Dell N2000 Series Configuration Manual Download Page 210 | Manualshive

Page: 210 / 1460

background image

210

Configuring Authentication, Authorization, and Accounting

The methods available for authentication are: host-based authentication,

public key authentication, challenge-response authentication, and password

authentication. Authentication methods are tried in the order specified

above, although SSH-2 has a configuration option to change the default

order.
Host-based authentication operates as follows:
If the host from which the user logs in is listed in a specific file

(/etc/hosts.equiv or /etc/ssh/shosts.equiv) on the remote host, and the user

names are the same on both hosts, or if the files ~/.rhosts or ~/.shosts exist in

the user's home directory on the remote host and contain a line containing

the name of the client machine and the name of the user on that machine,

the user is considered for login. Additionally, the server must be able to verify

the client's host key for login to be permitted. This authentication method

closes security holes due to IP spoofing, DNS spoofing, and routing spoofing.

This authentication method is not implemented by DNOS.
Public key authentication operates as follows:
The administrator first generates a pair of encryption keys, the "public" key

and the "private" key. Messages encrypted with the private key can only be

decrypted by the public key, and vice-versa. The administrator keeps the

private key on his/her local machine, and loads the public key on to the

switch. When the administrator attempts to log into the switch, the protocol

sends a brief message, encrypted with the public key. If the switch can decrypt

the message (and can send back some proof that it has done so) then the

response proves that switch must possess the private key, and user is

authenticated without giving a username/password.
This method is implemented in DNOS. If the user does not present a

certificate, it is not considered an error, and authentication will continue with

challenge-response authentication.
Challenge-response authentication works as follows:
The switch sends an arbitrary "challenge" text and prompts for a response.

SSH-2 allows multiple challenges and responses; SSH-1 is restricted to one

challenge/response only. Examples of challenge-response authentication

include BSD Authentication.
Finally, if all other authentication methods fail, SSH prompts the user for a

password.

«
...
208
209
210
211
212
...
»

Summary of Contents for N2000 Series

Page 1: ...Dell Networking N2000 N3000 and N4000 Series Switches User s Configuration Guide Regulatory Models N2024 N2024P N2038 N2048P N3024 N3024F N3024P N3048 N3048P N4032 N4032F N4064 N4064F ...

Page 2: ...e trademarks of Dell Inc Microsoft Windows Windows Server MS DOS and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and or other countries sFlow is a registered trademark of InMon Corporation Cisco is a registered trademark of Cisco Systems Mozilla and Firefox are registered trademarks of the Mozilla Foundation Other trademarks and trade ...

Page 3: ...ystem Time Management 56 Log Messages 57 Integrated DHCP Server 57 Management of Basic Network Information 57 IPv6 Management Features 58 Dual Software Images 58 File Management 58 Switch Database Management Templates 58 Automatic Installation of Firmware and Configuration 59 sFlow 59 SNMP Alarms and Trap Logs 60 CDP Interoperability through ISDP 60 Remote Monitoring RMON 60 Stacking Features 61 H...

Page 4: ...ACACS Client 63 RADIUS Support 64 SSH SSL 64 Inbound Telnet Control 64 Denial of Service 64 Port Protection 64 Captive Portal 65 Dot1x Authentication IEEE 802 1X 66 MAC Based 802 1X Authentication 66 Dot1x Monitor Mode 66 MAC Based Port Security 66 Access Control Lists ACL 67 Time Based ACLs 67 IP Source Guard IPSG 67 DHCP Snooping 68 Dynamic ARP Inspection 68 Protected Ports Private VLAN Edge 68 ...

Page 5: ...on 72 Broadcast Storm Control 73 Port Mirroring 73 Static and Dynamic MAC Address Tables 73 Link Layer Discovery Protocol LLDP 74 Link Layer Discovery Protocol LLDP for Media Endpoint Devices 74 Connectivity Fault Management IEEE 802 1ag 74 Priority based Flow Control PFC 74 Data Center Bridging Exchange DBCx Protocol 75 Enhanced Transmission Selection 75 Cisco Protocol Filtering 76 DHCP Layer 2 R...

Page 6: ...80 Link Aggregation Features 81 Link Aggregation 81 Link Aggregate Control Protocol LACP 81 Multi Switch LAG MLAG 81 Routing Features 82 Address Resolution Protocol ARP Table Management 82 VLAN Routing 82 IP Configuration 82 Open Shortest Path First OSPF 82 BOOTP DHCP Relay Agent 83 IP Helper and UDP Relay 83 Routing Information Protocol 83 Router Discovery 83 Routing Table 83 Virtual Router Redun...

Page 7: ...ing Querier 88 MLD Snooping 88 Multicast VLAN Registration 88 Layer 3 Multicast Features 89 Distance Vector Multicast Routing Protocol 89 Internet Group Management Protocol 89 IGMP Proxy 89 Protocol Independent Multicast Dense Mode 89 Protocol Independent Multicast Sparse Mode 90 Protocol Independent Multicast Source Specific Multicast 90 Protocol Independent Multicast IPv6 Support 90 MLD MLDv2 RF...

Page 8: ...N3000 Series PoE Switches 113 Dell Networking N4000 Series Switch Hardware 115 Front Panel 115 N4000 Back Panel 119 LED Definitions 121 Switch MAC Addresses 125 4 Using Dell OpenManage Switch Administrator 127 About Dell OpenManage Switch Administrator 127 Starting the Application 128 Understanding the Interface 129 Using the Switch Administrator Buttons and Links 131 Defining Fields 132 Understan...

Page 9: ... Help 139 Using Command Completion 140 Entering Abbreviated Commands 140 Negating Commands 140 Command Output Paging 141 Understanding Error Messages 141 Recalling Commands from the History Buffer 141 142 6 Default Settings 143 7 Setting the IP Address and Other Basic Network Information 147 IP Address and Network Information Overview 147 What Is the Basic Network Information 147 Why Is Basic Netw...

Page 10: ...Default Gateway 155 Domain Name Server 157 Default Domain Name 158 Host Name Mapping 159 Dynamic Host Name Mapping 160 Configuring Basic Network Information CLI 161 Enabling the DHCP Client on the OOB Port 161 Enabling the DHCP Client on the Default VLAN 161 Managing DHCP Leases 162 Configuring Static Network Information on the OOB Port 163 Configuring Static Network Information on the Default VLA...

Page 11: ...ow is the Firmware Updated on the Stack 177 What is Stacking Standby 178 What is Nonstop Forwarding 178 Switch Stack MAC Addressing and Stack Design Considerations 181 NSF Network Design Considerations 181 Why is Stacking Needed 182 Default Stacking Values 182 Managing and Monitoring the Stack Web 184 Unit Configuration 184 Stack Summary 185 Stack Firmware Synchronization 186 Supported Switches 18...

Page 12: ... NSF and DHCP Snooping 201 NSF and the Storage Access Network 202 NSF and Routed Access 204 10 Configuring Authentication Authorization and Accounting 207 AAA Overview 207 Methods 208 Access Lines 209 Authentication 211 Authentication Types 211 Authorization 212 Exec Authorization Capabilities 212 Accounting 214 Authentication Examples 215 Local Authentication Example 215 TACACS Authentication Exa...

Page 13: ... RADIUS Authorization Example Direct Login to Privileged EXEC Mode 231 RADIUS Authorization Example Administrative Profiles 232 Using RADIUS Servers to Control Management Access 232 How Does RADIUS Control Management Access 232 Which RADIUS Attributes Does the Switch Support 234 How Are RADIUS Attributes Processed on the Switch 236 Using TACACS Servers to Control Management Access 237 Which TACACS...

Page 14: ...nsidered When Configuring Logging 247 Default Log Settings 248 Monitoring System Information and Configuring Logging Web 249 Device Information 249 System Health 251 System Resources 252 Unit Power Usage History 253 Integrated Cable Test for Copper Cables 254 Optical Transceiver Diagnostics 255 Log Global Settings 257 RAM Log 258 Log File 259 Syslog Server 259 Email Alert Global Configuration 262 ...

Page 15: ...ogging 274 Configuring Email Alerting 276 12 Managing General System Settings 279 System Settings Overview 279 Why Does System Information Need to Be Configured 281 What Are SDM Templates 281 Why is the System Time Needed 283 How Does SNTP Work 283 What Configuration Is Required for Plug In Modules 284 What Are the Key PoE Plus Features for the N2024P N2048P and N3024P N3048P Switches 285 Default ...

Page 16: ...7 Configuring System Information 307 Configuring the Banner 308 Managing the SDM Template 309 Configuring SNTP Authentication and an SNTP Server 309 Setting the System Time and Date Manually 311 Configuring the Expansion Slots N3000 Series Only 312 Viewing Slot Information N4000 Series Only 313 Configuring PoE Settings N2024P N2048P and N3024P N3048P Only 313 General System Settings Configuration ...

Page 17: ...8 Trap Flags 340 OSPFv2 Trap Flags 341 OSPFv3 Trap Flags 342 Trap Log 343 Configuring SNMP CLI 345 Configuring the SNMPv3 Engine ID 345 Configuring SNMP Views Groups and Users 346 Configuring Communities 349 Configuring SNMP Notifications Traps and Informs 351 SNMP Configuration Examples 354 Configuring SNMPv1 and SNMPv2 354 Configuring SNMPv3 355 14 Managing Images and Files 359 Image and File Ma...

Page 18: ...ownloading and Activating a New Image TFTP 375 Managing Files in Internal Flash 377 Managing Files on a USB Flash Device 379 Uploading a Configuration File SCP 379 Managing Configuration Scripts SFTP 380 File and Image Management Configuration Examples 381 Upgrading the Firmware 381 Managing Configuration Scripts 384 Managing Files by Using the USB Flash Drive 386 15 Automatically Updating the Ima...

Page 19: ...g Auto Configuration Web 401 Auto Install Configuration 401 Managing Auto Configuration CLI 402 Managing Auto Configuration 402 Auto Configuration Example 403 Enabling USB Auto Configuration and Auto Image Download 403 Enabling DHCP Auto Configuration and Auto Image Download 405 Easy Image Upgrade via USB 406 16 Monitoring Switch Traffic 407 Traffic Monitoring Overview 407 What is sFlow Technology...

Page 20: ...ummary 424 Switchport Statistics 425 RMON Statistics 426 RMON History Control Statistics 427 RMON History Table 429 RMON Event Control 430 RMON Event Log 432 RMON Alarms 433 Port Statistics 435 LAG Statistics 436 Port Mirroring 437 Monitoring Switch Traffic CLI 439 Configuring sFlow 439 Configuring RMON 441 Viewing Statistics 443 Configuring Port Mirroring 444 Configuring RSPAN 445 Traffic Monitor...

Page 21: ... What Occurs When iSCSI Optimization Is Enabled or Disabled 463 How Does iSCSI Optimization Interact with DCBx 464 How Does iSCSI Optimization Interact with Dell Compellent Arrays 464 iSCSI CoS and Priority Flow Control Enhanced Transmission Selection Interactions 465 Default iSCSI Optimization Values 466 Configuring iSCSI Optimization Web 467 iSCSI Global Configuration 467 iSCSI Targets Table 468...

Page 22: ...t Configuration 486 Link Dependency Configuration 489 Link Dependency Summary 491 Port Green Ethernet Configuration 492 Port Green Ethernet Statistics 493 Port Green Ethernet LPI History 495 Configuring Port Characteristics CLI 496 Configuring Port Settings 496 Configuring Link Dependencies 497 Configuring Green Features 498 Port Configuration Examples 500 Configuring Port Settings 500 Configuring...

Page 23: ... 802 1X Interaction 579 Authentication Priority 579 Configuration Example 802 1X and MAB 580 Denial of Service 582 20 Configuring Access Control Lists 583 ACL Overview 583 What Are MAC ACLs 584 What Are IP ACLs 585 What Is the ACL Redirect Function 585 What Is the ACL Mirror Function 585 What Is ACL Logging 586 What Are Time Based ACLs 586 What Are the ACL Limitations 587 ACL Configuration Details...

Page 24: ...onfiguration 607 ACL Binding Configuration 609 Time Range Entry Configuration 610 Configuring ACLs CLI 612 Configuring an IPv4 ACL 612 Configuring a MAC ACL 618 Configuring an IPv6 ACL 623 Configuring a Time Range 626 ACL Configuration Examples 628 Basic Rules 628 Internal System ACLs 629 Complete ACL Example 629 Advanced Examples 633 Policy Based Routing Examples 640 21 Configuring VLANs 645 VLAN...

Page 25: ... Configuration 678 Double VLAN Interface Configuration 679 Voice VLAN 681 Configuring VLANs CLI 682 Creating a VLAN 682 Configuring a Port in Access Mode 682 Configuring a Port in Trunk Mode 683 Configuring a Port in General Mode 686 Configuring VLAN Settings for a LAG 688 Configuring Double VLAN Tagging 689 Configuring MAC Based VLANs 691 Configuring IP Based VLANs 692 Configuring a Protocol Base...

Page 26: ...17 MSTP with Multiple Forwarding Paths 721 What are the Optional STP Features 722 RSTP PV 724 DirectLink Rapid Convergence 725 IndirectLink Rapid Convergence Feature 727 Interoperability Between STP PV and RSTP PV Modes 729 Interoperability With IEEE Spanning Tree Protocols 729 Configuration Examples 734 Default STP Values 735 Configuring Spanning Tree Web 736 STP Global Settings 736 STP Port Sett...

Page 27: ...cess Switch Configuration Example 756 23 Discovering Network Devices 761 Device Discovery Overview 761 What Is ISDP 761 What is LLDP 761 What is LLDP MED 762 Why are Device Discovery Protocols Needed 762 Default IDSP and LLDP Values 763 Configuring ISDP and LLDP Web 765 ISDP Global Configuration 765 ISDP Cache Table 766 ISDP Interface Configuration 767 ISDP Statistics 768 LLDP Configuration 769 LL...

Page 28: ...Discovery Configuration Examples 782 Configuring ISDP 782 Configuring LLDP 783 24 Configuring Port Based Traffic Control 787 Port Based Traffic Control Overview 787 What is Flow Control 788 What is Storm Control 788 What are Protected Ports 789 What is Link Local Protocol Filtering 789 Default Port Based Traffic Control Values 790 Configuring Port Based Traffic Control Web 791 Flow Control Global ...

Page 29: ...re L3 Multicast Features Required 809 What Are GARP and GMRP 810 Snooping Switch Restrictions 812 Partial IGMPv3 and MLDv2 Support 812 MAC Address Based Multicast Group 812 IGMP MLD Snooping in a Multicast Router 812 Topologies Where the Multicast Source Is Not Directly Connected to the Querier 813 Using Static Multicast MAC Configuration 813 IGMP Snooping and GMRP 813 Default L2 Multicast Values ...

Page 30: ... 843 MFDB GMRP Table 845 Configuring L2 Multicast Features CLI 846 Configuring Layer 2 Multicasting 846 Configuring IGMP Snooping on VLANs 847 Configuring IGMP Snooping Querier 848 Configuring MLD Snooping on VLANs 849 Configuring MLD Snooping Querier 850 Configuring MVR 851 Configuring GARP Timers and GMRP 853 Case Study on a Real World Network Topology 854 Multicast Snooping Case Study 854 26 Co...

Page 31: ...Dot1ag L2 Traceroute Cache 871 Dot1ag Statistics 872 Configuring Dot1ag CLI 873 Configuring Dot1ag Global Settings and Creating Domains 873 Configuring MEP Information 874 Dot1ag Ping and Traceroute 875 Dot1ag Configuration Example 876 27 Snooping and Inspecting Traffic 879 Traffic Snooping and Inspection Overview 879 What Is DHCP Snooping 880 How Is the DHCP Snooping Bindings Database Populated 8...

Page 32: ...mary 893 DHCP Snooping Statistics 894 IPSG Interface Configuration 895 IPSG Binding Configuration 895 IPSG Binding Summary 896 DAI Global Configuration 897 DAI Interface Configuration 898 DAI VLAN Configuration 900 DAI ACL Configuration 901 DAI ACL Rule Configuration 901 DAI Statistics 902 Configuring Traffic Snooping and Inspection CLI 904 Configuring DHCP Snooping 904 Configuring IP Source Guard...

Page 33: ...iguration Consistency 936 Operation in the Network 939 L2 Configuration Steps 942 Switch Firmware Upgrade Procedure 945 Static Routing on MLAG Interfaces 946 Caveats and Limitations 953 Basic Configuration Example 959 A Complete Example 966 29 Configuring Data Center Bridging Features 983 Data Center Bridging Technology Overview 983 Default DCB Values 984 Priority Flow Control 985 PFC Operation an...

Page 34: ...ion Example 1003 ETS Theory of Operation 1009 30 Managing the MAC Address Table 1015 MAC Address Table Overview 1015 How Is the Address Table Populated 1015 What Information Is in the MAC Address Table 1016 How Is the MAC Address Table Maintained Across a Stack 1016 Default MAC Address Table Values 1016 Managing the MAC Address Table Web 1017 Static Address Table 1017 Global Address Table 1019 Man...

Page 35: ...uration 1027 DHCP Lease Parameters 1028 VLAN Routing Summary 1028 Tunnel Configuration 1029 Tunnels Summary 1030 Loopbacks Configuration 1031 Loopbacks Summary 1032 Configuring Routing Interfaces CLI 1033 Configuring VLAN Routing Interfaces IPv4 1033 Configuring Loopback Interfaces 1035 Configuring Tunnels 1036 32 Configuring DHCP Server and Relay Settings 1037 DHCP Overview 1037 How Does DHCP Wor...

Page 36: ...Global DHCP Server Settings 1054 Configuring a Dynamic Address Pool 1055 Configuring a Static Address Pool 1056 Monitoring DHCP Server Information 1057 DHCP Server Configuration Examples 1058 Configuring a Dynamic Address Pool 1058 Configuring a Static Address Pool 1060 33 Configuring IP Routing 1063 IP Routing Overview 1063 Default IP Routing Values 1065 ARP Table 1066 Configuring IP Routing Feat...

Page 37: ...e Preferences 1082 IP Routing Configuration Example 1084 Configuring Dell Networking Switch A 1085 Configuring Dell Networking Switch B 1086 34 Configuring L2 and L3 Relay Features 1087 L2 and L3 Relay Overview 1087 What Is L3 DHCP Relay 1087 What Is L2 DHCP Relay 1088 What Is the IP Helper Feature 1089 Default L2 L3 Relay Values 1093 Configuring L2 and L3 Relay Features Web 1094 DHCP Relay Global...

