitoring in the FTOS Command Line Reference Guide Sec...

Page 492: ...Neighbor Discovery and Multicast Listener Discovery These messages also include Echo Request and Echo Reply messages The FTOS ping and traceroute commands extend to support IPv6 addresses These commands use ICMPv6 Type 2 messages Path MTU Discovery IPv6 MTU Discovery is supported on platforms c e s PIM SSM for IPv6 7 5 1 8 2 1 8 4 2 8 4 2 IPv6 Multicast in this chapter IPv6 PIM in the FTOS Command...

Page 493: ... discovery on an IPv6 network In lieu of ARP NDP uses Neighbor Solicitation and Neighbor Advertisement ICMPv6 messages for determining relationships between neighboring nodes Using these messages an IPv6 device learns the link layer addresses for neighbors known to reside on attached links quickly purging cached values that become invalid With ARP each node broadcasts ARP requests on the entire li...

Page 494: ...bor Advertisements By default all prefixes configured as addresses on the interface are advertised You can control the advertise parameters per prefix the default keyword can be used to use the default parameters for all prefixes QoS for IPv6 IPv6 QoS is supported on platforms c e s Command Syntax Command Mode Purpose ipv6 nd prefix ipv6 address prefix length default no advertise no autoconfig no ...

Page 495: ...p Messages to join the multicast group Join messages are sent towards the RP and data is sent from senders to the RP so receivers can discover who are the senders and begin receiving traffic destined to the multicast group PIM in Source Specific Multicast PIM SSM PIM SSM protocol is based on the source specific model for forwarding Multicast traffic across multiple domains on the Internet It is re...

Page 496: ...file summary for a chassis that already has IPv6 CAM profile configured Figure 22 5 shows the full IPv6 CAM profiles Refer to Chapter 11 Content Addressable Memory on page 281 for complete information regarding CAM configuration Figure 22 4 Command Example show cam profile summary E Series Command Syntax Command Mode Purpose cam profile ipv6 extacl microcode ipv6 extacl chassis linecard slot EXEC ...

Page 497: ...or odd numbered ranges The default option sets the CAM Profile as follows L3 ACL ipv4acl 6 L2 ACL l2acl 5 IPv6 L3 ACL ipv6acl 0 L3 QoS ipv4qos 1 L2 QoS l2qos 1 FTOS show cam profile Chassis CAM Profile CamSize 18 Meg Current Settings Next Boot Profile Name IPV6 ExtACL IPV6 ExtACL L2FIB 32K entries 32K entries L2ACL 1K entries 1K entries IPv4FIB 192K entries 192K entries IPv4ACL 12K entries 12K ent...

Page 498: ...ber ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number vman qos vman dual qos number CONFIGURATION Allocate space for IPV6 ACLs Enter the CAM profile name followed by the amount to be allotted When not selecting the default option you must enter all of the profiles listed and a range for each The total space allocated must equal 13 The ipv6acl range must be a fac...

Page 499: ...ute tag Enter the keyword interface followed by the type of interface and slot port information For a 10 100 1000 Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For a Gigabit Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet followed by the s...

Page 500: ...6 snmp server community ipv6 snmp server community access list name ipv6 snmp server group ipv6 snmp server group access list name ipv6 Show IPv6 Information All of the following show commands are supported on platforms c e s View specific IPv6 configuration with the following commands Command Syntax Command Mode Purpose telnet ipv6 address EXEC or EXEC Privileged Enter the IPv6 Address for the de...

Page 501: ...e specified interface Enter the keyword interface followed by the type of interface and slot port information For all brief summary of IPv6 status and configuration enter the keyword brief For all IPv6 configured interfaces enter the keyword configured For a 10 100 1000 Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For a Gigabit Ethernet interface enter...

Page 502: ...outes enter bgp To display information about ISO IS IS routes enter isis To display information about Open Shortest Path First OSPF routes enter ospf To display information about Routing Information Protocol RIP enter rip To display information about static IPv6 routes enter static To display information about an IPv6 Prefix lists enter list and the prefix list name FTOS show ipv6 interface gi 2 2...

Page 503: ...Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default Gateway of last resort is not set Destination Dist Metric Gateway Last Change C 2001 64 0 0 Direct Gi 1 1 00 28 49 FTOS show ipv6 route summary Route Source Active Routes Non ac...

Page 504: ...llowed by the type of interface and slot port information For a 10 100 1000 Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For a Gigabit Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For the Management interface on the RPM enter the keyword ManagementEthernet followed by the slot port information For a 10 Giga...

Page 505: ...ddresses are normally written as eight groups of four hexadecimal digits where each group is separated by a colon Omitting zeros is accepted as described in Addressing earlier in this chapter Command Syntax Command Mode Purpose ...

Page 506: ...506 IPv6 Addressing w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 507: ...rds Compliance chapter Protocol Overview The intermediate system to intermediate system IS IS protocol developed by the International Organization for Standardization ISO is an interior gateway protocol IGP that uses a shortest path first algorithm IS IS is organized hierarchally into routing domains and each router or system resides in at least one area In IS IS routers are designated as Level 1 ...

Page 508: ... the composition of the NET is identical to an NSAP address except the last byte is always 0 The NET is composed of IS IS area address system ID and the N selector The last byte is the N selector All routers within an area have the same area portion Level 1 routers route based on the system address portion of the address while the Level 2 routers route based on the area address The NET length is v...

Page 509: ...purposes MT ID 0 Equivalent to the standard topology MT ID 1 Reserved for IPv4 in band management purposes MT ID 2 Reserved for IPv6 routing topology MT ID 3 Reserved for IPv4 multicast routing topology MT ID 4 Reserved for IPv6 multicast routing topology MT ID 5 Reserved for IPv6 in band management purposes Transition Mode All routers in the area or domain must use the same type of IPv6 support e...

Page 510: ...ssity of network topology changes IS IS Graceful Restart recognizes the fact that in a modern router the control plane and data plane are functionality separate Restarting the control plane functionality such as the failover of the active RPM to the backup in a redundant configuration should not necessarily interrupt data packet forwarding This behavior is supported because the forwarding tables p...

Page 511: ...contains one or more Multi Topology IDs in which the router participates This TLV is included in IIH and the first fragment of an LSP The MT Intermediate Systems TLV appears for every topology a node supports An MT ID is added to the extended IS reachability TLV type 22 The Multi Topology Reachable IPv4 Prefixes TLV appears for each IPv4 announced by an IS for a given MT ID Its structure is aligne...

Page 512: ...te that by using the IS IS routing protocol to exchange IPv6 routing information and to determine destination reachability you can route IPv6 along with IPv4 while using a single intra domain routing protocol The configuration commands allow you to enable and disable IPv6 routing and to configure or remove IPv6 prefixes on links Except where identified the commands discussed in this chapter apply ...

Page 513: ...with other routing protocols In IS IS neighbors form adjacencies only when they are same IS type For example a Level 1 router never forms an adjacency with a Level 2 router A Level 1 2 router will form Level 1 adjacencies with a neighboring Level 1 router and will form Level 2 adjacencies with a neighboring Level 2 router Use these commands in the following sequence to configure IS IS globally Not...

Page 514: ...ter the keyword sonet followed by slot port information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet followed by the slot port information For a VLAN enter the keyword vlan followed by a number from 1 to 4094 E Series ExaScale platforms support 4094 VLANs with FTOS version 8 2 1 0 and later Earlier ExaScale supports 2094 VLANS interface interface CONFIGURATION 4 Enter a...

Page 515: ...l area address es 47 0004 004d 0001 Routing for area address es 21 2223 2425 2627 2829 3031 3233 47 0004 004d 0001 Interfaces supported by IS IS Vlan 2 GigabitEthernet 4 22 Loopback 0 Redistributing Distance 115 Generate narrow metrics level 1 2 Accept narrow metrics level 1 2 Generate wide metrics none Accept wide metrics none FTOS FTOS show isis traffic IS IS Level 1 Hellos sent rcvd 4272 1538 I...

Page 516: ... will not have IPv6 connectivity between routers operating in single topology mode and routers operating in multi topology mode 2 Excluded this router from other router s SPF calculations set overload bit ROUTER ISIS AF IPV6 3 Set the minimum interval between SPF calculations spf interval level l level 2 interval initial_wait_interval second_wait_interval ROUTER ISIS AF IPV6 This command is used f...

Page 517: ...single topology mode and routers operating in multi topology mode 2 Excluded this router from other router s SPF calculations set overload bit ROUTER ISIS AF IPV6 3 Set the minimum interval between SPF calculations spf interval level l level 2 interval initial_wait_interval second_wait_interval ROUTER ISIS AF IPV6 This command is used for IPv6 route computation only when multi topology is enabled ...

Page 518: ...aceful restart t2 level 1 level 2 seconds ROUTER ISIS Configure the time for Graceful Restart timer T2 that a restarting router will use as the wait time for each database to synchronize level 1 level 2 identifies the database instance type to which the wait interval applies Range 5 120 seconds Default 30 seconds graceful restart t3 adjacency manual seconds ROUTER ISIS Configure Graceful Restart t...

Page 519: ...ime 1 min T3 Timer Manual T3 Timeout Value 30 T2 Timeout Value 30 level 1 30 level 2 T1 Timeout Value 5 retry count 1 Adjacency wait time 30 Operational Timer Value Current Mode State Normal RUNNING T3 Time left 0 T2 Time left 0 level 1 0 level 2 Restart ACK rcv count 0 level 1 0 level 2 Restart Req rcv count 0 level 1 0 level 2 Suppress Adj rcv count 0 level 1 0 level 2 Restart CSNP rcv count 0 l...

Page 520: ...UTER ISIS Set the LSP size size range 128 to 9195 Default is 1497 lsp refresh interval seconds ROUTER ISIS Set the LSP refresh interval seconds range 1 to 65535 Default is 900 seconds max lsp lifetime seconds ROUTER ISIS Set the maximum time LSPs lifetime seconds range 1 to 65535 Default is 1200 seconds show isis interface G1 34 GigabitEthernet 2 10 is up line protocol is up MTU 1497 Encapsulation...

Page 521: ... route is not installed FTOS supports the following IS IS metric styles Use the following command in ROUTER ISIS mode to change the IS IS metric style of the IS IS process Use the show isis protocol command Figure 476 in EXEC Privilege mode to view which metric types are generated and received Table 23 2 Metric Styles Metric Style Characteristics Cost Range Supported on IS IS Interfaces narrow Sen...

Page 522: ...ric style is wide or wide transition Default 10 isis ipv6 metric default metric level 1 level 2 INTERFACE Assign a metric for an IPv6 link or interface default metric range 0 to 63 for narrow and transition metric styles 0 to 16777215 for wide metric styles Default is 10 Default level is level 1 Refer to Configure IS IS metric style and cost for more information on this command Table 23 3 Correct ...

Page 523: ...ays only non default information so if you do not change the IS type the default value level 1 2 is not displayed The default is Level 1 2 router When the IS type is Level 1 2 the software maintains two Link State databases one for each level Use the show isis database command to view the Link State databases Figure 477 narrow transition 0 to 63 transition 0 to 63 Command Syntax Command Mode Purpo...

Page 524: ...herScale For a SONET interface enter the keyword sonet followed by slot port information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet followed by the slot port information For a VLAN enter the keyword vlan followed by a number from 1 to 4094 E Series ExaScale platforms support 4094 VLANs with FTOS version 8 2 1 0 and later Earlier ExaScale supports 2094 VLANS FTOS show ...

Page 525: ...Y IPV6 mode shown later to apply prefix lists to IPv6 routes Command Syntax Command Mode Purpose distribute list prefix list name in interface ROUTER ISIS Apply a configured prefix list to all incoming IPv4 IS IS routes Enter the type of interface and slot port information For a 1 Gigabit Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For the Loopback in...

Page 526: ... prefix lists to IPv4 routes Command Syntax Command Mode Purpose distribute list prefix list name in interface ROUTER ISIS AF IPV6 Apply a configured prefix list to all incoming IPv6 IS IS routes Enter the type of interface and slot port information For a 1 Gigabit Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For the Loopback interface on the RPM enter...

Page 527: ...gured routes bgp for BGP routes only distribute list redistributed override in ROUTER ISIS AF IPV6 Deny RTM download for pre existing redistributed IPv6 routes Note Do not route iBGP routes to IS IS unless there are route maps associated with the IS IS redistribution Note These commands apply to IPv4 IS IS only Use the ADDRESS FAMILY IPV6 mode shown later to apply prefix lists to IPv6 routes Comma...

Page 528: ...yntax Command Mode Purpose redistribute bgp as number connected rip static level 1 level 1 2 level 2 metric metric value metric type external internal route map map name ROUTER ISIS Include BGP directly connected RIP or user configured static routes in IS IS Configure the following parameters level 1 level 1 2 or level 2 Assign all redistributed routes to a level Default is level 2 metric range 0 ...

Page 529: ...er the no area password or no domain password command in ROUTER ISIS mode Set the overload bit Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first SPF calculations For example if the IS IS routing database is out of memory and cannot accept new LSPs FTOS sets the overload bit and IS IS traffic continues to transit ...

Page 530: ...e of interface and slot port information to view IS IS information on that interface only debug isis local updates interface EXEC Privilege View information about IS IS local update packets To view specific information enter one of the following optional parameters interface Enter the type of interface and slot port information to view IS IS information on that interface only FTOS show isis databa...

Page 531: ...77215 transition supports both narrow and wide and uses a TLV up to 63 narrow transition accepts both narrow and wide and sends only narrow or old style TLV wide transition accepts both narrow and wide and sends only wide or new style TLV debug isis snp packets interface EXEC Privilege View IS IS SNP packets include CSNPs and PSNPs To view specific information enter one of the following optional p...

Page 532: ...e IS IS metric style is narrow When you change from one IS IS metric style to another the IS IS metric value configured with the isis metric command could be affected In the following scenarios the IS type is either Level 1 or Level 2 or Level 1 2 and the metric style changes Table 23 4 Correct Value Range for the isis metric Command Metric Style Correct Value Range for the isis metric Command wid...

Page 533: ...value 10 if the original value is greater than 63 A message is sent to the console wide transition narrow transition default value 10 if the original value is greater than 63 A message is sent to the console wide transition transition truncated value the truncated value appears in the LSP only The original isis metric value is displayed in the show config and show running config commands and is us...

Page 534: ...w transition original value narrow transition original value wide narrow truncated value wide narrow transition truncated value wide wide transition original value wide transition truncated value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narrow transition transition original value transition wide original value tr...

Page 535: ...wn IP Addresses Interfaces Names etc Figure 23 10 is a sample configuration for enabling IPv6 IS IS Figure 23 13 illustrates the topology created with that CLI configuration S Note Only one IS IS process can run on the router even if both IPv4 and IPv6 routing is being used S Note Whenever ISIS configuration changes are made the IS IS process must be cleared re started using clear isis The command...

Page 536: ...ip address 10 0 13 1 24 R1 conf if gi 1 34 ipv6 address 2001 db8 1021 1 48 R1 conf if gi 1 34 ip router isis 9999 R1 conf if gi 1 34 no shutdown R1 conf if gi 1 34 end R1 show ip route Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF extern...

Page 537: ...32 10 0 12 1 R2 conf ip route 192 168 1 3 32 10 0 23 3 R2 conf ex R2 show ip route Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active r...

Page 538: ...vel 1 R3 conf if gi 3 21 isis network point to point R3 conf if gi 3 21 no shutdown R3 conf if gi 3 21 end R3 show ip route Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS ...

Page 539: ...igE 2 31 2001 0db8 1023 2 48 10 0 23 2 24 GigE 2 11 2001 0db8 1021 2 48 10 0 12 2 24 GigE 3 21 2001 0db8 1023 3 48 10 0 23 3 24 Loopback 0 Loopback 0 2001 0db8 9999 3 48 2001 0db8 9999 3 48 192 168 1 3 24 192 168 1 3 24 Loopback 0 Loopback 0 2001 0db8 9999 1 48 2001 0db8 9999 1 48 192 168 1 1 24 192 168 1 1 24 Loopback 0 Loopback 0 2001 0db8 9999 2 48 2001 0db8 9999 2 48 192 168 1 2 24 192 168 1 2...

Page 540: ...540 Intermediate System to Intermediate System w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 541: ...as described in Port Channel Interfaces on page 428 in Chapter 20 Interfaces The unique benefit of a dynamic LAG is that its ports can toggle between participating in the LAG or acting as dedicated ports whereas ports in a static LAG must be specifically removed from the LAG in order to act alone FTOS uses LACP to create dynamic LAGs LACP provides a standardized means of exchanging information bet...

Page 542: ...y type of configuration There is a difference between the shutdown and no interface port channel The shutdown command on LAG xyz disables the LAG and retains the user commands However the system does not allow the channel number xyz to be statically created The command no interface port channel channel number deletes the specified LAG including a dynamically created LAG This command causes all LAC...

Page 543: ... port channel LAG with another port in Active state A port in Active state can set up a LAG with another port in Passive state A port in Passive state cannot set up a LAG with another port in Passive state LACP Configuration Commands If aggregated ports are configured with compatible LACP modes Off Active Passive LACP can automatically link them as defined in IEEE 802 3 Section 43 The following co...

Page 544: ...hport commands as shown in Figure 24 1 which uses the example of LAG 32 Figure 24 1 Placing a LAG into the Default VLAN The LAG is in the default VLAN To place the LAG into a non default VLAN use the tagged command on the LAG Figure 24 2 Figure 24 2 Placing a LAG into a Non default VLAN Configure the LAG interfaces as dynamic After creating a LAG configure the dynamic LAG interfaces Figure 24 3 sh...

Page 545: ...on To configure the LACP long timeout Figure 196 Note The 30 second timeout is available for dynamic LAG interfaces only The lacp long timeout command can be entered for static LAGs but it has no effect Step Task Command Syntax Command Mode 1 Set the LACP timeout value to 30 seconds lacp long timeout CONFIG INT PO FTOS conf interface Gigabitethernet 3 15 FTOS conf if gi 3 15 no shutdown FTOS conf ...

Page 546: ...ing the command debug lacp See Monitor and Debugging LACP on page 546 Command Syntax Command Mode Purpose no debug lacp config events pdu in out interface in out EXEC Debug LACP including configuration and events FTOS conf interface port channel 32 FTOS conf if po 32 no shutdown FTOS conf if po 32 switchport FTOS conf if po 32 lacp long timeout FTOS conf if po 32 end FTOS show lacp 32 Port channel...

Page 547: ...me failover group Figure 24 6 Configuring Shared LAG State Tracking View the failover group configuration using the show running configuration po failover group command as shown in Figure 24 7 Figure 24 7 Viewing Shared LAG State Tracking in the Running configuration Step Task Command Command Mode 1 Enter port channel failover group mode port channel failover group CONFIGURATION 2 Create a failove...

Page 548: ...n Po 2 Note The set of console messages shown in Message 2 appear only if Shared LAG State Tracking is configured on that router the feature can be configured on one or both sides of a link For example in Figure 24 8 if Shared LAG State Tracking is configured on R2 only then no messages appear on R4 regarding the state of LAGs in a failover group P o 1 P o 2 fnC0049mp R1 R2 R3 R4 R2 conf port chan...

Page 549: ...between the two RPMs See Hitless Behavior on page 389 Configure LACP to be hitless using the command redundancy protocol lacp from CONFIGURATION mode as shown in Figure 24 10 Figure 24 10 Enabling Hitless LACP LACP Basic Configuration Example The screenshots in this section are based on the example topology shown in Figure 24 11 Two routers are named ALPHA and BRAVO and their hostname prompts refl...

Page 550: ... 12 Creating a LAG on ALPHA Gig 2 31 Gig 3 21 Gig 2 32 Gig 3 22 Gig 2 33 Gig 3 23 Port Channel 10 ALPHA BRAVO Alpha conf interface port channel 10 Alpha conf if po 10 no ip address Alpha conf if po 10 switchport Alpha conf if po 10 no shutdown Alpha conf if po 10 show config interface Port channel 10 no ip address switchport no shutdown Alpha conf if po 10 ...

Page 551: ...put Statistics 132 packets 16368 bytes 0 Vlans 0 64 byte pkts 12 over 64 byte pkts 120 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 132 Multicasts 0 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 136 packets 16718 bytes 0 underruns 0 64 byte pkts 15 over 64 byte pkts 121 over 127 byte pkts 0 over 255 byte pkts 0 over 511 ...

Page 552: ... 31 U Gi 2 32 U Gi 2 33 U ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 04 09 Queueing strategy fifo Input Statistics 621 packets 78732 bytes 0 Vlans 0 64 byte pkts 18 over 64 byte pkts 603 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 621 Multicasts 0 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output St...

Page 553: ...bution disabled M Partner Defaulted N Partner Non defaulted O Receiver is in expired state P Receiver is not in expired state Port Gi 2 31 is enabled LACP is enabled and mode is lacp Actor Admin State ACEHJLMP Key 10 Priority 32768 Oper State ACEGIKNP Key 10 Priority 32768 Partner Admin State BDFHJLMP Key 0 Priority 0 Oper State ACEGIKNP Key 10 Priority 32768 Port Gi 2 32 is enabled LACP is enable...

Page 554: ...wn Alpha conf if gi 2 31 port channel protocol lacp Alpha conf if gi 2 31 lacp port channel 10 mode active Alpha conf if gi 2 31 lacp no shut Alpha conf if gi 2 31 show config interface GigabitEthernet 2 31 no ip address port channel protocol LACP port channel 10 mode active no shutdown Alpha conf if gi 2 31 interface Port channel 10 no ip address switchport no shutdown interface GigabitEthernet 2...

Page 555: ...f int gig 3 21 Bravo conf no ip address Bravo conf no switchport Bravo conf shutdown Bravo conf if gi 3 21 port channel protocol lacp Bravo conf if gi 3 21 lacp port channel 10 mode active Bravo conf if gi 3 21 lacp no shut Bravo conf if gi 3 21 end interface GigabitEthernet 3 21 no ip address port channel protocol LACP port channel 10 mode active no shutdown Bravo conf if gi 3 21 end int port cha...

Page 556: ... on ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 15 05 Queueing strategy fifo Input Statistics 708 packets 89934 bytes 0 Vlans 0 64 byte pkts 15 over 64 byte pkts 693 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 708 Multicasts 0 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 705 packets 8...

Page 557: ...bers in this channel Gi 3 21 U Gi 3 22 U Gi 3 23 U ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 13 07 Queueing strategy fifo Input Statistics 2189 packets 278744 bytes 0 Vlans 0 64 byte pkts 32 over 64 byte pkts 2157 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 2189 Multicasts 0 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 ...

Page 558: ...Admin Key 10 Oper Key 10 Partner Oper Key 10 LACP LAG 10 is an aggregatable link A Active LACP B Passive LACP C Short Timeout D Long Timeout E Aggregatable Link F Individual Link G IN_SYNC H OUT_OF_SYNC I Collection enabled J Collection disabled K Distribution enabled L Distribution disabled M Partner Defaulted N Partner Non defaulted O Receiver is in expired state P Receiver is not in expired sta...

Page 559: ...ge 569 Microsoft Clustering on page 570 Configuring Redundant Pairs on page 573 Restricting Layer 2 Flooding on page 576 Far end Failure Detection on page 577 Managing the MAC Address Table FTOS provides the following management activities for the MAC address table Clear the MAC Address Table on page 560 Set the Aging Time for Dynamic Entries on page 560 Configure a Static MAC Address on page 561 ...

Page 560: ...amic address all interface vlan EXEC Privilege Task Command Syntax Command Mode Disable MAC address aging for all dynamic entries mac address table aging time 0 CONFIGURATION Specify an aging time mac address table aging time seconds Range 10 1000000 CONFIGURATION Task Command Syntax Command Mode Specify an aging time mac address table aging time seconds Range 1 1000000 INTERFACE VLAN FTOS Behavio...

Page 561: ... Command Syntax Command Mode Display the contents of the MAC address table address displays the specified entry aging time displays the configured aging time count displays the number of dynamic and static entries for all VLANs and the total number of entries dynamic displays only dynamic entries interface displays only entries for the specified interface static displays only static entries vlan d...

Page 562: ...ation move and station move FTOS Behavior When configuring MAC Learning Limit on a port or VLAN the configuration is accepted becomes part of running config and show mac learning limit interface before the system verifies that sufficient CAM space exists If the CAM check fails the a message is displayed E90MH 5 ACL_AGENT 2 ACL_AGENT_LIST_ERROR Unable to apply access list Mac Limit on GigabitEthern...

Page 563: ...n move is available only on platforms c s The station move option allows a MAC address already in the table to be learned off of another interface For example if you disconnect a network device from one interface and reconnect it to another interface the MAC address is learned on the new interface When the system detects this station move the system clears the entry learned on the original interfa...

Page 564: ...by entering the write config command the addresses are deleted from the running configuration do not have to be dynamically relearned and do not change when the switch reboots Any sticky MAC addresses learned after the write config is performed are not saved after a reboot The sticky MAC address option is supported on physical port and port channel interfaces it is not supported on VLAN interfaces...

Page 565: ...y learned MAC addresses are no longer converted to sticky MAC addresses After a line card reset a port or port channel interface enabled for sticky MAC learning dynamically learns the MAC addresses of devices attached to ports on other line cards only if the attached devices are transmitting continuous traffic on default VLAN 1 Note A Sticky MAC configuration limits the number of MAC addresses tha...

Page 566: ...tax Command Mode Display a list of all interfaces with a MAC learning limit show mac learning limit EXEC Privilege Task Command Syntax Command Mode Generate a system log message when the MAC learning limit is exceeded learn limit violation log INTERFACE Shut down the interface and generate a system log message when the MAC learning limit is exceeded learn limit violation shutdown INTERFACE Note On...

Page 567: ...ate VLAN between two customers that want to peer privately only the ports of these two ISPs would belong to this VLAN and they would peer via BGP In Figure 25 1 Per VLAN MAC Learning Limit is used on the access ports for the ISPs that have subscribed to private and public peering since these access ports are members of multiple VLANs Task Command Syntax Command Mode Display a list of all of the in...

Page 568: ...FTOS show mac learning limit interface gig 5 84 Interface Vlan Learning Dynamic Static Unknown SA Slot port Id Limit MAC count MAC count Drops Gi 5 84 2 2 0 0 0 Gi 5 84 5 0 0 0 FTOS show mac learning limit interface gig 5 84 vlan 2 Interface Vlan Learning Dynamic Static Unknown SA Slot port Id Limit MAC count MAC count Drops Gi 5 84 2 2 0 0 0 interface GigabitEthernet 1 1 mac learning limit 1 vlan...

Page 569: ...s employed consider that the server MAC address is originally learned on Port 0 1 of the switch Figure 25 3 When the NIC fails the same MAC address is learned on Port 0 5 of the switch The MAC address must be disassociated with the one port and re associated with another in the ARP table in other words the ARP entry must be moved To ensure that this happens you must configure the command mac addre...

Page 570: ... messages are generated Microsoft Clustering Microsoft Clustering is supported only on platform e Microsoft Clustering allows multiple servers using Microsoft Windows to be represented by one MAC address and IP address in order to provide transparent failover or balancing FTOS does not recognize server clusters by default it must be configured to do so Default Behavior When an ARP request is sent ...

Page 571: ...e 25 6 the server MAC address is given in the Ethernet frame header of the ARP reply while the virtual MAC address representing the cluster is given in the payload The ip vlan flooding command directs the system to discover that there are different MAC addresses in an ARP reply and associate the virtual MAC address with the VLAN connected to the cluster Then all traffic destined for the cluster is...

Page 572: ...ic if the feature is enabled Old ARP entries are not deleted or updated When a member port is deleted its ARP entries are also deleted from the CAM Port channels in the VLAN also receive traffic There is no impact on the configuration from saving the configuration The feature is not reflected in the output of the show arp command but is reflected in the output of the command show ipf fib The ARP e...

Page 573: ...the backup transitions to an active UP state If the primary interface fails and later comes back up it remains as the backup interface for the redundant pair FTOS supports only Gigabit and 10 Gigabit ports and port channels as primary backup interfaces in redundant pairs A port channel is also referred to as a Link Aggregation Group LAG See Port Channel Interfaces on page 428 for more information ...

Page 574: ...nterface in a redundant pair the following conditions apply If you use two port channel interfaces with different configurations in a redundant pair traffic is transmitted in the same way following a transition to the backup interface There is no difference in performance For example two port channels in a redundant pair can contain a different number and type of member ports or use different LACP...

Page 575: ...e gi 3 41 42 FTOS conf if range gi 3 41 42 do show ip int brief find 3 41 GigabitEthernet 3 41 unassigned YES Manual up up GigabitEthernet 3 42 unassigned NO Manual up down output omitted FTOS conf if range gi 3 41 42 interface gig 3 41 FTOS conf if gi 3 41 shutdown 00 24 53 RPM0 P CP IFMGR 5 ASTATE_DN Changed interface Admin state to down Gi 3 41 FTOS conf if gi 3 41 00 24 55 RPM0 P CP IFMGR 5 OS...

Page 576: ...ntified using a MAC address range you specify to be flooded on all ports regardless of the restrict flooding configuration Conversely if you want all multicast traffic to be flooded on all ports but some specific traffic to be restricted use mac flood list with the min speed option but without restrict flooding configured This configuration restricts flooding only for traffic with destination mult...

Page 577: ... Once FEFD is enabled on an interface it transitions to the Unknown state and sends an FEFD packet to the remote end of the link 3 When the local interface receives the echoed packet from the remote end the local interface transitions to the Bi directional state 4 If the FEFD enabled system is configured to use FEFD in Normal mode and neighboring echoes are not received after three intervals each ...

Page 578: ... on individual interfaces from INTERFACE mode Enable FEFD Globally To enable FEFD globally on all interfaces enter the command fefd global in CONFIGURATION mode Report interval frequency and mode adjustments can be made by supplementing this command as well Table 25 1 State Changes When Configuring FEFD Local Event Mode Local State Remote State Local Admin Status Local Protocol Status Remote Admin...

Page 579: ...s FEFD configuration which can be enabled again at any time 2 Activate the necessary ports administratively no shutdown INTERFACE 3 Enable fefd globally fefd interval mode CONFIGURATION Step Task Command Syntax Command Mode 1 Setup two or more connected interfaces for Layer 2 or Layer 3 use ip address ip address switchport INTERFACE 2 Activate the necessary ports administratively no shutdown INTER...

Page 580: ... 1 0 FTOS conf if gi 1 0 shutdown 2w1d22h RPM0 P CP IFMGR 5 ASTATE_DN Changed interface Admin state to down Gi 1 0 FTOS conf if gi 1 0 2w1d22h FEFD state on Gi 1 0 changed from ANY to Unknown 2w1d22h RPM0 P CP IFMGR 5 OSTATE_DN Changed interface state to down Gi 1 0 2w1d22h RPM0 P CP IFMGR 5 OSTATE_DN Changed interface state to down Gi 4 0 2w1d22h RPM0 P CP IFMGR 5 INACTIVE Changed Vlan interface ...

Page 581: ...g an RPM failover 02 05 2009 12 40 38 Local7 Debug 10 16 151 12 Feb 5 07 06 09 RPM1 S CP RAM 6 FAILOVER_REQ RPM failover request from active peer User request 02 05 2009 12 40 38 Local7 Debug 10 16 151 12 Feb 5 07 06 19 RPM1 P CP IFMGR 5 OSTATE_UP Changed interface state to up Gi 0 45 02 05 2009 12 40 38 Local7 Debug 10 16 151 12 Feb 5 07 06 19 RPM1 P CP FEFD 5 FEFD BIDIRECTION LINK DETECTED Inter...

Page 582: ...582 Layer 2 w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 583: ...defined by IEEE 802 1AB is a protocol that enables a LAN device to advertise its configuration and receive configuration information from adjacent LLDP enabled LAN infrastructure devices The collected information is stored in a management information base MIB on each device and is accessible via SNMP Protocol Data Units Configuration information is exchanged in the form of Type Length Value TLV se...

Page 584: ...hassis ID An administratively assigned name that identifies the LLDP agent 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received 3 Time to Live A value that tells the receiving agent how long the information contained in the TLV Value field is valid Optional Includes sub types of TLVs that advertise specific configuration information These sub ...

Page 585: ... indicate the kind of information in the following data field The sub types are determined by the owner of the OUI Figure 26 3 Organizationally Specific TLV IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802 1 and 802 3 working groups Table 26 2 as a basic part of LLDP the IEEE OUI is 00 80 C2 You can configure the Dell Force10 system to advertise any or all of t...

Page 586: ...D On Dell Force10 systems indicates the untagged VLAN to which a port belongs 127 Port and Protocol VLAN ID On Dell Force10 systems indicates the tagged VLAN to which a port belongs and the untagged VLAN to which a port belongs if the port is in hybrid mode 127 VLAN Name Indicates the user defined alphanumeric string that identifies the VLAN This TLV is supported on C Series only 127 Protocol Iden...

Page 587: ...rts LLDP device class 127 2 Network Policy Indicates the application type VLAN ID Layer 2 Priority and DSCP value 127 3 Location Identification Indicates the physical location of the device expressed in one of three possible formats Coordinate Based LCI Civic Address LCI Emergency Call Services ELIN 127 4 Extended Power via MDI Indicates power requirements priority and power status Inventory Manag...

Page 588: ...ise med the system begins transmitting this TLV Figure 26 4 LLDP MED Capabilities TLV 127 11 Inventory Asset ID Indicates a user specified device number to manage inventory 127 12 255 Reserved Table 26 4 FTOS LLDP MED Capabilities Bit Position TLV FTOS Support 0 LLDP MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI PSE Yes 4 Extended Power via MDI PD...

Page 589: ...ch a connection is made In this case configure the signaling application Table 26 6 Network Policy Applications Type Application Description 0 Reserved 1 Voice Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services 2 Voice Signaling Specify this application type only if voice control packets use a separate network policy than vo...

Page 590: ...the maximum amount of power that can be supplied on the port By default it is 15 4W which corresponds to a Power Value of 130 based on the TIA 1057 specification You can advertise a different Power Value using the max milliwatts option with the power inline auto static command Dell Force10 also honors the power value power requirement sent by the powered device when the port is configured for powe...

Page 591: ...um of 8000 total neighbors per system If the number of interfaces multiplied by 8 exceeds the maximum the system will not configure more than 8000 INTERFACE level configurations override all CONFIGURATION level configurations LLDP is not hitless LLDP Compatibility Spanning Tree and Force10 Ring Protocol blocked ports allow LLDPDUs 802 1X controlled ports do not allow LLDPDUs until the connected de...

Page 592: ...ode 1 Enter Protocol LLDP mode protocol lldp CONFIGURATION or INTERFACE 2 Enable LLDP no disable PROTOCOL LLDP R1 conf protocol lldp R1 conf lldp advertise Advertise TLVs disable Disable LLDP protocol globally end Exit from configuration mode exit Exit from LLDP configuration mode hello LLDP hello configuration mode LLDP mode configuration default rx and tx multiplier LLDP multiplier configuration...

Page 593: ...vlan id vlan name For 802 3 TLVs max frame size For TIA 1057 TLVs guest voice guest voice signaling location identification power via mdi softphone voice streaming video video conferencing video signaling voice voice signaling advertise management tlv dot1 tlv dot3 tlv med PROTOCOL LLDP Note vlan name is supported on C Series and S Series only 2 11 1 21 fnC0074mp LLDPDU R1 R2 R2 conf protocol lldp...

Page 594: ...rs detail as shown in Figure 26 12 Figure 26 11 Viewing Brief Information Advertised by Adjacent LLDP Agents R1 conf protocol lldp R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description hello 10 no disable R1 conf lldp R1 conf lldp exit R1 conf interface gigabitet...

Page 595: ...ent after 7 seconds The neighbors are given below Remote Chassis ID Subtype Mac address 4 Remote Chassis ID 00 01 e8 06 95 3e Remote Port Subtype Interface name 5 Remote Port ID GigabitEthernet 2 11 Local Port ID GigabitEthernet 1 21 Locally assigned remote Neighbor Index 4 Remote TTL 120 Information valid for next 120 seconds Time since last information change of this neighbor 01 50 16 Remote MTU...

Page 596: ...dp R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp mode rx Rx only tx Tx only R1 conf lldp mode tx R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size adverti...

Page 597: ...mand no multiplier Figure 26 15 R1 conf protocol lldp R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp mode rx Rx only tx Tx only R1 conf lldp mode tx R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id por...

Page 598: ...1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp multiplier 2 10 Multiplier default 4 R1 conf lldp multiplier 5 R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities sy...