Page 38: ...s 1112 What Are OSPF Routers and LSAs 1113 How Are Routes Selected 1113 How Are OSPF and OSPFv3 Different 1113 OSPF Feature Details 1114 Max Metric 1114 Static Area Range Cost 1116 LSA Pacing 1117 Flood Blocking 1118 Default OSPF Values 1120 Configuring OSPF Features Web 1122 OSPF Configuration 1122 OSPF Area Configuration 1123 OSPF Stub Area Summary 1126 OSPF Area Range Configuration 1127 OSPF In...

Page 39: ...tabase 1148 OSPFv3 Virtual Link Configuration 1149 OSPFv3 Virtual Link Summary 1151 OSPFv3 Route Redistribution Configuration 1152 OSPFv3 Route Redistribution Summary 1153 NSF OSPFv3 Configuration 1154 Configuring OSPF Features CLI 1155 Configuring Global OSPF Settings 1155 Configuring OSPF Interface Settings 1158 Configuring Stub Areas and NSSAs 1160 Configuring Virtual Links 1162 Configuring OSP...

Page 40: ...ork 1187 Configuring the Static Area Range Cost 1190 Configuring Flood Blocking 1195 36 Configuring RIP 1201 RIP Overview 1201 How Does RIP Determine Route Information 1201 What Is Split Horizon 1202 What RIP Versions Are Supported 1202 Default RIP Values 1203 Configuring RIP Features Web 1204 RIP Configuration 1204 RIP Interface Configuration 1205 RIP Interface Summary 1206 RIP Route Redistributi...

Page 41: ...terface Tracking 1219 Default VRRP Values 1221 Configuring VRRP Features Web 1222 VRRP Configuration 1222 VRRP Virtual Router Status 1223 VRRP Virtual Router Statistics 1224 VRRP Router Configuration 1225 VRRP Route Tracking Configuration 1226 VRRP Interface Tracking Configuration 1228 Configuring VRRP Features CLI 1230 Configuring VRRP Settings 1230 VRRP Configuration Example 1232 VRRP with Load ...

Page 42: ... Summary 1247 IPv6 Statistics 1248 IPv6 Neighbor Table 1249 DHCPv6 Client Parameters 1250 DHCPv6 Client Statistics 1251 IPv6 Router Entry Configuration 1252 IPv6 Route Table 1253 IPv6 Route Preferences 1254 Configured IPv6 Routes 1255 Configuring IPv6 Routing Features CLI 1256 Configuring Global IP Routing Settings 1256 Configuring IPv6 Interface Settings 1257 Configuring IPv6 Neighbor Discovery 1...

Page 43: ...Configuration 1268 DHCPv6 Pool Configuration 1269 Prefix Delegation Configuration 1271 DHCPv6 Pool Summary 1272 DHCPv6 Interface Configuration 1273 DHCPv6 Server Bindings Summary 1275 DHCPv6 Statistics 1276 Configuring the DHCPv6 Server and Relay CLI 1277 Configuring Global DHCP Server and Relay Agent Settings 1277 Configuring a DHCPv6 Pool for Stateless Server Support 1277 Configuring a DHCPv6 Po...

Page 44: ...288 DiffServ Configuration 1288 Class Configuration 1289 Class Criteria 1290 Policy Configuration 1292 Policy Class Definition 1294 Service Configuration 1297 Service Detailed Statistics 1298 Flow Based Mirroring 1299 Configuring DiffServ CLI 1300 DiffServ Configuration Global 1300 DiffServ Class Configuration for IPv4 1300 DiffServ Class Configuration for IPv6 1302 DiffServ Policy Creation 1303 D...

Page 45: ...anagement Methods Are Supported 1315 CoS Queue Usage 1316 Default CoS Values 1316 Configuring CoS Web 1318 Mapping Table Configuration 1318 Interface Configuration 1320 Interface Queue Configuration 1321 Interface Queue Drop Precedence Configuration 1322 Configuring CoS CLI 1324 Mapping Table Configuration 1324 CoS Interface Configuration Commands 1325 Interface Queue Configuration 1325 Configurin...

Page 46: ...CLI 1335 43 Managing IPv4 and IPv6 Multicast 1337 L3 Multicast Overview 1337 What Is IP Multicast Traffic 1338 What Multicast Protocols Does the Switch Support 1339 What Are the Multicast Protocol Roles 1339 When Is L3 Multicast Required on the Switch 1340 What Is the Multicast Routing Table 1341 What Is IGMP 1341 What Is MLD 1342 What Is PIM 1343 What Is DVMRP 1353 Default L3 Multicast Values 135...

Page 47: ...formation 1366 IGMP Interface Source List Information 1368 IGMP Proxy Interface Configuration 1369 IGMP Proxy Configuration Summary 1370 IGMP Proxy Interface Membership Info 1371 Detailed IGMP Proxy Interface Membership Information 1372 Configuring MLD and MLD Proxy Web 1373 MLD Global Configuration 1373 MLD Routing Interface Configuration 1374 MLD Routing Interface Summary 1375 MLD Routing Interf...

Page 48: ...1396 DVMRP Next Hop Summary 1397 DVMRP Prune Summary 1398 DVMRP Route Summary 1398 Configuring L3 Multicast Features CLI 1399 Configuring and Viewing IPv4 Multicast Information 1399 Configuring and Viewing IPv6 Multicast Route Information 1401 Configuring and Viewing IGMP 1402 Configuring and Viewing IGMP Proxy 1404 Configuring and Viewing MLD 1405 Configuring and Viewing MLD Proxy 1406 Configurin...

Page 49: ...MRP Information 1416 L3 Multicast Configuration Examples 1417 Configuring Multicast VLAN Routing With IGMP and PIM SM 1417 Configuring DVMRP 1421 A Feature Limitations and Platform Constants 1423 B System Process Definitions 1433 Index 1441 ...

Page 50: ...50 Contents ...

Page 51: ...ch models N2024 N2024P N2038 N2048P N3024 N3024F N3024P N3048 N3048P N4032 N4032F N4064 N4064F About This Document This guide describes how to configure monitor and maintain Dell Networking N2000 N3000 N4000 switches by using web based Dell OpenManage Switch Administrator utility or the command line interface CLI NOTE Switch administrators are strongly advised to maintain Dell Networking switches ...

Page 52: ...es field names menu options button names and CLI commands and keywords courier font Command line text CLI output and file names In a command line square brackets indicate an optional entry In a command line inclusive brackets indicate a selection of compulsory parameters separated by the character One option must be selected For example spanning tree mode stp rstp mstp means that for the spanning ...

Page 53: ...information about the switch models in the series including front and back panel features It also describes the installation and initial configuration procedures CLI Reference Guide provides information about the command line interface CLI commands used to configure and manage the switch The document provides in depth CLI descriptions syntax default values and usage guidelines ...

Page 54: ...54 Introduction ...

Page 55: ...t The release notes are part of the firmware download System Management Features Stacking Features Security Features Green Technology Features Power over Ethernet PoE Plus Features Switching Features Virtual Local Area Network Supported Features Spanning Tree Protocol Features Link Aggregation Features Routing Features IPv6 Routing Features Quality of Service QoS Features Layer 2 Multicast Feature...

Page 56: ... when enabled typically via an admin mode control or when the required hardware is present or both For example a port can be preconfigured with both trunk and access mode information The trunk mode information is applied only when the port is placed into trunk mode and the access mode information is only applied when the port is placed into access mode Likewise OSPF routing can be configured in th...

Page 57: ... DHCP server allows you to configure IPv4 address pools scopes and when a host s DHCP client requests an address the switch DHCP server automatically assigns the host an address from the pool For information about configuring the DHCP server settings see Configuring DHCP Server and Relay Settings on page 1037 Management of Basic Network Information The DHCP client on the switch allows the switch t...

Page 58: ...eb only TFTP Secure FTP SFTP or Secure Copy SCP Configuration file uploads from the switch to a server are a good way to back up the switch configuration You can also download a configuration file from a server to the switch to restore the switch to the configuration in the downloaded file You can also copy files to and from a USB Flash drive that is plugged into the USB port on the front panel of...

Page 59: ...gy is built into network equipment and gives complete visibility into network activity enabling effective management and control of network resources The Dell Networking series switches support sFlow version 5 For information about configuring managing sFlow settings see Monitoring Switch Traffic on page 407 NOTE Automatic migration of the startup configuration to the next version of firmware from...

Page 60: ...ry Protocol CDP ISDP is a proprietary Layer 2 network protocol which inter operates with Cisco network equipment and is used to share information between neighboring devices routers bridges access servers and switches For information about configuring ISDP settings see Discovering Network Devices on page 761 Remote Monitoring RMON RMON is a standard Management Information Base MIB that defines cur...

Page 61: ... series switches will stack with other N2000 series switches and Dell Networking N3000 series switches stack with other N3000 series switches Dell Networking N4000 series switches stack with other Dell Networking N4000 series switches over front panel ports configured for stacking Single IP Management When multiple switches are connected together through the stack ports they operate as a single un...

Page 62: ...y takeover as the master Hot Add Delete and Firmware Synchronization You can add and remove units to and from the stack without cycling the power When you add a unit the Stack Firmware Synchronization feature if enabled automatically synchronizes the firmware version with the version running on the stack master The synchronization operation may result in either an upgrade or a downgrade of firmwar...

Page 63: ...on Authorization and Accounting on page 207 Strong Password Enforcement The Strong Password feature enforces a baseline password strength for all locally administered users Password strength is a measure of the effectiveness of a password in resisting guessing and brute force attacks The strength of a password is a function of length complexity and randomness Using strong passwords lowers overall ...

Page 64: ...er can be enabled or disabled using the ip ssh command For information about configuring SSH and SSL settings see Configuring Authentication Authorization and Accounting on page 207 Inbound Telnet Control By default the switch allows access over Telnet The administrator can enable or disable the Telnet server using the ip telnet command Additionally the Telnet port number is configurable using the...

Page 65: ...e when it is unable to update the internal state of the interface for more than 90 seconds or when the internal message buffer for an interface overflows SFP transceivers SFP transceivers are not compatible with SFP slots M3024F front panel ports To avoid damage to SFP transceivers mistakenly inserted into SFP ports the SFP port is diagnostically disabled when an SFP transceiver is detected ICMP s...

Page 66: ...n order to send voice traffic through the port For information about configuring MAC based 802 1X authentication see Configuring Port and System Security on page 503 Dot1x Monitor Mode Monitor mode can be enabled in conjunction with Dot1x authentication to allow network access even when the user fails to authenticate The switch logs the results of the authentication process for diagnostic purposes...

Page 67: ...icy based routing PBR to implement packet routing according to specific organizational policies For information about configuring ACLs and PBR see Configuring Access Control Lists on page 583 Time Based ACLs With the Time based ACL feature you can define when an ACL is in effect and the amount of time it is in effect For information about configuring time based ACLs see Configuring Access Control ...

Page 68: ...ious ARP packets The feature prevents a class of man in the middle attacks where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors The malicious station sends ARP requests or responses mapping another station s IP address to its own MAC address Dynamic ARP Inspection relies on DHCP Snooping For information about configuring DAI se...

Page 69: ...EE Lower Power Idle Mode which enables both the send and receive sides of the link to disable some functionality for power savings when the link is lightly loaded EEE and energy detect are supported on the N2000 and N3000 1G copper ports EEE is supported on the N4000 10G copper ports and energy detect is supported on the N4000 10G and 40G copper ports EEE and energy detect are disabled by default ...

Page 70: ...an also be limited on a per port basis PoE Plus Support The Dell Networking N2024P N2048P and N3024P N3048P switches implement the PoE Plus specification IEEE 802 1at in addition to the IEEE 802 3AF specification This allows power to be supplied to Class 4 PD devices that require power greater than 15 4 Watts Each port is capable of delivering up to 34 2W of power Real time power supply status is ...

Page 71: ... of the queue are forwarded before packets at the end of the queue Alternate Store and Forward ASF The Alternate Store and Forward ASF feature reduces latency for large packets When ASF is enabled the memory management unit MMU can forward a packet to the egress port before it has been entirely received on the Cell Buffer Pool CBP memory AFS which is also known as cut through mode is configurable ...

Page 72: ...ffic On full duplex links a receiver may send a PAUSE frame indicating that the transmitter should cease transmission of frames for a specified period When flow control is enabled the Dell Networking series switches will observe received PAUSE frames or jamming signals but will not issue them when congested Auto Negotiation Auto negotiation allows the switch to advertise modes of operation The aut...

Page 73: ...s flow based mirroring which allows you to copy certain types of traffic to a single destination port This provides flexibility instead of mirroring all ingress or egress traffic on a port the switch can mirror a subset of that traffic You can configure the switch to mirror flows based on certain kinds of Layer 2 Layer 3 and Layer 4 information Dell Networking switches support RSPAN destinations w...

Page 74: ...agement IEEE 802 1ag The Connectivity Fault Management CFM feature also known as Dot1ag supports Service Level Operations Administration and Management OAM CFM is the OAM Protocol provision for end to end service layer instance in carrier networks The CFM feature provides mechanisms to help you perform connectivity checks fault detection fault verification and isolation and fault notification per ...

Page 75: ...nformation about configuring DCBx settings see Configuring Data Center Bridging Features on page 983 DCBx is a link local protocol and operates only on individual links Enhanced Transmission Selection Enhanced Transmission Selection ETS allows the switch to allocate bandwidth to traffic classes and share unused bandwidth with lower priority traffic classes while coexisting with strict priority tra...

Page 76: ...1D MAC Bridge Filtered MAC Group Addresses 01 80 C2 00 00 00 to 01 80 C2 00 00 0F For information about configuring LLPF settings see Configuring Port Based Traffic Control on page 787 DHCP Layer 2 Relay This feature permits Layer 3 Relay agent functionality in Layer 2 switched networks The switch supports L2 DHCP relay configuration on individual ports link aggregation groups LAGs and VLANs For i...

Page 77: ...o VLANs based on their ingress port When a port uses 802 1X port authentication packets can be assigned to a VLAN based on the result of the 802 1X authentication a client uses when it accesses the switch This feature is useful for assigning traffic to Guest VLANs or Voice VLANs IP Subnet based VLAN This feature allows incoming untagged packets to be assigned to a VLAN and traffic class based on t...

Page 78: ...ables the separation of voice and data traffic coming onto the port Voice VLAN is the preferred solution for enterprises wishing to deploy voice services in their network Guest VLAN The Guest VLAN feature allows a switch to provide a distinguished service to unauthenticated users This feature provides a mechanism to allow visitors and contractors to have network access to reach external network wi...

Page 79: ...id Spanning Tree Protocol RSTP detects and uses network topologies to enable faster spanning tree convergence after a topology change without creating forwarding loops The port settings supported by STP are also supported by RSTP Multiple Spanning Tree Multiple Spanning Tree MSTP operation maps VLANs to spanning tree instances Packets assigned to various VLANs are transmitted along different paths...

Page 80: ... to be dropped Additionally the BPDU Filtering feature prevents a port in Port Fast mode from sending and receiving BPDUs A port in Port Fast mode is automatically placed in the forwarding state when the link is up to increase convergence time RSTP PV and STP PV Dell Networking switches support both Rapid Spanning Tree Per VLAN RSTP PV and Spanning Tree Per VLAN STP PV RSTP PV is the IEEE 802 1w R...

Page 81: ...ll not become active in the LAG if their operational settings do not match those of the first member of the LAG Link Aggregate Control Protocol LACP Link Aggregate Control Protocol LACP uses peer exchanges across links to determine on an ongoing basis the aggregation capability of various links and continuously provides the maximum level of aggregation capability achievable between a given pair of...

Page 82: ...figuration The switch IP configuration settings to allow you to configure network information for VLAN routing interfaces such as IP address and subnet mask and ICMP redirects Global IP configuration settings for the switch allow you to enable or disable the generation of several types of ICMP messages and enable or disable the routing mode For information about managing global IP settings see Con...

Page 83: ...ocol RIP like OSPF is an IGP used within an autonomous Internet system RIP is an IGP that is designed to work with moderate size networks For information about configuring RIP see Configuring RIP on page 1201 Router Discovery For each interface you can configure the Router Discovery Protocol RDP to transmit router advertisements These advertisements inform hosts on the local network about the pres...

Page 84: ...l of a virtual router for a VRRP group For information about configuring VRRP settings see Configuring VRRP on page 1217 Tunnel and Loopback Interfaces Dell Networking series switches support the creation deletion and management of tunnel and loopback interfaces Tunnel interfaces facilitate the transition of IPv4 networks to IPv6 networks A loopback interface is always expected to be up so you can...

Page 85: ...fic types Given this coexistence each switch maintains a separate routing table for IPv6 routes The switch can forward IPv4 and IPv6 traffic over the same set of interfaces For information about configuring IPv6 routes see Configuring IPv6 Routing on page 1241 OSPFv3 OSPFv3 provides a routing protocol for IPv6 networking OSPFv3 is a new routing component based on the OSPF version 2 component In du...

Page 86: ...ts you directly configure certain aspects of switch queuing This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required CoS queue characteristics such as minimum guaranteed bandwidth and transmission rate shaping are configurable at the queue or port level For information about configuring CoS see Configuring Class of Service on ...

Page 87: ...ee Configuring L2 Multicast Features on page 803 MAC Multicast Support Multicast service is a limited broadcast service that allows one to many and many to many connections In Layer 2 multicast services a single frame addressed to a specific multicast address is received and copies of the frame to be transmitted on each relevant port are created IGMP Snooping Internet Group Management Protocol IGM...

Page 88: ...ociated with IP multicast address In IPv6 MLD snooping performs a similar function With MLD snooping IPv6 multicast data is selectively forwarded to a list of ports intended to receive the data instead of being flooded to all of the ports in a VLAN This list is constructed by snooping IPv6 multicast control packets Multicast VLAN Registration The Multicast VLAN Registration MVR protocol like IGMP ...

Page 89: ...st routers Dell Networking series switches perform the multicast router part of the IGMP protocol which means it collects the membership information needed by the active multicast router IGMP Proxy The IGMP Proxy feature allows the switch to act as a proxy for hosts by sending IGMP host messages on behalf of the hosts that the switch discovered through standard IGMP router interfaces Protocol Inde...

Page 90: ...ations such as audio or video broadcasts PIM SSM does not use shared trees Protocol Independent Multicast IPv6 Support PIM DM and PIM SM support IPv6 routes MLD MLDv2 RFC2710 RFC3810 MLD is used by IPv6 systems listeners and routers to report their IP multicast addresses memberships to any neighboring multicast routers The implementation of MLD v2 is backward compatible with MLD v1 MLD protocol en...

Page 91: ... Addresses Dell Networking N2000 Series Switch Hardware This section contains information about device characteristics and modular hardware configurations for the N2000 series switches N2000 Series Front Panel Then N2000 series front panel includes the following features Switch Ports Console Port USB Port Reset Button SFP Ports Port and System LEDs Stack Master LED and Stack Number Display The fol...

Page 92: ...s includes the following ports Console port USB port Figure 3 2 N2024 Close up The N2024 front panel shown in Figure 3 2 has status LEDs for over temperature alarm internal power and status on the top row The bottom row of status LEDs displays stack master redundant power supply RPS status and fan alarm status 48 10 100 1000BASE T Ports SFP Ports Console Port USB Port ...

Page 93: ... front panel provides 48 Gigabit Ethernet 10BASE T 100BASE TX 1000BASE T RJ 45 ports that support auto negotiation for speed flow control and duplex The N2048 N2048P support two SFP 10G ports Dell qualified SFP transceivers are sold separately The front panel switch ports have the following characteristics The switch automatically detects the difference between crossed and straight through cables ...

Page 94: ... Parity 1 Stop Bit No Flow Control USB Port The Type A female USB port supports a USB 2 0 compliant flash memory drive The Dell Networking switch can read or write to a flash drive with a single partition formatted as FAT 32 You can use a USB flash drive to copy switch configuration files and images between the USB flash drive and the switch You can also use the USB flash drive to move and copy co...

Page 95: ...ff the stack member is not the master unit The Stack No panel displays the unit number for the stack member If a switch is not part of a stack in other words it is a stack of one switch the M LED is illuminated and the unit number is displayed N2000 Series Back Panel The following images show the back panels of the N2000 switches Figure 3 4 N2000 Back Panel Figure 3 5 N2024P N2048P Back Panel The ...

Page 96: ... at full PoE power 850W An additional external power supply MPS1000 provides 1000 watts and gives full power coverage for all 48 PoE devices 1800W NOTE PoE power is dynamically allocated Not all ports will require the full PoE power CAUTION Remove the power cable from the power supplies prior to removing the power supply module itself Power must not be connected prior to insertion in the chassis V...

Page 97: ...h includes two LEDs One LED is on the left side of the port and the second LED is on the right side of the port This section describes the LEDs on the switch ports 100 1000 10000Base T Port LEDs Each 100 1000 10000Base T port has two LEDs Figure 3 20 illustrates the 100 1000 10000Base T port LEDs Figure 3 7 100 1000 10000Base T Port LEDs Link SPD Activity ...

Page 98: ...mitting receiving Activity PoE LED on PoE switches Off There is no current transmit receive activity and PoE power is off Blinking green The port is actively transmitting receiving and PoE power is off Blinking yellow The port is actively transmitting receiving and PoE power is on Solid yellow There is no current transmit receive activity and PoE power is on Table 3 2 Stacking Port LED Definitions...

Page 99: ...cal system error has occurred Blinking red A noncritical system error occurred fan or power supply failure Power Off There is no power or the switch has experienced a power failure Solid green Power to the switch is on Blinking green The switch locator function is enabled RPS on non PoE switches Off There is no redundant power supply RPS Solid green Power to the RPS is on Solid red An RPS is detec...

Page 100: ...h is operating below the threshold temperature Solid red The switch temperature exceeds the threshold of 75 C Stack No Switch ID within the stack Table 3 5 Power Consumption Model Input Voltage Power Supply Configuration Max Steady Current Consumption A Max Steady Power W N2024P 100V Main PSU EPS PSU 8 9 890 0 110V Main PSU EPS PSU 8 3 913 0 120V Main PSU EPS PSU 7 6 912 0 220V Main PSU EPS PSU 4 ...

Page 101: ...n on Limitation Max PSUs Output Ability POE Power Turn on Limitation N2024P 90W 1000W Power budget is 850W The total POE supplied power must not exceed 850W 2000W Power budget is 1700W All PoE ports can supply maximum power N2048P 110W 1000W Power budget is 850W The total POE supplied power must not exceed 850W 2000W Power budget is 1700W All PoE ports can supply maximum power ...

Page 102: ...orts Console Port Out of Band Management Port USB Port SFP Ports Reset Button Port and System LEDs Stack Master LED and Stack Number Display The following images show the front panels of the switch models in the N3000 series Figure 3 8 N3024F with 24 10 100 1000BASE T Ports Front Panel The N3000 series switch includes two combo ports The combo ports are SFP on the N3000 series and 1000BaseT on the...

Page 103: ...wn in Figure 3 9 and Figure 3 10 on page 103 Figure 3 10 Additional N3000 Series Ports The N3000 front panel above also contains a reset button pinhole and several status LEDs See Figure 3 10 10 100 1000BASE T Auto sensing Full Duplex RJ 45 Ports Combo Ports SFP Ports Combo Ports Reset Button USB Port Console Port Out of Band Management Port SFP Ports ...

Page 104: ...ts that support auto negotiation for speed flow control and duplex The N3048 N3048P support two SFP 10G ports Dell qualified SFP transceivers are sold separately The front panel switch ports have the following characteristics The switch automatically detects the difference between crossed and straight through cables on RJ 45 ports and automatically chooses the MDI or MDIX configuration to match th...

Page 105: ...or from the operational network USB Port The Type A female USB port supports a USB 2 0 compliant flash memory drive The Dell Networking switch can read or write to a flash drive with a single partition formatted as FAT 32 You can use a USB flash drive to copy switch configuration files and images between the USB flash drive and the switch You can also use the USB flash drive to move and copy confi...

Page 106: ...the master unit the stack master LED which is labeled M is solid green If the M LED is off the stack member is not the master unit The Stack No panel displays the unit number for the stack member If a switch is not part of a stack in other words it is a stack of one switch the M LED is illuminated and the unit number is displayed N3000 Series Back Panel The following images show the back panels of...

Page 107: ...odule has two ports The plug in modules include hot swap support so you do not need to reboot the switch after you install a new module Power Supplies N3024 N3024F and N3048 N3024 series N3024F and N3048 switches support two 200 watt Field Replaceable Unit FRU power supplies which give full power redundancy for the switch The N3024 N3024F and N3048 switches offer the V lock feature for users desir...

Page 108: ...l equipped switches will feed up to 48 PoE devices at full PoE power 1800W as well as provide power supply redundancy NOTE PoE power is dynamically allocated by default Not all ports will require the full PoE power CAUTION Remove the power cable from the power supplies prior to removing the power supply module itself Power must not be connected prior to insertion in the chassis Ventilation System ...

Page 109: ...h includes two LEDs One LED is on the left side of the port and the second LED is on the right side of the port This section describes the LEDs on the switch ports 100 1000 10000Base T Port LEDs Each 100 1000 10000Base T port has two LEDs Figure 3 20 illustrates the 100 1000 10000Base T port LEDs Figure 3 14 100 1000 10000Base T Port LEDs Link SPD Activity ...

Page 110: ...ing green The port is actively transmitting receiving Activity PoE LED on PoE switches Off There is no current transmit receive activity and PoE power is off Blinking green The port is actively transmitting receiving and PoE power is off Blinking yellow The port is actively transmitting receiving and PoE power is on Solid yellow There is no current transmit receive activity and PoE power is on Tab...

Page 111: ...LED Color Definition Link LED Off There is no link Solid green The port is actively transmitting receiving Activity LED Off There is no current transmit receive activity Blinking green The port is actively transmitting receiving Table 3 11 OOB Port LED Definitions LED Color Definition Link SPD LED Off There is no link Solid green The port is actively transmitting receiving at 1000 Mbps Solid amber...

Page 112: ...ng Solid red A critical system error has occurred Blinking red A noncritical system error occurred fan or power supply failure Power 1 Power 2 Off There is no power or the switch has experienced a power failure Solid green Power to the switch is on Blinking green The switch locator function is enabled Fan Solid green The fan is powered and is operating at the expected RPM Solid red A fan failure h...

Page 113: ...wer to some ports over others Table 3 15 shows the power budget data Table 3 14 N3000 Series Power Consumption Model Input Voltage Power Supply Configuration Max Steady Current Consumption A Max Steady Power W N3024P 100V PSU1 PSU2 13 1 1310 0 110V PSU1 PSU2 11 7 1287 0 120V PSU1 PSU2 10 6 1272 0 220V PSU1 PSU2 5 6 1232 0 240V PSU1 PSU2 5 2 1240 8 N3048P 100V PSU1 PSU2 21 8 2180 0 110V PSU1 PSU2 1...

Page 114: ...rn on Limitation Max PSUs Output Ability POE Power Turn on Limitation N3024P 110W 715W Power budget is 550W The total POE supplied power must not exceed 550W 715W Power budget is 1100W All PoE ports can supply maximum power N3048P 140W 1100W Power budget is 950W The total POE supplied power must not exceed 950W 2200W Power budget is 1900W All PoE ports can supply maximum power ...

Page 115: ...4000 series switches Front Panel The N4000 series front panel includes the following features Switch ports Module bay that supports the following modules 2 x 40 Gig QSFP each QSFP may be configured as 4 x 10 Gig ports 4 x SFP module 4 x 10GBaseT module See Hot Pluggable Interface Modules on page 117 for more information USB port Reset button Port and system LEDs Stack LED The N4032 front panel pro...

Page 116: ...odules in the module bay The N4064 front panel provides 64 x 10GbE copper ports and two fixed QSFP ports each supporting 4 x 10G or 1 x 40G connections The N4064F front panel provides 64 SFP ports supporting SFP and SFP transceivers plus two fixed QSFP ports each supporting 4 x 10G or 1 x 40G connections 10GbE Copper Ports Module bay USB port 10GbE Fiber Ports Module bay USB port ...

Page 117: ...uggable Interface Modules The N4032 N4032F N4064 and N4064F switches support the following hot pluggable interface modules N4000 QSFP 2 x 40G QSFP port module defaults to 2 x 40G N4000 SFP 4 x SFP port module defaults to 4 x 10G mode N4000 10GBT 4 x 10GBase T ports module defaults to 4 x 10G mode Blank module defaults to 10G mode 10GbE Copper Ports USB port FixedQSFP ports Module bay 10GbE Fiber P...

Page 118: ...essage such as the following will appear Card Mismatch Unit 1 Slot 1 Inserted Card Dell 2 Port QSFP Expansion Card Config Card Dell 4 Port 10GBase T Expansion Card The following sections provides details on each module Quad Port SFP QSFP Uplink Module The QSFP module supports features four ports that support 10G SFP transceivers The QSFP module supports the following features Four 10G ports with q...

Page 119: ...n also use the USB flash drive to move and copy configuration files and images from one switch to other switches in the network Deletion of files on the USB drive is not supported The USB port does not support any other type of USB device Port and System LEDs The front panel contains light emitting diodes LEDs to indicate port status For information about the status that the LEDs indicate see LED ...

Page 120: ... port supports asynchronous data of eight data bits one stop bit no parity bit and no flow control The default baud rate is 9600 bps Out of Band Management Port The Out of Band OOB management port is a 10 100 1000BASE T Ethernet port dedicated to remote switch management Traffic on this port is segregated from operational network traffic on the switch ports and cannot be switched or routed to or f...

Page 121: ...Ds Each port on a N4000 series switch includes two LEDs One LED is on the left side of the port and the second LED is on the right side of the port This section describes the LEDs on the switch ports 100 1000 10000Base T Port LEDs Each 100 1000 10000Base T port has two LEDs Figure 3 20 illustrates the 100 1000 10000Base T port LEDs Figure 3 20 100 1000 10000Base T Port LEDs CAUTION Remove the powe...

Page 122: ... Blinking green The port is actively transmitting receiving Table 3 17 SFP Module LED Definitions LED Color Definition Link LED Off There is no link Solid green The port is operating at 10 Gbps Solid amber The port is operating at 100 1000 Mbps Activity LED Off There is no current transmit receive activity Blinking green The port is actively transmitting receiving Table 3 18 10GBase T Module LED D...

Page 123: ...is no link Solid green The port is operating at 40 Gbps Solid amber The port is operating at other speeds Activity LED Off There is no current transmit receive activity Blinking green The port is actively transmitting receiving Table 3 20 OOB Ethernet Management Port LED Definitions LED Color Definition Link LED Off There is no link Solid green The port is operating at 1000 Mbps Solid amber The po...

Page 124: ... is operating at normal temperature Solid amber The thermal sensor s system temperature threshold of 75 C has been exceeded Diag Off The switch is operating normally Blinking green A diagnostic test is running Fan Solid green The fan is powered and is operating at the expected RPM Solid red A fan failure has occurred Stack Solid blue The switch is in stacking master mode Solid amber The switch is ...

Page 125: ...ation Burned In MAC Address 001E C9F0 004D System Object ID 1 3 6 1 4 1 674 10895 3042 System Model ID N4032 Machine Type N4032 Temperature Sensors Unit Description Temperature Status Celsius 1 MAC 32 Good 1 CPU 31 Good 1 PHY left side 26 Good 1 PHY right side 29 Good Fans Unit Description Status 1 Fan 1 OK 1 Fan 2 OK 1 Fan 3 OK 1 Fan 4 OK 1 Fan 5 OK 1 Fan 6 No Power Power Supplies Unit Descriptio...

Page 126: ...20 1 Configured IPv4 Protocol DHCP Burned In MAC Address 001E C9F0 004E console show ip interface vlan 1 Routing Interface Status Down Primary IP Address 1 1 1 2 255 255 255 0 Method Manual Routing Mode Enable Administrative Mode Enable Forward Net Directed Broadcasts Disable Proxy ARP Enable Local Proxy ARP Disable Active State Inactive MAC Address 001E C9F0 0050 Encapsulation Type Ethernet IP MT...

Page 127: ...age Switch Administrator Dell OpenManage Switch Administrator is a web based tool to help you manage and monitor a Dell Networking N2000 N3000 and N4000 series switches Table 4 1 lists the web browsers that are compatible with Dell OpenManage Switch Administrator The browsers have been tested on a PC running the Microsoft Windows operating system Table 4 1 Compatible Browsers Browser Version Inter...

Page 128: ...ormation on page 147 3 When the Login window displays enter a user name and password Passwords are both case sensitive and alpha numeric Figure 4 1 Login Screen 4 Click Submit NOTE The switch is not configured with a default user name or password You must connect to the CLI by using the console port to configure the initial user name and password For information about connecting to the console see...

Page 129: ... left side of the page the navigation pane provides an expandable view of features and their components Configuration and status options The main panel contains the fields you use to configure and monitor the switch Page tabs Some pages contain tabs that allow you to access additional pages related to the feature Command buttons Command buttons are located at the bottom of the page Use the command...

Page 130: ...130 Using Dell OpenManage Switch Administrator Figure 4 2 Switch Administrator Components Navigation Panel Page Tabs Links Save Print Refresh Help Configuration and Status Options Command Button ...

Page 131: ...ion that were not saved to the startup configuration are lost across a power cycle Print Opens the printer dialog box that allows you to print the current page Only the main panel prints Refresh Refreshes the screen with the current information Help Online help that contains information to assist in configuring and managing the switch The online help pages are context sensitive For example if the ...

Page 132: ...s on the OpenManage Switch Administrator Home page which is the page that displays after a successful login The graphic provides information about switch ports and system health Figure 4 3 Dell Networking N3048 Device View Using the Device View Port Features The switching port coloring indicates if a port is currently active Green indicates that the port has a link red indicates that an error has ...

Page 133: ...k panel of the switch blinks for the number of seconds selected from the timer menu The green blinking LED on the back of the switch can help you or a technician near the switch identify the physical location of the switch within a room or rack full of switches After you click the Locate button it turns green and remains green while the LED is blinking NOTE You can also issue the locate command fr...

Page 134: ...134 Using Dell OpenManage Switch Administrator ...

Page 135: ...ch must have an IP address and the management station you use to access the device must be able to ping the switch IP address For information about assigning an IP address to a switch see Setting the IP Address and Other Basic Network Information on page 147 Console Connection Use the following procedures to connect to the CLI by connecting to the console port For more information about creating a...

Page 136: ... protocol network Telnet connections are enabled by default and the Telnet port number is 23 The switch supports up to four simultaneous Telnet sessions All CLI commands can be used over a Telnet session To connect to the switch using Telnet the switch must have an IP address and the switch and management station must have network connectivity You can use any Telnet client on the management statio...

Page 137: ...ude the following User EXEC Commands in this mode permit connecting to remote devices changing terminal settings on a temporary basis performing basic tests and listing system information Privileged EXEC Commands in this mode permit you to view all switch settings and to enter the global configuration mode Global Configuration Commands in this mode manage the device configuration on a global level...

Page 138: ...er the enable command console Use the exit command or press Ctrl Z to return to User EXEC mode Global Configuration From Privileged EXEC mode use the configure command console config Use the exit command or press Ctrl Z to return to Privileged EXEC mode Interface Configuration From Global Configuration mode use the interface command and specify the interface type and ID console config if To exit t...

Page 139: ...ipv6 Configure IPv6 parameters protocol Configure the Protocols associated with particular Group Ids vlan Create a new VLAN or delete an existing VLAN Enter a question mark after each word you enter to display available command keywords or parameters console config vlan vlan list 1 4093 separate non consecutive IDs with and no spaces Use for range protocol Configure Protocol Based VLAN parameters ...

Page 140: ...sole show running config If the characters you entered are not enough for the switch to identify a single matching command continue entering characters until the switch can uniquely identify the command Use the question mark to display the available commands matching the characters already entered Entering Abbreviated Commands To execute a command you need to enter enough characters so that the sw...

Page 141: ...ameters that are available Recalling Commands from the History Buffer Every time a command is entered in the CLI it is recorded in an internally managed Command History buffer By default the history buffer is enabled and stores the last 10 commands entered These commands can be recalled reviewed modified and reissued This buffer is not preserved after switch resets Table 5 2 CLI Error Messages Mes...

Page 142: ...lls commands in the history buffer beginning with the most recent command Repeats the key sequence to recall successively older commands Down arrow key Ctrl N Returns to more recent commands in the history buffer after recalling commands with the up arrow key Repeating the key sequence recalls more recent commands in succession ...

Page 143: ... interface VLAN 1 Members All switch ports SDM template Dual IPv4 and IPv6 routing Users None Minimum password length 8 characters IPv6 management mode Enabled SNTP client Disabled Global logging Enabled Switch auditing Disabled CLI command logging Disabled Web logging Disabled SNMP logging Disabled Console logging Enabled Severity level debug and above RAM logging Enabled Severity level debug and...