Page 599: ...AB Len 4 Value Existing Repeater Bridge Router Enabled Repeater Bridge Router 1w1d19h TLV ENDOFPDU Len 0 1w1d19h Sending LLDP pkt out of Gi 1 2 of length 270 1w1d19h Packet dump 1w1d19h 01 80 c2 00 00 0e 00 01 e8 0d b7 3b 81 00 00 00 1w1d19h 88 cc 02 07 04 00 01 e8 0d b6 d6 04 14 05 47 69 1w1d19h 67 61 62 69 74 45 74 68 65 72 6e 65 74 20 31 2f 1w1d19h 32 06 02 00 78 0c cf 46 6f 72 63 65 31 30 20 4...

Page 600: ...ddresses defined for the system and and the ports through which they are enabled for transmission LLDP Statistics statsAgeoutsTotal lldpStatsRxPortAgeoutsTotal Total number of times that a neighbors information is deleted on the local system due to an rxInfoTTL timer expiration statsFramesDiscardedTot al lldpStatsRxPortFramesDiscar dedTotal Total number of LLDP frames received then discarded stats...

Page 601: ...emote lldpRemSysName 6 System Description system description Local lldpLocSysDesc Remote lldpRemSysDesc 7 System Capabilities system capabilities Local lldpLocSysCapSupported Remote lldpRemSysCapSupported 8 Management Address enabled capabilities Local lldpLocSysCapEnabled Remote lldpRemSysCapEnabled management address length Local lldpLocManAddrLen Remote lldpRemManAddrLen management address subt...

Page 602: ...otocol VLAN ID port and protocol VLAN supported Local lldpXdot1LocProtoVlanSupported Remote lldpXdot1RemProtoVlanSupported port and protocol VLAN enabled Local lldpXdot1LocProtoVlanEnabled Remote lldpXdot1RemProtoVlanEnabled PPVID Local lldpXdot1LocProtoVlanId Remote lldpXdot1RemProtoVlanId 127 VLAN Name VID Local lldpXdot1LocVlanId Remote lldpXdot1RemVlanId VLAN name length Local lldpXdot1LocVlan...

Page 603: ... Remote lldpXMedRemMediaPolicyAp pType Unknown Policy Flag Local lldpXMedLocMediaPolicyUnk nown Remote lldpXMedLocMediaPolicyUnk nown Tagged Flag Local lldpXMedLocMediaPolicyTag ged Remote lldpXMedLocMediaPolicyTag ged VLAN ID Local lldpXMedLocMediaPolicyVla nID Remote lldpXMedRemMediaPolicyVl anID L2 Priority Local lldpXMedLocMediaPolicyPrio rity Remote lldpXMedRemMediaPolicyPri ority DSCP Value ...

Page 604: ...emote lldpXMedRemXPoEPSEPowe rSource lldpXMedRemXPoEPDPower Source Power Priority Local lldpXMedLocXPoEPDPowerP riority lldpXMedLocXPoEPSEPortP DPriority Remote lldpXMedRemXPoEPSEPowe rPriority lldpXMedRemXPoEPDPower Priority Power Value Local lldpXMedLocXPoEPSEPortPo werAv lldpXMedLocXPoEPDPower Req Remote lldpXMedRemXPoEPSEPowe rAv lldpXMedRemXPoEPDPower Req Table 26 10 LLDP MED System MIB Objec...

Page 605: ...e and exclude sources and is analogous to IGMP version 3 MLD Version 1 Routers use MLD to learn which multicast addresses have listeners on each of their attached links For each link the router keeps a list of which multicast addresses have listeners and a timer associated with each of those addresses There are three types of MLD messages Multicast Listener Query a message sent by the Queerer to l...

Page 606: ... nodes multicast address FF02 1 A host that wants to join a multicast group responds to the general query with a report that contains in the MLD Multicast Address field Figure 27 1 the group address the report is also addressed to the group in the IPv6 Destination Address field To avoid duplicate reporting any host that hears a report from another host for the same group in which it itself is inte...

Page 607: ...ere are two types of MLDv2 messages Multicast Listener Query a message sent by the Querier to discover multicast listeners Figure 27 2 General Query a query to which all listeners should respond Multicast Address Specific Query a query to which listeners for the specified group should respond to affirm their membership Multicast Address and Source Specific Query a query to determine if there are a...

Page 608: ...er query interval ipv6 mld query interval ipv6 mld query max resp time Enabling MLD MLD is enabled automatically when IPv6 PIM is enabled Related MLD Configuration Tasks Change MLD Timer Values on page 609 Reduce Host Response Burstiness on page 609 Reduce Leave Latency on page 609 Configure a Static Group on page 610 Clear MLD Groups on page 611 Change the MLD Version on page 611 Version 6 Traffi...

Page 609: ...umber less than the Query Response Interval upon receiving a general query and send a report when the timer expires Increasing this value spreads host responses over a greater period of time and so reduces response burstiness Reduce Leave Latency Leave Latency is the amount of time after the last host leaves the MLD group that the router stops forwarding traffic for that group Latency is introduce...

Page 610: ...em to remove specified groups immediately after receiving a Leave message to reduce leave latency Configure a Static Group A group is entered into the group membership table if it has at least one member Host memberships expire When all memberships for a group expire the group is removed from the group membership table Hosts keep their memberships active by responding to queries You can configure ...

Page 611: ...e interested hosts which is a waste of bandwidth MLD Snooping enables switches to use information in MLD packets to generate a forwarding table that associates ports with multicast groups so that when they receive multicast frames they can forward them only to interested receivers Task Command Syntax Command Mode Display MLD groups Group information can be filtered see the FTOS Command Line Refere...

Page 612: ... to distinguish these queries from router queries If the system receives a query with a non zero address any VLAN interface it stops sending queries When a VLAN configured with snooping querier comes up the VLAN interface waits for querier timeout to expire before becoming querier Disable Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not lear...

Page 613: ... a source and group pair S G based on received MLDv2 include reports MLDv2 Snooping is compatible with MLDv1 hosts and selects a port as dynamic mrouter port when it receives Membership Query on that port Port Inheritance on Mixed MLD Mode VLANs A mixed MLD mode VLAN is one which has multiple hosts belonging to the same group but some hosts exclude a source S G and others include the same source S...

Page 614: ...raffic is forwarded out of only Port 3 which means that Port 1 which requested traffic from all sources would be denied S G traffic To reconcile this behavior FTOS adds G ports to S G entries These inherited ports are marked with an asterisk to differentiate them from ports that have been snooped In Figure 27 4 the S G entry inherits Port 1 from the G entry Now S G traffic is forwarded out Ports 1...

Page 615: ...ary defined by an exterior gateway protocol such as BGP Each RP peers with every other RP via TCP Through this connection peers advertise the sources in their domain 1 When an RP in a PIM SM domain receives a PIM register message from a source it sends a Source Active SA message Figure 28 1 to MSDP peers 2 Each MSDP peer receives and forwards the message to its peers away from the originating RP 3...

Page 616: ...OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446 AS X AS Y RP1 RP R1 R2 R3 R4 1 1 1 21 2 11 3 21 3 41 4 31 4 1 1 2 PC 1 Receiver PC 3 Receiver 2 1 PC 2 Source O S P F Area 0 O S P F Area 0 P I M IGMP P I M IGMP MSDP Peership BGP Source Port Seq Number Dest Port 639 Type Length Entry Count RP Address MSDP 001 Reserved Sprefix Length 32 Group Add...

Page 617: ... the PIM SM configuration in this chapter for MSDP Otherwise see Chapter 34 PIM Sparse Mode on page 755 3 Enable MSDP See page 622 4 Peer the RPs in each routing domain with each other See page 622 Related Configuration Tasks Enable MSDP on page 622 Manage the Source active Cache on page 622 Accept Source active Messages that fail the RFP Check on page 624 Limit the Source active Messages from a P...

Page 618: ...hernet 2 1 ip pim sparse mode ip address 10 11 4 1 24 no shutdown interface GigabitEthernet 2 11 ip pim sparse mode ip address 10 11 1 21 24 no shutdown interface GigabitEthernet 2 31 ip pim sparse mode ip address 10 11 0 23 24 no shutdown interface Loopback 0 ip address 192 168 0 2 32 no shutdown interface GigabitEthernet 3 21 ip pim sparse mode ip address 10 11 0 32 24 no shutdown interface Giga...

Page 619: ...00 conf do show run bgp router bgp 100 redistribute ospf 1 neighbor 192 168 0 3 remote as 200 neighbor 192 168 0 3 ebgp multihop 255 neighbor 192 168 0 3 update source Loopback 0 neighbor 192 168 0 3 no shutdown Area 0 router ospf 1 network 10 11 6 0 24 area 0 network 192 168 0 3 32 area 0 redistribute static redistribute connected redistribute bgp 200 R3_E600 conf do show run bgp router bgp 200 r...

Page 620: ...1 1 2 PC 2 Source 239 0 0 1 PC 3 Receiver 239 0 0 1 2 1 PC 2 Receiver 239 0 0 1 ip multicast routing ip pim rp address 192 168 0 1 group address 224 0 0 0 4 ip multicast routing ip pim rp address 192 168 0 1 group address 224 0 0 0 4 P I M I G M P ip multicast routing ip pim rp address 192 168 0 3 group address 224 0 0 0 4 P I M I G M P ip multicast routing ip pim rp address 192 168 0 3 group addr...

Page 621: ...0 0 1 uptime 21 07 53 expires 00 02 30 RP 192 168 0 3 flags S Incoming interface Null RPF neighbor 0 0 0 0 Outgoing interface list GigabitEthernet 3 41 Forward Sparse 21 07 53 00 02 30 10 11 4 2 239 0 0 1 uptime 16 56 34 expires 00 02 02 flags TM Incoming interface GigabitEthernet 3 21 RPF neighbor 10 11 0 23 Outgoing interface list GigabitEthernet 3 41 Forward Sparse 16 48 48 00 02 30 R3_E600 con...

Page 622: ...n local receivers experience a lower join latency Step Task Command Syntax Command Mode 1 Enable MSDP ip multicast msdp CONFIGURATION 2 PeerPIM systems in different administrative domains ip msdp peer connect source CONFIGURATION Task Command Syntax Command Mode View details about about a peer show ip msdp peer EXEC Privilege R3_E600 conf ip multicast msdp R3_E600 conf ip msdp peer 192 168 0 1 con...

Page 623: ...pplied the sources that are already in FTOS are not discarded To enforce the limit in such a situation use the command clear ip msdp sa cache to clear all existing entries Clear the Source active Cache Enable the Rejected Source active Cache Active sources can be rejected because the RPF check failed the SA limit is reached Task Command Syntax Command Mode View the SA cache show ip msdp sa cache E...

Page 624: ...een them is still up In this case RP1 learns all active sources from RP3 the but the sources from RP2 and RP4 are rejected because the reverse path to these routers is through Interface A In Scenario 3 RP3 is configured as a default MSDP peer for RP1 and so the RPF check is disregarded for RP3 In Scenario 4 RP1 has a default peer plus an access list The list permits RP4 so the RPF check is disrega...

Page 625: ...p RP1 RP2 RP3 RP4 RP5 S4 G4 S5 G5 S2 G2 S3 G3 Group Source RP Peer G2 S2 RP2 R2 G3 S3 RP3 R3 G4 S4 RP4 R4 G5 S5 RP5 R5 Scenario 1 Interface A Interface B Peersh i p F a i l M S D P P e e r s h i p RP1 RP2 RP3 RP4 RP5 S4 G4 S5 G5 S2 G2 S3 G3 Group Source RP Peer G2 S2 RP2 R3 RPF Fail G3 S3 RP3 R3 G4 S4 RP4 R3 RPF Fail G5 S5 RP5 R3 Scenario 2 Interface A Interface B Peersh i p F a i l M S D P P e e ...

Page 626: ...eceived after the limit is reached in the rejected SA cache ip msdp cache rejected sa CONFIGURATION Set the upper limit for the number of sources allowed from an MSDP peer The default limit is 100K ip msdp peer peer address sa limit CONFIGURATION FTOS conf ip msdp peer 10 0 50 2 connect source Vlan 50 FTOS conf ip msdp default peer 10 0 50 2 list fifty FTOS conf ip access list standard fifty FTOS ...

Page 627: ...and Syntax Command Mode OPTIONAL Cache sources that are denied by the redistribute list in the rejected SA cache ip msdp cache rejected sa CONFIGURATION Prevent the system from caching local SA entries based on source and group using an extended ACL ip msdp redistribute list CONFIGURATION R1_E600 conf do show run msdp ip multicast msdp ip msdp peer 192 168 0 3 connect source Loopback 0 ip msdp red...

Page 628: ... msdp sa filter list out peer list ext acl CONFIGURATION Router 3 R3_E600 conf do show run msdp ip multicast msdp ip msdp peer 192 168 0 1 connect source Loopback 0 ip msdp sa filter in 192 168 0 1 list myremotefilter R3_E600 conf do show run acl ip access list extended myremotefilter seq 5 deny ip host 239 0 0 1 host 10 11 4 2 R3_E600 conf do show ip msdp sa cache MSDP Source Active Cache 1 entri...

Page 629: ...xt acl CONFIGURATION Router 1 R1_E600 conf do show run msdp ip multicast msdp ip msdp peer 192 168 0 3 connect source Loopback 0 ip msdp sa filter out 192 168 0 3 list mylocalfilter R1_E600 conf do show run acl ip access list extended mylocalfilter seq 5 deny ip host 239 0 0 1 host 10 11 4 2 seq 10 deny ip any any R1_E600 conf do show ip msdp sa cache MSDP Source Active Cache 1 entries GroupAddr S...

Page 630: ...p log adjacency changes CONFIGURATION Task Command Syntax Command Mode Terminate the TCP connection with a peer ip msdp shutdown CONFIGURATION Router 3 R3_E600 conf ip msdp shutdown 192 168 0 1 R3_E600 conf do show ip msdp peer Peer Addr 192 168 0 1 Local Addr 0 0 0 0 0 Connect Source Lo 0 State Shutdown Up Down Time 00 00 18 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in ou...

Page 631: ...blished Up Down Time 00 04 26 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 5 0 SAs learned from this peer 0 SA Filtering Input S G filter myremotefilter Output S G filter none R3_E600 conf do clear ip msdp peer 192 168 0 1 R3_E600 conf do show ip msdp peer Peer Addr 192 168 0 1 Local Addr 0 0 0 0 0 Connect Source Lo 0 State Inactive Up Down Time 00 00 04 Timers KeepAli...

Page 632: ...ce when an active RP fails When multiple RPs are configured there can be considerable convergence delay involved in switching to the backup RP Anycast RP relieves these limitations by allowing multiple RPs per group which can be distributed in a topologically significant manner according to the locations of the sources and receivers 1 All the RPs serving a given group are configured with an identi...

Page 633: ...tgoing interface list GigabitEthernet 1 1 Forward Sparse 00 00 09 Never 10 11 4 2 239 0 0 1 uptime 00 00 05 expires 00 03 25 flags CTM Incoming interface GigabitEthernet 1 21 RPF neighbor 10 11 1 21 Outgoing interface list GigabitEthernet 1 1 Forward Sparse 00 00 09 Never 10 11 4 2 239 0 0 1 uptime 00 00 52 expires 00 03 20 flags FTA Incoming interface GigabitEthernet 2 1 RPF neighbor 0 0 0 0 Outg...

Page 634: ... of RPs has a peership with all other RPs in the set When an RP is a member of the mesh group it forwards active source information only to its peers outside of the group Specify the RP Address Used in SA Messages The default originator id is the address of the RP that created the message In the case of Anycast RP there are multiple RPs all with the same address You can use the unique address of a...

Page 635: ... 1 12 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 1 32 no shutdown interface Loopback 1 ip address 192 168 0 11 32 no shutdown router ospf 1 network 10 11 2 0 24 area 0 network 10 11 1 0 24 area 0 network 10 11 3 0 24 area 0 network 192 168 0 11 32 area 0 ip multicast msdp ip msdp peer 192 168 0 3 connect source Loopback 1 ip msdp peer 192 168 0 22 connect source Lo...

Page 636: ...192 168 0 1 32 no shutdown interface Loopback 1 ip address 192 168 0 22 32 no shutdown router ospf 1 network 10 11 1 0 24 area 0 network 10 11 4 0 24 area 0 network 192 168 0 22 32 area 0 redistribute static redistribute connected redistribute bgp 100 router bgp 100 redistribute ospf 1 neighbor 192 168 0 3 remote as 200 neighbor 192 168 0 3 ebgp multihop 255 neighbor 192 168 0 3 no shutdown ip mul...

Page 637: ... 10 11 6 0 24 area 0 network 192 168 0 3 32 area 0 redistribute static redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192 168 0 22 remote as 100 neighbor 192 168 0 22 ebgp multihop 255 neighbor 192 168 0 22 update source Loopback 0 neighbor 192 168 0 22 no shutdown ip multicast msdp ip msdp peer 192 168 0 11 connect source Loopback 0 ip msdp peer 192 168 0 ...

Page 638: ...hernet 1 1 ip pim sparse mode ip address 10 11 3 1 24 no shutdown interface GigabitEthernet 1 2 ip address 10 11 2 1 24 no shutdown interface GigabitEthernet 1 21 ip pim sparse mode ip address 10 11 1 12 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 1 32 no shutdown router ospf 1 network 10 11 2 0 24 area 0 network 10 11 1 0 24 area 0 network 192 168 0 1 32 area 0 net...

Page 639: ...e ip address 10 11 0 23 24 no shutdown interface Loopback 0 ip address 192 168 0 2 32 no shutdown router ospf 1 network 10 11 1 0 24 area 0 network 10 11 4 0 24 area 0 network 192 168 0 2 32 area 0 redistribute static redistribute connected redistribute bgp 100 router bgp 100 redistribute ospf 1 neighbor 192 168 0 3 remote as 200 neighbor 192 168 0 3 ebgp multihop 255 neighbor 192 168 0 3 update s...

Page 640: ...entEthernet 0 0 ip address 10 11 80 3 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 3 32 no shutdown router ospf 1 network 10 11 6 0 24 area 0 network 192 168 0 3 32 area 0 redistribute static redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192 168 0 2 remote as 100 neighbor 192 168 0 2 ebgp multihop 255 neighbor 192 168 0 2 upd...

Page 641: ... 1 24 no shutdown interface GigabitEthernet 4 22 ip address 10 10 42 1 24 no shutdown interface GigabitEthernet 4 31 ip pim sparse mode ip address 10 11 6 43 24 no shutdown interface Loopback 0 ip address 192 168 0 4 32 no shutdown router ospf 1 network 10 11 5 0 24 area 0 network 10 11 6 0 24 area 0 network 192 168 0 4 32 area 0 ip pim rp address 192 168 0 3 group address 224 0 0 0 4 ...

Page 642: ...642 Multicast Source Discovery Protocol w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 643: ...e total number of required instances In contrast PVST allows a spanning tree instance for each VLAN This 1 1 approach is not suitable if you have many VLANs because each spanning tree instance costs bandwidth and processing resources In Figure 29 1 three VLANs are mapped to two Multiple Spanning Tree instances MSTI VLAN 100 traffic takes a different path than VLAN 200 and 300 traffic The behavior ...

Page 644: ...iple Spanning Tree Protocol See page 645 4 Create Multiple Spanning Tree Instances and map VLANs to them See page 645 Related Configuration Tasks Create Multiple Spanning Tree Instances on page 645 Add and Remove Interfaces on page 645 Influence MSTP Root Selection on page 647 Interoperate with Non FTOS Bridges on page 647 Modify Global Parameters on page 648 Modify Interface Parameters on page 65...

Page 645: ... on the interface using the command no spanning tree 0 re enable it using the command spanning tree 0 Remove an interface from the MSTP topology using the command no spanning tree 0 command See also Removing an Interface from the Spanning Tree Group on page 1054 for BPDU Filtering behavior Create Multiple Spanning Tree Instances A single MSTI provides no more benefit than RSTP To take full advanta...

Page 646: ...forward delay 15 max hops 19 Bridge Identifier has priority 32768 Address 0001 e80d b6d6 Configured hello time 2 max age 20 forward delay 15 max hops 20 Current root has priority 32768 Address 0001 e806 953e Number of topology changes 2 last change occured 1d2h ago on Gi 1 21 Port 374 GigabitEthernet 1 21 is root Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 374 Designated ...

Page 647: ...to instance mapping is the placement of a VLAN in an MSTI For a bridge to be in the same MSTP region as another all three of these qualities must match exactly The default values for name and revision will match on all Dell Force10 FTOS equipment If you have non FTOS equipment that will participate in MSTP ensure these values to match on all the equipment Task Command Syntax Command Mode Assign a ...

Page 648: ...f time the bridge maintains configuration information before it refreshes that information by recomputing the MST topology Max hops is the maximum number of hops a BPDU can travel before a receiving switch discards it To change MSTP parameters use the following commands on the root bridge Task Command Syntax Command Mode Change the region name name name PROTOCOL MSTP Change the region revision num...

Page 649: ...increase the hello time Range 1 to 10 Default 2 seconds hello time seconds PROTOCOL MSTP Change the max age parameter Range 6 to 40 Default 20 seconds max age seconds PROTOCOL MSTP Change the max hops parameter Range 1 to 40 Default 20 max hops number PROTOCOL MSTP Task Command Syntax Command Mode FTOS conf mstp forward delay 16 FTOS conf mstp exit FTOS conf do show running config spanning tree ms...

Page 650: ... the port cost or priority of an interface View the current values for these interface parameters using the command show config from INTERFACE mode See Figure 29 8 Table 29 2 MSTP Default Port Cost Values Port Cost Default Value 100 Mb s Ethernet interfaces 200000 1 Gigabit Ethernet interfaces 20000 10 Gigabit Ethernet interfaces 2000 Port Channel with 100 Mb s Ethernet interfaces 180000 Port Chan...

Page 651: ...ommand Syntax Command Mode Enable EdgePort on an interface spanning tree mstp edge port bpduguard shutdown on violation INTERFACE FTOS Behavior Regarding bpduguard shutdown on violation behavior 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware 2 When a physical port is added to a port channel already in error disable state the new member po...

Page 652: ...ior The following conditions apply to a port enabled with root guard Root guard is supported on any MSTP enabled port or port channel interface except when used as a stacking port Root guard is supported on a port in any Spanning Tree mode Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Per VLAN Spanning Tree Plus PVST When enabled on a port root g...

Page 653: ... Behavior The following conditions apply to a port enabled with loop guard Loop guard is supported on any MSTP enabled port or port channel interface Loop guard is supported on a port or port channel in any Spanning Tree mode Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Per VLAN Spanning Tree Plus PVST Root guard and loop guard cannot be enabled...

Page 654: ...p from EXEC Privilege mode Displaying STP Guard Configuration To verify the STP guard configured on MSTP interfaces enter the show spanning tree msti instance number guard command Refer to Chapter 52 Spanning Tree Protocol on page 1049 for information on how to configure and use the STP root guard loop guard and BPDU guard features Figure 29 9 shows an example for instance 5 in an MSTP network in ...

Page 655: ...own in Figure 29 10 The configurations are from FTOS systems An S50 system using SFTOS configured as shown Figure 29 14 could be substituted for an FTOS router in this sample following topology and MSTP would function as designed Figure 29 10 MSTP with Three VLANs Mapped to Two Spanning Tree Instances R1 R2 R3 1 2 3 1 3 2 1 3 2 1 2 3 root Forwarding Blocking ...

Page 656: ... shutdown interface GigabitEthernet 1 31 no ip address switchport no shutdown interface Vlan 100 no ip address tagged GigabitEthernet 1 21 31 no shutdown interface Vlan 200 no ip address tagged GigabitEthernet 1 21 31 no shutdown interface Vlan 300 no ip address tagged GigabitEthernet 1 21 31 no shutdown Enable MSTP globally Set Region Name and Revision Map MSTP Instances to VLANs Assign Layer 2 i...

Page 657: ...bitEthernet 2 31 no ip address switchport no shutdown interface Vlan 100 no ip address tagged GigabitEthernet 2 11 31 no shutdown interface Vlan 200 no ip address tagged GigabitEthernet 2 11 31 no shutdown interface Vlan 300 no ip address tagged GigabitEthernet 2 11 31 no shutdown Set Region Name and Revision Map MSTP Instances to VLANs Assign Layer 2 interfaces to MSTP topology Create VLANs mappe...

Page 658: ... shutdown interface GigabitEthernet 3 21 no ip address switchport no shutdown interface Vlan 100 no ip address tagged GigabitEthernet 3 11 21 no shutdown interface Vlan 200 no ip address tagged GigabitEthernet 3 11 21 no shutdown interface Vlan 300 no ip address tagged GigabitEthernet 3 11 21 no shutdown Set Region Name and Revision Map MSTP Instances to VLANs Assign Layer 2 interfaces to MSTP top...

Page 659: ...an 2 300 interface 1 0 31 no shutdown spanning tree port mode enable switchport protected 0 exit interface 1 0 32 no shutdown spanning tree port mode enable switchport protected 0 exit interface vlan 100 tagged 1 0 31 tagged 1 0 32 exit interface vlan 200 tagged 1 0 31 tagged 1 0 32 exit interface vlan 300 tagged 1 0 31 tagged 1 0 32 exit Set Region Name and Revision Map MSTP Instances to VLANs As...

Page 660: ...ching MSTP Region Name and Revision The configured name and revisions must be identical among all the routers Is the Region name blank That may mean that a name was configured on one router and but was not configured or was configured differently on another router spelling and capitalization counts MSTP Instances Use the show commands to verify the VLAN to MSTP Instance mapping Are there extra MST...

Page 661: ... 2 21 ProtId 0 Ver 3 Bpdu Type MSTP Flags 0x78Same Region CIST Root Bridge Id 32768 0001 e806 953e Ext Path Cost 0 Regional Bridge Id 32768 0001 e806 953e CIST Port Id 128 470 Msg Age 0 Max Age 20 Hello 2 Fwd Delay 15 Ver1 Len 0 Ver3 Len 96 Name Tahiti Rev 123 Int Root Path Cost 0 Rem Hops 19 Bridge Id 32768 0001 e8d5 cbbd 4w0d4h INST 1 Flags 0x78 Reg Root 32768 0001 e806 953e Int Root Cost 0 Brg ...

Page 662: ...662 Multiple Spanning Tree Protocol w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 663: ...page 674 Multicast Quality of Service on page 675 Optimize the E Series for Multicast Traffic on page 675 Tune the Central Scheduler for Multicast on page 676 FTOS supports the following multicast protocols PIM Sparse Mode on page 755 PIM Dense Mode on page 747 PIM Source Specific Mode on page 777 Internet Group Management Protocol on page 403 Multicast Listener Discovery on page 605 Multicast Sou...

Page 664: ...gure 30 1 the receiver joins three groups The last hop DR initially has two equal cost routes to the RP with no streams so it non deterministically selects Route 1 for the Group 1 IGMP Join message Route 1 then has one stream associated with it so the last hop DR sends the Group 2 Join by Route 2 It then non deterministically selects Route 2 for the Group 3 Join since both routes already have one ...

Page 665: ...the same entry and are forwarded to the CPU Therefore do not use well known protocol multicast addresses for data transmission such as the ones below The FTOS implementation of MTRACE is in accordance with IETF draft draft fenner traceroute ipm Multicast is not supported on secondary IP addresses Egress L3 ACL is not applied to multicast data traffic if multicast routing is enabled Multicast Polic...

Page 666: ...mit is reached FTOS displays Message 1 Task Command Syntax Command Mode Limit the total number of multicast routes on the system ip multicast limit Range 1 50000 Default 15000 CONFIGURATION Note FTOS waits at least 30 seconds between stopping and starting IGMP join processing You may experience this delay when manipulating the limit after it is reached Message 1 Multicast Route Limit Error 3w1d13h...

Page 667: ...ing table Note For rules in IGMP access lists source is the multicast source not the source of the IGMP packet For IGMPv2 use the keyword any for source as shown in Figure 30 2 since IGMPv2 hosts do not know in advance who the source is for the group in which they are interested FTOS Behavior Do not enter the command ip igmp access group before creating the access list If you do upon entering your...

Page 668: ...utdown interface GigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown RP Group 239 0 0 1 239 0 0 2 R1 conf if vl 300 do show ip pim tib PIM Multicast Routing Table Flags D Dense S Sparse C Connected L Local P Pruned R RP bit set F Register flag T SPT bit set J Join SPT M MSDP created entry A Candidate for MSDP Advertisement K Ack Pending State Timers Uptime Expires Interface ...

Page 669: ...ighbor filter command from INTERFACE mode Prevent a Source from Registering with the RP Use the command ip pim register filter from CONFIGURATION mode to prevent a source from transmitting to a particular group This command prevents the PIM source DR from sending register packets to RP for the specified multicast source and group if the source DR never sends register packets to the RP no hosts can...

Page 670: ...itEthernet 1 31 RPF neighbor 10 11 13 2 Outgoing interface list Vlan 400 Forward Sparse 00 00 43 Never 239 0 0 2 uptime 00 00 40 expires 00 00 00 RP 10 11 12 2 flags SCJ Incoming interface GigabitEthernet 1 21 RPF neighbor 10 11 12 2 Outgoing interface list Vlan 300 Forward Sparse 00 00 40 Never 10 11 5 2 239 0 0 2 uptime 00 00 33 expires 00 03 07 flags CT Incoming interface GigabitEthernet 1 31 R...

Page 671: ...ddress table static multicast vlan output range command Step Task Command Syntax Command Mode 1 Enable Layer 2 multicast switching ip multicast mode l2 CONFIGURATION Note Enabling Layer 2 multicast switching automatically disables default Layer 3 multicast routing on the router 2 Configure a static multicast MAC address associate the multicast MAC address with the VLAN used to switch Layer 2 multi...

Page 672: ...outer enter the show mac address table static multicast count vlan vlan id command in EXEC mode Figure 30 6 show mac address table static multicast count Command Example Figure 30 7 show mac address table static multicast count vlan Command Example FTOS show mac address table static multicast VlanId Mac Address Type State L2MCIndex Interfaces 10 01 00 5e 01 01 01 static Active 0 Gi 1 2 Gi 2 47 11 ...

Page 673: ...McastFib CAM region which has a fixed number of entries Any limit configured via the CLI is superseded by this hardware limit The opposite is also true the CAM might not be exhausted at the time the CLI configured route limit is reached Prevent an IPv6 Neighbor from Forming an Adjacency Task Command Syntax Command Mode Limit the total number of IPv6 multicast routes on the system ipv6 multicast li...

Page 674: ...pv6 pim register filter access list CONFIGURATION FTOS conf ipv6 pim register filter REG FIL_ACL FTOS conf ipv6 access list REG FIL_ACL FTOS conf ipv6 acl deny ipv6 165 87 34 10 128 ff0e 225 1 2 0 112 FTOS conf ipv6 acl permit ipv6 any any FTOS conf ipv6 acl exit Task Command Syntax Command Mode Permit or deny PIM Join Prune messages on an interface using an access list This command prevents the P...

Page 675: ...ze the E Series for Multicast Traffic Optimize the E Series for Multicast Traffic is supported only on platform e The default hardware settings for the E series are for unicast applications like data centers and ISP networks This means that the E Series gives priority to unicast data forwarding rather than multicast data forwarding For multicast intensive applications like trading Dell Force10 rec...

Page 676: ...ord bandwidth percent For example allocate 80 of egress bandwidth to multicast on all line cards using the command queue egress multicast linecard all bandwidth percent 80 Tune the Central Scheduler for Multicast The Central Scheduler is responsible for scheduling unicast and multicast packets via the Terabit backplane The default configuration of the Central Scheduler is optimized for network env...

Page 677: ...s Routing status of Layer 3 interfaces IPv4 and IPv6 Reachability of IPv4 and IPv6 routes Metric thresholds of IPv4 and IPv6 routes In future releases environmental alarms and available free memory will be supported You can configure client applications such VRRP to receive a notification when the state of a tracked object changes For example Figure 31 1 shows how object tracking is performed Rout...

Page 678: ...configure a tracked object such as an IPv4 IPv6 a route or interface you specify an object number to identify the object Optionally you can also specify UP and DOWN thresholds used to report changes in a route metric A time delay before changes in a tracked object s state are reported to a client Tracking Layer 2 Interfaces You can create an object to track the line protocol state of a Layer 2 int...

Page 679: ...cked in either the following ways By the reachability of the route s next hop router By comparing the UP or DOWN threshold for a route s metric with current entries in the route table Tracking Route Reachability If you configure the reachability of an IP route entry as a tracked object the UP DOWN state of the route is determined by the entry of the next hop address in the ARP cache A tracked rout...

Page 680: ...6 to scale it a RIP metric of 16 unreachable scales to 256 which considers the route to be DOWN For example to configure object tracking for a RIP route to be considered UP only if the RIP hop count is less than or equal to 4 you would configure the UP threshold to be 64 4 x 16 and the DOWN threshold to be 65 Setting Tracking Delays You can configure an optional UP and or DOWN timer for each track...

Page 681: ... can create an object that tracks the line protocol state of a Layer 2 interface and monitors its operational status UP or DOWN You can track the status of any of the following Layer 2 interfaces 1 Gigabit Ethernet Enter gigabitethernet slot port in the track interface interface command see Step 1 below 10 Gigabit Ethernet Enter tengigabitethernet slot port Port channel Enter port channel number w...

Page 682: ...VLAN Enter vlan vlan id where valid VLAN IDs are from 1 to 4094 Step Task Command Syntax Command Mode 1 Configure object tracking on the line protocol state of a Layer 2 interface track object id interface interface line protocol Valid object IDs are from 1 to 65535 CONFIGURATION 2 Optional Configure the time delay used before communicating a change in the status of a tracked interface delay up se...

Page 683: ...rface use the following commands To remove object tracking on a Layer 3 IPv4 IPv6 interface enter the no track object id command Figure 31 3 Command Example track interface ip routing Step Task Command Syntax Command Mode 1 Configure object tracking on the routing status of an IPv4 or IPv6 interface track object id interface interface ip routing ipv6 routing Valid object IDs are from 1 to 65535 CO...

Page 684: ...the route s next hop address If the next hop address in the ARP cache ages out for a route tracked for its reachability an attempt is made to regenerate the ARP cache entry to see if the next hop address appears before con sidering the route DOWN By comparing the threshold for a route s metric with current entries in the route table The UP DOWN state of the tracked route is determined by the thres...

Page 685: ...te use the following commands To remove object tracking enter the no track object id command Step Task Command Syntax Command Mode 1 Configure object tracking on the reachability of an IPv4 or IPv6 route track object id ip route ip address prefix len ipv6 route ipv6 address prefix len reachability vrf vrf name Valid object IDs are from 1 to 65535 Enter an IPv4 address in dotted decimal format vali...

Page 686: ...fix len ipv6 route ipv6 address prefix len metric threshold vrf vrf name Valid object IDs are from 1 to 65535 Enter an IPv4 address in dotted decimal format Valid IPv4 prefix lengths are from 0 to 32 Enter an IPv6 address in X X X X X format Valid IPv6 prefix lengths are from 0 to 128 Optional E Series only For an IPv4 route you can enter a VRF name CONFIGURATION FTOS conf track 104 ip route 10 0 ...

Page 687: ... Default UP threshold 254 The routing state is UP if the scaled route metric is less than or equal to the UP threshold Default DOWN threshold 255 The routing state is DOWN if the scaled route metric is greater than or equal to the DOWN threshold OBJECT TRACKING 6 Optional Display the tracking configuration show track object id EXEC Privilege Step Task Command Syntax Command Mode FTOS conf track 6 ...

Page 688: ...ility Reachability is Down route not in route table 2 changes last change 00 16 08 Tracked by Track 2 IPv6 route 2040 64 metric threshold Metric threshold is Up STATIC 0 0 5 changes last change 00 02 16 Metric threshold down 255 up 254 First hop interface is GigabitEthernet 13 2 Tracked by VRRP GigabitEthernet 7 30 IPv6 VRID 1 Track 3 IPv6 route 2050 64 reachability Reachability is Up STATIC 5 cha...

Page 689: ...ISIS 1 OSPF 1 IPv6 Route Resolution ISIS 1 OSPF 1 FTOS show track vrf red Track 5 IP route 192 168 0 0 24 reachability Vrf red Reachability is Up CONNECTED 3 changes last change 00 02 39 First hop interface is GigabitEthernet 13 4 Tracked by FTOS show running config track track 1 ip route 23 0 0 0 8 reachability track 2 ipv6 route 2040 64 metric threshold delay down 3 delay up 5 threshold metric u...