Page 144: ...e Portal Disabled Dot1x Authentication IEEE 802 1X Disabled MAC Based Port Security All ports are unlocked Access Control Lists ACL None configured IP Source Guard IPSG Disabled DHCP Snooping Disabled Dynamic ARP Inspection Disabled Protected Ports Private VLAN Edge None Energy Detect Mode Disabled EEE Lower Power Mode Disabled PoE Plus POE switches Auto Flow Control Support IEEE 802 3x Enabled He...

Page 145: ...y Disabled Default VLAN ID 1 Default VLAN Name Default GVRP Disabled GARP Timers Leave 60 centiseconds Leave All 1000 centiseconds Join 20 centiseconds Voice VLAN Disabled Guest VLAN Disabled RADIUS assigned VLANs Disabled Double VLANs Disabled Spanning Tree Protocol STP Enabled STP Operation Mode IEEE 802 1w Rapid Spanning Tree Optional STP Features Disabled STP Bridge Priority 32768 Multiple Spa...

Page 146: ...IPv6 Routing Disabled DHCPv6 Disabled OSPFv3 Enabled DiffServ Enabled Auto VoIP Disabled Auto VoIP Traffic Class 6 PFC Disabled no classifications configured DCBx version Auto detect iSCSI Enabled MLD Snooping Enabled IGMP Snooping Enabled IGMP Snooping Querier Disabled GMRP Disabled IPv4 Multicast Disabled IPv6 Multicast Disabled Table 6 1 Default Settings Continued Feature Default ...

Page 147: ...ork Information Overview What Is the Basic Network Information The basic network information includes settings that define the Dell Networking N2000 N3000 and N4000 series switches in relation to the network Table 7 1 provides an overview of the settings this chapter describes Table 7 1 Basic Network Information Feature Description IP Address On an IPv4 network the a 32 bit number that uniquely id...

Page 148: ... server using the no ip telnet command is recommended Default Gateway Typically a router interface that is directly connected to the switch and is in the same subnet The switch sends IP packets to the default gateway when it does not recognize the destination IP address in a packet DHCP Client Requests network information from a DHCP server on the network Domain Name System DNS Server Translates h...

Page 149: ...r User Configuration mode For more information about performing the initial switch configuration by using the wizard see the Getting Started Guide at support dell com manuals If you do not use the wizard to prompt you for the initial configuration information you can enable the DHCP client on the switch to obtain network information from a DHCP server on your network or you can statically assign t...

Page 150: ...e advantages of using OOB management instead of in band management Traffic on the OOB port is passed directly to the switch CPU bypassing the switching silicon The OOB port is implemented as an independent NIC which allows direct access to the switch CPU from the management network If the production network is experiencing problems you can still access the switch management interface and troublesh...

Page 151: ...l the connection times out To resolve this issue you can reduce the MSS setting to a more appropriate value on the local host or alternatively you can set system MTU to a smaller value Default Network Information NOTE N2000 switches do not have an out of band interface By default no network information is configured The DHCP client is enabled on the OOB interface by default on N3000 and N4000 swit...

Page 152: ...e out of band interface IP address and subnet mask or to enable disable the DHCP client for address information assignment DHCP is enabled by default on the OOB interface The OOB interface must be configured on a subnet separate from the front panel port routing interfaces The system default gateway must not share an address range subnet with the OOB interface The out of band interface may also be...

Page 153: ...Protocol menu If you statically assign the network information make sure the Protocol menu is set to None IP Interface Configuration Default VLAN IP Address Use the IP Interface Configuration page to assign the default VLAN IP address and subnet mask the default gateway IP address and to assign the boot protocol To display the IP Interface Configuration page click Routing IP IP Interface Configura...

Page 154: ...to the default VLAN 1 From the Interface menu select VLAN 1 2 From the Routing Mode field select Enable 3 From the IP Address Configuration Method field specify whether to assign a static IP address Manual or use DHCP for automatic address assignment 4 If you select Manual for the configuration method specify the IP Address and Subnet Mask in the appropriate fields 5 Click Apply ...

Page 155: ...teway must not be on the same subnet as the OOB management port as the OOB management port cannot route packets received on the front panel ports To display the Route Entry Configuration page click Routing Router Route Entry Configuration in the navigation panel Figure 7 3 Route Configuration Default VLAN NOTE You do not need to configure any additional fields on the page For information about VLA...

Page 156: ...eway 1 Open the Route Entry Configuration page 2 From the Route Type field select Default Figure 7 4 Default Route Configuration Default VLAN 3 In the Next Hop IP Address field enter the IP address of the default gateway 4 Click Apply For more information about configuring routes see Configuring IP Routing on page 1063 ...

Page 157: ...itch uses the DNS server to translate hostnames into IP addresses To display the Domain Name Server page click System IP Addressing Domain Name Server in the navigation panel Figure 7 5 DNS Server To configure DNS server information click the Add link and enter the IP address of the DNS server in the available field Figure 7 6 Add DNS Server ...

Page 158: ...ame Use the Default Domain Name page to configure the domain name the switch adds to a local unqualified hostname To display the Default Domain Name page click System IP Addressing Default Domain Name in the navigation panel Figure 7 7 Default Domain Name ...

Page 159: ...per host To display the Host Name Mapping page click System IP Addressing Host Name Mapping Figure 7 8 Host Name Mapping To map a host name to an IP address click the Add link type the name of the host and its IP address in the appropriate fields and then click Apply Figure 7 9 Add Static Host Name Mapping Use the Show All link to view all configured host name to IP address mappings ...

Page 160: ...using the configured DNS server to resolve a hostname For example if you ping www dell com from the CLI the switch uses the DNS server to lookup the IP address of dell com and adds the entry to the Dynamic Host Name Mapping table To display the Dynamic Host Name Mapping page click System IP Addressing Dynamic Host Name Mapping in the navigation panel Figure 7 10 View Dynamic Host Name Mapping ...

Page 161: ...ileged EXEC mode use the following commands to enable the DHCP client on the default VLAN which is VLAN 1 As a best practice it is recommended that a separate VLAN other than one used for client traffic be used for in band management of the switch In general using VLAN 1 or any other VLAN carrying client traffic for in band management introduces a security vulnerability Command Purpose configure E...

Page 162: ...ation for all interfaces or for the specified interface debug dhcp packet Display debug information about DHCPv4 client activities and to trace DHCPv4 packets to and from the local DHCPv4 client debug ipv6 dhcp Display debug information about DHCPv6 client activities and to trace DHCPv6 packets to and from the local DHCPv6 client ipv6 address prefix prefixlien autoconfig dhcp Set the IPv6 address ...

Page 163: ...ion and an IPv6 DHCP client Configuring Static Network Information on the Default VLAN Beginning in Privileged EXEC mode use the following commands to configure a static IP address subnet mask and default gateway on the default VLAN Alternatively a DHCP server may be used to obtain a network address The switch also supports IPv6 address auto configuration Command Purpose configure Enter Global Con...

Page 164: ...ollowing commands to configure a DNS server the default domain name and a static host name to address entry Use the show commands to verify configured information and to view dynamic host name mappings Command Purpose configure Enter Global Configuration mode interface vlan 1 Enter Interface Configuration mode for VLAN 1 ip address ip_address subnet_mask Enter the IP address and subnet mask ipv6 a...

Page 165: ...ed host names ip host name ip_address Use to configure static host name to address mapping in the host cache ip address conflict detect run Trigger the switch to run active address conflict detection by sending gratuitous ARP packets for IPv4 addresses on the switch CTRL Z Exit to Privileged EXEC mode show ip interface vlan 1 Verify the network information for VLAN 1 show hosts Verify the configur...

Page 166: ...aptop host name to its IP address The administrator uses the OOB port to manage the switch To configure the switch 1 Connect the OOB port to the management network DHCP is enabled by on the switch OOB interface by default on N3000 and N4000 switches DHCP is enabled on VLAN 1 on the N2000 switches If the DHCP client on the switch has been disabled use the following commands to enable the DHCP clien...

Page 167: ...ation console show hosts Host name Default domain sunny dell com dell com Name address lookup is enabled Name servers Preference order 10 27 138 20 10 27 138 21 Configured host name to address mapping Host Addresses admin laptop 10 27 65 103 cache TTL Hours Host Total Elapsed Type Addresses No hostname is mapped to an IP address 6 Verify that the static hostname is correctly mapped console ping ad...

Page 168: ...168 Setting Basic Network Information ...

Page 169: ...d or unconfigured interfaces for plug in modules do not show in the show interfaces status command The default setting for a 40 gigabit Ethernet interface is nonstacking 40 gigabit Ethernet 1 x 40G The commands to change 1 x 40G and 4 x 10G modes are always entered on the 40 gigabit interfaces The commands to change the Ethernet stack mode are entered on the appropriate interface tengigabitetherne...

Page 170: ... Fo2 1 1 console config if Fo2 1 1 hardware profile portmode 1x40g This command will not take effect until the switch is rebooted console config if Fo1 1 2 do reload Are you sure you want to reload the stack y n Attempting to change the port mode on the tengigabit interface will give the error An invalid interface has been used for this function ...

Page 171: ...k with other Dell Networking 4000 series switches over front panel ports configured for stacking A stack of twelve 48 port N2000 or N3000 switches has an aggregate throughput capacity of 576 Gigabits Dell Networking N2000 N3000 stacking links operate at 21 Gbps or 4 3 of total aggregate throughput capacity of a full stack therefore it is recommended that operators provision large stacking topologi...

Page 172: ...ing this is to distribute downlinks and transit links evenly across the stack vs connecting all downlinks transit links to a single stack unit or to adjacent stacking units If Priority Flow Control PFC is enabled on any port in an N4000 series stack stacking is supported at distances up to 100 meters on the stacking ports If PFC is not enabled stacking is supported up to the maximum distance suppo...

Page 173: ... application state is synchronized between the master and standby during normal stacking operation The startup configuration and backup configuration on the stack members are not overwritten with the master switch configuration Dell strongly recommends connecting the stack in a ring topology so that each switch is connected to two other switches Connecting switches in a ring topology allows the st...

Page 174: ...cking port on Unit 2 is connected to the upper stacking port on Unit 3 The lower stacing port on Unit 3 is connected to the upper stacking port on Unit 1 Dell Networking N2000 N3000 and N4000 Stacking Compatibility Dell Networking N2000 N3000 and N4000 series switches do not stack with different Dell Networking series switches or Dell PowerConnect series switches Dell Networking N2000 series switc...

Page 175: ... has the stack master function enabled but another stack master is already active then the switch changes its configured stack master value to disabled If the stack master function is unassigned and there is another stack master in the system then the switch changes its configured stack master value to disabled If the stack master function is enabled or unassigned and there is no other stack maste...

Page 176: ...STP reconvergence will take place as soon as the link is detected After the stack cables on the new member are connected to the stack you can power up the new units beginning with the unit directly attached to the currently powered up unit Always power up new stack units closest to an existing powered unit first Do not connect a new member to the stack after it is powered up Also do not connect tw...

Page 177: ...any control traffic destined to those ports connected to this member Statically re route any traffic going through this unit When a unit in the stack fails the stack master removes the failed unit from the stack The failed unit reboots with its original running config If the stack is configured in a ring topology then the stack automatically routes around the failed unit If the stack is not config...

Page 178: ...over the stack operation with minimal interruption if the stack master becomes unavailable Operational state synchronization also occurs when you save the running configuration to the startup configuration on the stack master when the backup unit changes What is Nonstop Forwarding Networking devices such as the Dell Networking series switches are often described in terms of three semi independent ...

Page 179: ... NSF uses a back off mechanism to reduce the load on the switch The show nsf command output includes information about when the next running config synchronization will occur Initiating a Failover The NSF feature allows you to initiate a failover using the initiate failover command which causes the former stack master to reboot cold start and the new master to perform a warm restart Initiating a f...

Page 180: ...nted NOTE The switch cannot guarantee that a backup unit has exactly the same data that the stack master has when it fails For example the stack master might fail before the checkpoint service gets data to the backup if an event occurs shortly before a failover Table 9 1 Applications that Checkpoint Data Application Checkpointed Data ARP Dynamic ARP entries Auto VOIP Calls in progress Captive Port...

Page 181: ... the network If you move the stack master to a different place in the network make sure you power down the whole stack before you redeploy the stack master so that the stack members do not continue to use the MAC address of the redeployed switch NSF Network Design Considerations You can design your network to take maximum advantage of NSF For example by distributing a LAG s member ports across mul...

Page 182: ...arding plane only selects ECMP next hops on surviving units For this reason try to distribute links providing ECMP paths across multiple stack units Why is Stacking Needed Stacking increases port count without requiring additional configuration If you have multiple Dell Networking switches stacking them helps make management of the switches easier because you configure the stack as a single unit a...

Page 183: ...isable NSF to redirect the CPU resources consumed by data checkpointing Checkpointing only occurs when a backup unit is elected so there is no need to disable the NSF feature on a standalone switch When a new unit is added to the stack the new unit takes the configuration of the stack including the NSF setting OSPF implements a separate graceful restart control that enables NSF for OSPF OSPF grace...

Page 184: ...hes For details about the fields on a page click at the top of the page Unit Configuration Use the Unit Configuration page to change the unit number and unit type Management Member or Standby To display the Unit Configuration page click System Stack Management Unit Configuration in the navigation panel Figure 9 2 Stack Unit Configuration NOTE The changes you make to the Stacking configuration page...

Page 185: ...ay the Add Unit page Figure 9 3 Add Remote Log Server Settings 3 Specify the switch ID and select the model number of the switch 4 Click Apply Stack Summary Use the Stack Summary page to view a summary of switches participating in the stack To display the Stack Summary page click System Stack Management Stack Summary in the navigation panel Figure 9 4 Stack Summary ...

Page 186: ...hether the firmware image on a new stack member can be automatically upgraded or downgraded to match the firmware image of the stack master To display the Stack Firmware Synchronization page click System Stack Management Stack Firmware Synchronization in the navigation panel Figure 9 5 Stack Firmware Synchronization ...

Page 187: ...hes page to view information regarding each type of supported switch for stacking and information regarding the supported switches To display the Supported Switches page click System Stack Management Supported Switches in the navigation panel Figure 9 6 Supported Switches ...

Page 188: ...ured mode of the interface the running mode as well as the link status and link speed of the stackable port To display the Stack Port Summary page click System Stack Management Stack Port Summary in the navigation panel Figure 9 7 Stack Port Summary NOTE By default the ports are configured to operate as Ethernet ports To configure a port as a stack port you must change the Configured Stack Mode se...

Page 189: ...d statistics including data rate and error rate To display the Stack Port Counters page click System Stack Management Stack Point Counters in the navigation panel Figure 9 8 Stack Port Counters Stack Port Diagnostics The Stack Port Diagnostics page is intended for Field Application Engineers FAEs and developers only ...

Page 190: ...ailover to the standby unit click Initiate Failover The failover results in a warm restart of the stack master Initiating a failover reloads the stack master triggering the backup unit to take over NOTE The OSPF feature uses NSF to enable the hardware to continue forwarding IPv4 packets using OSPF routes while a backup unit takes over stack master responsibility To configure NSF on a stack that us...

Page 191: ...he Checkpoint Statistics page to view information about checkpoint messages generated by the stack master To display the Checkpoint Statistics page click System Stack Management Checkpoint Statistics in the navigation panel Figure 9 10 Checkpoint Statistics ...

Page 192: ...stacking and NSF settings Command Purpose configure Enter Global Configuration mode switch current_ID renumber new_ID Change the switch ID number The valid range is 1 10 NOTE Changing the ID number causes all switches in the stack to be reset to perform stack master renumbering The running configuration is cleared when the units reset stack Enter Global Stack Configuration mode initiate failover M...

Page 193: ...rnet or stacking N4000 only nsf Enable nonstop forwarding on the stack exit Exit to Global Config mode boot auto copy sw Enable the Stack Firmware Synchronization feature boot auto copy sw allow downgrade Allow the firmware version on the newly added stack member to be downgraded if the firmware version on manager is older Config migration is not assured for firmware downgrade exit Exit to Privile...

Page 194: ...k ports View information about the stacking ports show switch stack ports counters View the statistics about the data the stacking ports have transmitted and received show switch stack ports stack path View the path that packets take from one stack member to another show supported switchtype View the Dell Networking models that are supported in the stack and the switch index SID associated with ea...

Page 195: ...tion describe how the stacking and NSF feature act in various environments This section contains the following examples Basic Failover Preconfiguring a Stack Member NSF in the Data Center NSF and VoIP NSF and DHCP Snooping NSF and the Storage Access Network NSF and Routed Access Basic Failover In this example the stack has four members that are connected in a ring topology as Figure 9 11 shows Fig...

Page 196: ...e the member command as the following example shows console configure console config stack console config stack no member 2 console config stack exit console config exit console show switch SW Management Status Standby Status Preconfig Model ID Plugged in Model ID Switch Status Code Version 1 Stack Member N3048 N3048 OK 6 0 0 0 2 Stack Member N3048 N3048 OK 6 0 0 0 3 Mgmt Switch N3048 N3048 OK 6 0...

Page 197: ...e switch 1 View the list of SIDs to determine which SID identifies the switch to preconfigure The following is the output on N3000 and N2000 series switches console show supported switchtype SID Switch Model ID 1 N3024 2 N3024F 3 N3024P 4 N3048 5 N3048P 6 N2024 7 N2024P 8 N2048 9 N2048P NOTE N2000 and N3000 switches cannot be stacked together SW Management Status Standby Status Preconfig Model ID ...

Page 198: ...fig stack member 2 2 console config stack exit console config exit 3 Confirm the stack configuration Some of the fields have been omitted from the following output due to space limitations console show switch Management Standby Preconfig Plugged in Switch Code SW Status Status Model ID Model ID Status Version 1 Mgmt Sw N3048 N3048 OK 6 0 0 0 ...

Page 199: ...he same VLAN Spanning tree is enabled on the VLAN Assume spanning tree selects AS1 as the root bridge Assume the LAG to AS1 is the root port on the stack and the LAG to AS2 is discarding Unit 1 is the stack master If unit 1 fails the stack removes the Unit 1 link to AS1 from its LAG The stack forwards outgoing packets through the Unit 2 link to AS1 during the failover During the failover the stack...

Page 200: ...ng the remaining LAG member If phone B has learned VLAN or priority parameters through LLDP MED it continues to use those parameters The stack resumes sending LLDPDUs with MED TLVs once the control plane restarts Phone B may miss an LLDPDU from the stack but should not miss enough PDUs to revert its VLAN or priority assuming the administrator has not reduced the LLDPDU interval or hold count If ph...

Page 201: ...ce IP address and source MAC address Dynamic ARP Inspection DAI uses the bindings database to verify that ARP messages contain a valid sender IP address and sender MAC address DHCP snooping checkpoints its bindings database Figure 9 14 NSF and DHCP Snooping If the stack master fails all hosts connected to that unit lose network access until that unit reboots The hardware on surviving units continu...

Page 202: ...ess switch the hardware traps ARP packets to the CPU on untrusted ports During a restart the control plane drops ARP packets Thus new traffic sessions may be briefly delayed until after the control plane restarts If IPSG is enabled and a DHCP binding is not checkpointed to the backup unit before the failover that host will not be able to send data packets until it renews its IP address lease with ...

Page 203: ...n on its backup NIC to a different IP address on the disk array The hardware forwards the packets to establish this new session but assuming the session is established before the control plane is restarted on the backup unit the new session receives no priority treatment in the hardware Session B remains established and fully functional throughout the restart and continues to receive priority trea...

Page 204: ... LSAs to inform its OSPF neighbors the aggregation routers that it is going through a graceful restart The grace LSAs reach the neighbors before they drop their adjacencies with the access router PIM starts sending hello messages to its neighbors on the aggregation routers using a new generation ID to prompt the neighbors to quickly resend multicast routing information PIM neighbors recognize the ...

Page 205: ...hes and the control plane deletes any stale unicast routes not relearned at this point The forwarding plane reconciles L3 multicast hardware tables Throughout the process the hosts continue to receive their multicast streams possibly with a short interruption as the top aggregation router learns that one of its LAG members is down The hosts see no more than a 50 ms interruption in unicast connecti...

Page 206: ...206 Managing a Switch Stack ...

Page 207: ...A Overview Authentication Authorization Accounting Authentication Examples Authorization Examples Using RADIUS Servers to Control Management Access Using TACACS Servers to Control Management Access Default Configurations AAA Overview AAA is a framework for configuring management security in a consistent way Three services make up AAA Authentication Validates the user identity Authentication takes ...

Page 208: ...re is no error the method returns success if the user is allowed access to the service and failure if the user is not AAA gives the user flexibility in configuration by allowing different method lists to be assigned to different access lines In this way it is possible to configure different security requirements for the serial console than for Telnet for example Methods A method performs the confi...

Page 209: ... returns a result as if the service had succeeded This method never returns an error If none is configured as a method the user will always be authenticated and allowed to access the switch The radius and tacacs methods communicate with servers running the RADIUS and TACACS protocols respectively These methods can return an error if the switch is unable to contact the server Access Lines There are...

Page 210: ...DNOS Public key authentication operates as follows The administrator first generates a pair of encryption keys the public key and the private key Messages encrypted with the private key can only be decrypted by the public key and vice versa The administrator keeps the private key on his her local machine and loads the public key on to the switch When the administrator attempts to log into the swit...

Page 211: ...ss to the switch if the user credentials are validated Access is granted only at privilege level one Enable Enable authentication grants access to a higher privilege level if the user credentials are validated for the higher privilege level When RADIUS is used for enable authentication the username for this request is always enab15 The username used to log into the switch is not used for RADIUS en...

Page 212: ...el and an administrative profile Network Network authorization enables a RADIUS server to assign a particular 802 1X supplicant to a VLAN For more information about 802 1X see Configuring Port and System Security on page 503 Table 10 3 shows the valid methods for each type of authorization Exec Authorization Capabilities Dell Networking switches support two types of service configuration with exec...

Page 213: ...ve been denied by that profile A user can be assigned to more than one profile If there are conflicting rules in profiles the permit rule always takes precedence over the deny rule That is if any profile assigned to a user permits a command then the user is permitted access to that command A user may be assigned up to 16 profiles A number of profiles are provided by default These profiles cannot b...

Page 214: ...nds Dot1x and exec Commands Sends accounting records for command execution Dot1x Sends accounting records for network access Exec Sends accounting records for management access logins For more information about the data sent in accounting records see Which RADIUS Attributes Does the Switch Support on page 234 and Using TACACS Servers to Control Management Access on page 237 Table 10 4 shows the va...

Page 215: ...s 2 passwords strength minimum character classes 4 passwords strength check username admin password paSS1 word2 privilege 15 passwords lock out 3 The following describes each line of this code The aaa authentication login loc local command creates a login authentication list called loc that contains the method local The line telnet command enters the configuration mode for the Telnet line The logi...

Page 216: ... command creates a user with the name admin and password paSS1 word2 This user is enabled for privilege level 15 Note that because password strength checking was enabled the password was required to have at least two numeric characters one uppercase character one lowercase character and one special character The passwords lock out 3 command locks out a local user after three failed login attempts ...

Page 217: ...creates an enable authentication list called tacp that contains the method tacacs If this method fails then the user will fail to execute the enable command The tacacs server host 1 2 3 4 command is the first step in defining a TACACS server at IP address 1 2 3 4 The result of this command is to place the user in tacacs server mode to allow further configuration of the server The key secret comman...

Page 218: ... admin password f4d77eb781360c5711ecf3700a7af623 privilege 15 encrypted aaa authentication login NOAUTH line aaa authentication enable NOAUTH line crypto key generate rsa crypto key pubkey chain ssh user key admin rsa key string row AAAAB3NzaC1yc2EAAAABJQAAAIBor6DPjYDpSy8Qcji68xrS 4Lf8c9Jq4xXKIZ5 Pvv20AkRFE0ifVI9EH4jyZagR3wzH5Xl9dyjA6bTuqMgN15C1xJC1l59FU88JaY7 ywGdRppmoaJrNRPM7RZtQPaDVIunzm3eMr9Py...

Page 219: ...the defaultList The defaultList contains a single method none which is equivalent to no authentication Since the authentication is provided by the public key a second layer of authentication is not required The last three lines enable the SSH server configure it to use public key authentication and specify use of the SSH 2 protocol The following shows the configured authentication methods console ...

Page 220: ... Configuring Authentication Authorization and Accounting PUTTY Configuration Main Screen On the following screen the IP address of the switch is configured and SSH is selected as the secure login protocol ...

Page 221: ...Configuring Authentication Authorization and Accounting 221 On the next screen PUTTY is configured to use SSH 2 only This is an optional step that accelerates the login process ...

Page 222: ... is the key to the configuration It is set to display the authentication banner disable authentication with Pageant disable keyboard interactive authentication unless desired disable attempted changes of user name and select the private key file used to authenticate with the switch ...

Page 223: ...tion Authorization and Accounting 223 The following screen configures the user name to be sent to the switch A user name is always required Alternatively leave Auto login name blank and the system will prompt for a user name ...

Page 224: ...zation and Accounting After configuring Putty be sure to save the configuration The following screen shows the result of the login process The user name is entered automatically and the switch confirms that public key authentication occurs ...

Page 225: ...dministrator login and password then they are able to authenticate in this manner RADIUS Authentication Example Use the following configuration to require RADIUS authentication to login over a Telnet connection aaa authentication login rad radius aaa authentication enable raden radius radius server host 1 2 3 4 key secret exit line telnet login authentication rad enable authentication raden exit T...

Page 226: ... is the first step in defining a RADIUS server at IP address 1 2 3 4 The result of this command is to place the user in radius server mode to allow further configuration of the server The key secret command defines the shared secret This must be the same as the shared secret defined on the RADIUS server The line telnet command enters the configuration mode for the Telnet line The login authenticat...

Page 227: ...uch that a user can enter privileged EXEC mode directly aaa authorization exec locex local line telnet authorization exec locex exit With the users that were previously configured the guest user will still log into user EXEC mode since the guest user only has privilege level 1 the default The admin user will be able to login directly to privileged EXEC mode since his privilege level was configured...

Page 228: ...privilege level 15 so assigning a user a lower privilege level will be of no value A privilege level greater than 15 is invalid and treated as if privilege level zero had been supplied The shell service must be enabled on the TACACS server If this service is not enabled authorization will fail and the user will be denied access to the switch TACACS Authorization Example Administrative Profiles The...

Page 229: ... command accounting rule 89 permit command configure rule 88 permit command password rule 87 permit command username rule 86 permit command show user rule 85 permit command radius server rule 84 permit command tacacs server rule 83 permit mode radius auth config rule 82 permit mode radius acct config rule 81 permit mode tacacs config exit The following describes each line in the above configuratio...

Page 230: ...time the user enters a command a request is sent to the TACACS server to ask if the user is permitted to execute that command Exec authorization does not need to be configured to use per command authorization Apply the following configuration to use TACACS to authorize commands aaa authorization commands taccmd tacacs line telnet authorization commands taccmd exit The following describes each line...

Page 231: ...s interpreted as privilege level 1 The following describes each line in the above configuration The aaa authorization exec rad radius command creates an exec authorization method list called rad that contains the method radius The authorization exec rad command assigns the rad exec authorization method list to be used for users accessing the switch via Telnet Notes If the privilege level is zero t...

Page 232: ...s The switch attempts to use the primary server first if the primary server does not respond the switch attempts to use the backup servers A priority value can be configured to determine the order in which the backup servers are contacted How Does RADIUS Control Management Access Many networks use a RADIUS server to maintain a centralized user database that contains per user authentication informa...

Page 233: ... authenticate and statistically track users RADIUS is also extensible allowing for new methods of authentication to be added without disrupting existing functionality As a user attempts to connect to the switch management interface the switch first detects the contact and prompts the user for a name and password The switch encrypts the supplied information and a RADIUS client transports the reques...

Page 234: ...butes that the switch supports and indicates whether the 802 1X feature user management feature or Captive Portal feature supports the attribute You can configure these attributes on the RADIUS server s when utilizing the switch RADIUS service NOTE To set the privilege level it is recommended to use the Service Type attribute instead of the Cisco AV pair priv lvl attribute Table 10 5 Supported RAD...

Page 235: ...Yes No No 44 ACCT SESSION ID Set by RADIUS client for Accounting Yes No 46 ACCT SESSION TIME Yes Yes No 49 ACCT TERMINATECAUSE Yes No No 52 ACCT INPUTGIGAWORDS Yes No No 53 ACCT OUTPUTGIGAWORDS Yes No No 61 NAS PORT TYPE Yes No No 64 TUNNEL TYPE Yes No No 65 TUNNEL MEDIUM TYPE Yes No No 79 EAP MESSAGE Yes No No 80 MESSAGEAUTHENTICAT OR Set by RADIUS client for Accounting Yes No 81 TUNNEL PRIVATEGR...

Page 236: ...ERMINATION ACTION Indication as to the action taken when the service is completed EAP MESSAGE Contains an EAP message to be sent to the user This is typically used for MAB clients VENDOR SPECIFIC The following Cisco AV Pairs are supported shell priv lvl shell roles FILTER ID Name of the filter list for this user TUNNEL TYPE Used to indicate that a VLAN is to be assigned to the user when set to tun...

Page 237: ...d a user attempts to access the user interface on the switch the switch prompts for the user login credentials and requests services from the TACACS client The client then uses the configured list of servers for authentication and provides results back to the switch Figure 10 2 shows an example of access management using TACACS Figure 10 2 Basic TACACS Topology You can configure the TACACS server ...

Page 238: ...a Which TACACS Attributes Does the Switch Support Table 10 6 lists the TACACS attributes that the switch supports and indicates whether the authorization or accounting service supports sending or receiving the attribute The authentication service does not use attributes You can configure these attributes on the TACACS server s when utilizing the switch TACACS service Table 10 6 Supported TACACS At...

Page 239: ...ntication login defaultList none Authentication login networkList local Authentication enable enableList enable none Authentication enable enableNetList enable Authorization exec dfltExecAuthList none Authorization commands dfltCmdAuthList none Accounting exec dfltExecList tacacs start stop Accounting commands dfltCmdList tacacs stop only Table 10 8 Default AAA Methods AAA Service type Console Tel...

Page 240: ...ccess Line Authentication Authorization HTTP local n a HTTPS local n a 802 1X none none Table 10 10 Default Administrative Profiles Name Description network admin Allows access to all commands network security Allows access to network security features such as 802 1X Voice VLAN Dynamic ARP Inspection and IP Source Guard router admin Allows access to Layer 3 features such as IPv4 Routing IPv6 Routi...

Page 241: ...orization and Accounting 241 CP admin Allows access to the Captive Portal feature network operator Allows access to all User EXEC mode commands and show commands Table 10 10 Default Administrative Profiles Continued Name Description ...

Page 242: ...242 Configuring Authentication Authorization and Accounting ...

Page 243: ...s Monitored The CLI and web based interfaces provide information about physical aspects of the switch such as system health and cable diagnostics as well as information about system events such as management login history The switch also reports system resource usage The system logging utility can monitor a variety of events including the following System events System state changes and errors tha...

Page 244: ...M log or buffered log When the RAM log file reaches the configured maximum size the oldest message is deleted from the RAM when a new message is added If the system restarts all messages are cleared In addition to the RAM log you can specify that log files are sent to the following sources Console If you are connected to the switch CLI through the console port messages display to the screen as the...

Page 245: ...s the first 32 messages received after system reboot The log file stops when it is full The second log type is the system operation log The system operation log stores the last 1000 messages received during system operation The oldest messages are overwritten when the file is full A message is only logged in one file On system startup if the Log file is enabled the startup log stores messages up t...

Page 246: ... and Files on page 359 What Is the Log Message Format The first part of the log message up to the first left bracket is fixed by the Syslog standard RFC 3164 The second part up to the two percent signs is standardized for all Dell Networking logs The variable text of the log message follows The log message is limited to 96 bytes Each log message uses the following format PRI This consists of the f...

Page 247: ...e number The line number which contains the invoking macro Sequence number The message sequence number for this stack component Sequence numbers may be skipped because of filtering but are always monotonically increasing on a per stack member basis Message Contains the text of the log message What Factors Should Be Considered When Configuring Logging Dell recommends that network administrators dep...

Page 248: ...is configured Additionally no mail server is defined If you add a mail server by default no authentication or security protocols are configured and the switch uses TCP port 25 for SMTP After you enable email alerting and configure the mail server and recipient email address log messages with a severity level of emergency and alert are sent immediately with each log message in a separate mail The e...

Page 249: ...ormation The Device Information page displays after you successfully log on to the switch by using the Dell OpenManage Switch Administrator This page is a virtual representation of the switch front panel Use the Device Information page to view information about the port status or system status and the switch stack Click on a port to access the Port Configuration page for the selected port To displ...

Page 250: ...250 Monitoring and Logging System Information Figure 11 2 Stack View For more information about the device view features see Understanding the Device View on page 132 ...

Page 251: ...stem Information 251 System Health Use the Health page to view status information about the switch power and ventilation sources To display the Health page click System General Health in the navigation panel Figure 11 3 Health ...

Page 252: ...mation System Resources Use the System Resources page to view information about memory usage and task utilization To display the System Resources page click System General System Resources in the navigation panel Figure 11 4 System Resources ...

Page 253: ...r Usage History Use the Unit Power Usage History page to view information about switch power consumption To display the Unit Power Usage History page click System General Unit Power Usage History in the navigation panel Figure 11 5 Unit Power Usage History ...

Page 254: ...per cable attached to a port Cables up to 120 meters long can be tested Cables are tested when the ports are in the down state with the exception of the Approximated Cable Length test SFP SFP and QSFP cables with passive copper assemblies are not capable of performing TDR tests To display the Integrated Cable Test for Copper Cables page click System Diagnostics Integrated Cable Test in the navigat...

Page 255: ...7 Integrated Cable Test Summary Optical Transceiver Diagnostics Use the Transceiver Diagnostics page to perform tests on Fiber Optic cables To display the Transceiver Diagnostics page click System Diagnostics Transceiver Diagnostics in the navigation panel NOTE Optical transceiver diagnostics can be performed only when the link is present ...

Page 256: ...ring and Logging System Information Figure 11 8 Transceiver Diagnostics To view a summary of all optical transceiver diagnostics tests performed click the Show All link Figure 11 9 Transceiver Diagnostics Summary ...

Page 257: ...d flash based log file The Severity table lists log messages from the highest severity Emergency to the lowest Debug When you select a severity level all higher levels are automatically selected To prevent log messages from being sent to the console RAM log or flash log file clear all check boxes in the Severity column To display the Global Settings page click System Logs Global Settings in the na...

Page 258: ... the RAM Log page to view information about specific RAM cache log entries including the time the log was entered the log severity and a description of the log To display the RAM Log click System Logs RAM Log in the navigation panel Figure 11 11 RAM Log Table ...

Page 259: ...cription of the log To display the Log File click System Logs Log File in the navigation panel Figure 11 12 Log File Syslog Server Use the Remote Log Server page to view and configure the available syslog servers to define new syslog servers and to set the severity of the log events sent to the syslog server To display the Remote Log Server page click System Logs Remote Log Server ...

Page 260: ...emote Log Server Adding a New Remote Log Server To add a syslog server 1 Open the Remote Log Server page 2 Click Add to display the Add Remote Log Server page 3 Specify the IP address or hostname of the remote server 4 Define the UDP Port and Description fields ...

Page 261: ...everity of the messages to send to the remote server 6 Click Apply Click the Show All link to view or remove remote log servers configured on the system Figure 11 15 Show All Log Servers NOTE When you select a severity level all higher numerically lower severity levels are automatically selected ...

Page 262: ...Email Alert Global Configuration page click System Email Alerts Email Alert Global Configuration in the navigation panel Figure 11 16 Email Alert Global Configuration Email Alert Mail Server Configuration Use the Email Alert Mail Server Configuration page to configure information about the mail server the switch uses for sending email alert messages To display the Email Alert Mail Server Configura...

Page 263: ...tion page 2 Click Add to display the Email Alert Mail Server Add page 3 Specify the hostname of the mail server Figure 11 18 Add Mail Server 4 Click Apply 5 If desired click Configuration to return to the Email Alert Mail Server Configuration page to specify port and security settings for the mail server Click the Show All link to view or remove mail servers configured on the switch ...

Page 264: ...ubject line for email alerts that are sent by the switch You can customize the subject for the message severity and entry status To display the Email Alert Subject Configuration page click System Email Alerts Email Alert Subject Configuration in the navigation panel Figure 11 20 Email Alert Subject Configuration To view all configured email alert subjects click the Show All link ...