Page 690: ...690 Object Tracking w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 691: ...de a complete This chapter includes the following topics Protocol Overview Implementing OSPF with FTOS Graceful Restart Fast Convergence OSPFv2 IPv4 only Multi Process OSPF OSPFv2 IPv4 only RFC 2328 Compliant OSPF Flooding OSPF ACK Packing OSPF Adjacency with Cisco Routers Configuration Requirements Configuration Task List for OSPFv2 OSPF for IPv4 Configuration Task List for OSPFv3 OSPF for IPv6 S...

Page 692: ...rface addresses while neighbors on other types of links are identified by RID OSPFv3 removes this inconsistency and all neighbors on all link types are identified by RID Autonomous System AS Areas OSPF operate in a type of hierarchy The largest entity within the hierarchy is the autonomous system AS which is a collection of networks under a common administration that share a common routing strateg...

Page 693: ...ny backbone routers that share a link to a non backbone area and function as if they were direct links An OSPF backbone is responsible for distributing routing information between areas It consists of all Area Border Routers networks not wholly contained in any area and their attached routers The Backbone is the only area with an default area number All other areas can have their Area ID assigned ...

Page 694: ...concerning the state of the links between them The state up or down of those links is important Routers that share a link become neighbors on that segment OSPF uses the hello protocol as a neighbor discovery and keep alive mechanism After two routers are neighbors they may proceed to exchange and synchronize their databases which creates an adjacency Router Types Router types are attributes of the...

Page 695: ...part of Area 0 such as Router I in Figure 32 2 above Router A Router D Router B Router C Router E Router F Router G Router H Router I Router J Router L Router K Router M Area 100 Area 200 Area 300 Area 0 Stub Area Area Border Router Interior Router Interior Router Not So Stubby Area Backbone Area OSPF AS 9999 OSPF AS 8888 Router K Router 8000 Autonomous System Boundary Router Router 81 Router 82 A...

Page 696: ...rs allow a reduction in network traffic and in the size of the topological database The Designated Router DR maintains a complete topology table of the network and sends the updates to the other routers via multicast All routers in an area form a slave master relationship with the DR Every time a router sends an update it sends it to the Designated Router DR and Backup Designated Router BDR The DR...

Page 697: ... Router Summary LSA OSPFv2 Inter Area Router LSA OSPFv3 In some cases Type 5 External LSAs are flooded to areas where the detailed next hop information may not be available An Area Border Router will ABR flood the information for the router i e the Autonomous System Border Router ASBR where the Type 5 advertisement originated The Link State ID for Type 4 LSAs is the router ID of the described ASBR...

Page 698: ...u must configure a virtual link between that area and Area 0 The two endpoints of a virtual link are ABRs and the virtual link must be configured in both routers The common non backbone area to which the two routers belong is called a transit area A virtual link specifies the transit area and the router ID of the other virtual endpoint the other ABR A Virtual Link cannot be configured through a St...

Page 699: ...s Stub areas Totally Stub No Summary and Not So Stubby Areas NSSAs and supports the following LSAs as discussed earlier in this document Router type 1 Network type 2 Network Summary type 3 AS Boundary type 4 AS External type 5 Router 1 Priority 200 Cost 21 Router 2 Priority 180 Cost 50 Router 3 Priority 100 Cost 25 Router 4 Priority 150 Cost 20 Router 1 selected by the system as DR Router 2 select...

Page 700: ...ebuilds its routing tables When a router is attempting to restart gracefully it originates the following link local Grace LSAs to notify its helper neighbors that the restart process is beginning An OSPFv2 router sends Type 9 LSAs An OSPFv3 router sends Type 11 LSAs Type 9 and 11 LSAs include a grace period which is the time period an OSPF router advertises to adjacent neighbor routers as the time...

Page 701: ...as when an active process crashes the active RPM is removed or a power failure happens During an unplanned restart OSPF sends out a Grace LSA when the backup RPM comes online To display the configuration values for OSPF graceful restart enter the following commands For OSPFv2 show run ospf For OSPFv3 show run ospf and show ipv6 ospf database database summary Fast Convergence OSPFv2 IPv4 only Fast ...

Page 702: ...irst OSPFv2 process created manages the SNMP processes and traps RFC 2328 Compliant OSPF Flooding In OSPF flooding is the most resource consuming task The flooding algorithm described in RFC 2328 requires that OSPF flood LSAs on all interfaces as governed by LSA s flooding scope Refer to Section 13 of the RFC When multiple direct links connect two routers the RFC 2328 flooding algorithm generates ...

Page 703: ...anging the hello interval on the Cisco router automatically changes the dead interval as well 00 10 41 OSPF 1000 00 Rcv v 2 t 5 LSAck l 64 Acks 2 rid 2 2 2 2 aid 1500 chk 0xdbee aut 0 auk keyid 0 from Vl 1000 LSType Type 5 AS External id 160 1 1 0 adv 6 1 0 0 seq 0x8000000c LSType Type 5 AS External id 160 1 2 0 adv 6 1 0 0 seq 0x8000000c 00 10 41 OSPF 1000 00 Rcv v 2 t 5 LSAck l 64 Acks 2 rid 2 2...

Page 704: ...commands for each interface Configuration Task List for OSPFv2 OSPF for IPv4 Open Shortest Path First version 2 OSPF for IPv4 is supported on platforms c e s 1 Configure a physical interface Assign an IP address physical or loopback to the interface to enable Layer 3 routing Note By default OSPF is disabled FTOS conf int gi 2 2 FTOS conf if gi 2 2 ip ospf hello interval 20 FTOS conf if gi 2 2 ip o...

Page 705: ...elated to OSPFv2 refer to the OSPF section in the FTOS Command Line Interface document Enable OSPFv2 Assign an IP address to an interface physical or Loopback to enable Layer 3 routing By default OSPF like all routing protocols is disabled You must configure at least one interface for Layer 3 before enabling OSPFv2 globally If implementing Multi Process OSPF you must create an equal number of Laye...

Page 706: ...router ospf process id command syntax in the CONFIGURATION mode to disable OSPF Use the clear ip ospf process id command syntax in EXEC Privilege mode to reset the OSPFv2 process Use the show ip ospf process id command in EXEC mode Figure 408 to view the current OSPFv2 status Figure 32 8 Command Example show ip ospf process id Command Syntax Command Mode Usage router ospf process id vrf vrf name C...

Page 707: ...he Router ID is the IP address associated with the OSPF process Once the OSPF process and the VRF are tied together the OSPF Process ID cannot be used again in the system If you try to enable more OSPF processes than available Layer 3 interfaces you will see the following message Step Command Syntax Command Mode Usage 1 ip address ip address mask CONFIG INTERFACE Assign an IP address to an interfa...

Page 708: ... ID assigned to it The OSPFv2 process evaluates the network commands in the order they are configured Assign the network address that is most explicit first to include all subnets of that address For example if you assign the network address 10 0 0 0 8 you cannot assign the network address 10 1 0 0 16 since it is already included in the first network address When configuring the network command yo...

Page 709: ...ing Use the show config command in CONFIGURATION ROUTER OSPF mode to view the configuration OSPF by default sends hello packets out to all physical interfaces assigned an IP address that are a subset of a network on which OSPF is enabled Use the show ip ospf interface command Figure 410 to view the interfaces currently active and the areas assigned to the interfaces Note If using features like MD5...

Page 710: ...net Address 10 2 3 1 24 Area 0 0 0 0 Process ID 1 Router ID 11 1 2 1 Network Type BROADCAST Cost 1 Transmit Delay is 1 sec State BDR Priority 1 Designated Router ID 13 1 1 1 Interface address 10 2 3 2 Backup Designated Router ID 11 1 2 1 Interface address 10 2 3 1 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 05 Neighbor Count is 1 Adjacent neighbor count is 1...

Page 711: ...Step Command Syntax Command Mode Usage 1 show ip ospf process id vrf vrf name database database summary EXEC Privilege Review all areas after they were configured to determine which areas are NOT receiving type 5 LSAs vrf name Show only the OSPF information tied to the VRF process 2 configure EXEC Privilege Enter the CONFIGURATION mode 3 router ospf process id vrf vrf name CONFIGURATION Enter the ...

Page 712: ...ter lsa command to gracefully shut down or reload a router without dropping packets destined for other networks Command Syntax Command Mode Usage max metric router lsa on startup announce time wait for bgp wait time ROUTER OSPF E Series ExaScale only Configure the maximum cost of 65535 on a new router so that it always functions as a stub router in the network and OSPF traffic destined to other ne...

Page 713: ...rfaces will be passive Default enabled passive interfaces on ALL interfaces in the OSPF process Entering the physical interface type slot and number enable passive interface on only the identified interface For a Gigabit Ethernet interface enter the keyword GigabitEthernet followed by the slot port information e g passive interface gi 2 1 For a port channel enter the keyword port channel followed ...

Page 714: ...vergence level 1 meets most convergence requirements Higher convergence levels should only be selected following consultation with Dell Force10 technical support FTOS show ip ospf 34 int GigabitEthernet 0 0 is up line protocol is down Internet Address 10 1 2 100 24 Area 1 1 1 1 Process ID 34 Router ID 10 1 2 100 Network Type BROADCAST Cost 10 Transmit Delay is 1 sec State DOWN Priority 1 Designate...

Page 715: ...work to prevent misconfiguration of OSPF neighbors FTOS conf router_ospf 1 fast converge 2 FTOS conf router_ospf 1 ex FTOS conf ex FTOS show ip ospf 1 Routing Process ospf 1 with ID 192 168 67 2 Supports only single TOS TOS0 routes SPF schedule delay 5 secs Hold time between two SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs Min LSA arrival 0 secs Number of area in this router is 0 no...

Page 716: ...nterval between hello packet transmission Seconds range from 1 to 65535 default is 10 seconds The hello interval must be the same on all routers in the OSPF network ip ospf message digest key keyid md5 key CONFIG INTERFACE Use the MD5 algorithm to produce a message digest or key which is sent instead of the key Keyid range 1 to 255 Key a character string Be sure to write down or otherwise record t...

Page 717: ...ange wait time seconds CONFIG INTERFACE Set the authentication change wait time in seconds between 0 and 300 for the interface This is the amount of time OSPF has available to change its interface authentication type During the auth change wait time OSPF sends out packets with both the new and old authentication schemes This transmission stops when the period ends The default is 0 seconds FTOS con...

Page 718: ...applies to the specified router only IP Address A B C D graceful restart mode planned only unplanned only CONFIG ROUTER OSPF id Specify the operating mode in which graceful restart functions FTOS supports the following options Planned only The OSPFv2 router supports graceful restart for planned restarts only A planned restart is when the user manually enters a fail over command to force the primar...

Page 719: ...configured on an ABR connected to the backbone hello interval help packet retransmit interval LSA retransmit interval transmit delay LSA transmission delay dead interval dead router detection time authentication key authentication key message digest key MD5 authentication key Command Syntax Command Mode Usage no graceful restart grace period CONFIG ROUTER OSPF id Disable OSPFv2 graceful restart Re...

Page 720: ...ey keyid md5 key CONFIG ROUTER OSPF id Configure the optional parameters of a virtual link Area ID assigned earlier 0 65535 or A B C D Router ID IP address associated with the virtual link neighbor Hello Interval Seconds 1 8192 default 10 Retransmit Interval Seconds 1 3600 default 5 Transmit Delay Seconds 1 3600 default 1 Dead Interval Seconds 1 8192 default 40 Authentication Key 8 characters Mess...

Page 721: ...um prefix length to be matched 0 to 32 Command Syntax Command Mode Usage distribute list prefix list name in interface CONFIG ROUTER OSPF id Apply a configured prefix list to incoming OSPF routes distribute list prefix list name out connected isis rip static CONFIG ROUTER OSPF id Assign a configured prefix list to outgoing OSPF routes Note Do not route iBGP routes to OSPF unless there are route ma...

Page 722: ...he interface Are adjacencies established correctly Are the interfaces configured for Layer 3 correctly Is the router in the correct area type Have the routes been included in the OSPF database Have the OSPF routes been included in the routing table not just the OSPF database Some useful troubleshooting commands are show interfaces show protocols debug IP OSPF events and or packets show neighbors s...

Page 723: ...all OSPF process IDs enables on the router Command Syntax Command Mode Usage show ip route summary EXEC Privilege View the summary information of the IP routes show ip ospf database EXEC Privilege View the summary information for the OSPF database Command Syntax Command Mode Usage show ip ospf neighbor EXEC Privilege View the configuration of OSPF neighbors FTOS show run ospf router ospf 3 router ...

Page 724: ...Usage debug ip ospf process id event packet spf EXEC Privilege View debug messages To view debug messages for a specific OSPF process ID enter debug ip ospf process id If you do not enter a process ID the command applies to the first OSPF process To view debug messages for a specific operation enter one of the optional keywords event View OSPF event messages packet View OSPF packets spf View short...

Page 725: ...ork 10 0 12 0 24 area 0 network 192 168 100 0 24 area 0 interface GigabitEthernet 1 1 ip address 10 1 11 1 24 no shutdown interface GigabitEthernet 1 2 ip address 10 2 12 2 24 no shutdown interface Loopback 10 ip address 192 168 100 100 24 no shutdown router ospf 33333 network 192 168 100 0 24 area 0 network 10 0 13 0 24 area 0 network 10 0 23 0 24 area 0 interface Loopback 30 ip address 192 168 1...

Page 726: ...e same tasks the router ospf command to create the OSPF process then the network area command to enable OSPF on an interface Note that the OSPFv2 network area command can enable OSPF on multiple interfaces with the single command while the OSPFv3 ipv6 ospf area command must be configured on each interface that will be running OSPFv3 All IPv6 addresses on an interface are included in the OSPFv3 pro...

Page 727: ...single command whereas the OSPFv3 ipv6 ospf area command must be configured on each interface that will be running OSPFv3 Command Syntax Command Mode Usage ipv6 unicast routing CONFIGURATION Enables IPv6 unicast routing globally Command Syntax Command Mode Usage ipv6 address ipv6 address CONF INT type slot port Assign IPv6 address to the interface IPv6 addresses are normally written as eight group...

Page 728: ... Assign the Router ID for this OSPFv3 process number IPv4 address Format A B C D Note The router id for an OSPFv3 router is entered as an IPv4 IP address Command Syntax Command Mode Usage area area id stub no summary CONF IPV6 ROUTER OSPF Configure the area as a stub area Use the no summary keywords to prevent transmission in to the area of summary ASBR LSAs Area ID is a number or IP address assig...

Page 729: ...R OSPF Specify whether some or all some of the interfaces will be passive Interface identifies the specific interface that will be passive For a Gigabit Ethernet interface enter the keyword GigabitEthernet followed by the slot port information e g passive interface gi 2 1 For a port channel enter the keyword port channel followed by a number from 1 to 255 for TeraScale and ExaScale 1 to 32 for Eth...

Page 730: ... required and optional parameters bgp connected or static enter one of the keyword to redistribute those routes metric metric value range 0 to 4294967295 metric type metric type 1 for OSPFv3 external route type 1 OR 2 for OSPFv3 external route type 2 route map map name enter a name of a configured route map tag tag value range 0 to 4294967295 Command Syntax Command Mode Usage default information o...

Page 731: ...e To disable OSPFv3 graceful restart when it is enabled enter the following command Command Syntax Command Mode Usage graceful restart grace period seconds CONF IPV6 ROUTE R OSPF Enable OSPFv3 graceful restart globally by setting the grace period in seconds Valid values are from 40 to 1800 seconds ipv6 ospf graceful restart helper reject INTERFACE Configure an OSPFv3 interface to not act upon the ...

Page 732: ...uration for OSPFv2 and OSPFv3 Figure 32 23 show ipv6 ospf database grace lsa EXEC Privilege Display the Type 11 Grace LSAs sent and received on an OSPFv3 router Figure 32 24 show ipv6 ospf database database summary EXEC Privilege Display the currently configured OSPFv3 parameters for graceful restart Figure 32 25 FTOS show run ospf router ospf 1 router id 200 1 1 1 log adjacency changes graceful r...

Page 733: ...AS 114085 Ext LSA Count 0 Rte Max Eq Cost Paths 5 GR grace period 180 GR mode planned and unplanned Area 0 database summary Type Count Status Brd Rtr Count 2 AS Bdr Rtr Count 2 LSA count 12010 Summary LSAs 1 Rtr LSA Count 4 Net LSA Count 3 Inter Area Pfx LSA Count 12000 Inter Area Rtr LSA Count 0 Group Mem LSA Count 0 Type 7 LSA count 0 Intra Area Pfx LSA Count 3 Intra Area TE LSA Count 0 FTOS sho...

Page 734: ... individual or organization The authentication header is inserted after the IP header with a value of 51 AH provides integrity and validation of data origin by authenticating every OSPFv3 packet For detailed information on the IP AH protocol refer to RFC 4302 The encapsulating security payload encapsulates data enabling the protection of data that follows in the datagram ESP provides authenticatio...

Page 735: ... Manual key configuration is supported in an authentication or encryption policy dynamic key configuration using the Internet Key Exchange IKE protocol is not supported In an OSPFv3 authentication policy AH is used to authenticate OSPFv3 headers and certain fields in IPv6 headers and extension headers MD5 and SHA1 authentication types are supported encrypted and unencrypted keys are supported In a...

Page 736: ...policy configured for the OSPFv3 area enter the no ipv6 ospf authentication null command To display the configuration of IPsec authentication policies on the router enter the show crypto ipsec policy command To display the security associations set up for OSPFv3 interfaces in authentication policies enter the show crypto ipsec sa ipv6 command Command Syntax Command Mode Usage ipv6 ospf authenticat...

Page 737: ...n an IPv6 based interface where null causes an encryption policy configured for the area to not be inherited on the interface ipsec spi number is the Security Policy index SPI value Range 256 to 4294967295 esp encryption algorithm specifies the encryption algorithm used with ESP Valid values are 3DES DES AES CBC and NULL For AES CBC only the AES 128 and AES 192 ciphers are supported key specifies ...

Page 738: ...n OSPFv3 area with the area encryption command you cannot use the area authentication command in the area at the same time The configuration of IPsec authentication on an interface level takes precedence over an area level configuration If you remove an interface configuration an area authentication policy that has been configured is applied to the interface To remove an IPsec authentication polic...

Page 739: ...enter a number or an IPv6 prefix spi number is the Security Policy index SPI value Range 256 to 4294967295 esp encryption algorithm specifies the encryption algorithm used with ESP Valid values are 3DES DES AES CBC and NULL For AES CBC only the AES 128 and AES 192 ciphers are supported key specifies the text string used in the encryption All neighboring OSPFv3 routers must share the same key to de...

Page 740: ...over an area level configuration If you remove an interface configuration an area encryption policy that has been configured is applied to the interface To remove an IPsec encryption policy from an OSPFv3 area enter the no area area id encryption ipsec spi number command To display the configuration of IPsec encryption policies on the router enter the show crypto ipsec policy command Displaying OS...

Page 741: ...ound AH Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Outbound AH Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Transform set ah md5 hmac Crypto IPSec client security policy data Policy name OSPFv3 0 501 Policy refcount 1 Inbound ESP SPI 501 0x1F5 Outbound ESP SPI 501 0x1F5 Inbound ESP Auth Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe...

Page 742: ...or OSPFv3 links in IPsec authentication and encryption policies on the router To display information on the SAs used on a specific interface enter interface interface where interface is one of the following values For a 1 Gigabit Ethernet interface enter GigabitEthernet slot port For a Port Channel interface enter port channel number Valid port channel numbers on an E Series TeraScale 1 to 255 For...

Page 743: ...CTIVE outbound ah sas spi 500 0x1f4 transform ah md5 hmac in use settings Transport replay detection support N STATUS ACTIVE inbound esp sas outbound esp sas Interface TenGigabitEthernet 0 1 Link Local address fe80 201 e8ff fe40 4d11 IPSecv6 policy name OSPFv3 1 600 inbound ah sas outbound ah sas inbound esp sas spi 600 0x258 transform esp des esp sha1 hmac in use settings Transport replay detecti...

Page 744: ...SPF database Have the OSPF routes been included in the routing table not just the OSPF database Some useful troubleshooting commands are show ipv6 interfaces show ipv6 protocols debug IPv6 OSPF events and or packets show ipv6 neighbors show virtual links show ipv6 routes Use the following commands in EXEC Privilege mode to get general route and links status information Use the following command in...

Page 745: ...itEthernet followed by the slot port information e g passive interface gi 2 1 For a port channel enter the keyword port channel followed by a number from 1 to 255 for TeraScale and ExaScale 1 to 32 for EtherScale e g passive interface po 100 For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet followed by the slot port information e g passive interface ten 2 3 For a VLAN enter ...

Page 746: ...746 Open Shortest Path First OSPFv2 and OSPFv3 w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 747: ...hbors E Series can have FTOS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message FTOS supports PIM DM on physical VLAN and port channel interfaces Protocol Overview PIM DM routers form adjacencies with their neighbors by sending periodic hello messages to the all PIM routers address 224 0 0 13 out of all PIM DM enabled inter...

Page 748: ...rmine whether to propagate the prune message until no router receives unwanted traffic for the S G Any router that receives multicast traffic on a port that does not lead back to the source via the PIM DM selected path also generates a prune message In Figure 33 1 R3 receives multicast traffic by two paths In Figure 33 2 PIM DM selects only one path for the reverse path forwarding RFP check and ge...

Page 749: ...e S G entry reset the timer when they receive the message Requesting Multicast Traffic When a new receiver joins a multicast group it sends an IGMP Membership Report to its gateway router The gateway router sends a PIM Graft message to its upstream neighbor which sets a forwarding flag and propagates the graft message upstream as shown in Figure 33 3 All remaining routers between the receiver and ...

Page 750: ...tion Tasks Clear the PIM TIB using the command clear ip pim tib from EXEC Privilege mode Debug PIM DM by displaying control activity packets events timers etc using the command debug ip pim from EXEC Privilege mode Enable PIM DM To enable PIM DM Step Task Command Command Mode 1 Enable multicast routing on the system ip multicast routing CONFIGURATION 2 Enable PIM Dense Mode on each interface that ...

Page 751: ... ip pim dense mode no shutdown interface GigabitEthernet 3 32 ip address 2 1 3 2 24 ip pim dense mode no shutdown interface GigabitEthernet 3 34 ip address 2 1 4 1 24 ip pim dense mode no shutdown R3_E600 conf if range gi 3 31 32 gi 3 34 router rip R3_E600 conf router_rip show config router rip network 2 0 0 0 4 0 R2_E300 conf if range gi 2 0 gi 2 21 gi 2 23 show config interface GigabitEthernet 2...

Page 752: ...ample Display the PIM routing table using the command show ip pim tib from EXEC privilege mode as shown in Figure 33 7 R1_E600 conf do show ip pim neighbor Neighbor Interface Uptime Expires Ver DR Prio Mode GR Address 2 1 1 2 Gi 1 12 01 43 51 00 01 35 v2 0 D 2 1 2 2 Gi 1 13 02 00 46 00 01 41 v2 0 D R1_E600 conf ...

Page 753: ...gabitEthernet 2 23 Forward Dense 1d1h Never 2 1 0 10 239 192 0 1 uptime 00 05 23 expires 00 00 00 flags Incoming interface GigabitEthernet 2 21 RPF neighbor 2 1 1 1 Outgoing interface list GigabitEthernet 2 0 Forward Sparse 00 00 03 Never Router 3 output omitted 239 192 0 1 uptime 00 05 06 expires 00 00 00 flags D Incoming interface Null RPF neighbor 0 0 0 0 Outgoing interface list GigabitEthernet...

Page 754: ...754 PIM Dense Mode w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 755: ...Series supports a maximum of 31 PIM interfaces and 2K multicast entries including G and S G entries There is no limit on the number of PIM neighbors S Series can have E Series supports a maximum of 511 PIM interfaces and 50K multicast entries including G S G and S G rpt entries There is no limit on the number of PIM neighbors E Series can have The SPT Threshold is zero which means that the last ho...

Page 756: ...2 The last hop DR sends a PIM Join message to the RP All routers along the way including the RP create an G entry in their multicast routing table and the interface on which the message was received becomes the outgoing interface associated with the G entry This process constructs an RPT branch to the RP 3 If a host on the same subnet as another multicast receiver sends an IGMP report for the same...

Page 757: ...it 4 There are two paths then between the receiver and the source a direct SPT and an RPT One router will receive a multicast packet on two interfaces from the same source in this case this router prunes the shared tree by sending a PIM Prune message to the RP that tells all routers between the source and the RP to remove the outgoing interface from the G entry and tells the RP to prune its SPT to...

Page 758: ...ommand show ip ipv6 pim interface from EXEC Privilege mode as shown in Figure 34 1 Figure 34 1 Viewing PIM SM Enabled Interfaces Display PIM neighbors for each interface using the command show ip ipv6 pim neighbor from EXEC Privilege mode as shown in Figure 34 2 IP Version Task Command Command Mode IPv4 Enable PIM Sparse Mode on an interface ip pim sparse mode INTERFACE IPv6 Enable PIM Sparse Mode...

Page 759: ...86400 seconds Default 210 ip pim sparse mode sg expiry timer seconds CONFIGURATION FTOS show ip pim neighbor Neighbor Interface Uptime Expires Ver DR Address Prio Mode 127 87 5 5 Gi 4 11 01 44 59 00 01 16 v2 1 S 127 87 3 5 Gi 4 12 01 45 00 00 01 16 v2 1 DR 127 87 50 5 Gi 7 13 00 03 08 00 01 37 v2 1 S FTOS FTOS show ip pim tib PIM Multicast Routing Table Flags D Dense S Sparse C Connected L Local P...

Page 760: ... source address mask any host source address destination address mask any host destination address CONFIG EXT NACL 3 Set the expiry time for a specific S G entry Figure 34 4 Range 211 86400 seconds Default 210 ip pim sparse mode sg expiry timer seconds sg list access list name CONFIGURATION Note The expiry time configuration is nullified and the default global expiry time is used if an ACL is spec...

Page 761: ... 6 Displaying the Rendezvous Point for a Multicast Group Display the assigned RP for a group range group to RP mapping using the command show ip pim rp mapping command in EXEC privilege mode Figure 34 7 Display the Rendezvous Point for a Multicast Group Range IP Version Task Command Syntax Command Mode IPv4 Override bootstrap router RP election results with your static RP configuration ip pim rp a...

Page 762: ...andidate RP Advertisements to the BSR Each message contains an RP priority value and the group ranges for which it is a C RP 3 The BSR determines the most efficient and stable group to RP mappings which is called the RP Set 4 The BSR floods the RP Set throughout the domain periodically in case new C RPs are announced or an RP failure occurs IPv6 Override bootstrap router RP election results with y...

Page 763: ... rest of the internet Create multicast boundaries and domains by filtering inbound and outbound Bootstrap Router BSR messages per interface using the ip ipv6 pim bsr border command This command is applied to the subsequent inbound and outbound updates Already existing BSR advertisements are removed by timeout Remove candidate RP advertisements using the clear ip ipv6 pim rp mapping command IP Vers...

Page 764: ...s supported only on platform ex with FTOS 8 2 1 0 and later When a PIM neighbor restarts and the liveliness timer for that neighbor expires the join prune states received from the neighbor expire and the corresponding interfaces are removed from the outgoing list of multicast entries The effect of this is that active multicast sessions are brought down IPv6 Filter inbound and outbound Bootstrap Ro...

Page 765: ...le router restarts the router preserves all multicast entries in hardware until it receives and consolidates joins from its graceful restart capable neighbors The router is not taken off the forwarding path during restart Enable PIM SM graceful restart non stop forwarding capability using the command ip pim graceful restart nsf from CONFIGURATION mode There are two options with this command restar...

Page 766: ...g Usage Notes PIM SM is supported with IGMP snooping Figure 34 10 shows the egress ports used for outgoing multicast traffic when you enable different combinations of PIM SM DR flooding and IGMP snooping flooding on a switch router When you enable PIM SM and IGMP snooping at the same time The IGMP report is forwarded on the port that connects to the PIM DR The port that connects to the PIM DR port...

Page 767: ...the VLAN ports connected to valid receivers Table 34 1 Egress Ports Used for Multicast Traffic with PIM SM and IGMP Snooping Multicast Traffic PIM SM and IGMP Snooping Configuration Egress Ports Known multicast data packets PIM SM snooping DR flood with IGMP snooping flood PIM SM snooped VLANs PIM DR port IGMP snooped ports IGMP mrouter ports PIM SM snooping DR flood with no IGMP snooping flood PI...

Page 768: ... downstream neighbors and initiates join prune messages towards upstream neighbors All other PIM protocol messages are flooded to VLAN member ports PIM join prune messages to non existent upstream neighbors are silently dropped PIM SM join prune messages towards an upstream neighbor are sent only to the port corresponding to the upstream router in the join message PIM S G Rpt prune and S G Rpt joi...

Page 769: ...nditions apply when you configure and use PIM snooping on a switch PIM SM snooping is deployed in a Layer 2 environment and is mutually exclusive with PIM multicast routing If you enable PIM SM snooping you cannot enable PIM SM or PIM DM If you enable PIM SM snooping you cannot enable PIM SM or PIM DM PIM SM snooping is supported with IGMP snooping and forwards the IGMP report on the port that con...

Page 770: ...nabled When Router A sends a join message to Router B the switches forward the join message only to Router B without flooding the message to other connected routers such as Routers C and D Figure 34 8 PIM SM Snooping Join Message Flow Router A G PIM join IGMP join Receiver Router C Router D Router B RP Source Layer 2 Network with PIM Snooping ...

Page 771: ...affic from the server attached to Router B only to the router Router A in the multicast group that should receive it Without PIM SM snooping the switches would flood the data to all connected routers including Routers C and D Figure 34 9 PIM SM Snooping Data Forwarding Router A Router B RP Source Router C Router D Data G Traffic Layer 2 Network with PIM Snooping ...

Page 772: ...interface enter the following commands Disable PIM Designated Router Flooding By default when you enable PIM SM snooping a switch floods all multicast traffic to the PIM designated router DR including unnecessary multicast packets To minimize the traffic sent over the network to the designated router you can disable designated router flooding When designated router flooding is disabled PIM SM snoo...

Page 773: ...oping tib vlan vlan id group address source address Figure 34 11 EXEC Privilege Display information about the VLAN interfaces on which PIM SM snooping is configured show ip pim snooping interface vlan vlan id Figure 34 12 EXEC Privilege Display information about the current operation of PIM SM snooping globally on the switch or on a specified VLAN show ip pim summary Figure 34 13 EXEC Privilege VL...

Page 774: ... 0 Outgoing interface list GigabitEthernet 4 11 RPF 165 87 32 2 00 00 01 00 02 59 GigabitEthernet 4 13 Upstream Port FTOS show ip pim snooping tib vlan 2 225 1 2 1 165 87 1 7 PIM Multicast Snooping Table Flags J P G Join Prune j p S G Join Prune SGR P S G R Prune Timers Uptime Expires Inherited port 165 87 1 7 225 1 2 1 uptime 00 00 08 expires 00 02 52 flags j Incoming interface Vlan 2 RPF neighbo...

Page 775: ...es 0 Register states Message summary 2582 2583 Joins sent received 5 0 Prunes sent received 0 0 Candidate RP advertisements sent received 0 0 BSR messages sent received 0 0 State Refresh messages sent received 0 0 MSDP updates sent received 0 0 Null Register messages sent received 0 0 Register stop messages sent received Data path event summary 0 no cache messages received 0 last hop switchover me...

Page 776: ... Incoming vlan Vlan 2 Outgoing interface list GigabitEthernet 4 13 225 1 2 1 uptime 00 04 16 Incoming vlan Vlan 2 Outgoing interface list GigabitEthernet 4 11 GigabitEthernet 4 13 165 87 1 7 225 1 2 1 uptime 00 03 17 Incoming vlan Vlan 2 Outgoing interface list GigabitEthernet 4 11 GigabitEthernet 4 13 GigabitEthernet 4 20 FTOS show running config pim ip pim snooping enable FTOS conf if vl 2 show ...

Page 777: ...ch point it switches to the SPT PIM SSM uses IGMPv3 Since receivers subscribe to a source and group the RP and shared tree is unnecessary so only SPTs are used On Dell Force10 systems it is possible to use PIM SM with IGMPv3 to achieve the same result but PIM SSM eliminates the unnecessary protocol overhead PIM SSM also solves the multicast address allocation problem Applications should use unique...

Page 778: ...erface GigabitEthernet 1 31 RPF neighbor 10 11 13 2 Outgoing interface list Vlan 400 Forward Sparse 00 00 02 Never 239 0 0 2 uptime 00 02 12 expires 00 00 00 RP 10 11 12 2 flags SCJ Incoming interface GigabitEthernet 1 21 RPF neighbor 10 11 12 2 Outgoing interface list Vlan 300 Forward Sparse 00 02 12 Never 10 11 5 2 239 0 0 2 uptime 00 00 36 expires 00 03 14 flags CT Incoming interface GigabitEth...

Page 779: ...hbors E Series can have FTOS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message Important Points to Remember The default SSM range is 232 8 always Applying an SSM range does not overwrite the default range Both the default range and SSM range are effective even when the default range is not added to the SSM ACL Extended ACL...

Page 780: ...es because there is an implicit deny for unspecified groups in the ACL When you remove the mapping configuration FTOS removes the corresponding S G states that it created and reestablishes the original G states You may enter multiple ssm map commands for different access lists You may also enter multiple ssm map commands for the same access list as long as they use different source addresses Step ...

Page 781: ...ped using the command show ip igmp ssm map group as shown in Figure 35 4 on page 783 If use the group option the command displays the group to source mapping even if the group is not currently in the IGMP group table If you do not specify the group option then the display is a list of groups currently in the IGMP group table that have a group to source mapping Display the list of sources mapped to...

Page 782: ... Interface next Hop State Mode 10 11 5 2 239 0 0 1 uptime 00 01 50 expires 00 03 28 flags CT Incoming interface GigabitEthernet 1 31 RPF neighbor 10 11 13 2 Outgoing interface list Vlan 400 Forward Sparse 00 01 50 Never 10 11 5 2 239 0 0 2 uptime 00 00 33 expires 00 00 00 flags CJ Incoming interface GigabitEthernet 1 31 RPF neighbor 10 11 13 2 Outgoing interface list Vlan 300 Forward Sparse 00 00 ...

Page 783: ...onf do show ip igmp ssm map IGMP Connected Group Membership Group Address Interface Mode Uptime Expires Last Reporter 239 0 0 2 Vlan 300 IGMPv2 Compat 00 00 36 Never 10 11 3 2 Member Ports Gi 1 1 R1 conf do show ip igmp ssm map 239 0 0 2 SSM Map Information Group 239 0 0 2 Source s 10 11 5 2 R1 conf do show ip igmp groups detail Interface Vlan 300 Group 239 0 0 2 Uptime 00 00 01 Expires Never Rout...

Page 784: ...784 PIM Source Specific Mode w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 785: ...bes the classes of powered devices defined by IEEE 802 3af FTOS supports PoE on all copper ports on the C Series and on the S25V and S50V models of the S Series The C Series and S Series transmit power to connected IEEE 802 3af compliant powered devices through ports that have been configured to supply PoE Those platforms also support the protocols LLDP and LLDP MED which help optimize power distr...

Page 786: ...PoE on the port as described next Note The C Series can provide PoE only through its AC power supplies Table 36 2 PoE Ports per Power Supply Unit in the C Series Number of Power Supply Units Max PoE Ports on C300 Max PoE Ports on C150 1 2 System Redundancy 3 System Redundancy 96 4 96 192 5 192 PoE Redundancy 6 288 PoE Redundancy 7 384 N A 8 PoE redundancy N A FTOS Behavior Table 36 2 provides the ...

Page 787: ...d device You can limit the maximum amount of power in milliwatts available to a powered device with the command power inline auto max_milliwatts or with power inline static max_milliwatts Disable PoE on a port using the no power inline command Ports configured with power inline auto have a lower priority for access to power than those configured with power inline static As a second layer of priori...

Page 788: ...e Inline Power Allocated Displays the amount of power that is allocated to a port when sufficient power is available When sufficient power is not available for particular port then inline power is not supplied to that port If you insert an additional power supply or when the priority of the port is sufficiently increased then the system supplies the allocated power to the port Inline Power Consume...

Page 789: ... ports always stay on top of all auto ports regardless of the other 3 parameters Within the set of static ports FTOS attempts to order them based on the second parameter power inline priority the default of which is Low If FTOS finds multiple ports with the same Table 36 4 show power detail Field Description Field Port Number Unit S Series only The stack member unit ID Catalog Name C Series only D...