Page 265: ...e email alerts are sent You can configure multiple recipients and associate different message severity levels with different recipient addresses To display the Email Alert To Address Configuration page click System Email Alerts Email Alert To Address Configuration in the navigation panel Figure 11 22 Email Alert To Address Configuration To view configured recipients click the Show All link ...

Page 266: ... Alert Statistics Use the Email Alert Statistics page to view the number of emails that were successfully and unsuccessfully sent and when emails were sent To display the Email Alert Statistics page click System Email Alerts Email Alert Statistics in the navigation panel Figure 11 24 Email Alert Statistics ...

Page 267: ...Command Purpose show system Display various system information show system power Displays the power supply status show system temperature Displays the system temperature and fan status show memory cpu Displays the total and available RAM space on the switch show process cpu Displays the CPU utilization for each process currently running on the switch locate switch unit time time Enable the switch ...

Page 268: ...ied port SFP SFP and QSFP cables with passive copper assemblies are not capable of performing TDR tests CAUTION Issuing the test copper port tdr command will bring the interface down NOTE To ensure accurate measurements disable all Green Ethernet modes EEE or energy detect mode on the port before running the test The interface is specified in unit slot port format For example 1 0 3 is GbE interfac...

Page 269: ... Optionally you can define a logging discriminator to help filter log messages and set the severity of the messages to log buffered Enables logging to the RAM file cache If the switch resets the buffered logs are cleared console Enables logging to the screen when you are connected to the CLI through the console port file Enables logging to the startup and operational log files on the flash discrim...

Page 270: ...lobal Configuration mode logging ip address hostname Define a remote log server and enter the configuration mode for the specified log server description description Describe the log server Use up to 64 characters If the description includes spaces surround it with quotation marks level severity Specify the severity level of the logs that should be sent to the remote log server For information abo...

Page 271: ...nfiguration mode for the mail server security tlsvl none Optional Specify the security protocol to use with the mail server port 25 465 Configure the TCP port to use for SMTP which can be 25 SMTP or 465 SMTP over SSL username username If the SMTP server requires authentication specify the username to use for the switch The same username and password settings must be configured on the SMTP host pas...

Page 272: ...For information about severity levels see Table 11 1 Log messages below the specified level are not emailed logging email urgent severity none Determine which log messages are critical and should be sent in a single email as soon as they are generated severity Optional Enter the number or name of the severity level for critical messages For information about severity levels see Table 11 1 logging ...

Page 273: ...recipient to verify that the feature is properly configured CTRL Z Exit to Privileged EXEC mode show logging email config View the configured settings for email alerts show logging email statistics View information about the number of emails sent and the time they were sent clear logging email statistics Clear the email alerting statistics Command Purpose ...

Page 274: ...n the console and sent to a remote syslog server To configure the switch 1 Enable switch auditing and CLI command logging console configure console config logging audit console config logging cli command 2 Specify where the logs are sent locally and what severity level of message is to be logged You can specify the severity as the level number as shown in the first two commands or as the keyword s...

Page 275: ...Messages 748 Dropped Buffer Logging level notifications Buffer Messages 79 Logged File Logging level critical File Messages 973 Dropped CLI Command Logging enabled Switch Auditing enabled Web Session Logging disabled SNMP Set Command Logging disabled Syslog server 192 168 2 10 logging debug Messages 0 dropped 412 Messages dropped due to lack of resources Buffer Log 186 FEB 02 05 53 03 0 0 0 0 1 UN...

Page 276: ...a severity of alert critical and error levels 1 3 will be sent in a single email every 120 minutes Warning notice info and debug messages are not sent in an email The email the administrator will in the inbox has a format similar to the following Figure 11 25 Email Alert Message Format For emergency level messages the subject is LOG MESSAGE EMERGENCY For messages with a severity level of alert cri...

Page 277: ...tch console config logging email from addr N3048_noreply dell com 5 Specify the address where email alerts should be sent console config logging email message type both to addr administrator dell com 6 Specify the text that will appear in the email alert Subject line console config logging email message type urgent subject LOG MESSAGES EMERGENCY console config logging email message type non urgent...

Page 278: ...el 0 Email Alert Non Urgent Severity Level 3 Email Alert Trap Severity Level 6 Email Alert Notification Period 120 min Email Alert To Address Table For Msg Type 1 Address1 administrator dell com For Msg Type 2 Address1 administrator dell com Email Alert Subject Table For Msg Type 1 subject is LOG MESSAGES EMERGENCY For Msg Type 2 subject is LOG MESSAGE ...

Page 279: ...iew Default General System Information Configuring General System Settings Web Configuring System Settings CLI General System Settings Configuration Examples System Settings Overview The system settings include the information described in Table 12 1 This information helps identify the switch Table 12 1 System Information Feature Description System Name The switch name host name If you change the ...

Page 280: ... a switch or router can use for various features For more information see What Are SDM Templates on page 281 Table 12 2 Time Settings Feature Description SNTP Controls whether the switch obtains its system time from an SNTP server and whether communication with the SNTP server requires authentication and encryption You can configure information for up to eight SNTP servers The SNTP client on the s...

Page 281: ...image upgrade What Are SDM Templates An SDM template is a description of the maximum resources a switch or router can use for various features Different SDM templates allow different combinations of scaling factors enabling different allocations of resources depending on how the device is used In other words SDM templates enable you to reallocate system resources to support a different mix of feat...

Page 282: ... IPv6 unicast routes N2000 N3000 N4000 128 4096 4096 0 4096 4096 0 0 0 0 0 0 ECMP next hops N2000 N3000 N4000 1 4 4 0 16 4 1 16 16 0 0 16 IPv4 multicast routes N2000 N3000 N4000 0 1536 512 0 1536 512 0 2048 1024 0 0 2048 IPv6 multicast routes N2000 N3000 N4000 0 512 256 0 512 256 0 0 0 0 0 0 Table 12 3 SDM Template Parameters and Values Continued Parameter Dual IPv4 IPv6 Dual IPv4 IPv6 Data Center...

Page 283: ...e established by Stratums Stratums define the accuracy of the reference clock The higher the stratum where zero is the highest the more accurate the clock The switch is at a stratum that is one lower than its time source For example if the SNTP server in an internal network is a Stratum 3 device the switch is a Stratum 4 device You can configure the switch to request the time from an SNTP server o...

Page 284: ...For information about the slots and the supported modules see Hardware Overview on page 91 You can preconfigure the card type prior to inserting it into the switch Hot swap is supported on the N3000 N4000 switch modules However the switch must be rebooted for the new module to be recognized after it is inserted Before inserting a new module into the expansion slot that was previously occupied by a...

Page 285: ... in order to provide power to higher priority ports Per Port Power Limit Configurable power limit for each PoE Plus port Power Management Modes Supports two power management modes Static Allows you to reserve a guaranteed amount of power for a PoE port This is useful for powering up devices which draw variable amount of power and provide them an assured power range to operate within Dynamic Power ...

Page 286: ...t AC Disconnect Assumes that when a valid PD is connected to a port the AC impedance measured on its terminals is significantly lower than in the case of an open port disconnected PD DC Disconnect Measures current consumption to determine when a PD stops consuming current Table 12 5 PoE Plus Key Features N2024P N2048P N3024P N3048P Only Feature Description Global Usage Threshold 0 Per Port Admin S...

Page 287: ...0 N3000 and N4000 series switches For details about the fields on a page click at the top of the page System Information Use the System Information page to configure the system name contact name location and asset tag To display the System Information page click System General System Information in the navigation panel Figure 12 1 System Information NOTE From the System Information page you can al...

Page 288: ...rmation page click the Telnet link 2 Click the Telnet button Figure 12 2 Telnet 3 Select the Telnet client and click OK Figure 12 3 Select Telnet Client NOTE The Telnet client feature does not work with Microsoft Windows Internet Explorer 7 and later versions Initiating this feature from any browser running on a Linux operating system is not supported ...

Page 289: ...Managing General System Settings 289 The selected Telnet client launches and connects to the switch CLI Figure 12 4 Telnet Session ...

Page 290: ...igure a message for the switch to display when a user connects to the switch by using the CLI You can configure different banners for various CLI modes and access methods To display the CLI Banner page click System General CLI Banner in the navigation panel Figure 12 5 CLI Banner ...

Page 291: ...ate resource settings and to select the template that the switch uses If you select a new SDM template for the switch to use you must reboot the switch before the template is applied To display the SDM Template Preference page click System General SDM Template Preference in the navigation panel Figure 12 6 SDM Template Preference ...

Page 292: ...the Clock page The Clock page also displays information about the time settings configured on the switch To display the Clock page click System Time Synchronization Clock in the navigation panel Figure 12 7 Clock NOTE The system time cannot be set manually if the SNTP client is enabled Use the SNTP Global Settings page to enable or disable the SNTP client ...

Page 293: ...or disable the SNTP client configure whether and how often the client sends SNTP requests and determine whether the switch can receive SNTP broadcasts To display the SNTP Global Settings page click System Time Synchronization SNTP Global Settings in the navigation panel Figure 12 8 SNTP Global Settings ...

Page 294: ...ed encryption key ID Click System Time Synchronization SNTP Authentication in the navigation panel to display the SNTP Authentication page Figure 12 9 SNTP Authentication Adding an SNTP Authentication Key To configure SNTP authentication 1 Open the SNTP Authentication page 2 Click the Add link The Add Authentication Key page displays NOTE The SNTP server must be configured with the same authentica...

Page 295: ...server select the Trusted Key check box If the check box is clear the key is untrusted and cannot be used for authentication 5 Click Apply The SNTP authentication key is added and the device is updated To view all configured authentication keys click the Show All link The Authentication Key Table displays You can also use the Authentication Key Table to remove or edit existing keys Figure 12 11 Au...

Page 296: ...itch can accept time information from both IPv4 and IPv6 SNTP servers To display the SNTP Server page click System Time Synchronization SNTP Server in the navigation panel If no servers have been configured the fields in the following image are not displayed Figure 12 12 SNTP Servers Defining a New SNTP Server To add an SNTP server 1 Open the SNTP Servers page 2 Click Add The Add SNTP Server page ...

Page 297: ...address IPv6 address or a hostname DNS 5 If you require authentication between the SNTP client on the switch and the SNTP server select the Encryption Key ID check box and then select the key ID to use To define a new encryption key see Adding an SNTP Authentication Key on page 294 NOTE The SNTP server must be configured with the same authentication information to allow time synchronization to tak...

Page 298: ...System Settings To view all configured SNTP servers click the Show All link The SNTP Server Table displays You can also use the SNTP Server Table page to remove or edit existing SNTP servers Figure 12 14 SNTP Servers Table ...

Page 299: ...page click System Time Synchronization Summer Time Configuration in the navigation panel Figure 12 15 Summer Time Configuration To use the preconfigured summer time settings for the United States or European Union select the Recurring check box and specify USA or EU from the Location menu NOTE The fields on the Summer Time Configuration page change when you select or clear the Recurring check box ...

Page 300: ...igure time zone information including the amount time the local time is offset from UTC and the acronym that represents the local time zone To display the Time Zone Configuration page click System Time Synchronization Time Zone Configuration in the navigation panel Figure 12 16 Time Zone Configuration ...

Page 301: ... page to control the administrative status of the rear panel expansion slots Slot 1 or Slot 2 and to configure the plug in module to use in the slot To display the Card Configuration page click Switching Slots Card Configuration in the navigation panel Figure 12 17 Card Configuration ...

Page 302: ...l System Settings Slot Summary Use the Slot Summary page to view information about the expansion slot status To display the Slot Summary page click Switching Slots Summary in the navigation panel Figure 12 18 Slot Summary ...

Page 303: ...pported Cards Use the Supported Cards page to view information about the supported plug in modules for the switch To display the Supported Cards page click Switching Slots Supported Cards in the navigation panel Figure 12 19 Supported Cards ...

Page 304: ...4P N2048P and N3024P N3048P Only Use the PoE Global Configuration page to configure the PoE settings for the switch To display the PoE Global Configuration page click System General Power over Ethernet Global Configuration in the navigation panel Figure 12 20 PoE Global Configuration ...

Page 305: ...per port PoE settings From this page you can also access the PoE Counters table and PoE Port Table The PoE Port table allows you to view and configure PoE settings for multiple ports on the same page To display the PoE Interface Configuration page click System General Power over Ethernet Interface Configuration in the navigation panel Figure 12 21 PoE Interface Configuration ...

Page 306: ...for each port click Counters Figure 12 22 PoE Counters Table To view the PoE Port Table click Show All Figure 12 23 PoE Port Table If you change any settings for one or more ports on the PoE Port Table page click Apply to update the switch with the new settings ...

Page 307: ...o configure system information Command Purpose configure Enter Global Configuration mode hostname name Configure the system name The CLI prompt changes to the host name after you execute the command snmp server contact name Configure the name of the switch administrator If the name contains a space use quotation marks around the name snmp server location location Configure the switch location asse...

Page 308: ...sage that displays when you connect to the switch motd and login or enter User EXEC mode exec Use quotation marks around a message if it includes spaces line telnet ssh console Enter the terminal line configuration mode for Telnet SSH or the console motd banner Specify that the configured MOTD banner displays To prevent the banner from displaying enter no motd banner exec banner Specify that the c...

Page 309: ... with the same authentication information to allow time synchronization to take place between the two devices Command Purpose configure Enter Global Configuration mode sdm prefer dual ipv4 and ipv6 default ipv4 routing data center default Select the SDM template to apply to the switch after the next boot CTRL Z Exit to Privileged EXEC mode show sdm prefer template View information about the SDM te...

Page 310: ... determines which server the switch polls first The priority is 1 8 where 1 is the highest priority If you do not specify a priority the servers are polled in the order that they are entered key_id Optional Enter an authentication key to use The key must be previously defined by the sntp authentication key command sntp unicast broadcast client enable This command enables the SNTP client and allows...

Page 311: ... 13 minutes offset Minutes difference from UTC Range 0 59 acronym The acronym for the time zone Range Up to four characters clock summer time recurring usa eu week day month hh mm week day month hh mm offset offset zone acronym Use this command if the summer time starts and ends every year based on a set pattern For switches located in the United States or European Union use the usa or eu keywords...

Page 312: ...inutes Range hh 0 23 mm 0 59 offset Number of minutes to add during the summertime Range 1 1440 acronym The acronym for the time zone to be displayed when summertime is in effect Range Up to four characters CTRL Z Exit to Privileged EXEC mode show clock detail View information about the time Include the detail keyword to view information about the time zone and summer time Command Purpose configur...

Page 313: ... variable range 1 99 is a percentage of total system power power inline management class static dynamic Set the power management mode for the switch power inline detection dot3af dot3af legacy Set the power management mode for the switch 802 3af only IEEE 802 3af detection scheme is used 802 3af legacy IEEE 802 3af 4point detection scheme is used and when it fails to detect a connected PD legacy c...

Page 314: ...r defined limit Allows the port to draw up to user defined configured value The range of limit is 3000 32000 milliwatts power inline powered device type Provide a description to represent the type of device connected to the port power inline reset Optional Reset the port You might use this command if the port is stuck in an Error state CTRL Z Exit to Privileged EXEC mode show power inline Display ...

Page 315: ...ert other switch administrators of the connected topology To configure the switch 1 Configure the hosts name console configure console config hostname N2048 2 Configure the contact location and asset tag Notice that the prompt changed to the host name N2048 config snmp server contact Jane Doe N2048 config snmp server location RTP100 N2048 config asset tag 006429 3 Configure the message that displa...

Page 316: ...stem Model ID N2048 Machine Type Dell Networking N2048 Temperature Sensors Unit Temperature Celsius Status 1 43 OK Power Supplies Unit Description Status Source 1 Main OK AC 1 Secondary Error DC Temperature Sensors Unit Description Temperature Status Celsius 1 CPU 33 Good 1 MAC 39 Good 1 Left PHY 32 Good 1 Right PHY 33 Good Fans Unit Description Status 1 Fan 1 OK 1 Fan 2 OK 1 Fan 3 OK ...

Page 317: ...formation about the system N2048 show system id Service Tag Chassis Service Tag N A Serial Number 7048NX1011 Asset Tag unit 1 Unit Service tag Chassis Serv tag Serial number Asset tag 1 N A 70498NX1011 unit 1 Service Tag 0000000 Chassis Service Tag Serial Number TW282987BK0002 Asset Tag 111222 Unit Service tag Chassis Serv tag Serial number Asset tag 1 0000000 TW282987BK0002 111222 6 Initiate a ne...

Page 318: ...318 Managing General System Settings Figure 12 24 Verify MOTD ...

Page 319: ...3456465 md5 sntpkey console config sntp trusted key 23456465 console config sntp authenticate 2 Specify the IP address of the SNTP server to poll and include the authentication key This command automatically enables polling and sets the priority to 1 console config sntp server 192 168 10 30 key 23456465 console config sntp unicast client enable 3 Verify the configuration console show sntp configur...

Page 320: ...l System Settings 4 View the SNTP status on the switch console show sntp status Client Mode Unicast Last Update Time MAR 01 09 12 43 2010 Unicast servers Server Status Last response 192 168 10 30 Other 09 12 43 Mar 1 2011 ...

Page 321: ...ure console config clock timezone 5 zone EST 2 Configure the summer time daylight saving time to use the preconfigured settings for the United States console config clock summer time recurring us 3 Set the local time and date console config clock set 16 13 06 03 01 2010 4 Verify the time settings console show clock detail 00 27 19 EST UTC 5 00 Feb 3 2039 No time source Time zone Acronym is EST Off...

Page 322: ...322 Managing General System Settings ...

Page 323: ...of a device through communication between an SNMP manager and an SNMP agent on the remote device The SNMP manager is typically part of a Network Management System NMS that runs on an administrative host The switch software includes Management Information Base MIB objects that the SNMP agent queries and modifies The switch uses standard public MIBs and private MIBs A MIB acts as a structured road m...

Page 324: ...hentication Timeliness Protects against message delay or message redundancy The SNMP agent compares incoming message to the message time information Key Management Defines key generation key updates and key use Authentication or Privacy Keys are modified in the SNMPv3 User Security Model USM What Are SNMP Traps SNMP is frequently used to monitor systems for fault conditions such as temperature vio...

Page 325: ...h Default SNMP Values By default SNMPv2 is automatically enabled on the device SNMPv1 and SNMPv3 are disabled To enable SNMPv3 you must define a local engine ID for the device The local engineID is by default set to the switch MAC address however when the switch operates in a stacking mode it is important to manually configure the local engineID for the stack This local engineID must be defined so...