Page 790: ...located to the port The PD then boots using this allocated power After bootup if the PD is LLDP MED capable it might send in Extended Power via MDI TLV to the system In this case the Dell Force10 switch revises the power allocation to the value that the PD requests via LLDP MED The advertised Power Requirement from the PD could be less than or greater than the currently allocated value Ports confi...

Page 791: ...ocates the required amount and returns the remaining amount to the budget If there is not enough power in the budget the configuration is maintained and the port waits for power to become available If the maximum power for the device class is more than than the power limit you specified FTOS does not allocate any power 3 When you configure a port with power inline static without the power limit op...

Page 792: ...ments of the newly enabled port then the CLI is accepted but power on the lower priority ports is not terminated and no power is supplied to the port The second result in this scenario is true even if a powered device is not connected to the port Power can be allocated to a port thus subtracting it from the power budget and making it unavailable to other ports but that power does not have to be co...

Page 793: ...r Supply If ports are PoE enabled and a PSU fails power might be terminated on some ports to compensate for the power loss This does not affect PoE individual port configurations For C Series use the show power supply command to display PSU status Figure 36 4 For S Series see the Power over Ethernet PoE chapter in the FTOS Command Reference for the S Series for an example of the output of the show...

Page 794: ...s is available for PoE on the S50V and S25V models of the S Series You have the option of enabling more power by connecting the external Dell Force10 DC 470W Redundant Power Supply to the Current Sharing terminal of the S50V and S25V This power supply is in backup mode by default but you can use the power budget stack unit command to allow that external power supply to be used for powering PoE por...

Page 795: ...ce packets as tagged frames and data packets as untagged frames Figure 36 7 shows a basic configuration for a deployment in which the end workstation plugs into an IP phone for its Ethernet connection Figure 36 7 Office VOIP Deployment Create VLANs for an Office VOIP Deployment The phone requires one tagged VLAN for VOIP service and one untagged VLAN for PC data as shown in Figure 36 7 You may con...

Page 796: ...nfigured interface GigabitEthernet 6 0 no ip address no shutdown interface GigabitEthernet 6 10 no ip address portmode hybrid switchport power inline auto no shutdown interface Vlan 100 description Data VLAN no ip address untagged GigabitEthernet 6 10 11 22 23 46 47 shutdown interface Vlan 200 description Voice VLAN no ip address tagged GigabitEthernet 6 10 11 22 23 46 47 shutdown interface Vlan 3...

Page 797: ...g dot1p value On the C Series if you know traffic originating from the phone is tagged with a dot1p value of 5 you might make the associated queue a strict priority queue as shown in Figure 36 11 on the C Series FTOS maps dot1p priority 5 to queue 2 Figure 36 11 Honoring the Dot1P Value on Incoming Voice Traffic FTOS sh run policy map input policy map input HonorDSCP trust diffserv FTOS sh run int...

Page 798: ...ICY MAP IN 3 Create two input QoS policies one each for PC data and voice signaling Assign a different bandwidth weight to each policy qos policy out bandwidth weight CONFIGURATION QOS POLICY IN 4 Create an output policy map containing both QoS policies and assign them to different service queues policy map out service queue CONFIGURATION POLICY MAP OUT 5 Assign a strict priority to unicast traffi...

Page 799: ...TOS sh run policy map input policy map input phone pc service queue 1 class map pc subnet service queue 2 class map phone signalling service queue 3 class map phone subnet FTOS sh run qos policy output qos policy output data bandwidth weight 8 qos policy output signalling bandwidth weight 64 FTOS sh run policy map output policy map output BW service queue 1 qos policy data service queue 2 qos poli...

Page 800: ...800 Power over Ethernet w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 801: ...y based Routing PBR enables you to make routing decisions based on policies applied to a specific interface When a router receives a packet it normally decides where to forward it based on the destination address in the packet which is used to look up an entry in a routing table However in some cases there may be a need to forward the packet based on other criteria size source protocol type destin...

Page 802: ...rwarded based on the following 1 Next hop addresses are verified If the specified next hop is reachable then the traffic is forwarded to the specified next hop Internet Finance Engineering Marketing Sales Customer Support Operations With 3 separate internet connections from the Edge Routers bandwidth can be allotted to meet each department s needs Some departments will need higher speed internet a...

Page 803: ...asks can be entered using the dotted decimal format Figure 37 2 Non contiguous bitmask example Hot Lock PBR Ingress and egress Hot Lock PBR allow you to add or delete new rules into an existing policy already written into CAM without disruption to traffic flow Existing entries in CAM are adjusted to accommodate the new entries Hot Lock PBR is enabled by default FTOS show ip redirect list IP redire...

Page 804: ...ect List Use the following command in CONFIGURATION mode The following example creates a redirect list by the name of xyz Figure 37 3 Creating a Redirect List Example Command Syntax Command Mode Purpose ip redirect list redirect list name CONFIGURATION Create a redirect list by entering the list name Format 16 characters Delete the redirect list with the no ip redirect list command FTOS conf ip re...

Page 805: ...p protocol number protocol type bit source mask any host ip address destination mask any host ip address CONF REDIRECT LIST Configure a rule for the redirect list number is the number in sequence to initiate this rule ip address is the Forwarding router s address FORMAT A B C D sonet is a sonet interface FORMAT sonet slot port ip protocol number or protocol type is the type of protocol to be redir...

Page 806: ...sive route is removed from the routing table the seq redirect statement is ignored and the next statement in the list with a different route is used FTOS conf redirect list redirect A B C D Forwarding router s address sonet SONET interface FTOS conf redirect list redirect 3 3 3 3 0 255 An IP protocol number icmp Internet Control Message Protocol ip Any Internet Protocol tcp Transmission Control Pr...

Page 807: ... is important ensure that you configure any necessary sequence numbers In Figure 37 6 the permit statement is never applied because the redirect list covers all source and destination IP addresses Figure 37 6 Ineffective PBR Exception due to Low Sequence Number To ensure that the permit statement or PBR exception is effective use a lower sequence number as shown in Figure 37 7 Figure 37 7 Effectiv...

Page 808: ...face FTOS has the capability to support multiple groups on an interface for backup purposes Note When you apply a redirect list on a port channel on the E Series when traffic is redirected to the next hop and the destination port channel is shut down the traffic is dropped However on the C Series the traffic redirected to the destination port channel is sometimes switched Command Syntax Command Mo...

Page 809: ... Syntax Command Mode Purpose show ip redirect list redirect list name EXEC View the redirect list configuration and the associated interfaces show cam pbr show cam usage EXEC View the redirect list entries programmed in the CAM Note If the redirect list is applied to an interface the output of show ip redirect list redirect list name command displays reachability and ARP status for the specified n...

Page 810: ...xample creates the following rules description Route Gold traffic to the DS3 seq 5 redirect 10 99 99 254 ip 192 168 1 0 24 any Redirect to next hop router IP 10 99 99 254 any traffic originating in 192 168 1 0 24 seq 10 redirect 10 99 99 254 ip 192 168 2 0 24 any Redirect to next hop router IP 10 99 99 254 any traffic originating in 192 168 2 0 24 seq 15 permit ip any any FTOS conf if gi 8 1 do sh...

Page 811: ... based Routing 811 Figure 37 13 PBR Sample Illustration Customer Support 192 168 1 0 24 192 168 2 0 24 45 Mbps 1 5 Mbps 10 Mbps Internet 10 0 0 0 16 10 1 0 0 16 GigE 2 11 10 22 22 100 10 44 44 13 EDGE_ROUTER ...

Page 812: ...any any Assign Redirect List GOLD to Interface 2 11 EDGE_ROUTER conf int gig 2 11 EDGE_ROUTER conf if gi 2 11 ip add 192 168 3 2 24 EDGE_ROUTER conf if gi 2 11 no shut 00 09 47 RPM0 P CP IFMGR 5 ASTATE_UP Changed interface Admin state to up Gi 2 11 EDGE_ROUTER conf if gi 2 11 EDGE_ROUTER conf if gi 2 11 EDGE_ROUTER conf if gi 2 11 ip redirect group GOLD EDGE_ROUTER conf if gi 2 11 no shut EDGE_ROU...

Page 813: ...ies on page 814 Port Monitoring on C Series and S Series on page 816 Configuring Port Monitoring on page 819 Flow based Monitoring on page 820 Remote Port Mirroring on page 821 Important Points to Remember Port Monitoring is not supported on EtherScale versions of the E Series platform Port Monitoring is supported on physical ports only VLAN and port channel interfaces do not support port monitori...

Page 814: ...rived by consuming a unique destination port in each session in each port pipe Port Monitoring on E Series Both the E Series TeraScale and E Series ExaScale support the following FTOS supports one destination MG port per monitoring session The same destination port MG can be used in another monitoring session One destination MG port can monitor up to 28 source MD ports A port cannot be defined as ...

Page 815: ...n one monitor session One monitor session can have only one destination MG port The same destination MG port can be uses with multiple monitoring sessions There is no restriction on the number of source MD or destination MG ports on the chassis because there is no port pipe restriction on the E Series ExaScale system There is no restriction to the number of monitoring sessions supported on the E S...

Page 816: ...ssage 5 appears However you can configure another monitoring session that uses one of previously used destination ports as shown in Figure 38 3 Message 4 One Destination Port in a Monitoring Session Error Message on C Series and S Series Error Only one MG port is allowed in a session FTOS show mon session SessionID Source Destination Direction Mode Type 0 Gi 0 13 Gi 0 1 rx interface Port based 10 ...

Page 817: ...s already being monitored FTOS conf mon ses 300 FTOS conf mon sess 300 source gig 0 17 destination gig 0 4 direction tx Error Exceeding max MG ports for this MD port pipe FTOS conf mon sess 300 FTOS conf mon sess 300 source gig 0 17 destination gig 0 1 direction tx FTOS conf mon sess 300 do show mon session SessionID Source Destination Direction Mode Type 0 Gi 0 13 Gi 0 1 rx interface Port based 1...

Page 818: ...ple in the configuration source gig 6 0 destination gig 6 1 direction tx if the MD port gigabitethernet 6 0 is an untagged member of any VLAN all monitored frames that the MG port gigabitethernet 6 1 receives are tagged with the VLAN ID of the MD port Similarly if BPDUs are transmitted the MG port receives them tagged with the VLAN ID 4095 This behavior might result in a difference between the num...

Page 819: ...d Mode Task 1 show interface EXEC Privilege Verify that the intended monitoring port has no configuration other than no shutdown as shown in Figure 38 6 2 monitor session CONFIGURATION Create a monitoring session using the command monitor session from CONFIGURATION mode as shown in Figure 38 6 3 source MONITOR SESSION Specify the source and destination port and direction of traffic as shown in Fig...

Page 820: ...XEC Privilege mode as shown in Figure 38 8 Step Command Syntax Command Mode Task 1 flow based enable MONITOR SESSION Enable flow based monitoring for a monitoring session 2 ip access list CONFIGURATION Define in an access list rules that include the keyword monitor FTOS only considers for port monitoring traffic matching rules with the keyword monitor See Chapter 8 IP Access Control Lists ACL Pref...

Page 821: ...tiple source and destination ports are distributed across multiple switches Remote Port Mirroring Example Figure 38 9 shows an example of how remote port mirroring works FTOS conf monitor session 0 FTOS conf mon sess 0 flow based enable FTOS conf ip access list ext testflow FTOS config ext nacl seq 5 permit icmp any any count bytes monitor FTOS config ext nacl seq 10 permit ip 102 1 1 0 24 any cou...

Page 822: ...c in sessions blue pipes to the destination analyzers in the local network Two destination sessions are shown one for the reserved VLAN that transports orange circle traffic one for the reserved VLAN that transports green circle traffic Figure 38 9 Remote Port Mirroring Configuring Remote Port Mirroring Remote port mirroring requires a source session monitored ports on different source switches a ...

Page 823: ...different line cards are defined as follows On a 50 port 1G line card the datapath size is 5 ports for example ports 1 0 to 1 4 are the first datapath 1 5 1 9 are the second datapath and so on On a 90 port 1G line card the datapath size is 10 ports for example ports 1 0 to 1 9 are the first datapath 1 10 1 19 are the second datapath and so on On a 10 port 10G line card no datapath size is implemen...

Page 824: ...so that the reserved VLAN ID is removed and the original monitored packet is analyzed By default ingress traffic on a destination port is dropped Restrictions When you configure remote port mirroring the following restrictions apply You cannot configure the same source port to be used in multiple source sessions You cannot configure a source port channel or source VLAN in a source session if the p...

Page 825: ...n Multiple Switches Step Command Syntax Command Mode Task 1 monitor session session id CONFIGURATION Configure a new remote port mirroring session or add or delete source ports from an existing session and enter Monitor Session configuration mode Up to 4 source sessions are supported on a switch Refer to Configuration Notes for information on datapath limitations session id Session number used to ...

Page 826: ...cifies single interfaces and interface ranges in any order single interface interface range single interface vlan vlan id specifies a single VLAN ID Range 1 4094 range vlan list specifies multiple VLAN IDs separated by a comma and space vlan vlan id vlan vlan id vlan vlan id range vlan range specifies a range of VLANs in the format vlan first_vlanID last_vlanID A space is required before and after...

Page 827: ...nnected single interface is one of the following values gigabitethernet slot port tengigabitethernet slot port range interface list specifies multiple interfaces separated by a comma and space single interface single interface single interface range interface range specifies one of the following interface ranges gigabitethernet slot first_port last_port tengigabitethernet slot first_port last_port...

Page 828: ...tion both mode Remote Port Mirroring no disable FTOS show monitor session SessionID Source Destination Direction Mode Type 50 Gi 1 2 remote vlan 50 both Remote Port Mirroring Port based 50 Po 1 remote vlan 50 both Remote Port Mirroring Port based 20 Gi 1 3 remote vlan 60 both Remote Port Mirroring Flow based 10 remote vlan 101 Gi 1 4 N A Remote Port Mirroring N A Session 50 Source session monitors...

Page 829: ... conf if gi 2 22 switchport FTOS conf if gi 2 22 no shutdown FTOS conf if gi 2 22 interface vlan 22 FTOS conf if vl 22 mode remote port mirroring FTOS conf if vl 22 tagged gigabitethernet 2 22 FTOS conf if vl 22 exit FTOS conf monitor session 100 FTOS conf mon sess 100 source gi 2 2 destination remote vlan 22 direction both FTOS conf mon sess 100 no disable FTOS conf mon sess 100 show config monit...

Page 830: ...e Port Mirroring Destination Switch FTOS conf interface vlan 22 FTOS conf if vl 22 mode remote port mirroring FTOS conf if vl 22 tagged gi 4 48 FTOS conf if vl 22 no shutdown FTOS conf if vl 22 exit FTOS conf monitor session 100 FTOS conf mon sess 100 source remote vlan 22 destination gi 4 73 FTOS conf mon sess 100 tagged destination gi 4 73 FTOS conf mon sess 100 show config monitor session 100 s...

Page 831: ...ty for customers and use the IP addresses more efficiently by using a separate community VLAN per customer while at the same time using the same IP subnet address space for all community and isolated VLANs mapped to the same primary VLAN Isolated VLAN a group of ports in which ports may communicate with promiscuous ports only they may not communicate with each other or to other ports outside of th...

Page 832: ... operationally down if the primary VLAN is operationally up Layer 3 traffic is still be transmitted across the secondary VLANs PVLAN ports cannot be added to regular VLANs Conversely regular VLAN ports cannot be added to PVLANs If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the same VLAN the packet will NOT be dropped A primary VLAN and each of its secondary...

Page 833: ...ommunity VLANs Can only have host ports Host ports can communicate with each other and to promiscuous ports Isolated VLANs Can only have host ports Host ports cannot communicate with each other they can only communicate with promiscuous ports Task Command Syntax Command Mode Assign a PVLAN port role to a switchport switchport mode private vlan host promiscuous trunk INTERFACE Step Task Command Syn...

Page 834: ... private vlan mapping secondary vlan vlan list INTERFACE VLAN 4 Add promiscuous ports as tagged or untagged interfaces Add trunk ports as tagged tagged untagged interface INTERFACE VLAN 5 Enable Proxy ARPing on the primary VLAN to enable Layer 3 communication between hosts on different secondary VLANs ip local proxy arp INTERFACE VLAN Table 39 1 Private VLAN Commands Task Command Syntax Command Mo...

Page 835: ...ew Per VLAN Spanning Tree Plus PVST is a variation of Spanning Tree developed by a third party that allows you to configure a separate Spanning Tree instance for each VLAN For more information on Spanning Tree see Chapter 52 Spanning Tree Protocol Figure 40 1 Per VLAN Spanning Tree R2 R3 R1 2 32 1 22 1 32 2 12 3 22 3 12 STI 3 VLAN 300 STI 1 VLAN 100 STI 2 VLAN 200 STI 2 VLAN 200 Forwarding X X X X...

Page 836: ... 254 VLANs Configure Per VLAN Spanning Tree Plus Configuring PVST is a four step process 1 Configure interfaces for Layer 2 2 Place the interfaces in VLANs 3 Enable PVST See page 837 4 Optionally for load balancing select a non default bridge priority for a VLAN See page 837 Related Configuration Tasks Modify Global PVST Parameters on page 840 Modify Interface PVST Parameters on page 840 Configure...

Page 837: ...s have the same cost Figure 40 3 changes the bridge priority of each bridge so that a different forwarding topology is generated for each VLAN This behavior demonstrates how you can use PVST to achieve load balancing Step Task Command Syntax Command Mode 1 Enter PVST context protocol spanning tree pvst PROTOCOL PVST 2 Enable PVST no disable PROTOCOL PVST Task Command Syntax Command Mode Disable PV...

Page 838: ...likelihood that it will be selected as the STP root Display the PVST forwarding topology by entering the command show spanning tree pvst vlan vlan id from EXEC Privilege mode as shown in Figure 40 4 Task Command Syntax Command Mode Assign a bridge priority Range 0 to 61440 Default 32768 vlan bridge priority PROTOCOL PVST R2 R3 R1 2 32 1 22 1 32 2 12 3 22 3 12 STI 3 root STI 3 VLAN 300 STI 1 VLAN 1...

Page 839: ...37 ago on Gi 1 32 Port 375 GigabitEthernet 1 22 is designated Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 375 Designated root has priority 4096 address 0001 e80d b6 d6 Designated bridge has priority 4096 address 0001 e80d b6 d6 Designated port id is 128 375 designated path cost 0 Number of transitions to forwarding state 2 BPDU sent 1159 received 632 The port is not in th...

Page 840: ...t of the command show spanning tree pvst as shown in Figure 40 4 Modify Interface PVST Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port Port cost is a value that is based on the interface type The greater the port cost the less likely the port will be selected to be a forwarding port Port priority influences the likeli...

Page 841: ...ed in the software after receiving the BPDU violation This feature is the same as PortFast mode in Spanning Tree Table 40 2 PVST Default Port Cost Values Port Cost Default Value 100 Mb s Ethernet interfaces 200000 1 Gigabit Ethernet interfaces 20000 10 Gigabit Ethernet interfaces 2000 Port Channel with 100 Mb s Ethernet interfaces 180000 Port Channel with 1 Gigabit Ethernet interfaces 18000 Port C...

Page 842: ...lready in error disable state the new member port will also be disabled in the hardware 3 When a physical port is removed from a port channel in error disable state the error disabled state is cleared on this physical port the physical port will be enabled in the hardware 4 The reset linecard command does not clear the error disabled state of the port or the hardware disabled state The interface c...

Page 843: ... global configuration mode FTOS Behavior The following conditions apply to a port enabled with root guard Root guard is supported on any PVST enabled port or port channel interface except when used as a stacking port Root guard is supported on a port in any Spanning Tree mode Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Per VLAN Spanning Tree Pl...

Page 844: ...n any PVST enabled port or port channel interface Loop guard is supported on a port or port channel in any Spanning Tree mode Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Per VLAN Spanning Tree Plus PVST Root guard and loop guard cannot be enabled at the same time on a PVST port For example if you configure root guard on a port on which loop gua...

Page 845: ...P2 are untagged members of different VLANs These ports are untagged because the hub is VLAN unaware There is no data loop in the above scenario however PVST can be employed to avoid potential mis configurations If PVST is enabled on the Dell Force10 switch in this network P1 and P2 receive BPDUs from each other Ordinarily the Bridge ID in the frame matches the Root ID a loop is detected and the ru...

Page 846: ...a port that is in a forwarding state BPDU guard is enabled on a port that is shut down Figure 40 6 Displaying STP Guard Configuration Task Command Syntax Command Mode Augment the Bridge ID with the VLAN ID extend system id PROTOCOL PVST FTOS conf pvst do show spanning tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773 Address 0001 e832 73f7 Root B...

Page 847: ...o ip address switchport no shutdown interface GigabitEthernet 1 32 no ip address switchport no shutdown protocol spanning tree pvst no disable vlan 100 bridge priority 4096 interface Vlan 100 no ip address tagged GigabitEthernet 1 22 32 no shutdown interface Vlan 200 no ip address tagged GigabitEthernet 1 22 32 no shutdown interface Vlan 300 no ip address tagged GigabitEthernet 1 22 32 no shutdown...

Page 848: ...0 no ip address tagged GigabitEthernet 2 12 32 no shutdown interface Vlan 300 no ip address tagged GigabitEthernet 2 12 32 no shutdown protocol spanning tree pvst no disable vlan 200 bridge priority 4096 interface GigabitEthernet 3 12 no ip address switchport no shutdown interface GigabitEthernet 3 22 no ip address switchport no shutdown interface Vlan 100 no ip address tagged GigabitEthernet 3 12...

Page 849: ...fic has eight queues per port Four queues are for data traffic and four are for control traffic All queues are serviced using the Deficit Round Robin scheduling algorithm You can only manage queuing prioritization on egress Table 41 1 FTOS Support for Port based Policy based and Multicast QoS Features Feature Platform Direction Port based QoS Configurations c e s Ingress Egress Set dot1p Prioritie...

Page 850: ...e Policy Maps c e s Ingress Egress Create Input Policy Maps c e s Ingress Honor DSCP values on ingress packets c e s Honoring dot1p values on ingress packets e c s Create Output Policy Maps c e s Egress Specify an aggregate QoS policy c e s QoS Rate Adjustment c e s Strict priority Queueing c e s Weighted Random Early Detection e Egress Create WRED Profiles e Configure WRED for Storm Control e All...

Page 851: ...eaders RFC 2475 An Architecture for Differentiated Services RFC 2597 Assured Forwarding PHB Group RFC 2598 An Expedited Forwarding PHB You cannot configure port based and policy based QoS on the same interface and SONET line cards support only port based QoS Packet Classification ACL Ingress Packet Processing Marking DiffServ 802 1p Exp Rate Policing Buffers Class based Queues Congestion Avoidance...

Page 852: ...a priority in a queue based on Table 41 2 If you set a dot1p priority for a port channel all port channel members are configured with the same value You cannot assign a dot1p value to an individual interfaces in a port channel Figure 41 2 Configuring dot1p Priority on an Interface FTOS Behavior The C Series and S Series distribute eight dot1p priorities across four data queues This is different fr...

Page 853: ...these packets are treated as untagged However the dot1p value is still honored when service class dynamic dot1p or trust dot1p is configured When priority tagged frames ingress an untagged port or hybrid port the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if service class dynamic dotp or trust dot1p are configured When priority tagged fra...

Page 854: ...ed rate limit value Only hybrid ports reliably apply the configured rate limit to priority tagged frames Rate limiting may not be applied according to the configured rate limit value on an interface on which the dot 1p priority is changed on incoming traffic using the dot1p priority command FTOS config t FTOS conf interface gigabitethernet 1 0 FTOS conf if rate police 100 40 peak 150 50 FTOS conf ...

Page 855: ...y hybrid ports reliably apply the configured rate limit to priority tagged frames Rate limiting may not be applied according to the configured rate limit value on an interface on which the dot 1p priority is changed on incoming traffic using the dot1p priority command FTOS config t FTOS conf interface gigabitethernet 1 0 FTOS conf if rate limit 100 40 peak 150 50 FTOS conf if end FTOS FTOS show in...

Page 856: ... in the outputs of show queue statistics egress and show qos statistics wred profile does not increment This is because while TeraScale systems maintain QoS counters per interface ExaScale systems maintain QoS counters per port pipe The matched packets counter however increments as expected FTOS Behavior On Exascale 10G line cards the granularity for rate shaping is 10Mbps so traffic is not always...

Page 857: ...ferentiates ingress packets based on DSCP value or IP precedence and characteristics defined in an IP ACL You may specify more than one DSCP and IP precedence value but only one value must match to trigger a positive match for the class map 1 Create a match any class map using the command class map match any or a match all class map using the command class map match all from CONFIGURATION mode as ...

Page 858: ... command match mac Match any class maps allow up to five access lists and match all class maps allow only one You can match against only one VLAN ID 3 After you specify your match criteria link the class map to a queue using the command service queue from POLICY MAP mode The following configuration maps each queue to a VLAN you can map 8 VLAN to 8 queues on the E Series and 4 VLANs to 4 queues on ...

Page 859: ...f the match criteria are mapped to the same queue since they are in the same class map Setting a DSCP value from QOS POLICY IN mode see Set a DSCP value for egress packets on page 861 assigns the same DSCP value to all of the matching flows in the class map The Flow based DSCP Marking feature allows you to assign different DSCP to each match criteria CLASS MAP mode using the option set ip dscp wit...

Page 860: ...2 seq 5 permit ip host 23 64 0 5 any seq 10 deny ip any any FTOS show cam layer3 qos interface gigabitethernet 4 49 Cam Port Dscp Proto Tcp Src Dst SrcIp DstIp DSCP Queue Index Flag Port Port Marking 20416 1 18 IP 0x0 0 0 23 64 0 5 32 0 0 0 0 0 20 2 20417 1 18 IP 0x0 0 0 0 0 0 0 0 0 0 0 0 0 0 20418 1 0 IP 0x0 0 0 23 64 0 2 32 0 0 0 0 0 10 1 20419 1 0 IP 0x0 0 0 0 0 0 0 0 0 0 0 0 0 0 20420 1 0 IP 0...

Page 861: ...e or more of the following Configure policy based rate policing Set a DSCP value for egress packets Set a dot1p value for egress packets Configure policy based rate policing Rate police ingress traffic using the command rate police from QOS POLICY IN mode Set a DSCP value for egress packets Set a DSCP value for egress packets based on ingress QoS classification as shown in Figure 41 2 The 6 bits t...

Page 862: ...ng Configure policy based rate shaping Allocate bandwidth to queue Specify WRED drop precedence Configure policy based rate limiting Configure policy based rate limiting is supported only on platform e Policy based rate limiting is configured the same way as port based rate limiting except that the command from QOS POLICY OUT mode is rate limit rather than rate limit as it is in INTERFACE mode FTO...

Page 863: ...e command bandwidth percentage on the E Series To allocate bandwidth to queues on the C Series and S Series assign each queue a weight ranging from 1 to 1024 in increments of 2n using the command bandwidth weight Table 41 3 shows the default bandwidth weights for each queue and their equivalent percentage which is derived by dividing the bandwidth weight by the sum of all queue weights There are t...

Page 864: ... 2 input policy map by specifying the keyword layer2 with the policy map input command 2 Once you create an input policy map do one or more of the following Apply a class map or input QoS policy to a queue Apply an input QoS policy to an input policy map Honor DSCP values on ingress packets Honoring dot1p values on ingress packets 3 Apply the input policy map to an interface See page 868 Apply a c...

Page 865: ... queues FTOS maps DSCP values When Trust DSCP is configured the matched packets and matched bytes counters are not incremented in show qos statistics Table 41 5 Default DSCP to Queue Mapping DSCP CP hex range XXX xxx DSCP Definition Traditional IP Precedence E Series Internal Queue ID C Series Internal Queue ID S Series Internal Queue ID DSCP CP decimal 111XXX Network Control 7 3 3 48 63 110XXX In...

Page 866: ...ailable only on platforms e When using QoS service policies with multiple class maps you can configure FTOS to use the incoming DSCP or dot1p marking as a secondary option for packet queuing in the event that no match occurs in the class maps When class maps are used traffic is matched against each class map sequentially from first to last The sequence is based on the priority of the rules as foll...

Page 867: ...h exists go to the next class map 3 Match packets against match all qos BE1 If a match exists queue the packet as BE1 and if no match exists queue the packets to the default queue Queue 0 You can optionally classify packets using their DSCP marking instead of placing packets in Queue 0 if no match occurs In the above example if no match occurs against match all qos BE1 the classification logic con...

Page 868: ...cy map to an interface using the command service policy input from INTERFACE mode Specify the keyword layer2 if the policy map you are applying a Layer 2 policy map in this case the INTERFACE must be in switchport mode You can apply the same policy map to multiple interfaces and you can modify a policy map after you apply it You cannot apply a class map and QoS policies to the same interface You c...

Page 869: ...ault while rate limiting policing and shaping FTOS does not include the Preamble SFD or the IFG fields These fields are overhead only the fields from MAC Destination Address to the CRC are used for forwarding and are included in these rate metering calculations You can optionally include overhead fields in rate metering calculations by enabling QoS Rate Adjustment QoS Rate Adjustment is disabled b...

Page 870: ... of packets The rate at which some types of packets arrive might be greater than others In this case the space on the BTM ingress or egress can be consumed by only one or a few types of traffic leaving no space for other types A WRED profile can be applied to a policy map so that specified traffic can be prevented from consuming too much of the BTM resources WRED uses a profile to specify minimum ...

Page 871: ...o green If you do not configure FTOS to honor DSCP values on ingress Honor DSCP values on ingress packets on page 865 see all traffic defaults to green drop precedence Assign a WRED profile to either yellow or green traffic from QOS POLICY OUT mode using the command wred Configure WRED for Storm Control Configure WRED for Storm Control is supported only on platform e Storm control limits the perce...

Page 872: ...adcast traffic might be greater than other traffic and if so broadcast packets would consume too much buffer space So the wred profile option is added to limit the amount of buffer space that broadcast traffic can consume Display Default and Configured WRED Profiles Display default and configured WRED profiles and their threshold values using the command show qos wred profile from EXEC mode as sho...

Page 873: ...ng bandwidth is distributed among the other queues FTOS Behavior The C Series fetches the per queue packet count via class maps The count is the number of packets matching the ACL entries in class map Every time the class map or policy map is modified the ACL entries are re written to the Forwarding Processor and the queue statistics are cleared This behavior is different from the E Series The E S...

Page 874: ...ace so that you avoid exceeding the QoS CAM space and partial configurations This command measures the size of the specified policy map and compares it to the available CAM space in a partition for a specified port pipe Test the policy map size against the CAM space for a specific port pipe or all port pipes using these commands test cam usage service policy input policy map linecard stack unit nu...

Page 875: ...ied port pipe Figure 41 16 test cam usage Command Example Viewing QoS CAM Entries Viewing QoS CAM Entries is supported only on platform e View Layer 2 QoS CAM entries using the command show cam layer3 qos from EXEC Privilege mode View Layer 3 QoS CAM entries using the command show cam layer2 qos from EXEC Privilege mode Note The command show cam usage provides much of the same information as test ...

Page 876: ...876 Quality of Service w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 877: ... the Appendix 63 Standards Compliance chapter Protocol Overview RIP is the oldest interior gateway protocol There are two versions of RIP RIP version 1 RIPv1 and RIP version 2 RIPv2 These versions are documented in RFCs 1058 and 2453 RIPv1 RIPv1 learns where nodes in a network are located by automatically constructing a routing data table The routing table is established after RIP sends out one or...

Page 878: ...for route updates on IP multicast address 224 0 0 9 Implementation Information FTOS supports both versions of RIP and allows you to configure one version globally and the other version or both versions on the interfaces The C Series and E Series both support 1 000 RIP routes Table 42 1 displays the defaults for RIP in FTOS Configuration Information By default RIP is disabled in FTOS To configure R...

Page 879: ...em is to exchange RIP information ensure that all devices on that network are configured to exchange RIP information The FTOS default is to send RIPv1 and to receive RIPv1 and RIPv2 To change the RIP version globally use the version command in the ROUTER RIP mode When RIP is enabled you can view the global RIP configuration by using the show running config command in the EXEC mode or the show conf...

Page 880: ... network identified in the network command syntax FTOS show ip rip database Total number of routes in RIP database 978 160 160 0 0 16 120 1 via 29 10 10 12 00 00 26 Fa 0 0 160 160 0 0 16 auto summary 2 0 0 0 8 120 1 via 29 10 10 12 00 01 22 Fa 0 0 2 0 0 0 8 auto summary 4 0 0 0 8 120 1 via 29 10 10 12 00 01 22 Fa 0 0 4 0 0 0 8 auto summary 8 0 0 0 8 120 1 via 29 10 10 12 00 00 26 Fa 0 0 8 0 0 0 8 ...

Page 881: ...or to assigning it to the RIP process For configuration information on prefix lists see Chapter 17 IP Access Control Lists Prefix Lists and Route maps on page 47 To apply prefix lists to incoming or outgoing RIP routes use the following commands in the ROUTER RIP mode In addition to filtering routes you can add routes from other routing instances or protocols to the RIP process With the redistribu...

Page 882: ...ific RIP version Use the show config command in the ROUTER RIP mode to see whether the version command is configured You can also use the show ip protocols command in the EXEC mode to view the routing protocols configuration Command Syntax Command Mode Purpose redistribute connected static metric metric value route map map name ROUTER RIP Include directly connected or user configured static routes...

Page 883: ...irms that both versions are sent out that interface This interface no longer sends and receives the same RIP versions as FTOS does globally Command Syntax Command Mode Purpose ip rip receive version 1 2 INTERFACE Set the RIP version s received on that interface ip rip send version 1 2 INTERFACE Set the RIP version s sent out on that interface FTOS show ip protocols Routing Protocols is RIP Sending...

Page 884: ...in large networks By default the autosummary command in the ROUTER RIP mode is enabled and summarizes RIP routes up to the classful network boundary Command Syntax Command Mode Purpose default information originate always metric value route map route map name ROUTER RIP Specify the generation of a default route in RIP Configure the following parameters always enter this keyword to always generate ...

Page 885: ...so that the ones with the lower weight or administrative distance assigned are preferred To set route metrics use either of the following commands in the ROUTER RIP mode Use the show config command in the ROUTER RIP mode to view configuration changes Debug RIP The debug ip rip command enables RIP debugging When debugging is enabled you can view information on RIP protocol changes or RIP routes Not...

Page 886: ...enshots are divided into the following groups of command sequences Configuring RIPv2 on Core 2 on page 887 Core 2 Output on page 887 RIP Configuration on Core 3 on page 889 Core 3 RIP Output on page 889 RIP Configuration Summary on page 891 Figure 42 7 RIP Topology Example Command Syntax Command Mode Purpose debug ip rip interface database events trigger EXEC privilege Enable debugging of RIP FTOS...

Page 887: ..._rip network 10 11 10 0 Core2 conf router_rip network 10 11 20 0 Core2 conf router_rip show config router rip network 10 0 0 0 version 2 Core2 conf router_rip Core2 conf router_rip end 00 12 24 RPM0 P CP SYS 5 CONFIG_I Configured from console by console Core2 show ip rip database Total number of routes in RIP database 7 10 11 30 0 24 120 1 via 10 11 20 1 00 00 03 GigabitEthernet 2 31 10 300 10 0 2...

Page 888: ...10 200 10 0 24 Direct Gi 2 41 0 0 00 03 03 C 10 300 10 0 24 Direct Gi 2 42 0 0 00 02 42 R 192 168 1 0 24 via 10 11 20 1 Gi 2 31 120 1 00 01 20 R 192 168 2 0 24 via 10 11 20 1 Gi 2 31 120 1 00 01 20 Core2 R 192 168 1 0 24 via 10 11 20 1 Gi 2 31 120 1 00 05 22 R 192 168 2 0 24 via 10 11 20 1 Gi 2 31 120 1 00 05 22 Core2 Core2 show ip protocols Routing Protocol is RIP Sending updates every 30 seconds...

Page 889: ...168 2 0 Core3 conf router_rip network 10 11 30 0 Core3 conf router_rip network 10 11 20 0 Core3 conf router_rip show config router rip network 10 0 0 0 network 192 168 1 0 network 192 168 2 0 version 2 Core3 conf router_rip Core3 show ip rip database Total number of routes in RIP database 7 10 11 10 0 24 120 1 via 10 11 20 2 00 00 13 GigabitEthernet 3 21 10 200 10 0 24 120 1 via 10 11 20 2 00 00 1...

Page 890: ...3 C 10 11 30 0 24 Direct Gi 3 11 0 0 00 06 00 R 10 200 10 0 24 via 10 11 20 2 Gi 3 21 120 1 00 01 14 R 10 300 10 0 24 via 10 11 20 2 Gi 3 21 120 1 00 01 14 C 192 168 1 0 24 Direct Gi 3 43 0 0 00 06 53 C 192 168 2 0 24 Direct Gi 3 44 0 0 00 06 26 Core3 Core3 show ip protocols Routing Protocol is RIP Sending updates every 30 seconds next due in 6 Invalid after 180 seconds hold down 180 flushed after...

Page 891: ...e GigabitEthernet 2 41 ip address 10 200 10 1 24 no shutdown interface GigabitEthernet 2 42 ip address 10 250 10 1 24 no shutdown router rip version 2 10 200 10 0 10 300 10 0 10 11 10 0 10 11 20 0 interface GigabitEthernet 3 11 ip address 10 11 30 1 24 no shutdown interface GigabitEthernet 3 21 ip address 10 11 20 1 24 no shutdown interface GigabitEthernet 3 43 ip address 192 168 1 1 24 no shutdow...

Page 892: ...892 Routing Information Protocol w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 893: ...s with SNMP and monitors all nodes on a LAN segment RMON monitors traffic passing through the router and segment traffic not destined for the router The monitored interfaces may be chosen by using alarms and events with standard MIBs Implementation You must configure SNMP prior to setting up RMON For a complete SNMP implementation discussion refer to Chapter 6 Simple Network Management Protocol SN...

Page 894: ...es down the other RPM maintains the sampled data the new master RPM provides the same sampled data as did the old master as long as the master RPM had been running long enough to sample all the data NMS backs up all the long term data collection and displays the failover downtime from the performance graph Chassis Down When a chassis goes down all sampled data is lost But the RMON configurations a...

Page 895: ...seconds the alarm monitors the MIB variable the value must be between 1 to 3 600 delta Tests the change between MIB variables this is the alarmSampleType in the RMON Alarm table absolute Tests each MIB variable directly this is the alarmSampleType in the RMON Alarm table rising threshold value Value at which the rising threshold alarm is triggered or reset For the rmon alarm command this is a 32 b...

Page 896: ... number log trap community description string owner string CONFIGURATION number Assigned event number which is identical to the eventIndex in the eventTable in the RMON MIB The value must be an integer from 1 to 65 535 the value must be unique in the RMON Event Table log Optional Generates an RMON log entry when the event is triggered and sets the eventType in the RMON MIB to log or log and trap D...

Page 897: ...ommand The following command enables the RMON statistics collection on the interface with an ID value of 20 and an owner of john Figure 43 3 rmon collection statistics Command Example Command Syntax Command Mode Purpose no rmon collection statistics controlEntry integer owner ownername CONFIGURATION INTERFACE config if controlEntry Specifies the RMON group of statistics using a value integer A val...

Page 898: ...E config if controlEntry Specifies the RMON group of statistics using a value integer A value from 1 to 65 535 that identifies the RMON group of statistics The value must be a unique index in the RMON History Table owner Optional Specifies the name of the owner of the RMON group of statistics Default is a null terminated string ownername Optional Records the name of the owner of the RMON group of ...

Page 899: ...itches configured with STP and MSTP FTOS supports three other variations of Spanning Tree as shown in Table 44 1 Configuring Rapid Spanning Tree Configuring Rapid Spanning Tree is a two step process 1 Configure interfaces for Layer 2 See page 48 2 Enable Rapid Spanning Tree Protocol See page 49 Related Configuration Tasks Add and Remove Interfaces on page 904 Modify Global Parameters on page 904 T...

Page 900: ...d a large group of ports to a large group of VLANs adding a group of ports to a range of VLANs sends multiple messages to the RSTP task When using the range command Dell Force10 recommends limiting the range to 5 ports and 40 VLANs Configure Interfaces for Layer 2 Mode All interfaces on all bridges that will participate in Rapid Spanning Tree must be in Layer 2 and enabled Figure 44 1 Configuring ...

Page 901: ...om PROTOCOL SPANNING TREE RSTP mode Step Task Command Syntax Command Mode 1 If the interface has been assigned an IP address remove it no ip address INTERFACE 2 Place the interface in Layer 2 mode switchport INTERFACE 3 Enable the interface no shutdown INTERFACE Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE RSTP mode protocol spanning tree rstp CONFIGURATIO N 2 Enable Ra...

Page 902: ...nd from EXEC privilege mode If a physical interface is part of a port channel only the port channel is listed in the command output FTOS conf rstp show config protocol spanning tree rstp no disable FTOS conf rstp Indicates that Rapid Spanning Tree is enabled R1 R2 R3 1 3 3 1 3 2 3 4 3 3 1 4 1 1 1 2 2 1 2 2 2 3 2 4 Port 684 GigabitEthernet 4 43 is alternate Discarding Discarding Port path cost 2000...

Page 903: ...ot in the Edge port mode Port 378 GigabitEthernet 2 2 is designated Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 378 Designated root has priority 32768 address 0001 e801 cbb4 Designated bridge has priority 32768 address 0001 e801 cbb4 Designated port id is 128 378 designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 121 received 2 The port is not in...

Page 904: ...P Bridge Protocol Data Units BPDUs Max age is the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology Note Dell Force10 recommends that only experienced network administrators change the Rapid Spanning Tree group parameters Poorly planned modification of the RSTG parameters can negatively impact network performance R3 s...

Page 905: ...abit Ethernet interfaces 2000 Port Channel with 100 Mb s Ethernet interfaces 180000 Port Channel with 1 Gigabit Ethernet interfaces 18000 Port Channel with 10 Gigabit Ethernet interfaces 1800 Port Priority 128 Task Command Syntax Command Mode Change the forward delay parameter Range 4 to 30 Default 15 seconds forward delay seconds PROTOCOL SPANNING TREE RSTP Change the hello time parameter Note Wi...

Page 906: ...hould behave otherwise it does not go through the Learning and Listening states The bpduguard shutdown on violation option causes the interface hardware to be shutdown when it receives a BPDU When only bpduguard is implemented although the interface is placed in an Error Disabled state when receiving the BPDU the physical interface remains up and spanning tree will drop packets in the hardware aft...

Page 907: ...el in error disable state the error disabled state is cleared on this physical port the physical port will be enabled in the hardware 4 The reset linecard command does not clear the error disabled state of the port or the hardware disabled state The interface continues to be disables in the hardware The error disabled state can be cleared with any of the following methods Perform an shutdown comma...

Page 908: ...ommand Example SNMP Traps for Root Elections and Topology Changes Enable SNMP traps for RSTP MSTP and PVST collectively using the command snmp server enable traps xstp Task Command Syntax Command Mode Assign a number as the bridge priority or designate it as the primary or secondary root priority value range 0 to 65535 The lower the number assigned the more likely this bridge will become the root ...

Page 909: ...n the order of milliseconds hello time milli second interval Range 50 950 milliseconds PROTOCOL RSTP FTOS conf rstp do show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0 Address 0001 e811 2233 Root Bridge hello time 50 ms max age 20 forward delay 15 Bridge ID Priority 0 Address 0001 e811 2233 We are the root Configured hello time 50 ms max age 20 forw...

Page 910: ...terface interface command in global configuration mode FTOS Behavior The following conditions apply to a port enabled with root guard Root guard is supported on any RSTP enabled port or port channel interface except when used as a stacking port Root guard is supported on a port in any Spanning Tree mode Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MS...

Page 911: ...S Behavior The following conditions apply to a port enabled with loop guard Loop guard is supported on any RSTP enabled port or port channel interface Loop guard is supported on a port or port channel in any Spanning Tree mode Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Per VLAN Spanning Tree Plus PVST Root guard and loop guard cannot be enable...

Page 912: ...configure and use the STP root guard loop guard and BPDU guard features Figure 44 9 shows an example for an RSTP network instance 0 in which Root guard is enabled on a port that is in a root inconsistent state Loop guard is enabled on a port that is in a forwarding state BPDU guard is enabled on a port that is shut down Figure 44 9 Displaying STP Guard Configuration FTOS show spanning tree rstp gu...

Page 913: ...s chapter see the Security Commands chapter in the FTOS Command Reference AAA Accounting AAA Accounting is part of the AAA security model Accounting Authentication and Authorization which includes services for authentication authorization and accounting For details on commands related to AAA security refer to the Security chapter in the FTOS Command Reference AAA Accounting enables tracking of ser...

Page 914: ...evel default name start stop wait start stop only tacacs CONFIGURATION Enable AAA Accounting and create a record for monitoring the accounting function The variables are system sends accounting information of any other AAA configuration exec sends accounting information when a user has logged in to the EXEC mode command level sends accounting of commands executed at the specified privilege level d...

Page 915: ...unting is set to track all usage of EXEC commands and commands on privilege level 15 System accounting can use only the default method list aaa accounting system default start stop tacacs Configure AAA Accounting for terminal lines Use the following commands to enable accounting with a named method list for a specific terminal line where com15 and execAcct are the method list names Monitor AAA Acc...

Page 916: ...accounting Command Example for AAA Accounting Command Syntax Command Mode Purpose show accounting CONFIGURATION Step through all active sessions and print all the accounting records for the actively accounted functions FTOS show accounting Active accounted actions on tty2 User admin Priv 1 Task ID 1 EXEC Accounting record 00 00 39 Elapsed service shell Active accounted actions on tty3 User admin P...

Page 917: ...n which they are applied You can define a method list or use the default method list User defined method lists take precedence over the default method list Configuration Task List for AAA Authentication The following sections provide the configuration tasks Configure login authentication for terminal lines Configure AAA Authentication login methods on page 918 Enable AAA Authentication on page 919...

Page 918: ...word command in the LINE mode local use the username password database defined in the local configuration none no authentication radius use the RADIUS server s configured with the radius server host command tacacs use the TACACS server s configured with the tacacs server host command 2 line aux 0 console 0 vty number end number CONFIGURATION Enter the LINE mode 3 login authentication method list n...

Page 919: ...that follow this argument as the default list of methods when a user logs in method list name Character string used to name the list of enable authentication methods activated when a user logs in method1 method4 Any of the following RADIUS TACACS enable line none Step Command Syntax Command Mode Purpose 1 aaa authentication enable default radius tacacs CONFIGURATION To enable RADIUS and to set up ...

Page 920: ... privilege level of 0 1 or 15 You can configure up to 16 privilege levels in FTOS FTOS is pre configured with 3 privilege levels and you can configure 13 more The three pre configured levels are Privilege level 1 is the default level for the EXEC mode At this level you can interact with the router for example view some show commands and Telnet and ping to test connectivity but you cannot configure...

Page 921: ...andatory Configure custom privilege levels on page 922 mandatory Specify LINE mode password and privilege on page 924 optional Enable and disabling privilege levels on page 925 optional For a complete listing of all commands related to FTOS privilege levels and passwords refer to the Security chapter in the FTOS Command Reference Configure a username and password In FTOS you can assign a specific ...

Page 922: ...5 command to access and configure all CLI Configure custom privilege levels In addition to assigning privilege levels to the user you can configure the privilege levels of commands so that they are visible in different privilege levels Within FTOS commands have certain privilege levels With the privilege command the default level can be changed or you can reset their privilege level back to the de...

Page 923: ...cess list name Enter the name of a configured IP ACL privilege level range 0 to 15 nopassword Do not require the user to enter a password encryption type Enter 0 for plain text or 7 for encrypted text password Enter a string 2 enable password level level encryption mode password CONFIGURATION Configure a password for privilege level Configure the optional and required parameters level level Specif...

Page 924: ...vilege config level 8 snmp server FTOS conf end FTOS show running config Current Configuration hostname Force10 enable password level 8 notjohn enable password force10 username admin password 0 admin username john password 0 john privilege 8 The user john is assigned privilege level 8 and assigned a password All other users are assigned a password to access privilege level 8 The command configure ...

Page 925: ... requests authentication of the user and password The RADIUS server returns one of the following responses Access Accept the RADIUS server authenticates the user Access Reject the RADIUS server does not authenticate the user If an error occurs in the transmission or reception of RADIUS packets the error can be viewed by enabling the debug radius command Transactions between the RADIUS server and t...

Page 926: ...uses configuration information from the user profile to issue the user s session The user s access is limited based on the configuration attributes FTOS supports the following RADIUS attributes Code Attribute 1 RADIUS_USER_NAME 2 RADIUS_USER_PASSWORD 4 RADIUS_NAS_IP_ADDRESS 5 RADIUS_NAS_PORT 11 RADIUS_FILTER_ID for ACL 26 RADIUS_VENDOR_SPECIFIC privilege level auto command 28 RADIUS_IDLE_TIMEOUT 6...

Page 927: ...he two idle time values configured or default is used The idle time value is updated if both of the following happens The administrator changes the idle time of the line on which the user has logged in The idle time is lower than the RADIUS returned idle time ACL The RADIUS server can specify an ACL If an ACL is configured on the RADIUS server and if that ACL is present user may be allowed access ...

Page 928: ...bal communication parameters for all RADIUS server hosts on page 930 optional Monitor RADIUS on page 931 optional For a complete listing of all FTOS commands related to RADIUS refer to the Security chapter in the FTOS Command Reference To view the configuration use the show config in the LINE mode or the show running config command in the EXEC Privilege mode Define a AAA method list to be used for...

Page 929: ...nd number CONFIGURATION Enter the LINE mode login authentication method list name default LINE Enable AAA login authentication for the specified RADIUS method list This procedure is mandatory if you are not using default lists authorization exec methodlist CONFIGURATION To use the methodlist Command Syntax Command Mode Purpose radius server host hostname ipv4 address ipv6 address auth port port nu...

Page 930: ...rt key retransmit and timeout parameters and specific host communication parameters on the same system However if both global and specific host parameters are configured the specific host parameters override the global parameters for that RADIUS server host To set global communication parameters for all RADIUS server hosts use any or all of the following commands in the CONFIGURATION mode Command ...

Page 931: ...thorization on page 933 TACACS Remote Authentication and Authorization on page 933 Specify a TACACS server host on page 934 Choose TACACS as the Authentication Method on page 931 For a complete listing of all commands related to TACACS refer to the Security chapter in the FTOS Command Reference Choose TACACS as the Authentication Method One of the login authentication methods available is TACACS a...

Page 932: ...ACS is incorrect but the user is still authenticated by the secondary method Step Command Syntax Command Mode Purpose 1 tacacs server host ipv4 address ipv6 address host CONFIGURATION Configure a TACACS server host Enter the IP address or host name of the TACACS server Use this command multiple times to configure multiple TACACS server hosts 2 aaa authentication login method list name default taca...

Page 933: ...cation enable LOCAL enable tacacs aaa authentication login default tacacs local aaa authentication login LOCAL local tacacs aaa authorization exec default tacacs none aaa authorization commands 1 default tacacs none aaa authorization commands 15 default tacacs none aaa accounting exec default start stop tacacs aaa accounting commands 1 default start stop tacacs aaa accounting commands 15 default s...

Page 934: ...ig tacacs command in the EXEC Privilege mode Command Syntax Command Mode Purpose tacacs server host hostname ipv4 address ipv6 address port port number timeout seconds key key CONFIGURATION Enter the host name or IP address of the TACACS server host Configure the optional communication parameters for the specific host port port number range 0 to 65335 Enter a TCP port number The default is 49 time...

Page 935: ...t attack is a class of attack where configured ACL entries denying TCP port specific traffic can be bypassed and traffic can be sent to its destination although denied by the ACL RFC 1858 and 3128 proposes a countermeasure to the problem This countermeasure is configured into the line cards and enabled by default SCP and SSH Secure Shell SSH is a protocol for secure remote login and other secure n...

Page 936: ... the use of the command ip ssh server version 2 to enable SSH version 2 and the show ip ssh command to confirm the setting Note The Windows based WinSCP client software is not supported for secure copying between a PC and an FTOS based system Unix based SCP client software is supported Command Syntax Command Mode Purpose ssh hostname hostip l username p port number v 1 2 EXEC Privilege Open an SSH...

Page 937: ...transfer ip ssh authentication retries Configure the maximum number of attempts that should be used to authenticate a user Step Task Command Syntax Command Mode 1 On Chassis One set the SSH port number port 22 by default ip ssh server port number CONFIGURATION 2 On Chassis One enable SSH ip ssh server enable CONFIGURATION 3 On Chassis Two invoke SCP copy scp flash CONFIGURATION 4 On Chassis Two in...

Page 938: ... Open an SSH connection to the peer RPM Secure Shell Authentication Secure Shell SSH is disabled by default Enable it using the command ip ssh server enable SSH supports three methods of authentication SSH Authentication by Password on page 938 RSA Authentication of SSH on page 939 Host based SSH Authentication on page 939 Important Points to Remember for SSH Authentication If more than one method...

Page 939: ...able RSA authentication ip ssh rsa authentication enable EXEC Privilege 5 Bind the public keys to RSA authentication ip ssh rsa authentication my authorized keys flash public_key EXEC Privilege FTOS conf ip ssh server enable Please wait while SSH Daemon initializes done FTOS conf ip ssh password authentication enable FTOS sh ip ssh SSH server enabled Password Authentication enabled Hostbased Authe...

Page 940: ...sable password authentication and RSA authentication if configured no ip ssh password authentication no ip ssh rsa authentication CONFIGURATION EXEC Privilege 6 Enable host based authentication ip ssh hostbased authentication enable CONFIGURATION 7 Bind shosts and rhosts to host based authentication ip ssh pub key file flash filename ip ssh rhostsfile flash filename CONFIGURATION admin Unix_client...

Page 941: ...mpt to log in Message 4 appears In this case verify that the name and IP address of the client is contained in the file etc hosts Telnet To use Telnet with SSH you must first enable SSH as described above By default the Telnet daemon is enabled If you want to disable the Telnet daemon use the following command or disable Telnet in the startup config Use the no ip telnet server enable command to en...

Page 942: ...sions When creating a trace list the sequence of the filters is important You have a choice of assigning sequence numbers to the filters as you enter them or FTOS assigns numbers in the order the filters were created For more information on sequence numbering refer to Chapter 21 IP Access Control Lists Prefix Lists and Route maps on page 419 Configuration Tasks for Trace Lists The following config...

Page 943: ...2 seq sequence number deny permit ip ip protocol number source mask any host ip address destination mask any host ip address count byte log TRACE LIST Configure a drop or forward filter Configure the following required and optional parameters sequence number range 0 to 4294967290 ip to specify IP as the protocol to filter for ip protocol number range 0 to 255 source An IP address as the source IP ...

Page 944: ...to match IP addresses in a host destination An IP address as the source IP address for the filter to match count count packets processed by the filter byte count bytes processed by the filter log is supported Step Command Syntax Command Mode Purpose 1 ip trace list access list name CONFIGURATION Create a trace list and assign it a unique name 2 seq sequence number deny permit udp source mask any h...

Page 945: ... permit filter to examine IP packets Configure the following required and optional parameters ip to specify IP as the protocol to filter for ip protocol number range 0 to 255 source An IP address as the source IP address for the filter to match mask a network mask any to match any IP source address host ip address to match IP addresses in a host destination An IP address as the source IP address f...

Page 946: ... IP source address host ip address to match IP addresses in a host destination An IP address as the source IP address for the filter to match precedence precedence range 0 to 7 tos tos value range 0 to 15 count count packets processed by the filter byte count bytes processed by the filter log is supported deny permit udp source mask any host ip address operator port port destination mask any host ...

Page 947: ...he Trace list is enabled you can view its log with the show ip accounting trace list trace list name linecard number command Figure 45 15 show ip accounting trace list Command Example Command Syntax Command Mode Purpose ip trace group trace list name CONFIGURATION Enable a configured Trace list to filter traffic FTOS config trace acl deny tcp host 123 55 34 0 any FTOS config trace acl permit udp 1...

Page 948: ...n is configured globally You configure access classes on a per user basis FTOS can assign different access classes to different users by username Until users attempt to log in FTOS does not know if they will be assigned a VTY line This means that incoming users always see a login prompt even if you have excluded them from the VTY line with a deny all access class Once users identify themselves FTO...

Page 949: ...n their source MAC address With this approach you can implement a security policy based on the source MAC address To apply a MAC ACL on a VTY line use the same access class command as IP ACLs Figure 45 18 Figure 45 18 shows how to deny incoming connections from subnet 10 0 0 0 without displaying a login prompt Note See also the section Chapter 8 IP Access Control Lists ACL Prefix Lists and Route m...

Page 950: ...ple Access Class Configuration Using TACACS Without Prompt FTOS conf mac access list standard sourcemac FTOS config std mac permit 00 00 5e 00 01 01 FTOS config std mac deny any FTOS conf FTOS conf line vty 0 9 FTOS config line vty access class sourcemac FTOS config line vty end ...

Page 951: ...ers with no coordination between customers and minimal coordination between customers and the provider Using only 802 1Q VLAN tagging all customers would have to use unique VLAN IDs to ensure that traffic is segregated and customers and the service provider would have to coordinate to ensure that traffic mapped correctly across the provider network Even under ideal conditions customers and the pro...

Page 952: ...figured as VLAN Stack access or trunk ports do not switch untagged traffic To switch traffic these interfaces must be added to a non default VLAN Stack enabled VLAN Dell Force10 cautions against using the same MAC address on different customer VLANs on the same VLAN Stack VLAN You can ping across a trunk port only if both systems on the link are an E Series You cannot ping across the link if one o...

Page 953: ...s a port on a service provider bridge that connects to another service provider bridge and is a member of multiple service provider VLANs Physical ports and port channels can be access or trunk ports Figure 46 2 Access and Trunk Ports To create access and trunk ports Step Task Command Syntax Command Mode 1 Assign the role of access port to a Layer 2 port on a provider bridge that is connected to a...

Page 954: ...he Outer VLAN Tag The Tag Protocol Identifier TPID field of the S Tag is user configurable Display the S Tag TPID for a VLAN using the command show running config from EXEC privilege mode FTOS displays the S Tag TPID only if it is a non default value Task Command Syntax Command Mode Enable VLAN Stacking for the VLAN INTERFACE VLAN vlan stack compatible Task Command Syntax Command Mode Select a val...

Page 955: ...N as well as a Stacking VLAN only when the TPID 0x8100 portmode hybrid INTERFACE 2 Add the port to a 802 1Q VLAN as tagged or untagged tagged untagged INTERFACE VLAN FTOS conf int gi 0 1 FTOS conf if gi 0 1 portmode hybrid FTOS conf if gi 0 1 switchport FTOS conf if gi 0 1 vlan stack trunk FTOS conf if gi 0 1 show config interface GigabitEthernet 0 1 no ip address portmode hybrid switchport vlan s...

Page 956: ...tagged VLAN PURPLE on egress at R4 The TPID on the outer tag is 0x9100 R2 s TPID must also be 0x9100 and it is so R2 forwards the frame Given the matching TPID requirement there are limitations when you employ Dell Force10 systems at network edges at which frames are either double tagged on ingress R4 or the outer tag is removed on egress R3 VLAN Stacking with E Series TeraScale Systems The defaul...

Page 957: ...nating from Building A is double tagged on egress at R4 and is switched towards Building B but is not decapsulated on egress at R2 because its TPID is 0x8181 FTOS Behavior The E Series ExaScale and TeraScale forward frames with TPID 0x8100 even when its own TPID is not 0x8100 This behavior is required to service ARP and PVST packets which use TPID 0x8100 I N T E R N E T SERVICE PROVIDER VLAN GREEN...

Page 958: ...ntrast R2 drops the frame with TPID 0x9191 originating from Building C in Figure 46 8 because the frames TPID does not match both bytes of its own TPID FTOS Behavior The E Series ExaScale and TeraScale forwards frames with TPID 0x8100 even when its own TPID is not 0x8100 This behavior is required to service ARP and PVST packets which use TPID 0x8100 I N T E R N E T SERVICE PROVIDER VLAN GREEN VLAN...

Page 959: ...nning with 0x81 were treated as the same TPID as shown in Figure 46 9 Versions 8 2 1 0 and later differentiate between 0x9100 and 0x91XY as shown in Figure 46 11 Table 46 1 E Series Behaviors for Mis matched TPID Network Position Incoming Packet TPID System TPID Match Type TeraScale Behavior ExaScale Behavior Core 0xUVWX 0xUVYZ 1st byte match switch as 0xUVYZ drop 0xUVWZ 0xQRST mismatch drop drop ...

Page 960: ...6 11 For the same traffic types if you configure TPID 0x8100 then the system is able to differentiate between 0x8100 and untagged traffic and maps each to the appropriate VLAN as shown by the packet originating from Building A in Figure 46 11 Therefore a mismatched TPID results in the port not differentiating between tagged and untagged traffic Figure 46 9 Single and Double tag TPID Match on the C...

Page 961: ... TPID 0x8181 R1 C Series w FTOS 8 2 1 0 TPID 0x8181 R4 Non Force10 System TPID 0x8100 TPID 0x8181 R3 C Series w FTOS 8 2 1 0 TPID 0x8181 DEFAULT VLAN DEFAULT VLAN VLA I N TERNET SERVICE PROVIDER VLAN GREEN VLAN PURPLE VLAN GREEN VLAN PURPLE VLAN BLUE VLAN RED V L A N R E D V L A N B L U E TPID 0x8100 PCP CFI 0 VID VLAN Red TPID 0x8100 PCP CFI 0 VID VLAN Red TPID 0x8181 PCP CFI 0 VID VLAN Purple R4...

Page 962: ...to default VLAN switch to default VLAN single tag 0x8100 0xUVWX single tag mismatch switch to default VLAN switch to default VLAN 0x8100 single tag match switch to VLAN switch to VLAN 0x81XY single tagfirst byte match switch to VLAN switch to default VLAN Core untagged 0xUVWX switch to default VLAN switch to default VLAN double tag 0xUVWX 0xUVWX double tag match switch to VLAN switch to VLAN 0xUVY...

Page 963: ...led DEI Enabled Normal Port Normal Port Retain CFI Set CFI to 0 Trunk Port Trunk Port Retain inner tag CFI Retain inner tag CFI Retain outer tag CFI Set outer tag CFI to 0 Access Port Trunk Port Retain inner tag CFI Retain inner tag CFI Set outer tag CFI to 0 Set outer tag CFI to 0 Precedence Description Green High priority packets that are the least preferred to be dropped Yellow Lower priority p...

Page 964: ...i 0 1 0 Green Gi 0 1 1 Yellow Gi 8 9 1 Red Gi 8 40 0 Yellow Task Command Syntax Command Mode Set the DEI value on egress according to the color currently assigned to the packet dei mark green yellow 0 1 INTERFACE Display the DEI marking configuration show interface dei mark interface slot port linecard number port set number EXEC Privilege FTOS show interface dei mark Default CFI DEI Marking 0 Int...

Page 965: ...iginal C Tag dot1p In this case you must have other dot1p QoS configurations this option is classic dot1p marking b mark the S Tag dot1p and queue the frame according to the S Tag dot1p For example if frames with C Tag dot1p values 0 6 and 7 are mapped to an S Tag dot1p value 0 then all such frames are sent to the queue associated with the S Tag 802 1p value 0 This option requires two different CA...

Page 966: ...cted policy map input in layer2 service queue 3 class map a qos policy 3 class map match any a layer2 match mac access group a mac access list standard a seq 5 permit any qos policy input 3 layer2 rate police 40 Likewise in the configuration below packets with dot1p priority 0 3 are marked as dot1p 7 in the outer tag and queued to Queue 3 Rate policing is according to qos policy input 3 All other ...

Page 967: ...he frame according to the original C Tag dot1p This method requires half as many CAM entries as vman qos dual fp vman qos dual fp mark the S Tag dot1p and queue the frame according to the S Tag dot1p This method requires twice as many CAM entries as vman qos and FP blocks in multiples of 2 cam acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ec...

Page 968: ... Figure 46 14 FTOS Behavior In FTOS versions prior to 8 2 1 0 the MAC address that Dell Force10 systems use to overwrite the Bridge Group Address on ingress was non configurable The value of the L2PT MAC address was the Force10 unique MAC address 01 01 e8 00 00 00 As such with these FTOS versions Dell Force10 systems are required at the egress edge of the intermediate network because only FTOS cou...

Page 969: ...quires the default CAM profile I N T E R N E T SERV R ICE PROVIDER w w w SPA P P NNING TREE R1 E Series R2 Non Force10 System S P A P P N N I N G T REE NETWORK S P A P P N N I N G T R EE TREE R3 Non Force10 System Building A Building B BPDU w destination MAC address 01 80 C2 00 00 00 BPDU w destination MAC address 01 01 e8 00 00 00 BPDU w destination MAC address 01 80 C2 00 00 00 no spanning tree ...

Page 970: ...nd Syntax Command Mode 1 Verify that the system is running the default CAM profile you must use this CAM profile for L2PT show cam profile EXEC Privilege 2 Enable protocol tunneling globally on the system protocol tunnel enable CONFIGURATION 3 Tunnel BPDUs the VLAN protocol tunnel stp INTERFACE VLAN Task Command Syntax Command Mode Overwrite the BPDU with a user specified destination MAC address w...

Page 971: ...rved destination MAC address called the Provider Bridge Group Address 01 80 C2 00 00 08 to exchange BPDUs instead of the Bridge Group Address 01 80 C2 00 00 00 originally specified in 802 1Q Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs originating from the customer network as normal data frames rather than consuming them Step Task Comma...

Page 972: ...ing from the customer network as normal data frames rather than consuming them Provider Backbone Bridging through IEEE 802 1ad eliminates the need for tunneling BPDUs with L2PT and increases the reliability of provider bridge networks as the network core need only learn the MAC addresses of core switches as opposed to all MAC addresses received from attached customer devices Task Command Syntax Co...

Page 973: ...rks with many switches and routers sFlow uses two types of sampling Statistical packet based sampling of switched or routed packet flows Time based sampling of interface counters The sFlow monitoring system consists of an sFlow Agent embedded in the switch router and an sFlow collector The sFlow Agent resides anywhere within the path of the packet and combines the flow samples and interface counte...

Page 974: ... that is the lowest configured rate on the port pipe When a high traffic situation occurs a back off is triggered and the hardware sampling rate is backed off from 512 to 1024 Note that port 1 maintains its sampling rate of 16384 port 1 is unaffected because it maintains its configured sampling rate of 16484 To avoid the back off either increase the global sampling rate or configure all the line c...

Page 975: ...packet On the C Series Layer 3 and Layer 2 multicast traffic is not collected with sFlow sampling On the S Series up to 700 packets can be sampled and processed per second On the C Series up to 1000 packets can be sampled and processed per second On the E Series the maximum number of packets that can be sampled and processed per second is 7500 packets when no extended information packing is enable...

Page 976: ...XEC Display sFlow configuration information and statistics Command Syntax Command Mode Purpose show sflow interface interface name EXEC Display sFlow configuration information and statistics on a specific interface FTOS show sflow sFlow services are enabled Global default sampling rate 32768 Global default counter polling interval 20 1 collectors configured Collector IP addr 133 33 33 53 Agent IP ...

Page 977: ...ecard slot number EXEC Display sFlow configuration information and statistics on the specified interface FTOS show sflow interface gigabitethernet 1 16 Gi 1 16 Configured sampling rate 8192 Actual sampling rate 8192 Sub sampling rate 2 Counter polling interval 15 Samples rcvd from h w 33 Samples dropped for sub sampling 6 FTOS show running config interface gigabitethernet 1 16 interface GigabitEth...

Page 978: ...he collector This command changes the global default counter polling 20 seconds interval You can configure an interface to use a different polling interval The polling interval can be configured globally in CONFIGURATION mode or by interface in INTERFACE mode by executing the interval command Command Syntax Command Mode Usage sflow collector ipv4 address ipv6 address agent addr ipv4 address ipv6 a...

Page 979: ...t uses sub sampling to create multiple sampling rates per port pipe To achieve different sampling rates for different ports in a port pipe sFlow Agent takes the lowest numerical value of the sampling rate of all the ports within the port pipe and configures all ports to this value sFlow Agent is then able to skip samples on ports where you require a larger sampling rate value Sampling rates are co...

Page 980: ...g rate The actual sampling rate of the interface and the configured sample rate can be viewed by using the show sflow command sFlow on LAG ports When a physical port becomes a member of a LAG it inherits the sFlow configuration from the LAG port Extended sFlow Extended sFlow is supported fully on platform e Platforms c and s support extended switch information processing only Extended sFlow packs ...

Page 981: ...gured Collector IP addr 10 10 10 3 Agent IP addr 10 10 0 0 UDP port 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub sampling Linecard 1 Port set 0 H W sampling rate 8192 Gi 1 16 configured rate 8192 actual rate 8192 sub sampling rate 1 Gi 1 17 configured rate 16384 actual rate 16384 sub sampling rate 2 Linecard 3 Port set 1 H W sam...

Page 982: ...IP source address is learned via BGP The Dell Force10 system packs the srcAS and srcPeerAS information only if the route is learned via BGP and it is reachable via the ingress interface of the packet The previous points are summarized in following table Table 47 1 Extended Gateway Summary IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description static connected IGP static connected IGP Exte...

Page 983: ... name called an object descriptor Implementation Information FTOS supports SNMP version 1 as defined by RFC 1155 1157 and 1212 SNMP version 2c as defined by RFC 1901 and SNMP version 3 as defined by RFC 2571 FTOS supports up to 15 trap receivers The FTOS implementation of the sFlow MIB supports sFlow configuration via SNMP sets SNMP traps for STP and MSTP state changes are based on BRIDGE MIB RFC ...

Page 984: ...imeout value to greater than 3 seconds and increase the retry value to greater than 2 on your SNMP server Group ACLs override user ACLs in SNMPv3 configurations when both are configured and the user is part of the group Create a Community The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager A network element that proc...

Page 985: ...fied object as shown in Figure 48 3 snmpgetnext v version c community agent ip identifier instance descriptor instance Figure 48 3 Reading the Value of the Next Managed Object in the MIB Read the value of many objects at once as shown in Figure 48 4 snmpwalk v version c community agent ip identifier instance descriptor instance FTOS snmp server community my snmp community ro 22 31 23 RPM1 P CP SNM...

Page 986: ...rsion c community agent ip identifier instance descriptor instance Task Command snmpwalk v 2c c mycommunity 10 11 131 161 1 3 6 1 2 1 1 SNMPv2 MIB sysDescr 0 STRING Force10 Networks Real Time Operating System Software Force10 Operating System Version 1 0 Force10 Application Software Version E_MAIN4 7 6 350 Copyright c 1999 2007 by Force10 Networks Inc Build Time Mon May 12 14 02 22 PDT 2008 SNMPv2...

Page 987: ... Default None snmp server contact text CONFIGURATION Identify the physical location of the system For example San Jose 350 Holger Way 1st floor lab rack A1 1 You may use up to 55 characters Default None snmp server location text CONFIGURATION Task Command Command Mode Identify the system manager along with this person s contact information e g E mail address or phone number You may use up to 55 ch...

Page 988: ...y of the snmp server enable traps command options in Table 48 2 Note that the envmon option enables all environment traps including fan supply and temperature Step Task Command Command Mode 1 Configure the Dell Force10 system send notifications to an SNMP server snmp server host ip address CONFIGURATION 2 Specify which traps the Dell Force10 system sends to the trap receiver Enable all Dell Force1...

Page 989: ...reshold Cpu5SecUsage d MEM_THRESHOLD Memory s usage above threshold MemUsage d MEM_THRESHOLD_CLR Memory s usage drops below threshold MemUsage d DETECT_STN_MOVE Station Move threshold exceeded for Mac s in vlan d envmon supply PEM_PRBLM Major alarm problem with power entry module s PEM_OK Major alarm cleared power entry module s is good MAJOR_PS Major alarm insufficient power s MAJOR_PS_CLR major ...

Page 990: ...rding state SPANMGR 5 PVST_TOPOLOGY_CHANGE Topology change BridgeAddr 0001 e867 b1f8 Pvst Instance Id 1 Bridge port Po 1 transitioned from learning to forwarding state SPANMGR 5 RSTP_NEW_ROOT New Rapid Spanning Tree Root My Bridge Id 0 0001 e867 b1f8 Old Root 32768 0001 e867 b1f8 New Root 0 0001 e867 b1f8 SPANMGR 5 RSTP_TOPOLOGY_CHANGE BridgeAddr 0001 e867 b1f8 Bridge port Po 1 transitioned from f...