Page 326: ...Portal traps Disabled OSPF traps Disabled Table 13 2 SNMP Default Views View Name OID Subtree View Type Default iso Included snmpVacmMIB Excluded usmUser Excluded snmpCommunityTable Excluded DefaultSuper iso Included Table 13 3 SNMP Default Groups Group Name Security Level Read Write Notify DefaultRead No Auth No Priv Default Default DefaultWrite No Auth No Priv Default Default Default DefaultSupe...

Page 327: ...s on a page click at the top of the page SNMP Global Parameters Use the Global Parameters page to enable SNMP and Authentication notifications To display the Global Parameters page click System SNMP Global Parameters in the navigation panel Figure 13 1 SNMP Global Parameters NOTE For some features the control to enable or disable traps is available from a configuration page for that feature and no...

Page 328: ...ccessible and which are blocked You can create a view that includes or excludes OIDs corresponding to interfaces To display the View Settings page click System SNMP View Settings in the navigation panel Figure 13 2 SNMP View Settings Adding an SNMP View To add a view 1 Open the View Settings page 2 Click Add The Add View page displays ...

Page 329: ...gure 13 3 Add View 3 Specify a name for the view and a valid SNMP OID string 4 Select the view type 5 Click Apply The SNMP view is added and the device is updated Click Show All to view information about configured SNMP Views ...

Page 330: ... network managers to assign access rights to specific device features or features aspects To display the Access Control Group page click System SNMP Access Control in the navigation panel Figure 13 4 SNMP Access Control Group Adding an SNMP Group To add a group 1 Open the Access Control Configuration page 2 Click Add The Add an Access Control Configuration page displays ...

Page 331: ...s Control Group 3 Specify a name for the group 4 Select a security model and level 5 Define the context prefix and the operation 6 Click Apply to update the switch Click Show All to view information about existing access control configurations ...

Page 332: ...Security Model in the navigation panel Figure 13 6 SNMPv3 User Security Model Adding Local SNMPv3 Users to a USM To add local users 1 Open the User Security Model page 2 Click Add Local User The Add Local User page displays NOTE You can also use the Local User Database page under Management Security to configure SNMPv3 settings for users For more information see Configuring Authentication Authoriz...

Page 333: ... update the switch Click Show All to view the User Security Model Table which contains information about configured Local and Remote Users Adding Remote SNMPv3 Users to a USM To add remote users 1 Open the SNMPv3 User Security Model page 2 Click Add Remote User The Add Remote User page displays ...

Page 334: ...SNMP Figure 13 8 Add Remote Users 3 Define the relevant fields 4 Click Apply to update the switch Click Show All to view the User Security Model Table which contains information about configured Local and Remote Users ...

Page 335: ...ames are changed access rights are also changed SNMP Communities are defined only for SNMP v1 and SNMP v2 To display the Communities page click System SNMP Communities in the navigation panel Figure 13 9 SNMP Communities Adding SNMP Communities To add a community 1 Open the Communities page 2 Click Add The Add SNMPv1 2 Community page displays ...

Page 336: ...f an SNMP management station and the community string to act as a password that will authenticate the management station to the SNMP agent on the switch 4 Select the access mode 5 Click Apply to update the switch Click Show All to view the communities that have already been configured ...

Page 337: ...or a feature aspect The Notification Filter page also allows you to filter notifications To display the Notification Filter page click System SNMP Notification Filters in the navigation panel Figure 13 11 SNMP Notification Filter Adding a Notification Filter To add a filter 1 Open the Notification Filter page 2 Click Add The Add Filter page displays ...

Page 338: ...n about the filters that have already been configured Notification Recipients Use the Notification Recipients page to view information for defining filters that determine whether traps are sent to specific users and the trap type sent SNMP notification filters provide the following services Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Con...

Page 339: ...Configuring SNMP 339 Figure 13 13 SNMP Notification Recipient Adding a Notification Recipient To add a recipient 1 Open the Notification Recipient page 2 Click Add The Add Recipient page displays ...

Page 340: ...you use 6 Configure information about the port on the recipient 7 Click Apply to update the switch Click Show All to view information about the recipients that have already been configured Trap Flags The Trap Flags page is used to specify which traps you want to enable or disable When the condition identified by an active trap is encountered by the switch a trap message is sent to any enabled SNMP...

Page 341: ... Trap Flags page is used to specify which OSPFv2 traps you want to enable or disable When the condition identified by an active trap is encountered by the switch a trap message is sent to any enabled SNMP Trap Receivers and a message is written to the trap log To access the OSPFv2 Trap Flags page click Statistics RMON Trap Manager OSPFv2 Trap Flags in the navigation panel ...

Page 342: ...v3 traps you want to enable or disable When the condition identified by an active trap is encountered by the switch a trap message is sent to any enabled SNMP Trap Receivers and a message is written to the trap log To access the OSPFv3 Trap Flags page click Statistics RMON Trap Manager OSPFv3 Trap Flags in the navigation panel ...

Page 343: ...43 Figure 13 17 OSPFv3 Trap Flags Trap Log The Trap Log page is used to view entries that have been written to the trap log To access the Trap Log page click Statistics RMON Trap Manager Trap Log in the navigation panel ...

Page 344: ...344 Configuring SNMP Figure 13 18 Trap Logs Click Clear to delete all entries from the trap log ...

Page 345: ... use the default keyword to configure the Engine ID the following guidelines are recommended For standalone switches use the default keyword to configure the Engine ID For a stack of switches configure your own EngineID and verify that is unique within your administrative domain Changing the value of SNMP EngineID has important side effects A user s password entered on the command line is converte...

Page 346: ...to Privileged EXEC mode show snmp engineid View the local SNMP engine ID Command Purpose configure Enter Global Configuration mode snmp server view view name oid tree included excluded Configure the SNMP view When you configure groups users and communities you can specify a view to associate with the group user or community view name Specifies the name of the view Range 1 30 characters oid tree Sp...

Page 347: ...MP Version 2 security model v3 Indicates the SNMP Version 3 security model noauth Indicates no authentication of a packet Applicable only to the SNMP Version 3 security model auth Indicates authentication of a packet without encrypting it Applicable only to the SNMP Version 3 security model priv Indicates authentication of a packet with encryption Applicable only to the SNMP Version 3 security mod...

Page 348: ...to informs Range 5 32 characters auth md5 The HMAC MD5 96 authentication level auth sha The HMAC SHA 96 authentication level password A password Range 1 to 32 characters auth md5 key The HMAC MD5 96 authentication level Enter a pregenerated MD5 key auth sha key The HMAC SHA 96 authentication level Enter a pregenerated SHA key md5 key Character string length 32 hex characters sha key Character stri...

Page 349: ...me ipaddress ip_address Configure the community string and specify access criteria for the community community string Acts as a password and is used to authenticate the SNMP management station to the switch The string must also be defined on the NMS in order for the NMS to access the SNMP agent on the switch Range 1 20 characters ro Indicates read only access rw Indicates read write access view na...

Page 350: ...Community string that acts like a password and permits access to the SNMP protocol Range 1 20 characters group name Name of a previously defined group The group defines the objects available to the community Range 1 30 characters ip address Management station IP address Default is all IP addresses exit Exit to Privileged EXEC mode show snmp View SNMP settings and verify the configuration Command P...

Page 351: ...se the CLI command help or see the CLI Command Reference snmp server filter filter name oid tree included excluded Configure a filter for SNMP traps and informs based on OIDs Each OID is linked to a device feature or a feature aspect filter name Specifies the label for the filter record that is being updated or created The name is used to reference the record Range 1 30 characters oid tree Specifi...

Page 352: ...re resending informs The default is 15 seconds Range 1 300 characters retries Maximum number of times to resend an inform request The default is 3 attempts traps Indicates that SNMP traps are sent to this host version 1 Indicates that SNMPv1 traps will be used version 2 Indicates that SNMPv2 traps will be used community string Specifies a password like community string sent with the notification o...

Page 353: ...t without authentication auth Specifies authentication of a packet without encrypting it priv Specifies authentication and encryption of a packet seconds Number of seconds to wait for an acknowledgment before resending informs This is not allowed for hosts configured to send traps The default is 15 seconds Range 1 300 seconds retries Maximum number of times to resend an inform request This is not ...

Page 354: ... features that produce traps The traps are sent to the host with an IP address of 192 168 3 65 using the community string public To configure the switch 1 Configure the public community string console configure console config snmp server community public ro 2 Configure the private community string console config snmp server community private rw 3 Enable all traps and specify the IP address of the ...

Page 355: ...supplying the appropriate authentication credentials secretkey To configure the switch 1 Configure the view view_snmpv3 and specify the objects to include console configure console config snmp server view view_snmpv3 internet included 2 Create the group group_snmpv3 and allow read write access to the view configured in the previous step console config snmp server group group_snmpv3 v3 auth read vi...

Page 356: ...itch The output includes the SNMPv1 2 configuration in the previous example console show snmp Community String Community Access View Name IP Address private Read Write Default All public Read Only Default All Traps are enabled Authentication trap is enabled Version 1 2 notifications Version 3 notifications System Contact System Location Community String Group Name IP Address private DefaultWrite A...

Page 357: ... Read Views Write Notify DefaultRead V1 NoAuth NoPriv Default Default DefaultRead V2 NoAuth NoPriv Default Default DefaultSuper V1 NoAuth NoPriv DefaultSu per Default Super Default Super DefaultSuper V2 NoAuth NoPriv DefaultSu per Default Super Default Super DefaultWrite V1 NoAuth NoPriv Default Default Default DefaultWrite V2 NoAuth NoPriv Default Default Default group_snmpv3 V3 Auth NoPriv view_...

Page 358: ...358 Configuring SNMP ...

Page 359: ... maintain several different types of files on the flash file system Table 14 1 describes the files that you can manage The table also lists the type of action you can take on the file which is one or more of the following Download the file to the switch from a remote system or USB flash drive Upload the file from the switch to a remote system or USB flash drive Copy the file from one location on t...

Page 360: ... Upload Copy An additional configuration file that serves as a backup Configuration script Download Upload Text file with CLI commands When you activate a script on the switch the commands are executed and added to the running config Log files Upload Provides various information about events that occur on the switch For more information see Monitoring and Logging System Information SSH key files D...

Page 361: ...d as follows Switch name v version number stk Where the switch name is N4000 Dell Networking 4000 series switch firmware for SSL certificate files Download Contains information to encrypt authenticate and validate HTTPS sessions The switch supports the following files for SSL SSL Trusted Root Certificate File PEM Encoded SSL Server Certificate File PEM Encoded SSL Diffie Hellman Weak Encryption Pa...

Page 362: ...stk N4000 series switch firmware version 6 1 0 1 This is the first build for the first minor release after the 6 0 major release i e release 6 1 Configuration Files Configuration files contain the CLI commands that change the switch from its default configuration The switch can maintain three separate configuration files startup config running config and backup config The switch loads the startup ...

Page 363: ...tch To manually edit the file You might download a configuration file from a remote server to the switch for the following reasons To restore a previous configuration To load the configuration copied from another switch To load the same configuration file on multiple switches Use a text editor to open a configuration file and view or change its contents SSH SSL Files If you use OpenManage Switch A...

Page 364: ...ile name Managing Images When you download a new image to the switch it overwrites the backup image if it exists To use the new image you must activate it and reload the switch The image that was previously the active image becomes the backup image after the switch reloads If you upgrade to a newer image and find that it is not compatible with your network you can revert to the original image If y...

Page 365: ...our of ten commands and the script fails the script stops at four and the final six commands are not executed Scripts cannot be modified or deleted while being applied Validation of scripts checks for syntax errors only It does not validate that the script will run The file extension must be scr A maximum of seven scripts are allowed on the switch The combined size of all script files on the switc...

Page 366: ... SNMP to upload a configuration file to a TFTP server the agentTransferUploadFileName object must be set to the local filename which is either startup config or backup config How Is the Running Configuration Saved Changes you make to the switch configuration while the switch is operating are written to the running config These changes are not automatically written to the startup config When you re...

Page 367: ...iles on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page File System Use the File System page to view a list of the files on the device and to modify the image file descriptions To display the File System page click System File Management File System in the navigation panel Figure 14 1 File System ...

Page 368: ... the switch boots If you change the boot image it does not become the active image until you reset the switch On the N4000 series switches the images are named active and backup NOTE To display the Active Images page click System File Management Active Images in the navigation panel Figure 14 2 Active Images ...

Page 369: ... un mounted by the operator before removing it from the switch If a new USB flash drive is installed without un mounting the previous drive the new flash drive may not be recognized If a USB flash drive is removed without un mounting it un mount the flash drive i e use the command unmount usb and remove and reinstall the USB flash drive in the switch To display the USB Flash Drive page click Syste...

Page 370: ...configuration ASCII files from a remote server to the switch To display the File Download page click System File Management File Download in the navigation panel Figure 14 4 File Download Downloading Files To download a file to the switch 1 Open the File Download page 2 Select the type of file to download to the switch 3 Select the transfer mode ...

Page 371: ... of the server that contains the file to download the name of the file and the path on the server where it is located For SFTP and SCP provide the user name and password 6 Click Apply to begin the download Figure 14 5 File Download in Progress 7 The file is downloaded to the switch NOTE If you are using HTTPS to manage the switch the download method will be HTTPS NOTE After you start a file downlo...

Page 372: ...click System File Management File Upload in the navigation panel Figure 14 6 File Upload Uploading Files To upload a file from the switch to a remote system 1 Open the File Upload page 2 Select the type of file to download to the remote server 3 Select the transfer mode If you select a transfer mode that requires authentication additional fields appear in the Upload section If you select HTTP as t...

Page 373: ...for the file For SFTP and SCP provide the user name and password 6 Click Apply to begin the upload 7 The file is uploaded to the specified location on the remote server NOTE If you are using HTTPS to manage the switch the download method will be HTTPS NOTE For some file uploads and methods the page refreshes and a transfer status field appears to indicate the number of bytes transferred The web in...

Page 374: ...h one or all members of a stack Copy the running startup or backup configuration file to the startup or backup configuration file Restore the running configuration to the factory default settings To display the Copy Files page click System File Management Copy Files in the navigation panel Figure 14 8 Copy Files ...

Page 375: ... example shows how to use TFTP to download the image NOTE Upload download and copy functions use the copy command The basic syntax for the command is copy source destination This section shows several different ways to use the copy command Command Purpose copy tftp ip address hostname path file name image Use TFTP to download the firmware image at the specified source to the non active image If th...

Page 376: ...e image after the switch resets Images on the N4032 N4064 are named active and backup For N4000 series switches use the following command boot system active backup reload Reboot the switch to make the new image the active image You are prompted to verify that you want to continue Command Purpose ...

Page 377: ...e Remove the specified file erase startup config backup image backup config Erase the startup configuration the backup configuration or the backup image copy startup config backup config Save the startup configuration to the backup configuration file copy running config startup config Copy the current configuration to the startup configuration This saves the current configuration to NVRAM show sta...

Page 378: ...up configuration file copy running config startup config Copy the current configuration to the startup configuration This saves the current configuration to NVRAM show startup config View the contents of the startup config file show running config View the contents of the running config file Command Purpose ...

Page 379: ...ash device details dir usb Display USB device contents and memory statistics copy usb filename backup config image running config script filename startup config filename Copy the specified file from the USB flash device to the specified file in internal flash unmount usb Make the USB flash device inactive Command Purpose copy file scp user ip address hostname path file name Adds a description to a...

Page 380: ...script dest name Downloads the specified script from the remote server to the switch Password entry After you enter the copy command the CLI prompts you for the password associated with the username script validate script name Checks the specified script for syntax errors The script is automatically validated when you download it to the switch You can validate again with this command script list V...

Page 381: ...s to prepare the download and then download and upgrade the switch image 1 Check the connectivity between the switch and the TFTP server console ping 10 27 65 103 Pinging 10 27 65 103 with 0 bytes of data Reply From 10 27 65 103 icmp_seq 0 time 10 msec Reply From 10 27 65 103 icmp_seq 1 time 10 msec Reply From 10 27 65 103 icmp_seq 2 time 10 msec Reply From 10 27 65 103 icmp_seq 3 time 10 msec 10 ...

Page 382: ...must verify that you want to start the download The downloaded image replaces the currently inactive image which may be image1 or image2 Use either the active or backup keyword to have the image to replace the specified image type which takes effect only after a reboot In the following example the active image is replaced console copy tftp 10 27 65 103 images dell_0308 stk imageactive Mode TFTP un...

Page 383: ...file type you selected for replacement in step 4 console boot system activeimage2 Activating image activeimage2 6 View information about the current image console show bootvar Image Descriptions image1 image2 Images currently available on Flash 7 Copy the running configuration to the startup configuration to save the current configuration to NVRAM console copy running config startup config This op...

Page 384: ...s how to create a configuration script that adds three hostname to IP address mappings to the host table To configure the switch 1 Open a text editor on an administrative computer and type the commands as if you were entering them by using the CLI Figure 14 10 Create Config Script 2 Save the file with an scr extension and copy it to the appropriate directory on your TFTP server 3 Download the file...

Page 385: ...e script successfully downloads it is automatically validated for correct syntax Are you sure you want to start y n y 135 bytes transferred Validating configuration script configure exit configure ip host labpc1 192 168 3 56 ip host labpc2 192 168 3 58 ip host labpc3 192 168 3 59 Configuration script validated File transfer operation completed successfully 5 Run the script to execute the commands ...

Page 386: ...sh drive before overwriting the backup image on the switch with a new image The administrator also makes a backup copy of the running config by uploading it to a USB flash drive After the backups are performed the administrator downloads a new image from the USB flash drive to the switch to prepare for the upgrade This example assumes the new image is named new_img stk and has already been copied ...

Page 387: ... be blocked for the duration of the transfer Are you sure you want to start y n y 4 Download the new image from the USB flash drive to the switch The image overwrites the image that is not currently active console copy usb new_image stk image Mode unknown Data Type Code Management access will be blocked for the duration of the transfer Are you sure you want to start y n y 5 To activate the new ima...

Page 388: ...388 Managing Images and Files ...

Page 389: ... and installation process when the switch or stack master is initialized and no configuration file startup config is found or when the switch boots and loads a saved configuration that has Auto Configuration enabled Auto Configuration is enabled by default Allow downgrade is also enabled by default The Auto Configuration feature includes two components USB Auto Configuration DHCP Auto Install If n...

Page 390: ...mation The IP address is a required field in the configuration file Refer to the example below for an explanation of the file format 2 Copy the file onto a USB device along with any desired switch firmware and configuration files 3 Insert the USB device into the front panel USB port on the Dell Networking switch When the Auto Configuration process starts and no startup config file is present on th...