Page 991: ...word must be specified copySrcFileName 1 3 6 1 4 1 6027 3 5 1 1 1 1 4 Path if file is not in current directory and filename Specifies name of the file If copySourceFileType is set to running config or startup config copySrcFileName is not required copyDestFileType 1 3 6 1 4 1 6027 3 5 1 1 1 1 5 1 FTOS file 2 running config 3 startup config Specifies the type of file to copy to If the copySourceFil...

Page 992: ...erver to which you are copying the configuration file 3 On the server use the command snmpset as shown snmpset v snmp version c community name m mib_path f10 copy config mib force10system ip address mib object index i a s object value Every specified object must have an object value which must be preceded by the keyword i See Table 6 for valid values index must be unique to all previously executed...

Page 993: ...y the startup config to the server via FTP using the following command from the Unix machine snmpset v 2c c public m f10 copy config mib force10system ip address copySrcFileType index i 2 copyDestFileName index s filepath filename copyDestFileLocation index i 4 copyServerAddress index a server ip address copyUserName index s server login id copyUserPassword index s server login password snmpset v ...

Page 994: ...Type index i 3 copyServerAddress index a server ip address copyUserName index s server login id copyUserPassword index s server login password Figure 48 12 Copying Configuration Files via SNMP and FTP from a Remote Server Table 48 4 Copying Configuration Files via SNMP Task snmpset v 2c c private m f10 copy config mib 10 10 10 10 copySrcFileType 110 i 2 copyDestFileName 110 s home startup config c...

Page 995: ... clock that the copy operation started copyTimeCompleted 1 3 6 1 4 1 6027 3 5 1 1 1 1 13 Time value Specifies the point in the up time clock that the copy operation completed copyFailCause 1 3 6 1 4 1 6027 3 5 1 1 1 1 14 1 bad file name 2 copy in progress 3 disk full 4 file exists 5 file not found 6 timeout 7 unknown Specifies the reason the copy request failed copyEntryRowStatus 1 3 6 1 4 1 6027 ...

Page 996: ...snmpset command Figure 48 13 Obtaining MIB Object Values for a Copy Operation using Object name Syntax Figure 48 14 Obtaining MIB Object Values for a Copy Operation using OID Syntax snmpget v2c cprivate m f10 copy config mib10 11 131 140copyTimeCompleted 110 FORCE10 COPY CONFIG MIB copyTimeCompleted 110 Timeticks 1179831 3 16 38 31 snmpget v 2c c private 10 11 131 140 1 3 6 1 4 1 6027 3 5 1 1 1 1 ...

Page 997: ...rfaces using an interface index number that is displayed in the output of the command show interface vlan as shown in Figure 48 17 snmpset v2c c mycommunity 123 45 6 78 1 3 6 1 2 1 17 7 1 4 3 1 5 10 i 4 SNMPv2 SMI mib 2 17 7 1 4 3 1 5 10 INTEGER 4 Unix system output snmpset v2c c mycommunity 10 11 131 185 1 3 6 1 2 1 17 7 1 4 3 1 1 1107787786 s My VLAN SNMPv2 SMI mib 2 17 7 1 4 3 1 1 1107787786 ST...

Page 998: ...e hex pair into a representation of the individual ports convert the hex pair to binary Consider the first hex pair 00 which resolves to 0000 0000 in binary On the E Series and C Series each position in the 8 character string is for one port starting with Port 0 at the left end of the string and ending with Port 7 at the right end A 0 indicates that the port is not a member of the VLAN a 1 indicat...

Page 999: ...mbers The dot1qVlanStaticUntaggedPorts object is an array of only untagged VLAN members All VLAN members that are not in dot1qVlanStaticUntaggedPorts are tagged To add a tagged port to a VLAN write the port to the dot1qVlanStaticEgressPorts object as shown in Figure 48 20 To add an untagged port to a VLAN write the port to the dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts objects as ...

Page 1000: ... 00 00 SNMPv2 SMI mib 2 17 7 1 4 3 1 4 1107787786 Hex STRING 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 snmpset v2c c mycommunity 10 11 131 185 1 3 6 1 2 1 17 7 1 4 3 1 2 1107787786 x 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0...

Page 1001: ...unity agent ip 1 3 6 1 2 1 2 2 1 7 ifindex i 1 2 Note The 802 1q Q BRIDGE MIB defines VLANs with regard to 802 1d as 802 1d itself does not define them As a switchport must belong a VLAN the default VLAN or a configured VLAN all MAC address learned on a switchport are associated with a VLAN For this reason the Q Bridge MIB is used for MAC address query Moreover specific to MAC address query dot1dT...

Page 1002: ...cimal conversion of the MAC address concatenated with the port channel number Figure 48 24 Fetching Dynamic MAC Addresses on the Default VLAN MAC Addresses on FTOS System R1_E600 show mac address table VlanId Mac Address Type Interface State 1 00 01 e8 06 95 ac Dynamic Gi 1 21 Active Query from Management Station snmpwalk v 2c c techpubs 10 11 131 162 1 3 6 1 2 1 17 4 3 1 SNMPv2 SMI mib 2 17 4 3 1...

Page 1003: ...xt 5 bits represent the slot number the next 1 bit is 0 for a physical interface and 1 for a logical interface the next 1 bit is unused For example the index 72925242 is 100010110001100000000111010 in binary The binary interface index for GigabitEthernet 1 21 of a 48 port 10 100 1000Base T line card with RJ 45 interface is shown in Figure 48 27 Notice that the physical logical bit and the final un...

Page 1004: ...v2 SMI enterprises 6027 3 2 1 1 1 1 1 1 INTEGER 1 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 1 2 INTEGER 2 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 2 1 Hex STRING 00 01 E8 13 A5 C7 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 2 2 Hex STRING 00 01 E8 13 A5 C8 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 3 1 INTEGER 1107755009 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 3 2 INTEGER 1107755010 SNMPv2 SMI enterprises 6...

Page 1005: ...2 23 36 49 32 SNMPv2 MIB snmpTrapOID 0 OID IF MIB linkUp IF MIB ifIndex 33865785 INTEGER 33865785 SNMPv2 SMI enterprises 6027 3 1 1 4 1 2 STRING OSTATE_UP Changed interface state to up Gi 0 0 2010 02 10 14 22 40 10 16 130 4 10 16 130 4 SNMPv2 MIB sysUpTime 0 Timeticks 8500934 23 36 49 34 SNMPv2 MIB snmpTrapOID 0 OID IF MIB linkUp IF MIB ifIndex 1107755009 INTEGER 1107755009 SNMPv2 SMI enterprises ...

Page 1006: ...1006 Simple Network Management Protocol w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 1007: ...erfaces are supported on E Series TeraScale et platforms Important Points to Remember PPP encapsulation must be configured before the interface is enabled for traffic An IP address must be configured on an interface POS line cards do not operate in Layer2 mode SONET alarm reporting cannot be disabled SONET uses synchronous transport signal STS framing Configure framing only when the interface is s...

Page 1008: ...ration information IP addresses for example is deleted from the interface Equipment vendors use unique defaults for PPP encapsulation When configuring PPP encapsulation between the E Series and another vendor s equipment verify the following settings One side of the link is set using the command clock source internal Default SONET settings are compatible The E Series defaults to ATM scrambling dis...

Page 1009: ...ion a 10GE interface into WAN mode Note that the port must be in shutdown state before the wanport command can be executed successfully Figure 49 2 Note For E Series ExaScale systems you must configure all the ports in a port pipe to either WANPHY or non WANPHY They cannot be mixed on the same port pipe If you configure port 3 for example to be a WANPHY port then ports 0 4 same port pipe all must ...

Page 1010: ...Alarm Indication Signal Line AIS L Signal Degrade Bit Error Rate SD BER Signal Failure Bit Error Rate SF BER Remote Defect Indication Line RDI L interface TenGigabitEthernet 13 0 no ip address no shutdown FTOS conf if te 13 0 FTOS conf if te 13 0 wanport Error Port should be in shutdown mode config ignored Te 13 0 FTOS conf if te 13 0 FTOS conf if te 13 0 shutdown FTOS conf if te 13 0 error due to...

Page 1011: ...xing AIS Line Alarm Indication Signal is sent by the section terminating equipment STE to alert the downstream line terminating equipment LTE that a LOS or LOF defect has been detected on the incoming SONET section RDI Line Remote Defect Indication is reported by the downstream LTE when it detects LOF LOS or AIS FEBE Line Far End Block Errors accumulated from the M0 or M1 byte is reported when the...

Page 1012: ... the alarm condition Task Command Syntax Command Mode Specify which POS SDH alarms to report to the remote SNMP server alarm report lais lrdi pais plop prdi sd ber sf ber slof slos INTERFACE Note Historical data is not saved The command input will show current information only Table 49 2 Alarm Definitions Alarm Description lais Line Alarm Indication Signal lrdi Line Remote Defect Indication pais P...

Page 1013: ...et platforms You can configure the SONET interface to change to a down state when certain SONET events are reported When the event or trigger occurs FTOS brings down the SONET interface You can use the delay triggers command to indicate a 100ms delay in bringing down the SONET interface once the event or trigger is detected 2010 10 06 22 43 53 10 11 203 4 10 11 203 4 SNMPv2 MIB sysUpTime 0 Timetic...

Page 1014: ...inuously polls status registers on SONET line cards A port hang is declared when backpressure is detected on the port and the port is brought down and then back up to clear the condition The default detection interval is 60 seconds To keep a port in shutdown use the use the hardware monitor mac action on error port shutdown command Task Command Syntax Command Mode Delay triggering the line or path...

Page 1015: ...ntervals Displays seconds in current 15 minute intervals when data could not be collected sonetMediumLoopbackConfig Displays if loopback is line or internal sonetSESthresholdSet Displays which recognized set of SES thresholds is supported Table 49 4 SONET Traps and OIDs Trap OID Trap Object SONET_S_LOS Section Loss of Signal 1 3 6 1 4 1 6027 3 3 2 2 0 1 alarm state 1 3 6 1 4 1 6027 3 3 1 2 1 1 3 a...

Page 1016: ...2 ifindex 1 3 6 1 4 1 6027 3 3 1 2 1 1 4 slot 1 3 6 1 4 1 6027 3 3 1 2 1 1 5 port 1 3 6 1 4 1 6027 3 3 1 2 1 1 6 SONET_P_RDI Path Remote Defect Indication 1 3 6 1 4 1 6027 3 3 2 2 0 18 alarm state 1 3 6 1 4 1 6027 3 3 1 2 1 1 3 alarm type 1 3 6 1 4 1 6027 3 3 1 2 1 1 2 ifindex 1 3 6 1 4 1 6027 3 3 1 2 1 1 4 slot 1 3 6 1 4 1 6027 3 3 1 2 1 1 5 port 1 3 6 1 4 1 6027 3 3 1 2 1 1 6 SONET_P_FEBE Path F...

Page 1017: ...7 3 3 1 2 1 1 5 port 1 3 6 1 4 1 6027 3 3 1 2 1 1 6 SONET_SD_BER Signal Degrade Bit Error Rate 1 3 6 1 4 1 6027 3 3 2 2 0 27 alarm state 1 3 6 1 4 1 6027 3 3 1 2 1 1 3 alarm type 1 3 6 1 4 1 6027 3 3 1 2 1 1 2 ifindex 1 3 6 1 4 1 6027 3 3 1 2 1 1 4 slot 1 3 6 1 4 1 6027 3 3 1 2 1 1 5 port 1 3 6 1 4 1 6027 3 3 1 2 1 1 6 SONET_SF_BER Signal Failure Bit Error Rate 1 3 6 1 4 1 6027 3 3 2 2 0 28 alarm ...

Page 1018: ...1018 SONET SDH w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 1019: ...chnronized local copy Each unit in the stack makes forwarding decisions based on their local copy FTOS presents all of the units like line cards for example to access GigabitEthernet Port 1 on Stack Unit 0 enter interface gigabitethernet 0 1 from CONFIGURATION mode High Availability on S Series Stacks S Series stacks have primary and secondary management units analogous to Dell Force10 Route Proce...

Page 1020: ...r after the stack reloads All switches have a default priority of 0 if a priority tie occurs the system with the highest MAC address supersedes as shown in Figure 50 2 Stack show redundancy Stack unit Status Mgmt ID 0 Stack unit ID 1 Stack unit Redundancy Role Primary Stack unit State Active Stack unit SW Version 7 8 1 0 Link to Peer Up PEER Stack unit Status Stack unit State Standby Peer stack un...

Page 1021: ...ack so the stack excluding the new unit reloads Note If the removed management unit is brought up as a standalone unit or as part of a different stack there is a possibility of MAC address collisions Stack show system brief Stack MAC 00 01 e8 d5 f9 6f Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Standby online S50V S50V 7 8 1 0 52 1 Management online S50N S50N 7 8 1 0 52 2 Member ...

Page 1022: ...resent 5 Member not present 6 Member not present 7 Member not present output omitted Standalone show system grep priority Master priority 0 STACK BEFORE CONNECTION Stack show system brief Stack MAC 00 01 e8 d5 f9 6f Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Standby online S50V S50V 7 8 1 0 52 1 Management online S50N S50N 7 8 1 0 52 2 Member not present 3 Member not present 4 M...

Page 1023: ...TDETECTED Stack unit 2 present 3w1d14h STKUNIT1 M CP CHMGR 2 STACKUNIT_DOWN Stack unit 2 down card removed 3w1d14h STKUNIT1 M CP CHMGR 5 STACKUNITDETECTED Stack unit 2 present 3w1d14h STKUNIT1 M CP CHMGR 5 CHECKIN Checkin from Stack unit 2 type S50V 52 ports 3w1d14h S50V 2 CHMGR 0 PS_UP Power supply 0 in unit 2 is up 3w1d14h STKUNIT1 M CP CHMGR 5 STACKUNITUP Stack unit 2 is up Stack show system br...

Page 1024: ...ot present 4 Member not present 5 Member not present 6 Member not present 7 Member not present output omitted Stack show system grep priority Master priority 1 STACK BEFORE CONNECTION Stack show system brief Stack MAC 00 01 e8 d5 f9 6f Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Standby online S50V S50V 7 8 1 0 52 1 Management online S50N S50N 7 8 1 0 52 2 Member not present 3 Me...

Page 1025: ...t 1 present 00 18 40 STKUNIT2 M CP CHMGR 2 STACKUNIT_DOWN Stack unit 0 down card removed 00 18 40 STKUNIT2 M CP CHMGR 2 STACKUNIT_DOWN Stack unit 1 down card removed 00 19 30 STKUNIT2 M CP POLLMGR 2 ALT_STACK_UNIT_STATE Alternate Stack unit i s present 00 19 30 STKUNIT2 M CP CHMGR 5 STACKUNITDETECTED Stack unit 0 present 00 19 30 STKUNIT2 M CP CHMGR 5 STACKUNITDETECTED Stack unit 1 present remaini...

Page 1026: ...between units in a stack Units are connected using bi directional stacking cables if you stacking modules have two ports it does not matter if you connect port A to B or A to A or B to B Install stacking modules before powering the unit If you install a stacking module while the unit is online FTOS does not register the new hardware in this case you must reload the unit CONSOLE ACCESS ON THE STAND...

Page 1027: ...de 1 Verify that each unit has the same FTOS version prior to stacking them together show version EXEC Privilege 2 Pre configure unit numbers for each unit so that the stacking is deterministic upon boot up stack unit renumber EXEC Privilege 3 Configure the switch priority for each unit to make management unit selection deterministic stack unit priority CONFIGURATION 4 Connect the units using stac...

Page 1028: ...dundancy You can connect two units with two stacking cables as shown in in case of a stacking port module or cable failure Removal of only one of the cables does not trigger a reset Task Command Syntax Command Mode Display the stacking ports show system stack ports EXEC Privilege Stack show system stack ports Topology Daisy chain Interface Connection Link Speed Admin Link Trunk Gb s Status Status ...

Page 1029: ... new unit joins a stack priority stack number and provision Depending on which has the higher priority either the standalone unit or the entire stack reloads excluding the new unit If the new unit has the higher priority it becomes the new stack manager and the stack reloads as shown in Figure 50 3 Figure 50 4 Figure 50 5 and Figure 50 6 If you add a unit that has a stack number that conflicts wit...

Page 1030: ...On the new unit assign a management priority based on whether you want the new unit to be the stack manager stack unit priority CONFIGURATION 6 Connect the new unit to the stack using stacking cables STANDALONE BEFORE CONNECTION Standalone show system brief Stack MAC 00 01 e8 d5 ef 81 Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Member not present S50V 1 Management online S50V S50...

Page 1031: ...NIT1 M CP CHMGR 5 STACKUNITUP Stack unit 0 is up Stack show system brief Stack MAC 00 01 e8 d5 f9 6f Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Member online S50V S50V 7 8 1 0 52 1 Management online S50N S50N 7 8 1 0 52 2 Standby online S50V S50V 7 8 1 0 52 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present output omitted STA...

Page 1032: ... 01 38 34 STKUNIT0 M CP CHMGR 5 STACKUNITDETECTED Stack unit 1 present 01 38 34 STKUNIT0 M CP CHMGR 5 STACKUNITDETECTED Stack unit 2 presentGoing for reboot Reason is Stack merge Going for reboot Reason is Stack merge bootup messages omitted Stack stack member 0 STACK AFTER CONNECTION 23 11 25 STKUNIT1 M CP CHMGR 5 STACKUNITDETECTED Stack unit 0 present 23 11 40 STKUNIT1 M CP CHMGR 2 STACKUNIT_DOW...

Page 1033: ...alone stack member 2 show version Software version STACK BEFORE DISCONNECTION Stack show system brief Stack MAC 00 01 e8 d5 f9 6f Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Standby online S50V S50V 7 8 1 0 52 1 Management online S50N S50N 7 8 1 0 52 2 Member online S50V S50V 7 8 1 0 52 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member n...

Page 1034: ...SCONNECTION Standalone stack member 2 Going for reboot Reason is Stack split bootup messages omitted Stack show system brief Stack MAC 00 01 e8 d5 ef 81 Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Member not present S50V 1 Member not present S50N 2 Management online S50V S50V 7 8 1 0 52 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member n...

Page 1035: ...he primary nor the secondary management unit the stack is reset so that a new election can take place S Series Stacking Configuration Tasks Assign Unit Numbers to Units in an S Series Stack on page 1035 Create a Virtual Stack Unit on an S Series Stack on page 1036 Display Information about an S Series Stack on page 1036 Influence Management Unit Selection on an S Series Stack on page 1039 Manage R...

Page 1036: ...nd Mode Display for stack identity status and hardware information on every unit in a stack Figure 50 18 show system EXEC Privilege Display most of the information in show system but in a more convenient tabular form Figure 50 19 show system brief EXEC Privilege Display the same information in show system but only for the specified unit Figure 50 19 show system stack unit EXEC Privilege Display to...

Page 1037: ...V 48 port E FE GE with POE SB Master priority 0 Hardware Rev 2 0 Num Ports 52 Up Time 30 min 7 sec FTOS Version 7 8 1 0 Jumbo Capable yes POE Capable yes Burned In MAC 00 01 e8 d5 ef 81 No Of MACs 3 Module 0 Status not present Module 1 Status online Module Type S50 01 12G 2S 2 port 12G Stacking SB Num Ports 2 Hot Pluggable no Power Supplies Unit Bay Status Type 0 0 up AC 0 1 absent Fan Status Unit...

Page 1038: ...6 Member not present 7 Member not present Module Info Unit Module No Status Module Type Ports 0 0 not present No Module 0 0 1 online S50 01 12G 2S 2 1 0 online S50 01 12G 2S 2 1 1 not present No Module 0 2 0 not present No Module 0 2 1 online S50 01 12G 2S 2 Power Supplies Unit Bay Status Type 0 0 up AC 0 1 absent 1 0 absent 1 1 up DC 2 0 up AC 2 1 absent Fan Status Unit TrayStatus Speed Fan0 Fan1...

Page 1039: ...e Influence the selection of the stack management units The unit with the numerically highest priority is elected the primary management unit and the unit with the second highest priority is the secondary management unit Default 0 Range 1 14 stack unit priority CONFIGURATION Task Command Syntax Command Mode Reset the current management unit and make the secondary management unit the new primary A ...

Page 1040: ...n stack ports and disable any stack port that flaps five times within 10 seconds FTOS displays console messages the local and remote members of a flapping link and on the primary and secondary management units as KERN 2 INT messages if the flapping port belongs to either of these units In Figure 50 21 a stack port on the manager flaps The remote member Member 2 displays a console message and the m...

Page 1041: ...Port 50 has flapped 5 times within 10 seconds Shutting down this st ack port now Error Please check the stack cable module and power cycle the stack 10 55 20 STKUNIT1 M CP KERN 2 INT Error Stack Port 50 has flapped 5 times w ithin 10 seconds Shutting down this stack port now 10 55 20 STKUNIT1 M CP KERN 2 INT Error Please check the stack cable module and power cycle the stack STANDBY UNIT 10 55 18 ...

Page 1042: ...LONE UNIT AFTER 01 38 34 STKUNIT0 M CP POLLMGR 2 ALT_STACK_UNIT_STATE Alternate Stack unit is present 01 38 34 STKUNIT0 M CP CHMGR 5 STACKUNITDETECTED Stack unit 1 present Going for reboot Reason is Stack merge 01 38 34 STKUNIT0 M CP CHMGR 5 STACKUNITDETECTED Stack unit 2 present STACK AFTER 23 11 25 STKUNIT1 M CP CHMGR 5 STACKUNITDETECTED Stack unit 0 present 23 11 40 STKUNIT1 M CP CHMGR 2 STACKU...

Page 1043: ... address table that matches a packet s destination MAC In this case the switch floods the packet on the VLAN These packets are called unknown packets they cause unnecessary extra traffic and can reduce network performance Layer 3 Broadcast Packets There are two types of Layer 3 broadcast packets the all hosts broadcast the IP address of which is 255 255 255 255 and the subnet broadcast address the...

Page 1044: ...ol FTOS offers Layer 3 and Layer 2 broadcast storm control Layer 3 Broadcast Storm Control Layer 3 Storm Control suppresses all hosts and subnet broadcasts if they exceed a user defined packet rate You can enable Storm Control for Layer 3 broadcasts from INTERFACE mode CONFIGURATION mode or both Each option has a different result From INTERFACE mode Storm Control limits ingress broadcast traffic o...

Page 1045: ...ntax Command Mode On the E Series suppress Layer 3 all hosts and subnet broadcasts on ingress if they exceed a user defined limit storm control broadcast percentage partial percentage in out INTERFACE On the C Series and S Series suppress Layer 3 all host and subnet broadcasts on ingress if they exceed a user defined limit storm control broadcast packets per second in INTERFACE Task Command Syntax...

Page 1046: ...rface option along with the interface type keyword and the slot and port information The following is a list of the interface type keywords Fastethernet for a fast Ethernet interface GigabitEthernet for a 1 Gigabit Ethernet interface TenGigabitEthernet for a 10 Gigabit Ethernet interface The following example uses the show storm control broadcast command to display the storm control configuration ...

Page 1047: ...e Direction Packets Second Gi 3 24 Ingress 1000 FTOS The following example displays the output from the show storm control multicast command on a S Series platform FTOS show storm control multicast gigabitethernet 1 0 Multicast storm control configuration Interface Direction Packets Second Gi 1 0 Ingress 5 FTOS The following example displays the output from the show storm control unknown unicast c...

Page 1048: ...1048 Broadcast Storm Control w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 1049: ...an be activated upon the failure of active paths Layer 2 loops which can occur in a network due to poor network design and without enabling protocols like xSTP can cause unnecessarily high switch CPU utilization and memory consumption FTOS supports three other variations of Spanning Tree as shown here Configuring Spanning Tree Configuring Spanning Tree is a two step process 1 Configure interfaces ...

Page 1050: ...tances you must enable MSTP or PVST You may only enable one flavor of Spanning Tree at any one time All ports in VLANs and all enabled interfaces in Layer 2 mode are automatically added to the Spanning Tree topology at the time you enable the protocol To add interfaces to the Spanning Tree topology after STP is enabled enable the port and configure it for Layer 2 using the command switchport The I...

Page 1051: ... it no ip address INTERFACE 2 Place the interface in Layer 2 mode switchport INTERFACE 3 Enable the interface no shutdown INTERFACE R1 R2 R3 1 3 3 1 3 2 3 4 3 3 1 4 1 1 1 2 2 1 2 2 2 3 2 4 R1 conf int range gi 1 1 4 R1 conf if gi 1 1 4 switchport R1 conf if gi 1 1 4 no shutdown R1 conf if gi 1 1 4 show config interface GigabitEthernet 1 1 no ip address switchport no shutdown interface GigabitEther...

Page 1052: ...hat are enabled and in Layer 2 mode are automatically part of the Spanning Tree topology Only one path from any bridge to any other bridge participating in STP is enabled Bridges block a redundant path by disabling one of the link ports Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE mode protocol spanning tree 0 CONFIGURATION 2 Enable Spanning Tree no disable PROTOCOL SPA...

Page 1053: ...w spanning tree 0 Executing IEEE compatible Spanning Tree Protocol Bridge Identifier has priority 32768 address 0001 e826 ddb7 Configured hello time 2 max age 20 forward delay 15 Current root has priority 32768 address 0001 e80d 2462 Root Port is 289 GigabitEthernet 2 1 cost of root path is 4 Topology change flag not set detected flag not set Number of topology changes 3 last change occurred 0 16 ...

Page 1054: ... the interface however BPDUs are still forwarded to the RPM where they are dropped Beginning in FTOS version 7 6 1 0 the command no spanning tree disables Spanning Tree on the interface and incoming BPDUs are dropped at the line card instead of at the RPM which frees processing resources This behavior is called Layer 2 BPDU filtering and is available for STP RSTP PVST and MSTP FTOS show spanning t...

Page 1055: ...9 1 Gigabit Ethernet interfaces 4 10 Gigabit Ethernet interfaces 2 Port Channel with 100 Mb s Ethernet interfaces 18 Port Channel with 1 Gigabit Ethernet interfaces 3 Port Channel with 10 Gigabit Ethernet interfaces 1 Port Priority 8 Task Command Syntax Command Mode Change the forward delay parameter the wait time before the interface enters the forwarding state Range 4 to 30 Default 15 seconds fo...

Page 1056: ...rfaces to transition to a forwarding state and start to transmit traffic approximately 30 seconds sooner Interfaces forward frames by default until they receive a BPDU that indicates that they should behave otherwise they do not go through the Learning and Listening states The bpduguard shutdown on violation option causes the interface hardware to shut down when it receives a BPDU When only bpdugu...

Page 1057: ...down on violation option to cause the interface hardware to shut down when it receives a BPDU Otherwise with only the option enabled although the interface is placed in an Error Disabled state when receiving the BPDU the physical interface remains up and spanning tree will only drop packets after a BPDU violation Task Command Syntax Command Mode Enable PortFast on an interface spanning tree stp id...

Page 1058: ...0001 e805 fb07 128 653 Gi 0 7 128 264 128 20000 EDS 20000 32768 0001 e85d 0e90 128 264 Interface Name Role PortID Prio Cost Sts Cost Link type Edge Gi 0 6 Root 128 263 128 20000 FWD 20000 P2P No Gi 0 7 ErrDis 128 264 128 20000 EDS 20000 P2P No FTOS conf if gi 0 7 do show ip int br gi 0 7 Interface IP Address OK Method Status Protocol GigabitEthernet 0 7 unassigned YES Manual up up FTOS Behavior Re...

Page 1059: ...vior BPDU Guard and BPDU filtering see Removing an Interface from the Spanning Tree Group on page 1054 both block BPDUs but are two separate features BPDU Guard is used on edgeports and blocks all traffic on edgeport if it receives a BPDU drops the BPDU after it reaches the RPM and generates a console message BPDU Filtering disables Spanning Tree on an interface drops all BPDUs at the line card wi...

Page 1060: ...orwarding topology may not be stable The location of the root bridge can change resulting in unpredictable network behavior The STP root guard feature ensures that the position of the root bridge does not change Root Guard Scenario For example in Figure 52 10 STP topology 1 upper left Switch A is the root bridge in the network core Switch C functions as an access switch connected to an external de...

Page 1061: ...52 10 lower middle if the root guard feature is enabled on the STP port on Switch C that connects to device D and device D sends a superior BPDU that would trigger the election of device D as the new root bridge the BPDU is ignored and the port on Switch C transitions from a forwarding to a root inconsistent state shown by the green X icon As a result Switch A becomes the root bridge All incoming ...

Page 1062: ...1062 Spanning Tree Protocol w w w d e l l c o m s u p p o r t d e l l c o m Figure 52 10 STP Root Guard Prevents Bridging Loops 1 3 2 Port State STP Block STP Root Inconsistent ...

Page 1063: ...enabled port or port channel interface except when used as a stacking port Root guard is supported on a port in any Spanning Tree mode Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Per VLAN Spanning Tree Plus PVST When enabled on a port root guard applies to all VLANs configured on the port Root guard and loop guard cannot be enabled at the same ...

Page 1064: ...icipating STP link may become unidirectional STP requires links to be bidirectional and an STP port does not receive BPDUs When an STP blocking port does not receive BPDUs it transitions to a forwarding state This condition can create a loop in the network For example in Figure 52 12 STP topology 1 upper left Switch A is the root switch and Switch B normally transmits BPDUs to Switch C The link be...

Page 1065: ...s from a blocked state to a loop inconsistent state instead of to a forwarding state Loop guard blocks the STP port so that no traffic is transmitted and no loop is created As soon as a BPDU is received on an STP port in a loop inconsistent state the port returns to a blocking state If you disable STP loop guard on a port in a loop inconsistent state the port transitions to an STP blocking state a...

Page 1066: ...1066 Spanning Tree Protocol w w w d e l l c o m s u p p o r t d e l l c o m Figure 52 12 STP Loop Guard Prevents Forwarding Loops Port State STP Loop Inconsistent No traffic is transmitted 1 1 2 2 3 ...

Page 1067: ...nfigured Cannot configure LoopGuard C Series and E Series only Loop guard is supported on a C Series or E Series switch configured for hitless STP see Configuring Spanning Trees as Hitless on page 1064 Enabling Portfast BPDU guard and loop guard at the same time on a port results in a port that remains in a blocking state and prevents traffic from flowing through it For example when Portfast BPDU ...

Page 1068: ...example for an STP network instance 0 in which Root guard is enabled on a port that is in a root inconsistent state Loop guard is enabled on a port that is in a listening state BPDU guard is enabled on a port that is shut down Error Disabled state after receiving a BPDU Figure 52 13 Displaying STP Guard Configuration FTOS show spanning tree 0 guard Interface Name Instance Sts Guard type Gi 0 1 0 I...

Page 1069: ...ocol NTP synchronizes timekeeping among a set of distributed time servers and clients The protocol also coordinates time distribution in a large diverse network with a variety of interfaces In NTP servers maintain the time and NTP clients synchronize with a time serving host NTP clients choose from among several NTP servers to determine which offers the best available source of time and the most r...

Page 1070: ... message immediately Information included in the NTP message allows the client to determine the server time with respect to local time and adjust the local clock accordingly In addition the message includes information to calculate the expected timekeeping accuracy and reliability as well as select the best from possibly several servers Following conventions established by the telephone industry B...

Page 1071: ...page 1073 Configure a source IP address for NTP packets on page 1074 optional Source Port 123 Destination Port 123 Length NTP Packet Payload Checksum Leap Indicator Status Type Est Error Est Drift Rate Reference Clock ID Recieve Timestamp Transmit Timestamp Reference Timestamp Originate Timestamp Code 00 No Warning 01 1 second 10 1 second 11 reserved Precision Range 0 4 Code 0 clock operating corr...

Page 1072: ...s shown in Figure 53 3 Figure 53 3 Displaying the Calculated NTP Synchronization Variables Task Command Command Mode Specify the NTP server to which the Dell Force10 system will synchronize You may specify an IPv4 or IPv6 address or hostname that resolves to an IPv4 or IPv6 address ntp server hostname ipv4 address ipv6 address key keyid prefer version number CONFIGURATION FTOS conf do show ntp sta...

Page 1073: ...ace By default NTP is enabled on all active interfaces If you disable NTP on an interface FTOS drops any NTP packets sent to that interface Task Command Command Mode Periodically update the system hardware clock with the time value derived from NTP ntp update calendar CONFIGURATION Task Command Command Set the interface to receive NTP packets ntp broadcast client INTERFACE Table 53 1 2w1d11h NTP M...

Page 1074: ...config ntp command Figure 38 in the EXEC privilege mode Command Syntax Command Mode Purpose ntp disable INTERFACE Disable NTP on the interface Command Syntax Command Mode Purpose ntp source interface CONFIGURATION Enter the following keywords and slot port or number information For a 1 Gigabit Ethernet interface enter the keyword GigabitEthernet followed by the slot port information For a loopback...

Page 1075: ...uses DES encryption to store the key in the startup config when you enter the command ntp authentication key Therefore if your system boots with a startup configuration from an FTOS versions prior to 8 2 1 0 in which you have configured ntp authentication key the system cannot correctly decrypt the key and cannot authenticate NTP packets In this case you must re enter this command and save the run...

Page 1076: ... second to be inserted in the NTP time scale The bits are set before 23 59 on the day of insertion and reset after 00 00 on the following day This causes the number of seconds rollover interval in the day of insertion to be increased or decreased by one In the case of primary servers the bits are set by operator intervention while in the case of secondary servers the bits are set by the protocol T...

Page 1077: ...econdary reference this is the four octet Internet address of the peer selected for synchronization Reference Timestamp sys reftime peer reftime pkt reftime This is the local time in timestamp format when the local clock was last updated If the local clock has never been synchronized the value is zero Originate Timestamp The departure time on the server of its last NTP message If the server become...

Page 1078: ...ear EXEC Privilege Set the hardware clock to the current time and date time Enter the time in hours minutes seconds For the hour variable use the 24 hour format for example 17 15 00 is 5 15 pm month Enter the name of one of the 12 months in English You can enter the name of a day to change the order of the display to time day month year day Enter the number of the day Range 1 to 31 You can enter t...

Page 1079: ...the time in hours minutes seconds For the hour variable use the 24 hour format for example 17 15 00 is 5 15 pm month Enter the name of one of the 12 months in English You can enter the name of a day to change the order of the display to time day month year day Enter the number of the day Range 1 to 31 You can enter the name of a month to change the order of the display to time day month year year ...

Page 1080: ...ports setting the system to daylight savings time once or on a recurring basis every year Command Syntax Command Mode Purpose clock timezone timezone name offset CONFIGURATION Set the clock to the appropriate timezone timezone name Enter the name of the timezone Do not use spaces offset Enter one of the following a number from 1 to 23 as the number of hours in addition to UTC for the timezone a mi...

Page 1081: ...of the day Range 1 to 31 You can enter the name of a month to change the order of the display to time day month year start year Enter a four digit number as the year Range 1993 to 2035 start time Enter the time in hours minutes For the hour variable use the 24 hour format example 17 15 is 5 15 pm end month Enter the name of one of the 12 months in English You can enter the name of a day to change ...

Page 1082: ... of the following as the week that daylight savings begins and then enter values for start day through end time week number Enter a number from 1 4 as the number of the week in the month to start daylight savings time first Enter this keyword to start daylight savings time in the first week of the month last Enter this keyword to start daylight savings time in the last week of the month start mont...

Page 1083: ... day Enter the number of the day Range 1 to 31 You can enter the name of a month to change the order of the display to time day month year end year Enter a four digit number as the year Range 1993 to 2035 end time Enter the time in hours minutes For the hour variable use the 24 hour format example 17 15 is 5 15 pm offset OPTIONAL Enter the number of minutes to add during the summer time period Ran...

Page 1084: ...rt first Week number to start last Week number to start cr FTOS conf clock summer time pacific recurring FTOS conf 02 10 57 RPM0 P CP CLOCK 6 TIME CHANGE Summertime configuration changed from Summer time starts 00 00 00 Pacific Sat Mar 14 2009 Summer time ends 00 00 00 pacific Sat Nov 7 2009 to Summer time starts 02 00 00 Pacific Sun Mar 8 2009 Summer time ends 02 00 00 pacific ...

Page 1085: ...faces When upstream connectivity fails the switch disables the downstream links Failures on the downstream links allow downstream devices to recognize the loss of upstream connectivity For example in Figure 54 1 Switches S1 and S2 both have upstream connectivity to Router R1 and downstream connectivity to the server UFD operation is shown in Steps A through C In Step A the server configuration use...

Page 1086: ...link state group can be a physical interface or a port channel LAG aggregation of physical interfaces An enabled uplink state group tracks the state of all assigned upstream interfaces Failure on an upstream interface results in the automatic disabling of downstream interfaces in the uplink state group As a result downstream devices can execute the protection or recovery procedures they have in pl...

Page 1087: ... automatic recovery of downstream ports in an uplink state group when the link status of an upstream port changes The tracking of upstream link status does not have a major impact on CPU usage UFD and NIC Teaming Uplink Failure Detection on a switch can be used with network adapter teaming on a server see NIC Teaming on page 569 to implement a rapid failover solution For example in Figure 54 2 the...

Page 1088: ... port channel interface enters a link down state when the number of port channel member interfaces in a link up state drops below the configured Minimum Number of Members parameter If one of the upstream interfaces in an uplink state group goes down either a user configurable set of downstream ports or all the downstream ports in the group are put in an operationally down state with an UFD Disable...

Page 1089: ...gabitethernet 1 1 2 5 9 11 12 downstream port channel 1 3 5 A comma is required to separate each port and port range entry To delete an interface from the group enter the no upstream downstream interface command 3 downstream disable links number all Command Mode UPLINK STATE GROUP Configures the number of downstream links in the uplink state group that will be disabled Oper Down state if one upstr...

Page 1090: ...and Command Syntax Description clear ufd disable interface interface uplink state group group id Command Mode CONFIGURATION Re enables a downstream interface on the switch router that is in a UFD disabled error state so that it can send and receive traffic For interface enter one of the following interface types Fast Ethernet fastethernet slot port slot port range 1 Gigabit Ethernet gigabitetherne...

Page 1091: ... 13 5 02 37 29 RPM0 P CP IFMGR 5 ASTATE_DN Changed interface Admin state to down Gi 0 47 02 37 29 RPM0 P CP IFMGR 5 OSTATE_DN Changed interface state to down Gi 0 47 02 37 29 UFD Group 3 UplinkState DOWN 02 37 29 RPM0 P CP IFMGR 5 OSTATE_DN Changed uplink state group state to down Group 3 02 37 29 RPM0 P CP IFMGR 5 OSTATE_DN Downstream interface set to UFD error disabled Te 13 6 02 37 29 RPM0 P CP...

Page 1092: ...nt status of a port or port channel interface assigned to an uplink state group interface specifies one of the following interface types Fast Ethernet Enter fastethernet slot port 1 Gigabit Ethernet Enter gigabitethernet slot port 10 Gigabit Ethernet Enter tengigabitethernet slot port Port channel Enter port channel 1 512 If a downstream interface in an uplink state group has been disabled Oper Do...

Page 1093: ...Uplink State Group 1 Status Enabled Up Upstream Interfaces Downstream Interfaces Uplink State Group 3 Status Enabled Up Upstream Interfaces Gi 0 46 Up Gi 0 47 Up Downstream Interfaces Te 13 0 Up Te 13 1 Up Te 13 3 Up Te 13 5 Up Te 13 6 Up Uplink State Group 5 Status Enabled Down Upstream Interfaces Gi 0 0 Dwn Gi 0 3 Dwn Gi 0 5 Dwn Downstream Interfaces Te 13 2 Dis Te 13 4 Dis Te 13 11 Dis Te 13 12...

Page 1094: ...e pkts 0 over 1023 byte pkts 0 Multicasts 0 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 0 packets 0 bytes 0 underruns 0 64 byte pkts 0 over 64 byte pkts 0 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 0 Multicasts 0 Broadcasts 0 Unicasts 0 throttles 0 discarded 0 collisions Rate info interval 299 seconds Input 00 00 Mbi...

Page 1095: ..._DN Downstream interface set to UFD error disabled Gi 0 1 FTOS 00 10 00 STKUNIT0 M CP IFMGR 5 OSTATE_DN Changed interface state to down Gi 0 1 FTOS conf uplink state group 3 description Testing UFD feature FTOS conf uplink state group 3 show config uplink state group 3 description Testing UFD feature downstream disable links 2 downstream GigabitEthernet 0 1 2 5 9 11 12 upstream GigabitEthernet 0 3...

Page 1096: ...1096 Uplink Failure Detection UFD w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 1097: ...llow the procedures in the FTOS Release Notes for the software version you wish to upgrade to Get Help with upgrades Direct any questions or concerns about FTOS Upgrade Procedures to Dell Force10 Technical Support Center You can reach Technical Support On the Web www force10networks com support By email support force10networks com By phone US and Canada 866 965 5800 International 408 965 5800 ...

Page 1098: ...1098 Upgrade Procedures w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 1099: ...hange the Default VLAN ID on page 1107 Set the Null VLAN as the Default VLAN on page 1107 Enable VLAN Interface Counters on page 1108 Virtual LAN Overview A Local Area Network LAN is a collection of devices in the same broadcast domain As a network increases in size segmenting a single broadcast domain into multiple domains improves scalability manageability and security However doing so using phy...

Page 1100: ...here is also the concept of protocol based VLANs Ports in different VLANs do not communicate unless routing is configured between them A port may belong to more than one VLAN Typically ports connected to a host belong to only one VLAN and ports on an inter switch link belong to more than one VLAN these ports are sometimes called trunk ports Figure 56 1 VLAN Membership VLANs can logically organize ...

Page 1101: ...Ports that belong to more than one VLAN insert VLAN tags into frames and so they are called tagged ports Ports that belong to a single VLAN do not insert VLAN tags into frames and are called untagged ports When you add a port to a VLAN you must specify whether the port should be tagged or untagged Figure 56 3 Tagged and Untagged Ports Ports on either side of the link must have the same tagged unta...

Page 1102: ...her VLAN or remove the switchport configuration Implementation Information FTOS supports up to 4093 port based VLANs plus 1 Default VLAN E Series ExaScale FTOS versions earlier than 8 2 1 0 for the E Series ExaScale support 2094 VLANs Configuring VLANs Configuring a VLAN is a two step process 1 Create a VLAN See page 1103 2 Add a switchport as a tagged or untagged member port See page 1104 3 Optio...

Page 1103: ...a VLAN ID A VLAN is active only if the VLAN contains interfaces and those interfaces are up VLAN 1 is inactive because it contains the interfaces that are not up When you delete a VLAN no interface vlan vlan id any interfaces assigned to that VLAN are reassigned to the default VLAN as untagged Task Command Syntax Command Mode Create a VLAN interface vlan vlan id CONFIGURATION Display all VLANs sho...

Page 1104: ...ress untagged frames are dropped Tagged ports must be connected to VLAN aware devices When you place configure an enabled port as a switchport the port is placed in the default VLAN To remove a switchport from the default VLAN remove the switchport configuration To move the port to another VLAN add it to the desired VLAN as either a tagged or untagged member Step Task Command Syntax Command Mode 1...

Page 1105: ...lan 4 FTOS conf if vlan untagged gi 3 2 FTOS conf if vlan show config interface Vlan 4 no ip address untagged GigabitEthernet 3 2 FTOS show vlan Codes Default VLAN G GVRP VLANs NUM Status Q Ports 1 Inactive 2 Active T Po1 So 0 0 1 T Gi 3 0 3 Active T Po1 So 0 0 1 T Gi 3 1 4 Active U Gi 3 2 Note The shutdown command marks a physical interface as unavailable for traffic Disabling a VLAN or a port ch...

Page 1106: ...ch the port is an untagged member is the native VLAN A Native VLAN is useful on trunk ports which receive both tagged and untagged traffic a trunk port is a port that carries traffic for one or more VLANs on the switch The classic example is a VOIP phone and a PC connected to the same port of a switch where the VOIP phone generates packets tagged with VLAN ID VOICE VLAN and the PC generates untagg...

Page 1107: ... that even if you activate the physical ports of multiple customers no traffic is allowed to traverse the links until each port is place in another VLAN Step Task Command Command Mode 1 Remove any Layer 2 or Layer 3 configurations from the interface INTERFACE If the port has any configurations on it when you enter the command portmode hybrid FTOS rejects the configuration citing the following mess...

Page 1108: ... VLAN on Trunk Ports is available only on platform ex Note VLAN egress counters might be higher than expected because source suppression drops are counted Task Command Syntax Command Mode Configure ingress egress or both counters for VLAN interfaces enable vlan counter ingress egress all CONFIGURATION ...

Page 1109: ...k device by having a distinct Forwarding Information Base FIB per VRF instance A network device has the ability to configure different virtual routers so that each has its own FIB that is not accessible to any other virtual router instance on the same device VRF acts like a logical router while a physical router may include many routing tables a VRF instance uses only a single routing table VRF us...

Page 1110: ...d in VRF is limited by the size of the IPv4 FIB table in the CAM VRF is implemented in a network device by using Forwarding Information Bases FIBs Each VRF uses one FIB A network device may have the ability to configure different virtual routers where each one has its own FIB that is not accessible to any other virtual router instance on the same device Customer Edge Routers Customer Edge Routers ...

Page 1111: ...e supported on all VRF instances or only the default VRF Table 57 1 Feature Capability Supported Note Configuration rollback for commands introduced or modified Yes LLDP protocol on the port Yes 802 1x protocol on the VLAN port Yes Supported only for default VRF OSPF RIP ISIS BGP on physical and logical interfaces Yes OSPF supported on all VRF ports Others supported only on default VRF ports Dynam...

Page 1112: ...d IPv6 Neighbor Discovery Yes ARP is VRF aware IPv6 is supported only for default VRF Layer 2 ACLs on VLANs Yes FEFD Yes Layer 2 QoS Yes Support for storm control broadcast and unknown unicast Yes sFlow Yes Extended gateway information supported for default VRF only VRRP on physical and logical interfaces Yes Supported on all VRF instances including the default VRF Secondary IP Addresses Yes Follo...

Page 1113: ...wo CAM entries instead of one for each route and host entry Note VRF is supported in single CAM cards only Table 57 2 IPv4 VRF CAM Profile Single CAM card CAM Profile Table Allocation K L2FIB 32K L2ACL 3K IPv4FIB 160K IPv4ACL 2K IPv4Flow 12K EgL2ACL 1K EgIPv4ACL 12K Reserved 2K IPv6FIB 0K IPv6ACL 0K IPv6Flow 0K EgIPv6ACL 0K Note When configuring the IPv6 CAM profile the CAM tables that are carved ...

Page 1114: ...ation The VRF configuration tasks are 1 Load the VRF CAM Profile 2 Enable VRF 3 Assign an Interface to a VRF You can also View VRF instance information Connect an OSPF process to a VRF instance Configure VRRP on a VRF Interface EgIPv4ACL 11K Reserved 2K IPv6FIB 18K IPv6ACL 4K IPv6Flow 3K EgIPv6ACL 1K Note Starting in FTOS 8 4 2 1 when VRF microcode is loaded on an E Series ExaScale or TeraScale ro...

Page 1115: ...rts up to 15 VRF instances 1 to 14 and the default VRF 0 A VRF name is not exchanged between routers VRF IDs are local to a router The following features and functionality are supported only on the default VRF 0 instance ISIS BGP RIP IPv6 Multicast Static ARP Step Task Command Syntax Command Mode 1 Select the appropriate CAM profile for your system cam profile ipv4 vrf microcode ipv4 vrf ipv4 v6 v...

Page 1116: ...Ns to a non default VRF instance VLANs used with VRF must be Layer 3 VLANs Layer 2 VLANs can be configured for non VRF use Refer to Chapter 56 VLAN on page 1099 for complete information All VLAN member ports must be removed from a VLAN that you move from one VRF instance to another Task Command Syntax Command Mode Create a non default VRF instance by specifying a name and VRF ID number and enter V...

Page 1117: ... information about VRF configuration enter the show ip vrf command Task Command Syntax Command Mode Display the interfaces assigned to a VRF instance To display information on all VRF instances including the default VRF 0 do not enter a value for vrf name show ip vrf vrf name EXEC ...

Page 1118: ...upported on interfaces that were configured for a non default VRF In a virtualized network that consists of multiple VRFs various overlay networks can exist on a shared physical infrastructure Nodes hosts and servers that are part of the VRFs can be configured with IP static routes for reaching specific destinations through a given gateway in a VRF VRRP provides high availability and protection fo...

Page 1119: ...ea 0 network 20 0 0 0 24 area 0 ip route vrf green 31 0 0 0 24 3 0 0 2 router ospf 1 vrf blue router id 1 0 0 2 network 11 0 0 0 24 area 0 network 1 0 0 0 24 area 0 passive interface GigabitEthernet 9 18 router ospf 2 vrf orange router id 2 0 0 2 network 21 0 0 0 24 area 0 network 2 0 0 0 24 area 0 passive interface GigabitEthernet 9 19 ip route vrf green 31 0 0 0 24 3 0 0 1 cam profile ipv4 vrf m...

Page 1120: ...tEthernet 9 19 ip vrf forwarding orange ip address 21 0 0 1 24 no shutdown interface GigabitEthernet 9 20 ip vrf forwarding green ip address 31 0 0 1 24 no shutdown interface Vlan 128 ip vrf forwarding blue ip address 1 0 0 1 24 tagged TenGigabitEthernet 3 0 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2 0 0 1 24 tagged TenGigabitEthernet 3 0 no shutdown interface Vlan 256 ip...

Page 1121: ...g blue ip address 10 0 0 1 24 no shutdown interface GigabitEthernet 7 1 ip vrf forwarding orange ip address 20 0 0 1 24 no shutdown interface GigabitEthernet 7 2 ip vrf forwarding green ip address 30 0 0 1 24 no shutdown interface Vlan 128 ip vrf forwarding blue ip address 1 0 0 1 24 tagged TenGigabitEthernet 3 0 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2 0 0 1 24 tagged ...

Page 1122: ...ipv4 vrf microcode ipv4 vrf ip vrf default vrf 0 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface TenGigabitEthernet 3 0 no ip address switchport no shutdown interface GigabitEthernet 9 18 ip vrf forwarding blue ip address 11 0 0 1 24 no shutdown interface GigabitEthernet 9 19 ip vrf forwarding orange ip address 21 0 0 1 24 no shutdown interface GigabitEthernet 9 20 ip vrf forwarding green i...

Page 1123: ...router id 1 0 0 2 network 11 0 0 0 24 area 0 network 1 0 0 0 24 area 0 passive interface GigabitEthernet 9 18 router ospf 2 vrf orange router id 2 0 0 2 network 21 0 0 0 24 area 0 network 2 0 0 0 24 area 0 passive interface GigabitEthernet 9 19 ip route vrf green30 0 0 0 24 3 0 0 1 ROUTER 1 FTOS show ip vrf VRF Name VRF ID Interfaces default vrf 0 Gi 2 0 89 Te 3 0 3 Gi 4 0 89 Gi 5 0 89 Gi 7 3 47 G...

Page 1124: ... show ip route vrf orange Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active route summary route Gateway of last resort is not set Dest...

Page 1125: ...pf 2 neighbor Neighbor ID Pri State Dead Time Address Interface Area 2 0 0 1 1 FULL BDR 00 00 33 2 0 0 1 Vl 192 0 FTOS show ip route vrf blue Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS...

Page 1126: ...y Dist Metric Last Change C 2 0 0 0 24 Direct Vl 192 0 0 00 26 44 O 20 0 0 0 24 via 2 0 0 1 Vl 192 110 2 00 14 22 C 21 0 0 0 24 Direct Gi 9 19 0 0 00 20 38 FTOS show ip route vrf green Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF extern...

Page 1127: ...ss and forwards packets sent to the next hop IP address If the MASTER router fails VRRP begins the election process to choose a new MASTER router and that new MASTER continues routing traffic VRRP uses the Virtual Router Identifier VRID to identify each virtual router configured The IP address of the MASTER router is used as the next hop address for all end stations on the LAN The other routers re...

Page 1128: ...VRRP elects a new MASTER Router Router B assumes the duties of Router A and becomes the MASTER router At that time Router B responds to the packets sent to the virtual IP address All workstations continue to use the IP address of the virtual router to address packets destined to the Internet Router B receives and forwards them on interface GigabitEthernet 10 1 Until Router A resumes operation VRRP...

Page 1129: ...group up to 12 virtual IP addresses are supported Virtual IP addresses can belong to the primary or secondary IP address subnet configured on the interface You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet Though FTOS on E Series supports unlimited VRRP groups default VRRP settings may affect the maximum number of groups that can be co...

Page 1130: ...t for authentication type which is not supported for IPv6 Also the following EXEC commands are different for IPv4 and IPv6 clear IPv4 clear counters vrrp IPv6 clear counters vrrp ipv6 debug IPv4 debug vrrp IPv6 debug vrrp ipv6 show IPv4 show vrrp IPv6 show vrrp ipv6 Between 1000 and 1200 7 seconds 7 seconds 7 seconds 512 255 100 100 Between 1200 and 1500 8 seconds 8 seconds 8 seconds 512 255 120 1...

Page 1131: ...TOS a VRRP Group is identified by the Virtual Router Identifier VRID Starting in release 8 4 1 0 you can configure a VRRP group on an interface that belongs to a non default VRF instance Prerequisite The interface on which you create the virtual interface must be enabled and configured with a primary IP address To enable a Virtual Router use the following command in the INTERFACE mode To delete a ...

Page 1132: ... VRRP groups per interface Table 58 1 To activate a VRRP Group on an interface so that VRRP group starts transmitting VRRP packets configure at least one Virtual IP address in a VRRP group The Virtual IP address is the IP address of the Virtual Router and does not require the IP address mask You can configure up to 12 virtual IP addresses for a VRRP group VRID The following configuration rules app...

Page 1133: ...IPv6 VRRP group vrrp group vrid vrrp ipv6 group vrid VRID range C Series and S Series 1 255 VRID range E Series 1 255 when VRF microcode is not loaded and 1 15 when VRF microcode is loaded INTERFACE 2 Configure virtual IP addresses for this VRID virtual address ip address1 ip address12 Range Up to 12 virtual IP addresses INTERFACE VRID Note After you enter the vrrp group or vrrp ipv6 group command...

Page 1134: ...abitEthernet 1 1 VRID 111 Net 10 10 10 1 State Master Priority 255 Master 10 10 10 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 1768 Gratuitous ARP sent 5 Virtual MAC address 00 00 5e 00 01 6f Virtual IP address 10 10 10 1 10 10 10 2 10 10 10 3 10 10 10 10 Authentication none GigabitEthernet 1 2 VRID 111 Net 10 10 2 1 State Master Priority 100 Master 10 10 ...

Page 1135: ...g command in the VRRP mode Figure 58 7 Command Example priority in Interface VRRP mode Figure 58 8 Command Example Display show vrrp Task Command Syntax Command Mode Configure the priority for the VRRP group INTERFACE VRID priority priority Range 1 255 Default 100 FTOS conf if gi 1 2 vrrp group 111 FTOS conf if gi 1 2 vrid 111 priority 125 FTOS show vrrp GigabitEthernet 1 1 VRID 111 Net 10 10 10 1...

Page 1136: ...an encrypted password in the configuration password plain text INTERFACE VRID Note As shown in Figure 58 9 the VRRP authentication password that you configure is displayed in encrypted form in show running config EXEC Privilege and show config INTERFACE command output To display the VRRP authentication password as well as all other FTOS passwords in clear text in show command output you must enter...

Page 1137: ...tting Figure 58 10 Command Example no preempt Figure 58 11 Command Example Display show config in VRID mode Note All virtual routers in the VRRP group must be configured the same all configured with preempt enabled or configured with preempt disabled Task Command Syntax Command Mode Prevent any BACKUP router with a higher priority from becoming the MASTER router no preempt INTERFACE VRID FTOS conf...

Page 1138: ...ecommends you to increase the VRRP advertisement interval to a value higher than the default value of 1 second to avoid throttling VRRP advertisement packets If you do change the time interval between VRRP advertisements on one router you must change it on all participating routers Task Command Syntax Command Mode Change the advertisement interval setting advertise interval seconds Range 1 255 sec...

Page 1139: ...5 tracking for the group is disabled irrespective of the state of the tracked interfaces and objects The priority of the owner group always remains as 255 and does not change For a virtual group you can track the line protocol state or the routing status of any of the following interfaces with the interface interface parameter 1 Gigabit Ethernet Enter gigabitethernet slot port in the track interfa...

Page 1140: ...t s state show track EXEC EXEC Privilege Optional Display the configuration and UP or DOWN state of tracked interfaces and objects in VRRP groups including the time since the last change in an object s state show vrrp EXEC EXEC Privilege Optional Display the configuration of tracked objects in VRRP groups on a specified interface show running config interface interface EXEC EXEC Privilege Note The...

Page 1141: ...igabitEthernet 7 30 IPv6 VRID 1 FTOS show vrrp GigabitEthernet 7 30 IPv6 VRID 1 Version 3 Net fe80 201 e8ff fe01 95cc VRF 0 default vrf State Master Priority 100 Master fe80 201 e8ff fe01 95cc local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 310 Virtual MAC address 00 00 5e 00 02 01 Virtual IP address 2007 ...

Page 1142: ...thin the same router at the same time The control and data plane are isolated in each VR so that traffic does not flow across VRs For more information refer to Chapter 57 Virtual Routing and Forwarding VRF on page 1109 In a virtualized network that consists of multiple VRFs various overlay networks can exist on a shared physical infrastructure The same IP addresses or overlapping IP subnets can ex...

Page 1143: ...the same VRID on neighboring routers Dell Force10 or non Force10 in the same VRRP group in order for all routers to interoperate FTOS conf interface GigabitEthernet 3 0e FTOS conf if gi 3 0 ip address 1 1 1 1 24 FTOS conf if gi 3 0 vrrp group 111 FTOS conf if gi 3 0 vrid 111 virtual ip 1 1 1 10 FTOS conf if gi 3 0 vrid 162 exit FTOS conf if gi 3 0 no shutdown The VRID used for the VRRP group is th...

Page 1144: ...rnet 2 31 VRID 99 Net 10 1 1 1 State Master Priority 200 Master 10 1 1 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 661 Gratuitous ARP sent 1 Virtual MAC address 00 00 5e 00 01 63 Virtual IP address 10 1 1 3 Authentication none R2 R3 show vrrp GigabitEthernet 3 21 VRID 99 Net 10 1 1 2 State Backup Priority 100 Master 10 1 1 1 Hold Down 0 sec Preempt TRUE Ad...

Page 1145: ...mpt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 817 Gratuitous ARP sent 1 Virtual MAC address 00 00 5e 00 01 63 Virtual IP address 10 1 1 3 Authentication none R2 Router 3 R3 conf int gi 3 21 R3 conf if gi 3 21 ip address 10 1 1 2 24 R3 conf if gi 3 21 vrrp group 99 R3 conf if gi 3 21 vrid 99 virtual 10 1 1 3 R3 conf if gi 3 21 vrid 99 no shut R3 conf if gi 3 21 show conf interface Gigab...

Page 1146: ...v6 VRRP group consists of two routers This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration You can copy and paste from the example to your CLI Be sure you make the necessary changes to support your own IP addresses interfaces names etc Figure 58 21 shows the VRRP for IPv6 topology with the CLI configuration in Figure 58 22...

Page 1147: ...ccept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 135 Virtual MAC address 00 00 5e 00 02 0a Virtual IP address 1 10 fe80 10 R2 Internet 1 10 fe80 10 fe80 201 e8ff fe6a c59f GigE 1 0 GigE 0 0 VRID 10 R2 R3 R3 show vrrp GigabitEthernet 1 0 IPv6 VRID 10 Net fe80 201 e8ff fe6b 1845 VRF 0 default vrf State BackupPriority 100 Master fe80 201 e8ff fe6a c59f Hold Down 0 centi...

Page 1148: ...ipv6 address 1 2 64 R3 conf if gi 1 0 vrrp group 10 R2 conf if gi 1 0 vrid 10 virtual address fe80 10 R2 conf if gi 1 0 vrid 10 virtual address 1 10 R3 conf if gi 1 0 vrid 10 no shutdown R3 conf if gi 1 0 show config interface GigabitEthernet 1 0 ipv6 address 1 2 64 vrrp group 10 priority 100 virtual address fe80 10 virtual address 1 10 no shutdown R3 conf if gi 1 0 end R3 show vrrp GigabitEtherne...

Page 1149: ...Non VLAN Example Figure 58 25 shows a typical use case in which three virtualized overlay networks are created by configuring three VRFs in two E Series switches The default gateway to reach the internet in each VRF is a static route with the next hop being the virtual IP address configured in VRRP In this scenario a single VLAN is associated with each VRF Switch 1 VRID 11 Node IP 10 10 1 5 Virtua...

Page 1150: ... IP addresses and subnet are unique Figure 58 26 VRRP in VRF Switch 1 Non VLAN Configuration Switch 1 S1 conf ip vrf default vrf 0 S1 conf ip vrf VRF 1 1 S1 conf ip vrf VRF 2 2 S1 conf ip vrf VRF 3 3 S1 conf interface GigabitEthernet 12 1 S1 conf if gi 12 1 ip vrf forwarding VRF 1 S1 conf if gi 12 1 ip address 10 10 1 5 24 S1 conf if gi 12 1 vrrp group 11 Info The VRID used by the VRRP group 11 in...

Page 1151: ...t vrf 0 S2 conf ip vrf VRF 1 1 S2 conf ip vrf VRF 2 2 S2 conf ip vrf VRF 3 3 S2 conf interface GigabitEthernet 12 1 S2 conf if gi 12 1 ip vrf forwarding VRF 1 S2 conf if gi 12 1 ip address 10 10 1 2 24 S2 conf if gi 12 1 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if gi 12 1 vrid 101 priority 255 S2 conf if gi 12 1 vrid 101 virtual address 10 10 1 2 S2 conf i...

Page 1152: ...y 100 S1 conf if vl 100 vrid 101 virtual address 10 10 1 2 S1 conf if vl 100 no shutdown S1 conf if gi 12 4 interface vlan 200 S1 conf if vl 200 ip vrf forwarding VRF 2 S1 conf if vl 200 ip address 10 10 1 6 24 S1 conf if vl 200 tagged gigabitethernet 12 4 S1 conf if vl 200 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 2 will be 178 S1 conf if vl 200 vrid 101 priority 100 S1 conf if...

Page 1153: ...vrid 101 virtual address 10 10 1 2 S2 conf if vl 100 no shutdown S2 conf if gi 12 4 interface vlan 200 S2 conf if vl 200 ip vrf forwarding VRF 2 S2 conf if vl 200 ip address 10 10 1 2 24 S2 conf if vl 200 tagged gigabitethernet 12 4 S2 conf if vl 200 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 2 will be 178 S2 conf if vl 200 vrid 101 priority 255 S2 conf if vl 200 vrid 101 virtual...

Page 1154: ... to a VRF instance enter the show vrrp vrf vrf instance command Figure 58 31 Command Example show vrrp vrf FTOS show running config interface gigabitethernet 13 4 interface GigabitEthernet 13 4 ip vrf forwarding red ip address 192 168 0 1 24 vrrp group 4 virtual address 192 168 0 254 no shutdown FTOS show vrrp vrf red GigabitEthernet 13 4 IPv4 Vrrp group 4 VRID 65 Version 2 Net 192 168 0 1 VRF 1 r...

Page 1155: ...t client sessions FTOS XML provides a way of interfacing with the system by entering XML formatted requests and retrieving XML output See The Form of XML Requests and Responses on page 1156 FTOS XML supports the following functionality Configure both physical and logical interfaces Layer 2 and Layer 3 Standard ACLs Layer 2 and Layer 3 Extended ACLs Supported show commands and their output Some sho...

Page 1156: ...ML formatted requests that conform to the following schema Every XML request begins with an XML declaration followed by a Method type tag followed by an Operation type tag as shown in this shell schema xml version 1 0 encoding UTF 8 Request MajorVersion 1 MinorVersion 0 Method Operation command The number of allowed command tag sets depends on the type of request command Operation Method Request C...

Page 1157: ...ow run Also spaces before or after the command are allowed as shown in the following example The following sequence of XML tags shows the structure of a configuration request containing several commands xml version 1 0 encoding UTF 8 request MajorVersion 1 MinorVersion 0 cli configuration command ip access standard test2 command command seq 10 deny any command command seq 20 permit host 10 1 1 1 c...

Page 1158: ...st The response from FTOS if the command executes successfully presents all of the content that you would get in the equivalent CLI report Note that the data are encapsulated in self explanatory XML tags The following is an example of a show linecard report embedded in XML tags xml version 1 0 encoding UTF 8 response MajorVersion 1 MinorVersion 0 action linecard slotId 3 slotId status online statu...

Page 1159: ...SSH client sessions 2 Construct input to the CLI by following the XML request schema as described in The Form of XML Requests and Responses on page 1156 FTOS XML Cut and paste your XML request from a text editor or other type of XML presentation tool or type your XML request line by line 3 Press Ctrl Y or press Enter twice creating an empty line FTOS XML Execute the request Alternatively to cancel...

Page 1160: ... command ip access standard test1 command configuration cli request xml version 1 0 encoding UTF 8 response MajorVersion 1 MinorVersion 0 responseType NO_ERROR responseType responseSeverity SEVERITY_INFO responseSeverity responseMsg Xml request successfully processed responseMsg response FTOS xml Enter XML request with CTRL Y or empty line Clear XML request with CTRL C Exit XML mode with CTRL Z xm...

Page 1161: ...re an extended ACL To configure an extended ACL through XML enter FTOS XML mode and construct an XML configuration request see Run an FTOS XML session on page 1159 An example of a complete request message is xml version 1 0 encoding UTF 8 request MajorVersion 1 MinorVersion 0 cli configuration command interface GigabitEthernet 0 0 command command ip address 10 2 1 100 255 255 255 0 command command...

Page 1162: ... error conditions that might occur in an XML transaction and the associated responses that the XML generates Note also as shown below by the NO_ERROR message that the same response message format is used for a successful configuration request The general form of the response is as follows xml version 1 0 encoding UTF 8 response MajorVersion 1 MinorVersion 0 responseType responseType responseSeveri...

Page 1163: ...y processed paired with NO_ERROR Error Parsing error is detected in the XML request paired with XML_PARSE_ERROR Error Schema error is detected in the XML request paired with XML_SCHEMA_ERROR Error CLI Parsing error is detected in the XML request paired with CLI_PARSE_ERROR Error content varies depending on the error paired with APPLICATION_ERROR indicating an application error from a backend task ...

Page 1164: ...ommand xml version 1 0 encoding UTF 8 request MajorVersion 1 MinorVersion 0 cli configuration command ip access test test1 command configuration cli request The XML response to that invalid request is xml version 1 0 encoding UTF 8 response MajorVersion 1 MinorVersion 0 responseType CLI_PARSE_ERROR responseType responseSeverity SEVERITY_ERROR responseSeverity responseMsg command ip access test tes...

Page 1165: ... mode you can retrieve XML formatted responses to the show commands supported by XML see the list of supported show commands in the section XML Functionality on page 1155 The following table describes how to format a show command with a pipe option that will request that the show command report be presented with XML formatting As shown in the following Figure 59 3 FTOS formats the response with th...

Page 1166: ... WAN PHY line card with XFP optics EF3 curType hwRevBase 1 1 hwRevBase hwRevPortPipe0 1 1 hwRevPortPipe0 hwRevPortPipe1 n a hwRevPortPipe1 numPorts 2 numPorts upTime 1 hr 32 min upTime swVer 4 4 3 243 swVer lcJumboCapable yes lcJumboCapable lcBootFlashA 2 3 0 6 booted lcBootFlashA lcBootFlashB 2 3 0 6 lcBootFlashB totMemSize 268435456 totMemSize lcTemperature 37 lcTemperature powerStatus AC powerS...

Page 1167: ...3 Troubleshoot bootup failure on page 1173 Environmental monitoring on page 1173 Recognize an overtemperature condition on page 1174 Troubleshoot an overtemperature condition on page 1174 Recognize an under voltage condition on page 1175 Troubleshoot an under voltage condition on page 1175 Trace logs on page 1175 Automatic trace log updates on page 1176 Save a hardware log to a file on the flash o...

Page 1168: ...g Processors FP These ports are referred to as the Internal Dataplane IDP link Ports 5 8 connect to the RPMs These ports are referred to as the BDP links Figure 60 1 Architecture Diagram of the 1x48GE Line Card The number of FPs varies with the line card type as shown in Table 60 1 Switch Fabric link monitoring FTOS Switch Manager SWMGR task monitors the BDP links on the RPM This task also monitor...

Page 1169: ...ow sfm command shown in Figure 60 3 The system reports an active status if all CSF ASICs on the RPM initialize successfully whether or not any line cards are installed and the BDP links are up Message 1 FTOS Link Monitoring Syslog Message Example Mar 12 21 01 18 RPM1 P CP SWMGR 1 BDP_LINK_DETECT Backplane datapath link status for RSM0 Switch fabric unit 0 port 0 DOWN Describes only the state of th...

Page 1170: ...og Message Example 00 00 13 RPM1 P CP TSM 6 SFM_FULL_PARTIAL_STATE SW_FAB_UP_1 SFM in the system 00 00 13 RPM1 P CP TSM 6 SFM_SWITCHFAB_STATE Switch Fabric UP Message 3 Poll Manager Syslog Message Example RPM1 P CP POLLMGR 2 BPL_IRC_ERR Back Plane Link Error Table 60 2 Poll Manager Syslog Message Description Message Description POLLMGR 2 ALT_RPM_STA TE Reports that either the standby RPM is not pr...

Page 1171: ...ssages are lost the system will declare an IRC timeout via a Syslog message and reset the system This message suggests that a hardware fault on the RPM may have caused the IRC timeout To troubleshoot this issue Verify that the RPMs are fully inserted Try a swap test of the RPMs Capture the output of the following show hardware commands show hardware rpm number cpu party bus statistics show hardwar...

Page 1172: ... message between the two RPMs FTOS reports this condition via syslog messages as follows FTOS automatically saves critical information about the IRC failure to NVRAM Use the same three step procedure to capture this file for analysis by Dell Force10 Step Task Command Mode 1 Display the directories in flash memory The output should include 1 drwx 2048 Jan 01 1980 00 00 06 CRASH_LOG_DIR dir flash EX...

Page 1173: ...are seen collect the output of the show console lp and show tech commands and contact the Dell Force10 Technical Assistance Center Environmental monitoring All C Series components use environmental monitoring hardware to detect overtemperature undervoltage and overvoltage conditions Use the show environment command to monitor the components for any major or minor alarm conditions The output in Fig...

Page 1174: ...messages in Message 7 To view the programmed alarm thresholds levels including the shutdown value execute the show alarms threshold command shown in Figure 60 6 Figure 60 6 show alarms threshold Command Example Troubleshoot an overtemperature condition To troubleshoot an over temperature condition 1 Use the show environment commands to monitor the temperature levels Message 7 Over Temperature Cond...

Page 1175: ...ts line cards are shut down then RPMs Troubleshoot an under voltage condition To troubleshoot an under voltage condition check that the correct number of power supplies are installed and their Status LEDs are lit Trace logs In addition to the syslog buffer FTOS buffers trace messages which are continuously written by various FTOS software tasks to report hardware and software events and status inf...

Page 1176: ...ce_RPM0CP 0 is not overwritten so that chassis bootup message are preserved The CP and LP trace file names are CP SW trace sw_trace_RPM0CP 0 sw_trace_RPM0CP 1 sw_trace_RPM0CP 2 sw_trace_RPM0CP 3 and sw_trace_RPM0CP 4 CP HW trace hw_trace_RPM0CP 0 hw_trace_RPM0CP 1 hw_trace_RPM0CP 2 hw_trace_RPM0CP 3 and hw_trace_RPM0CP 4 LP SW trace sw_trace_LP 0 7 0 sw_trace_LP 0 7 1 sw_trace_LP 0 7 2 sw_trace_LP...

Page 1177: ...sh TRACE_LOG_DIR TRACE_LAST_BOOT Task Command Syntax Command Mode Write the RPM trace log to flash upload trace log cp cmd history hw trace sw trace EXEC Privilege Task Command Syntax Command Mode Write the line card trace log to flash upload trace log linecard 0 7 hw trace sw traceupload trace log cp cmd history hw trace sw trace EXEC Privilege Task Command Syntax Command Mode Stop the writing th...

Page 1178: ...tifies the failed RPM For example if RPM0 fails the trace files saved in RPM1 with filename as failure_trace_RPM0_LP1 Command history The command history trace feature captures all commands entered by all users of the system with a time stamp and writes these messages to a dedicated trace log buffer When the show command history command is entered the system displays a trace message for each execu...