Page 391: ...tes a previous binding and requires this IP address to be configured for the management IP address IP Address Lookup If the switch MAC address is not found within the setup text file the first line that contains an IP address and no MAC address and is not marked in use will be used by the switch to assign the management IP address netmask The IP address line should include the configuration filena...

Page 392: ... start of the next USB auto download if all lines in the setup file are marked as already in use or invalid and there is no MAC address match for a switch the process will halt and a message similar to the following is displayed on the console APR 22 08 32 43 Error Auto Configuration has terminated due to there being no more lines available for use within the USB file XXXXX setup Configuration Fil...

Page 393: ...e setup file need to be removed Then if the process is restarted the MAC address IP address combinations will be ensured for any switch that has previously attempted upgrade and all other switch upgrades can take place as if for the first time What Is the DHCP Auto Configuration Process If the USB Auto Configuration fails or is not used the switch can use a DHCP server to obtain configuration info...

Page 394: ...ommand Obtaining Other Dynamic Information The following information is also processed and may be returned by a BOOTP or DHCP server Name of configuration file the file field in the DHCP header or option 67 to be downloaded from the TFTP server Identification of the TFTP server providing the file The TFTP server can be identified by name or by IP address as follows hostname DHCP option 66 or the s...

Page 395: ...ile and downloads the image file from the TFTP server After the switch successfully downloads and installs the new image it automatically reboots The download or installation might fail for one of the following reasons The path or filename of the image on the TFTP server does not match the information specified in DHCP option 125 The downloaded image is the same as the current image The validation...

Page 396: ...s of a set of IP address to hostname mappings using the command ip host hostname address The switch finds its own IP address as learned from the DHCP server in the configuration file and extracts its hostname from the matching command If the default network configuration file does not contain the switch s IP address the switch attempts a reverse DNS lookup to resolve its hostname A sample dell net...

Page 397: ...nfig file No 3 hostname cfg Host specific config file associated with hostname Yes 4 host cfg Default config file Yes Table 15 2 TFTP Request Types TFTP Server Address Available Host specific Switch Config Filename Available TFTP Request Method Yes Yes Issue a unicast request for the host specific router config file to the TFTP server Yes No Issue a unicast request for a default network or router ...

Page 398: ...ion Process You can terminate the Auto Configuration process at any time before the image or configuration file is downloaded This is useful when the switch is disconnected from the network Termination of the Auto Configuration process ends further periodic requests for a host specific file The Auto Configuration process automatically starts after a reboot if the configuration file is not found on...

Page 399: ...red A configuration file either from bootfile or option 67 option for the switch must be available from a TFTP server The switch must be connected to the network and have a Layer 3 interface that is in an UP state A DNS server must contain an IP address to hostname mapping for the TFTP server if the DHCP server response identifies the TFTP server by name A DNS server must contain an IP address to ...

Page 400: ...bout the TFTP server and bootfile the switch makes three unicast TFTP requests for the specified bootfile If the unicast attempts fail or if a TFTP server address was not provided the switch makes three broadcast requests to any available TFTP server for the specified bootfile AutoSave Disabled If the switch is successfully auto configured the running configuration is not saved to the startup conf...

Page 401: ... on a page click at the top of the page Auto Install Configuration Use the Auto Install Configuration page to allow the switch to obtain network information such as the IP address and subnet mask and automatically download a host specific or network configuration file during the boot process if no startup config file is found To display the Auto Configuration page click System General Auto Install...

Page 402: ...oots and finds the boot host dhcp command in the startup config file Command Purpose configure Enter Global Configuration mode boot host dhcp Enable Auto Configuration for the next reboot cycle The command does not change the current behavior of Auto Configuration but it does save the command to NVRAM boot host auto save Allow the switch to automatically save the configuration file downloaded to t...

Page 403: ...e describes how to deploy three switches and automatically install a custom configuration file on the switch and upgrade each switch with the latest software image by using the USB Auto Configuration feature The switches have the following MAC addresses Switch A 001E C9AA AC17 Switch B 001E C9AA AC20 Switch C 001E C9AA AC33 To configure each switch with a static IP address you can include the IP a...

Page 404: ...essary delete the startup config file and reboot the switch The configuration in switchA txt file is downloaded to the switch and the management interface acquires network information After the process completes a message displays to indicate the status The dellswitch setup file is updated to add the term in use to the end of the line The N2000vR 5 4 1 stk image is also downloaded to the switch 10...

Page 405: ...pload the host cfg file to the TFTP server 3 Upload the image file to the TFTP server 4 Configure an address pool on the DHCP server that contains the following information a The IP address yiaddr and subnet mask option 1 to be assigned to the interface b The IP address of a default gateway option 3 c DNS server address option 6 d Name of config file for each host e Identification of the TFTP serv...

Page 406: ...ckup config e g copy startup config backup config 2 Delete the startup config file e g del startup config 3 Put the new image on a cleanly formatted USB stick and insert the USB stick into the stack master 4 Reboot the stack master and skip the Easy Startup configuration wizard by pressing N when prompted 5 After the upgrade completes copy the backup config to the startup config remove the USB sti...

Page 407: ...d Remote Network Monitoring RMON agents What is sFlow Technology sFlow is an industry standard technology for monitoring high speed switched and routed networks Dell Networking N2000 N3000 and N4000 series switches software has a built in sFlow agent that can monitor network traffic on each port and generate sFlow data to an sFlow receiver also known as a collector sFlow helps to provide visibilit...

Page 408: ...memory CPU is required Samples are not aggregated into a flow table on the switch they are forwarded immediately over the network to the sFlow receiver The sFlow system is tolerant to packet loss in the network because statistical modeling means the loss is equivalent to a slight change in the sampling rate sFlow receiver can receive data from multiple switches providing a real time synchronized v...

Page 409: ...ults in the generation of Counter Records sFlow Agents collect Counter Records and Packet Flow Records and send them as sFlow datagrams to sFlow Collectors Packet Flow Sampling Packet Flow Sampling carried out by each sFlow instance ensures that any packet observed at a Data Source has an equal chance of being sampled irrespective of the Packet Flow s to which it belongs Packet Flow Sampling is ac...

Page 410: ... Like sFlow RMON is a technology that enables the collection and analysis of a variety of data about network traffic Dell Networking N2000 N3000 and N4000 series switches software includes an RMON probe also known as an RMON agent that collect information and analyze packets The data that is collected is defined in the RMON MIB RFC 2819 RMON is defined in an Internet Engineering Task Force IETF sp...

Page 411: ...f the traffic that the source port handles and sends it to a destination port The source port is the port that is being monitored The destination port is where you would connect a network protocol analyzer to learn more about the traffic that is handled by the source port Dell Networking switches support RSPAN destinations where traffic can be tunneled across the operational network A port monitor...

Page 412: ...t mirroring is enabled The VLAN configuration is restored when the port is no longer configured for a monitor session The mirrored source and the transit ports retain their VLAN configuration Transit ports must be members of the RSPAN VLAN When port mirroring is enabled all MAC address entries associated with destination ports are purged This prevents transmitting packets out of the port that are ...

Page 413: ...t mirrored Packets locally generated by the switch and transmitted over a source port are not copied in a mirroring session The internal CPU port is allowed as a source port for local monitoring sessions only not allowed for RSPAN If the internal CPU port is mirrored packets received and generated by the CPU for all ports are mirrored Remote Capture The Remote Capture feature enables mirrorring pa...

Page 414: ...nistrative mode is disabled until you explicitly enable it Monitoring Switch Traffic Web This section provides information about the OpenManage Switch Administrator pages to use to monitor network traffic on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page sFlow Agent Summary Use the sFlow Agent Summary page to view informa...

Page 415: ...Monitoring Switch Traffic 415 Figure 16 2 sFlow Agent Summary ...

Page 416: ...ceiver to which the switch sends sFlow datagrams You can configure up to eight sFlow receivers that will receive datagrams To display the Receiver Configuration page click System sFlow Receiver Configuration in the navigation panel Figure 16 3 sFlow Receiver Configuration Click Show All to view information about configured sFlow receivers ...

Page 417: ...ration page to configure the sFlow sampling settings for switch ports To display the Sampler Configuration page click System sFlow Sampler Configuration in the navigation panel Figure 16 4 sFlow Sampler Configuration Click Show All to view information about configured sampler data sources ...

Page 418: ... to configure how often a port should collect counter samples To display the Sampler Configuration page click System sFlow Sampler Configuration in the navigation panel Figure 16 5 sFlow Poll Configuration Click Show All to view information about the ports configured to collect counter samples ...

Page 419: ...istics page to display statistics for both received and transmitted packets The fields for both received and transmitted packets are identical To display the page click Statistics RMON Table Views Interface Statistics in the navigation panel Figure 16 6 Interface Statistics ...

Page 420: ...raffic Etherlike Statistics Use the Etherlike Statistics page to display interface statistics To display the page click Statistics RMON Table Views Etherlike Statistics in the navigation panel Figure 16 7 Etherlike Statistics ...

Page 421: ...h Traffic 421 GVRP Statistics Use the GVRP Statistics page to display switch statistics for GVRP To display the page click Statistics RMON Table Views GVRP Statistics in the navigation panel Figure 16 8 GVRP Statistics ...

Page 422: ...play information about EAP packets received on a specific port For more information about EAP see Configuring Port and System Security on page 503 To display the EAP Statistics page click Statistics RMON Table Views EAP Statistics in the navigation panel Figure 16 9 EAP Statistics ...

Page 423: ...3 Utilization Summary Use the Utilization Summary page to display interface utilization statistics To display the page click Statistics RMON Table Views Utilization Summary in the navigation panel Figure 16 10 Utilization Summary ...

Page 424: ...mary Use the Counter Summary page to display interface utilization statistics in numeric sums as opposed to percentages To display the page click Statistics RMON Table Views Counter Summary in the navigation panel Figure 16 11 Counter Summary ...

Page 425: ...e the Switchport Statistics page to display statistical summary information about switch traffic address tables and VLANs To display the page click Statistics RMON Table Views Switchport Statistics in the navigation panel Figure 16 12 Switchport Statistics ...

Page 426: ...the RMON Statistics page to display details about switch use such as packet processing statistics and errors that have occurred on the switch To display the page click Statistics RMON RMON Statistics in the navigation panel Figure 16 13 RMON Statistics ...

Page 427: ... physical port or a port channel you can define how many buckets exist and the time interval between each bucket snapshot To display the page click Statistics RMON RMON History Control in the navigation panel Figure 16 14 RMON History Control Adding a History Control Entry To add an entry 1 Open the RMON History Control page 2 Click Add The Add History Entry page displays ...

Page 428: ...ory of statistics 4 Specify an owner the number of historical buckets to keep and the sampling interval 5 Click Apply to add the entry to the RMON History Control Table To view configured history entries click the Show All tab The RMON History Control Table displays From this page you can remove configured history entries ...

Page 429: ...age to display interface specific statistical network samplings Each table entry represents all counter values compiled during a single sample To display the RMON History Table page click Statistics RMON RMON History Table in the navigation panel Figure 16 16 RMON History Table ...

Page 430: ...hold is crossed for a particular RMON counter The event information can be stored in a log and or sent as a trap to a trap receiver To display the page click Statistics RMON RMON Event Control in the navigation panel Figure 16 17 RMON Event Control Adding an RMON Event To add an event 1 Open the RMON Event Control page 2 Click Add The Add an Event Entry page displays ...

Page 431: ...ick Apply The event is added to the RMON Event Table and the device is updated Viewing Modifying or Removing an RMON Event To manage an event 1 Open the RMON Event Control page 2 Click Show All to display the Event Control Table page 3 To edit an entry a Select the Edit check box in for the event entry to change b Modify the fields on the page as needed 4 To remove an entry select the Remove check...

Page 432: ...itoring Switch Traffic RMON Event Log Use the RMON Event Log page to display a list of RMON events To display the page click Statistics RMON RMON Events Log in the navigation panel Figure 16 19 RMON Event Log ...

Page 433: ...esholds are crossed for the configured RMON counters The alarm triggers an event to occur The events can be configured as part of the RMON Events group For more information about events see RMON Event Log on page 432 To display the page click Statistics RMON RMON Alarms in the navigation panel Figure 16 20 RMON Alarms ...

Page 434: ...Figure 16 21 Add an Alarm Entry 3 Complete the fields on this page as needed Use the help menu to learn more information about the data required for each field 4 Click Apply The RMON alarm is added and the device is updated To view configured alarm entries click the Show All tab The Alarms Table displays From this page you can remove configured alarms ...

Page 435: ... to chart port related statistics on a graph To display the page click Statistics RMON Charts Port Statistics in the navigation panel Figure 16 22 Ports Statistics To chart port statistics select the type of statistics to chart and if desired the refresh rate then click Draw ...

Page 436: ...ge to chart LAG related statistics on a graph To display the page click Statistics RMON Charts LAG Statistics in the navigation panel Figure 16 23 LAG Statistics To chart LAG statistics select the type of statistics to chart and if desired the refresh rate then click Draw ...

Page 437: ...s is mirrored to a destination port To display the Port Mirroring page click Switching Ports Traffic Mirroring Port Mirroring in the navigation panel Figure 16 24 Port Mirroring Configuring a Port Mirror Session To configure port mirroring 1 Open the Port Mirroring page 2 Click Add The Add Source Port page displays 3 Select the port to be mirrored 4 Select the traffic to be mirrored ...

Page 438: ...ck Apply 6 Repeat the previous steps to add additional source ports 7 Click Port Mirroring to return to the Port Mirroring page 8 Enable the administrative mode and specify the destination port Figure 16 26 Configure Additional Port Mirroring Settings 9 Click Apply ...

Page 439: ...nation ip address port Configure the address of the sFlow receiver and optionally the destination UDP port for sFlow datagrams rcvr_index The index of this sFlow receiver Range 1 8 ip address The sFlow receiver IP address port The destination Layer 4 UDP port for sFlow datagrams Range 1 65535 sflow rcvr_index destination owner owner_string timeout timeout Specify the identity string of the receive...

Page 440: ...f_number The list of interfaces to sample The interface type can be Gigabitethernet gi or Tengigabitethernet te for example te1 0 3 5 enables polling on ports 3 4 and 5 sampling rate The statistical sampling rate for packet sampling from this source A sampling rate of 1 counts all packets A value of n means that out of n incoming packets 1 packet will be sampled Range 1024 65536 size The maximum n...

Page 441: ...ut the configured sFlow poller instances for the specified receiver show sflow index sampling View information about the configured sFlow sampler instances for the specified receiver Command Purpose configure Enter Global Configuration mode rmon event number log trap community description string owner string Configure an RMON event number The event index Range 1 65535 log Specify that an entry is ...

Page 442: ... is used when a rising or falling threshold is crossed Range 1 65535 delta The sampling method for the selected variable and calculating the value to be compared against the thresholds If the method is delta the selected variable value at the last sample is subtracted from the current value and the difference compared with the thresholds absolute The sampling method for the selected variable and c...

Page 443: ...A value associated with the number of buckets specified for the RMON collection history group of statistics If unspecified defaults to 50 Range 1 65535 seconds The number of seconds in each polling cycle If unspecified defaults to 1800 Range 1 3600 CTRL Z Exit to Privileged EXEC mode show rmon alarms collection history events history log statistics View information collected by the RMON probe Comm...

Page 444: ...ess rx or egress tx traffic If no parameter is given both ingress and egress traffic are monitored monitor session session_number destination interface interface Configure a destination probe port for a monitor session session_number The monitoring session ID which is always 1 interface The Ethernet interface to which the monitored source traffic is copied monitor session session_number mode Enabl...

Page 445: ...g VLAN optional exit Exit to Global Configuration mode monitor session session_number source interface interface rx tx both Configure a source monitored port for a monitor session session_number The monitoring session ID which is always 1 sourceinterface The interface to be monitored The internal CPU port may not be configured as an RSPAN source rx tx both Monitor ingress rx or egress tx traffic I...

Page 446: ...n trunking mode switch trunk allowed vlan vlan id Restrict the trunk to the spanning VLAN optional exit Exit to Global Configuration mode Command Purpose configure Enter Global Configuration mode vlan vlan id Create an RSPAN VLAN remote span Configure the VLAN as a spanning VLAN exit Exit to Global Configuration mode monitor session session_id source remote vlan vlan_id Configure a source RSPAN VL...

Page 447: ...hat sFlow monitoring is not enabled until a receiver owner string is configured To configure the switch 1 Configure information about the sFlow receiver console configure console config sflow 1 destination 192 168 30 34 console config sflow 1 destination owner receiver1 timeout 100000 2 Configure the polling and sampling information for Tengigabit Ethernet ports 10 20 console config sflow 1 pollin...

Page 448: ...ng Poller Receiver Poller Data Source Index Interval Te1 0 10 1 60 Te1 0 11 1 60 Te1 0 12 1 60 Te1 0 13 1 60 Te1 0 14 1 60 Te1 0 15 1 60 Te1 0 23 1 60 console show sflow 1 sampling Sampler Receiver Packet Max Header Data Source Index Sampling Rate Size Te1 0 10 1 8192 128 Te1 0 11 1 8192 128 Te1 0 12 1 8192 128 Te1 0 13 1 8192 128 Te1 0 14 1 8192 128 Te1 0 15 1 8192 128 Te1 0 23 1 8192 128 ...

Page 449: ...compare the MIB counter to the configured rising and falling thresholds If the rise is equal to or greater than 20 event 1 goes into effect To configure the switch 1 Create the event The trap is sent to the private SNMP community console configure console config rmon event 1 description emergency event log trap private 2 Create the alarm console config rmon alarm 1 1 3 6 1 2 1 2 2 1 14 1 30 delta ...

Page 450: ...switch CPU The capture feature can also be configured to capture to a local file in pcap format or to capture to an in memory buffer text format 1 Configure capture for Wireshark remote access on port 2002 console config monitor capture remote console config exit 2 Start the capture enabling capture of both transmitted and received packets console monitor capture start all 3 Configure Wireshark fo...

Page 451: ...Monitoring Switch Traffic 451 5 On the Capture Options dialog click Manage Interfaces ...

Page 452: ...raffic 6 Add a new interface by giving the switch IP address and the default remote port 2002 First select the Remote Interfaces tab and click Add 7 Enter the switch IP address and port 2002 Choose Null authentication default ...

Page 453: ...Monitoring Switch Traffic 453 8 Click OK to accept the entry 9 On the