Page 1179: ...8 30 6 16 16 38 10 CMD CLI show qos statistics by default from console 6 16 16 38 21 CMD TEL0 show command history by admin from vty0 10 11 48 30 FTOS show command history 10 12 3 15 40 17 CMD CLI show config by default from console 12 3 15 40 22 CMD CLI ping 10 11 80 201 by default from console 12 3 15 40 46 CMD CLI show interfaces managementethernet 0 0 by default from console 12 3 15 40 49 CMD ...

Page 1180: ...nters on a line card or RPM show hardware rpm mac counters clear hardware rpm mac counters Enter the keyword counters keyword to view or clear the receive and transmit frame counters for the party bus switch in the IPC subsystem on the RPM show hardware rpm mac port statistics clear hardware rpm mac port statistics Enter the keyword port statistics to view or clear detailed Ethernet statistics for...

Page 1181: ...ve threshold for task sysAdmTsk 100 00 in CP Feb 13 13 56 20 RPM1 S CP CHMGR 5 CPU_THRESHOLD Overall cp cpu usage above threshold Cpu5SecUsage 100 Feb 13 13 56 20 RPM1 S CP CHMGR 5 TASK_CPU_THRESHOLD_CLR Cpu usage drops below threshold for task sysAdmTsk 0 00 in CP Step Task Command Syntax Command Mode 1 Enable debug cpu traffic stats and monitor the output with the show cpu traffic stats command ...

Page 1182: ... the card If the chSysCardAdminStatus is up the valid state is ready the card is present and ready and the chSysCardOperStatus status is up If the chSysCardAdminStatus is down the service states can be offline the card is not used cardNotmatch the card does not match what is configured cardProblem a hardware problem has been detected on the card diagMode the card is in the diagnostic mode Note chS...

Page 1183: ... 6027 3 1 1 4 0 34 chAlarmMinorPS Trap generated when a power supply minor alarm is issued 1 3 6 1 4 1 6027 3 1 1 4 0 35 chAlarmMinorPSClr Trap generated when a power supply minor alarm is cleared Fan Tray 1 3 6 1 4 1 6027 3 1 1 2 2 1 2 chSysFanTrayOperStatus Each entry in the chSysFanTrayTable includes a set of objects that describe the status of a particular fan tray as identified by the chSysFa...

Page 1184: ...ated paths e g line integrity tests and tests the internal parts e g registers of the devices Level 2 performs on board loopback tests on various data paths e g data port pipe and Ethernet Configuration task list 1 Take the line card offline page 1185 2 Run offline diagnostics page 1185 3 View offline diagnostic test results page 1185 4 Bring the line card back online page 1188 Important points to...

Page 1185: ...ing the diag linecard command as shown in Figure 60 14 Figure 60 14 diag linecard Command Example View offline diagnostic test results Use the show diag command to view a brief report of the test results as shown in Figure 60 15 FTOS offline linecard 5 00 50 05 RPM0 P CP CHMGR 2 CARD_DOWN Line card 5 down card offline 00 50 05 RPM0 P CP IFMGR 1 DEL_PORT Removed port Te 5 0 3 FTOS show linecard all...

Page 1186: ... filename of the test results and Figure 60 16 shows the contents of the file Note Report any test failures to your Dell Force10 technical support engineer FTOS show diag linecard 5 Diag status of Linecard slot 5 Card is currently offline Card alllevels diag issued at THU FEB 08 2018 04 10 06 PM Current diag status Card diags are in progress 00 54 19 Diagnostic test results are stored on file flas...

Page 1187: ...der Number LC CB 10GE 4P Card Id 402 SW INFO Data in Lp Eeprom is listed Chassis Type 6 Chassis Mode 4 Backplane version 1 Starting iteration 1 LEVEL 0 DIAGNOSTICS Test 1 NVRAM Access test PASS Test 3 FPGA Access Test PASS Test 4 Probing Test for volt Temp sensor PASS Test 6 Probing for POE device 1 NOT APPL Test 7 Probing for POE device 2 NOT APPL Test 8 Probing for POE device 3 NOT APPL Test 9 P...

Page 1188: ...5 V Brick Load test PASS Test 130 1 5 V Brick Load test PASS Test 131 1 25 V Brick Load test PASS Test 132 1 8 V Brick Load test PASS Test 133 XFP Verification Test 0 PASS Test 134 XFP Verification Test 1 PASS Test 135 XFP Verification Test 2 PASS Test 136 XFP Verification Test 3 PASS Test 137 XFP Verification Test 4 NOT APPL Test 138 XFP Verification Test 5 NOT APPL Test 139 XFP Verification Test...

Page 1189: ...ports support eight queues 4 for data traffic and 4 for control traffic All 8 queues are tunable Physical memory is organized into cells of 128 bytes The cells are organized into two buffer pools dedicated buffer and dynamic buffer Dedicated buffer is reserved memory that cannot be used by other interfaces on the same ASIC or by other queues on the same interface This buffer is always allocated an...

Page 1190: ...lls Oversubscription ratio 10 Dynamic Cell Limit Per port 59040 29 2036 cells Figure 60 18 Buffer Tuning Points When to tune buffers Dell Force10 recommends exercising caution when configuring any non default buffer settings as tuning can significantly affect system performance The default values work for most cases As a guideline consider tuning buffers if traffic is very bursty and coming from s...

Page 1191: ...physical 1G interface buffer dedicated BUFFER PROFILE Change the maximum amount of dynamic buffers an interface can request buffer dynamic BUFFER PROFILE Change the number of packet pointers per queue buffer packet pointers BUFFER PROFILE Apply the buffer profile to a line card buffer fp uplink linecard CONFIGURATION Apply the buffer profile to a CSF to FP link buffer csf linecard CONFIGURATION FT...

Page 1192: ... mode the buffer profile name still appears in the output of show buffer profile detail summary After a line card reset the buffer profile correctly returns to the default values but the profile name remains Remove it from the show buffer profile detail summary command output by entering no buffer fp uplink csf linecard port set buffer policy from CONFIGURATION mode and no buffer policy from INTER...

Page 1193: ...fer Packets Kilobytes 0 3 00 256 1 3 00 256 2 3 00 256 3 3 00 256 4 3 00 256 5 3 00 256 6 3 00 256 7 3 00 256 FTOS sho buffer profile detail fp uplink stack unit 0 port set 0 Linecard 0 Port set 0 Buffer profile fsqueue hig Dynamic Buffer 1256 00 Kilobytes Queue Dedicated Buffer Buffer Packets Kilobytes 0 3 00 256 1 3 00 256 2 3 00 256 3 3 00 256 4 3 00 256 5 3 00 256 6 3 00 256 7 3 00 256 FTOS sh...

Page 1194: ... Command Syntax Command Mode Apply one of two pre defined buffer profiles for all port pipes in the system buffer profile global 1Q 4Q CONFIGURATION Message 12 Reload After Applying Global Buffer Profile Info For the global pre defined buffer profile to take effect please save the config and reload the system FTOS Behavior After you configure buffer profile global 1Q Message 12 is displayed during...

Page 1195: ...6 buffer profile fp fsqueue hig buffer dedicated queue0 3 queue1 3 queue2 3 queue3 3 queue4 3 queue5 3 queue6 3 queue7 3 buffer dynamic 1256 buffer fp uplink linecard 0 port set 0 buffer policy fsqueue hig buffer fp uplink linecard 0 port set 1 buffer policy fsqueue hig Interface range gi 0 1 48 buffer policy fsqueue fp FTOS sho run int gi 0 10 interface GigabitEthernet 0 10 no ip address switchpo...

Page 1196: ...1196 C Series Debugging and Diagnostics w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 1197: ...ge 1198 Disable RPM SFM walk on page 1200 RPM SFM bring down on page 1201 Manual loopback test on page 1201 SFM channel monitoring on page 1204 Respond to PCDFO events on page 1205 Inter CPU timeouts on page 1206 Debug commands on page 1208 Hardware watchdog timer on page 1208 Show hardware commands on page 1209 Offline diagnostics on page 1209 Important points to remember on page 1210 Offline con...

Page 1198: ...ective action is not appropriate the system health check reports the detected anomaly in real time via a syslog message and or SNMP Reactive component When an error condition is asserted appropriate show and debug commands are available to assist in identifying the condition as well as rapid fault isolation System health checks An automatic runtime loopback test monitors the overall health status ...

Page 1199: ...me test results reflect the overall health status of the dataplane SFM walking can help to identify a single faulty SFM which is persistently dropping all traffic For any partial packet loss the loopback test results can only indicate that there is partial packet loss on the dataplane When an automatic SFM walk is conducted events are logged to indicate the start and completion of the SFM walk and...

Page 1200: ...o a faulty SFM If confirmed the single faulty SFM is identified and disabled by default To disable the automatic SFM walk that is launched after an RPM SFM runtime loopback test failure use the following command in CONFIGURATION mode Message 2 SFM walk Event Log TSM 2 RPM_LOOPBACK_FAIL RPM SFM dataplane loopback test failed TSM 2 SFM_WALK_START Automatic SFM walk through started TSM 2 SFM_WALK_FAI...

Page 1201: ...regardless if the runtime loopback test is enabled or disabled Use this test to verify that the dataplane is actually functional even when a switch fabric status is down but there are at least max 1 SFMs in active or diag failure state Task Command Mode Disable the automatic SFM walk that is launched after an RPM SFM runtime loopback test failure To re enable the automatic SFM walk use the no data...

Page 1202: ...e switch fabric down Power the SFM on off If you suspect that an SFM is faulty and would like to manually disable it to determine whether any packet loss or forwarding issues are resolved execute the following command Task Command Mode Execute a manual dataplane loopback test all loopback Both the RPM and the line card dataplane loopback test is done rpm loopback Only the RPM dataplane loopback te...

Page 1203: ...ed off by the user Use the show sfm all command to display the status Figure 61 5 Figure 61 5 show sfm all command Example Note Execute this command only during an offline diagnostics this command may bring down the switch fabric FTOS power off sfm 0 SFM0 is active Powering it off it might impact the data traffic Proceed with power off confirm yes no yes Feb 15 23 52 53 RPM1 P CP CHMGR 2 MINOR_SFM...

Page 1204: ...SFM when the system has max 1 SFM and switch fabric is up Figure 61 7 Figure 61 7 reset sfm error message SFM channel monitoring In addition to monitoring the datapath the SFM channels can be monitored using the Per Channel Deskew FIFO Overflow PCDFO polling feature on all line cards and RPMs in both EtherScale and TeraScale E1200 E600 and E300 chassis Like the datapath loopback feature the PCDFO ...

Page 1205: ...ts Troubleshooting PCDFO events requires applying some human intelligence to differentiate between transient and systematic failures PCDFO events can be caused by several factors including Backplane noise Data corruption Bad epoch timing Mis configuration of backplane There are two PCDFO error types Transient and Systematic Transient error are non persistent events that occur as one events during ...

Page 1206: ...able the PCDFO polling feature use the following command in CONFIGURATION mode Detection of a PCDFO event causes the system to generate a message similar to the following Events are logged when PCDFO error first occurs on any SFM and when PCDFO error pattern changes No automatic action is taken by the system when a DFO error is detected If such an error is reported note the SFM slot number identif...

Page 1207: ...ure this file for analysis by the Dell Force10 TAC Message 6 CP monitor RPM1 P CP IPC 2 STATUS target rp2 not responding RPM0 S CP RAM 6 FAILOVER_REQ RPM failover request from active peer Auto failover on failure RPM0 S CP RAM 6 ELECTION_ROLE RPM0 is transitioning to Primary RPM RPM0 P CP TSM 6 SFM_SWITCHFAB_STATE Switch Fabric UP Step Task Command Mode 1 Display the directories in flash memory Th...

Page 1208: ...DUMP_DIR CP trace log file look for a filename with the phrase failure_trace in the TRACE_LOG_DIR RP and or CP sysinfo file in the CRASH_LOG_DIR as explained above Debug commands FTOS supports an extensive suite of debug commands for troubleshooting specific problems while working with Dell Force10 technical support staff All debug commands are entered in privileged EXEC mode See the FTOS Command ...

Page 1209: ...st test pass time and last test pass time first test failure time and last test failure time Command Description show hardware rpm slot number mac counters port port number clear hardware rpm slot number mac counters View or clear the receive and transmit counters for the party bus control switch on the IPC subsystem of the RPM show hardware rpm slot number cp data plane management port party bus ...

Page 1210: ...gle port pipe line card and 12 to 15 minutes on a dual port pipe line card Running diagnostics on LC EF GE 90M cards may take slightly longer Offline configuration task list Use the following steps to run offline diagnostics on the E Series This procedure assumes the FTOS image is installed 1 Place the line card in an offline state with the offline linecard command Use the show linecard command to...

Page 1211: ...etects a parity error it must determine which type it is To distinguish between the two types of parity errors transient and non recoverable the system maintains a copy of all SRAM writes If a location does not match the SRAM copy or causes another parity error indication in the status register the system rewrites the location After rewriting the location the system again reads the location and ch...

Page 1212: ... Error Correction hardware monitor linecard asic fpc parity correction CONFIGURATION 3 Reload the linecard reset linecard EXEC Privilege Message 8 Parity Error Correction Enabled RPM0 P CP CHMGR 5 PARITY_CORRECTION FPC parity correction feature will be on next reload Message 9 Parity Error Correction Enabled 1 1 0 0 25 LCMGR lcMgr lcMgrSetParityCorrection Enable parity correction 5 15 16 13 14 LCM...

Page 1213: ...rates a console message for non recoverable parity errors Use SNMP to poll the number of non recoverable errors using the objects chSysCardParityNonrecovrableError Message 12 Console Real Parity Error Message Apr 29 18 52 50 RPM0 P CP CHMGR 2 CARD_PARITY_ERR Linecard 6 pp 0 FPC SRAM Hard parity error Address 0x85000004 Index 0x80000 FTOS show linecard 6 Line card 6 Status online Next Boot online R...

Page 1214: ...P 1 and saved to the flash Following the fifth file created hw_trace_RPM0CP 4 the saved files are overwritten starting with the 1 version hw_trace_RPM0CP 1 These files will be saved in flash TRACE_LOG_DIR TRACE_CURR_BOOT At reload this directory is renamed as flash TRACE_LOG_DIR TRACE_LAST_BOOT and an empty flash TRACE_LOG_DIR TRACE_CURR_BOOT directory is created Trace file hw_trace_RPM0CP 0 is no...

Page 1215: ...e case of a software exception are CP failure_trace_RPM1_CP LP failure_trace_RPM1_LP1 For systems with a single RPM the linecard traces are saved on the failed RPM itself For systems with dual RPM linecard trace logs are saved when the CP RP1 or RP2 crashes The linecard trace logs are saved on the new Primary RPM The linecard trace file name identifies the failed RPM For example if RPM0 fails the ...

Page 1216: ...XEC Privilege FTOS show command history 12 5 10 57 8 CMD CLI service password encryption 12 5 10 57 12 CMD CLI hostname Force10 12 5 10 57 12 CMD CLI ip telnet server enable 12 5 10 57 12 CMD CLI line console 0 12 5 10 57 12 CMD CLI line vty 0 9 12 5 10 57 13 CMD CLI boot system rpm0 primary flash FTOS CB 1 1 1 2E2 bin FTOS show command history 10 12 3 15 40 17 CMD CLI show config by default from ...

Page 1217: ...6 20 RPM1 S CP CHMGR 5 CPU_THRESHOLD Overall cp cpu usage above threshold Cpu5SecUsage 100 Feb 13 13 56 20 RPM1 S CP CHMGR 5 TASK_CPU_THRESHOLD_CLR Cpu usage drops below threshold for task sysAdmTsk 0 00 in CP Message 15 Queue Memory Error RPM0 P CP CHMGR 1 QMERR_RDBE 0x30004 Double bit error detected in SRAM pointer memory on Ingress BTM port pipe 0 Line card slot 9 RPM0 P CP CHMGR 1 QMERR_RDBE 0...

Page 1218: ...sage 17 Low Free Memory Error RPM0 P CP CHMGR 1 LF_MEM_ERR Low free memory error detected on Ingress BTM port pipe 0 Line card slot 9 RPM0 P CP CHMGR 1 LF_MEM_ERR Low free memory error detected on Egress BTM port pipe 1 Line card slot 9 Message 18 Start of Packet End of Packet Memory Error RPM0 P CP CHMGR 1 SOP_EOP_ERR SOP EOP error detected on Ingress BTM port pipe 1 Line card slot 9 RPM0 P CP CH...

Page 1219: ...cp rp 1 2 yymmddhhmmss acore gz where yymmddhhmmss is a time stamp and FTOS writes it to the internal flash The FTOS High Availability module is aware of the core dump upload and it does not reboot the crashed RPM until the core dump has completed or is aborted Line card core dumps Line card core dumps preserve critical status information for cards which experience a task crash Writing a line card...

Page 1220: ...ecify the shutdown mode logging coredump linecard all 0 13 port shutdown no port shutdown EXEC Privilege Note In the absence of port shutdown and no port shutdown the option no port shutdown is applied Message 22 Internal File Transfer of Core Dump to the RPM Complete E48TF 0 TME 2 TASK SUSPENDED SAVING FAILURE RECORD COMPLETED Step Task Syntax Command Mode 1 Change the directory to CORE_DUMP_DIR ...

Page 1221: ...ious components and perform essential path verifications In addition they verify the identification registers of the components on the board Level 1 A smaller set of diagnostic tests Level 1 diagnostics perform status self test for all the components on the board and test their registers for appropriate values In addition they perform extensive tests on memory devices e g SDRAM flash NVRAM EEPROM ...

Page 1222: ...ot enter the command on a Master or Standby stack unit Figure 62 1 Taking an S Series Stack Unit Offline 2 Use the show system brief command from EXEC Privilege mode to confirm offline status as shown in Figure 62 2 Message 1 Offline Diagnostics on Master Standby Error Running Diagnostics on master standby unit is not allowed on stack The system reboots when the off line diagnostics complete This ...

Page 1223: ...are stored on file flash TestReport SU 1 txt 00 09 37 S50N 1 DIAGAGT 6 DA_DIAG_DONE Diags finished on stack unit 1 Diags completed Rebooting the system now FTOS show system brief no more Stack MAC 00 01 e8 d6 02 39 Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Standby online S25V S25V 4 7 7 220 28 1 Management offline S50N S50N 4 7 7 220 52 2 Member online S25P S25P 4 7 7 220 28 3 ...

Page 1224: ...22 00 00 3 drw 512 Aug 15 1996 23 09 48 00 00 TRACE_LOG_DIR 4 d 512 Aug 15 1996 23 09 52 00 00 ADMIN_DIR 5 rw 3854 Sep 24 1996 03 43 46 00 00 startup config 6 rw 12632 Nov 05 2008 17 15 16 00 00 TestReport SU 1 txt flash 3104256 bytes total 3086336 bytes free output from master unit FTOS diag stack unit 2 Warning the stack unit will be pulled out of the stack for diagnostic execution Proceed with ...

Page 1225: ...50000 V 1 200000 V 2 000000 V Stack Unit Board temperature 26 Degree C Stack Unit Number 0 Stack Unit EEPROM INFO MFG INFO Data in Chassis Eeprom Mfg Info is listed as Vendor Id 07 Country Code 01 Date Code 12172007 Serial Number DL267160098 Part Number 7590003600 Product Revision B Product Order Number LEVEL 0 DIAGNOSTICS Test 0 CPLD Presence Test PASS Hardware PCB Revision is Revision B Test 1 C...

Page 1226: ...a last resort mechanism intended to prevent a manual power cycle Buffer tuning Buffer Tuning allows you to modify the way your switch allocates buffers from its available memory and helps prevent packet drops during a temporary burst of traffic The S Series ASICs implement the key functions of queuing feature lookups and forwarding lookups in hardware Forwarding Processor FP ASICs provide Ethernet...

Page 1227: ...However this minimum guarantee means the buffer manager does not reallocate the buffer to an adjacent congested interface which means that in some cases memory is underused Dynamic buffer is shared memory that is allocated as needed up to a configured limit Using dynamic buffers provides the benefit of statistical buffer sharing An interface requests dynamic buffers when its dedicated buffer pool ...

Page 1228: ...ificantly affect system performance The default values work for most cases As a guideline consider tuning buffers if traffic is very bursty and coming from several interfaces In this case Reduce the dedicated buffer on all queues interfaces Increase the dynamic buffer on all interfaces Increase the cell pointers on a queue that you are expecting will receive the largest number of packets CSF Unit ...

Page 1229: ...RATION Change the dedicated buffers on a physical 1G interface buffer dedicated BUFFER PROFILE Change the maximum amount of dynamic buffers an interface can request buffer dynamic BUFFER PROFILE Change the number of packet pointers per queue buffer packet pointers BUFFER PROFILE Apply the buffer profile to a line card buffer fp uplink linecard CONFIGURATION Apply the buffer profile to a CSF to FP ...

Page 1230: ...rface tengigabitethernet 2 0 interface TenGigabitEthernet 2 0 no ip address mtu 9252 switchport no shutdown buffer policy myfsbufferprofile FTOS sho buffer profile detail int gi 0 10 Interface Gi 0 10 Buffer profile fsqueue fp Dynamic buffer 1256 00 Kilobytes Queue Dedicated Buffer Buffer Packets Kilobytes 0 3 00 256 1 3 00 256 2 3 00 256 3 3 00 256 4 3 00 256 5 3 00 256 6 3 00 256 7 3 00 256 FTOS...

Page 1231: ...r profiles for all port pipes in the system buffer profile global 1Q 4Q CONFIGURATION Message 3 Reload After Applying Global Buffer Profile Info For the global pre defined buffer profile to take effect please save the config and reload the system FTOS Behavior After you configure buffer profile global 1Q Message 3 is displayed during every bootup Only one reboot is required for the configuration t...

Page 1232: ...unit 0 7 port set 0 1 show hardware system flow layer2 stack unit 0 7 port set 0 1 counters clear hardware stack unit 0 7 counters clear hardware stack unit 0 7 unit 0 1 counters clear hardware stack unit 0 7 cpu data plane statistics clear hardware stack unit 0 7 cpu party bus statistics clear hardware stack unit 0 7 stack port 0 52 Displaying Drop Counters The show hardware stack unit 0 7 drops ...

Page 1233: ... Ingress Drops 0 Total IngMac Drops 0 Total Mmu Drops 0 Total EgMac Drops 0 Total Egress Drops 0 UNIT No 1 Total Ingress Drops 0 Total IngMac Drops 0 Total Mmu Drops 0 Total EgMac Drops 0 Total Egress Drops 0 FTOS show hardware stack unit 0 drops unit 0 Port Ingress Drops IngMac Drops Total Mmu Drops EgMac Drops Egress Drops 1 0 0 0 0 0 2 0 0 0 0 0 3 0 0 0 0 0 4 0 0 0 0 0 5 0 0 0 0 0 6 0 0 0 0 0 7...

Page 1234: ...led party bus or IPC traffic or network control traffic which the CPU must process FTOS show hardware stack unit 0 drops unit 0 port 1 Ingress Drops Ingress Drops 30 IBP CBP Full Drops 0 PortSTPnotFwd Drops 0 IPv4 L3 Discards 0 Policy Discards 0 Packets dropped by FP 14 L2 L3 Drops 0 Port bitmap zero Drops 16 Rx VLAN Drops 0 Ingress MAC counters Ingress FCSDrops 0 Ingress MTUExceeds 0 MMU Drops HO...

Page 1235: ...Clus 0 recvd 0 dropped 0 recvToNet 0 rxError 0 rxDatapathErr 0 rxPkt COS0 0 rxPkt COS1 0 rxPkt COS2 0 rxPkt COS3 0 rxPkt COS4 0 rxPkt COS5 0 rxPkt COS6 0 rxPkt COS7 0 rxPkt UNIT0 0 rxPkt UNIT1 0 rxPkt UNIT2 0 rxPkt UNIT3 0 transmitted 0 txRequested 0 noTxDesc 0 txError 0 txReqTooLarge 0 txInternalError 0 txDatapathErr 0 txPkt COS0 0 txPkt COS1 0 txPkt COS2 0 txPkt COS3 0 txPkt COS4 0 txPkt COS5 0 ...

Page 1236: ...17 over 255 byte pkts 56 over 511 byte pkts 78 over 1023 byte pkts 0 Multicasts 5 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 1649714 packets 1948622676 bytes 0 underruns 0 64 byte pkts 27234 over 64 byte pkts 107970 over 127 byte pkts 34 over 255 byte pkts 504838 over 511 byte pkts 1009638 over 1023 byte pkts 0 Multicasts 0 Broadcasts 1649714 Unicasts 0 t...

Page 1237: ... into flash until space is exhausted When the flash is full the write process is stopped A mini core dump contains critical information in the event of a crash Mini core dump files are located in flash root dir The application mini core file name format is f10StkUnit Stack_unit_no Application name acore mini txt The kernel mini core file name format is f10StkUnit Stack_unit_no kcore mini txt Sampl...

Page 1238: ...w 8693 Sep 03 2009 16 50 56 00 00 startup config 6 rw 8693 Sep 03 2009 16 44 22 00 00 startup config bak 7 rw 156 Aug 28 2009 16 16 10 00 00 f10StkUnit0 mrtm acore mini txt 8 rw 156 Aug 28 2009 17 17 24 00 00 f10StkUnit0 vrrp acore mini txt 9 rw 156 Aug 28 2009 18 25 18 00 00 f10StkUnit0 sysd acore mini txt 10 rw 156 Aug 28 2009 19 07 36 00 00 f10StkUnit0 frrp acore mini txt 11 rw 156 Aug 31 2009 ...

Page 1239: ...ae 10 Gigabit Ethernet 10GBASE W 10GBASE X 802 3af Power over Ethernet 802 3ak 10 Gigabit Ethernet 10GBASE CX4 802 3i Ethernet 10BASE T 802 3u Fast Ethernet 100BASE FX 100BASE TX 802 3x Flow Control 802 3z Gigabit Ethernet 1000BASE X ANSI TIA 1057 LLDP MED Dell Force10 FRRP Force10 Redundant Ring Protocol Note Unless noted when a standard cited here is listed as supported by FTOS FTOS also support...

Page 1240: ...68 User Datagram Protocol 7 6 1 7 5 1 8 1 1 793 Transmission Control Protocol 7 6 1 7 5 1 8 1 1 854 Telnet Protocol Specification 7 6 1 7 5 1 8 1 1 959 File Transfer Protocol FTP 7 6 1 7 5 1 8 1 1 1321 The MD5 Message Digest Algorithm 7 6 1 7 5 1 8 1 1 1350 The TFTP Protocol Revision 2 7 6 1 7 5 1 8 1 1 1661 The Point to Point Protocol PPP 1989 PPP Link Quality Monitoring 1990 The PPP Multilink Pr...

Page 1241: ...ry 7 6 1 7 5 1 8 1 1 1305 Network Time Protocol Version 3 Specification Implementation and Analysis 7 6 1 7 5 1 8 1 1 1519 Classless Inter Domain Routing CIDR an Address Assignment and Aggregation Strategy 7 6 1 7 5 1 8 1 1 1542 Clarifications and Extensions for the Bootstrap Protocol 7 6 1 7 5 1 8 1 1 1812 Requirements for IP Version 4 Routers 7 6 1 7 5 1 8 1 1 2131 Dynamic Host Configuration Pro...

Page 1242: ...6 IPv6 Specification 7 8 1 7 8 1 8 2 1 2461 Partial Neighbor Discovery for IP Version 6 IPv6 7 8 1 7 8 1 8 2 1 2462 Partial IPv6 Stateless Address Autoconfiguration 7 8 1 7 8 1 8 2 1 2463 Internet Control Message Protocol ICMPv6 for the Internet Protocol Version 6 IPv6 Specification 7 8 1 7 8 1 8 2 1 2464 Transmission of IPv6 Packets over Ethernet Networks 7 8 1 7 8 1 8 2 1 2675 IPv6 Jumbograms 7 ...

Page 1243: ...ions for BGP 7 8 1 7 7 1 8 1 1 4360 BGP Extended Communities Attribute 7 8 1 7 7 1 7 6 1 8 1 1 4893 BGP Support for Four octet AS Number Space 7 8 1 7 7 1 7 7 1 8 1 1 5396 Textual Representation of Autonomous System AS Numbers 8 1 2 8 1 2 8 1 2 8 2 1 draft ietf idr bgp4 20 A Border Gateway Protocol 4 BGP 4 7 8 1 7 7 1 8 1 1 draft ietf idr restart 06 Graceful Restart Mechanism for BGP 7 8 1 7 7 1 8...

Page 1244: ... 3567 IS IS Cryptographic Authentication 8 1 1 3784 Intermediate System to Intermediate System IS IS Extensions in Support of Generalized Multi Protocol Label Switching GMPLS 8 1 1 5120 M ISIS Multi Topology MT Routing in Intermediate System to Intermediate Systems IS ISs 7 8 1 8 2 1 5306 Restart Signaling for IS IS 8 3 1 8 3 1 draft ietf isis igp p2p over lan 06 Point to point operation over LAN ...

Page 1245: ...to OSPF Version 2 8 3 1 3784 Intermediate System to Intermediate System IS IS Extensions for Traffic Engineering TE 8 3 1 3812 Multiprotocol Label Switching MPLS Traffic Engineering TE Management Information Base MIB 8 3 1 3813 Multiprotocol Label Switching MPLS Label Switching Router LSR Management Information Base MIB 8 3 1 4090 Fast Reroute Extensions to RSVP TE for LSP Tunnels 8 3 1 4379 Detec...

Page 1246: ... SSM 7 8 1 SSM for IPv4 7 7 1 SSM for IPv4 7 5 1 SSM for IPv4 IPv6 8 2 1 SSM for IPv4 3618 Multicast Source Discovery Protocol MSDP 8 1 1 3810 Multicast Listener Discovery Version 2 MLDv2 for IPv6 8 2 1 3973 Protocol Independent Multicast Dense Mode PIM DM Protocol Specification Revised 4541 Considerations for Internet Group Management Protocol IGMP and Multicast Listener Discovery MLD Snooping Sw...

Page 1247: ...nternet Protocol using SMIv2 7 6 1 7 5 1 8 1 1 2012 SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2 7 6 1 7 5 1 8 1 1 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2 7 6 1 7 5 1 8 1 1 2024 Definitions of Managed Objects for Data Link Switching using SMIv2 7 6 1 7 5 1 8 1 1 2096 IP Forwarding Table MIB 7 6 1 7 5 1 8 1 1 2558 De...

Page 1248: ... Router Redundancy Protocol 7 6 1 7 5 1 8 1 1 2819 Remote Network Monitoring Management Information Base Ethernet Statistics Table Ethernet History Control Table Ethernet History Table Alarm Table Event Table Log Table 7 6 1 7 5 1 8 1 1 2863 The Interfaces Group MIB 7 6 1 7 5 1 8 1 1 2865 Remote Authentication Dial In User Service RADIUS 7 6 1 7 5 1 8 1 1 3273 Remote Network Monitoring Management ...

Page 1249: ...6 1 7 6 1 8 1 1 IEEE 802 1AB The LLDP Management Information Base extension module for IEEE 802 1 organizationally defined discovery information LLDP DOT1 MIB and LLDP DOT3 MIB 7 7 1 7 6 1 7 6 1 8 1 1 IEEE 802 1AB The LLDP Management Information Base extension module for IEEE 802 3 organizationally defined discovery information LLDP DOT1 MIB and LLDP DOT3 MIB 7 7 1 7 6 1 7 6 1 8 1 1 ruzin mstp mib...

Page 1250: ...IB Dell Force10 File Copy MIB supporting SNMP SET operation 7 7 1 7 7 1 8 1 1 FORCE10 MON MIB Dell Force10 Monitoring MIB 7 6 1 7 5 1 8 1 1 FORCE10 PROD UCTS MIB Dell Force10 Product Object Identifier MIB 7 6 1 7 5 1 8 1 1 FORCE10 SS C HASSIS MIB Dell Force10 S Series Enterprise Chassis MIB 7 6 1 FORCE10 SMI Dell Force10 Structure of Management Information 7 6 1 7 5 1 8 1 1 FORCE10 SYST EM COMPONE...

Page 1251: ...ntation aspx You also can obtain a list of selected MIBs and their OIDs at the following URL https www force10networks com csportal20 MIBs MIB_OIDs aspx Some pages of iSupport require a login To request an iSupport account go to https www force10networks com CSPortal20 Support AccountRequest aspx If you have forgotten or lost your account information contact Dell Force10 TAC for assistance ...

Page 1252: ...1252 Standards Compliance w w w d e l l c o m s u p p o r t d e l l c o m ...

Page 1253: ...133 RADIUS 927 ACL apply through XML CLI 1161 ACL create egress and apply rules through XML CLI 1162 ACL extended configure through XML CLI 1161 ACL standard configure through XML CLI 1161 ANSI TIA 1057 586 Applying an ACL to Loopback 151 Area Border Router See ABR AS 206 support 226 AS PATH ACL permit all routes statement 257 configuring 243 AS_PATH attribute using 243 authentication implementati...

Page 1254: ...neighbor 263 specifying next hop address 253 254 Timers defaults 225 timers negotiation 263 viewing all BGP path attributes 243 viewing the BGP configuration 228 viewing the status of BGP neighbors 228 viewing the status of peer groups 234 boot change command 77 boot system command 78 Border Gateway Protocol BGP 205 BPDU 904 Bridge MIB STP implementation 1050 Bridge Protocol Data Units See BPDU C ...

Page 1255: ...bled 408 implicit deny 133 interface GigabitEthernet command 1161 1162 Interface modes Layer 2 420 Layer 3 420 Interface Range Macros 443 Interface types 100 1000 Ethernet 415 420 10 Gigabit Ethernet 415 420 1 Gigabit Ethernet 415 420 Loopback 420 management 420 Management Ethernet interface 419 Port Channel 420 VLAN 420 interface types null interface 420 interfaces auto negotiation setting 455 cl...

Page 1256: ...ntermediate System to Intermediate System 507 Level 1 507 Level 1 2 507 Level 2 507 NET 508 N selector 508 system address 508 ISIS graceful restart 517 redistribute OSPF 246 527 528 IS IS TLVs 511 ISO IEC 10589 509 L LAG hash algorithm 332 431 433 436 LAG See Port Channels Layer 2 features redundant pairs 573 Layer 2 mode configuring 420 Layer 2 protocols configuring 420 Layer 3 mode enable traffi...

Page 1257: ...Topology IS IS 509 N NET 508 area address 508 length 508 N selector 508 system address 508 network boot facility 78 Network Entity Title See NET NIC teaming 569 no permit host command 1165 no more 44 no more parameter 44 NSAP addresses 508 NTP configuring authentication 1075 configuring source address 1074 null 420 null interface available command 427 definition 427 entering the interface 427 info...

Page 1258: ...onitoring Commands Important Points to Remember 813 port priority 905 1055 Portfast 906 1056 PPP 419 Prefix list See IP Prefix list Privilege Level 928 privilege levels and CLI commands 921 definition 920 number of levels available 920 privilege level 0 definition 920 privilege level 1 definition 920 privilege level 15 definition 920 process restartability 399 Protocol Data Units See PDU Proxy ARP...

Page 1259: ... 1162 seq permit command 1164 SFM channel monitoring 391 show accounting command 916 show chassis command 1155 show commands supported by XML CLI 1155 show crypto 938 show interfaces command 458 1156 show interfaces switchport command 458 show ip protocols command 887 889 show ip rip database command 887 889 show ip route command 887 889 show ip ssh client pub keys 938 show ip ssh command 936 show...

Page 1260: ... Redundancy Protocol See VRRP Virtual Routing and Forwarding See VRF virtual ip Important Things to Remember 424 VLAN configuration automatic 373 VLANs 420 adding a port channel 435 configuring MTU values 453 IP routing 426 removing a port channel 435 VLSM 463 VLSM Variable Length Subnet Masks 878 VRF CAM profiles 1112 DHCP restriction 1114 example 1110 feature description 1109 IP addressing 1114 ...

Page 1261: ...thentication and authorization 948 W warm upgrade 393 X XML 1155 1159 XML CLI apply ACL 1161 configure extended ACL 1161 configure standard ACL 1161 create egress ACL and apply rules 1162 error conditions 1163 error responses 1162 show commands supported 1155 XML CLI Limitations 1162 XML CLI request 1159 XML mode 1156 XML namespace 1162 ...

Page 1262: ...1262 Index w w w d e l l c o m s u p p o r t d e l l c o m ...

Reviews:

No comments

Related manuals for Force10 E300

Brand: Extreme Networks Pages: 22

Brand: National Instruments Pages: 40

Brand: National Instruments Pages: 4

Brand: Jou Jye Pages: 3

Brand: AICSYS Pages: 11

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands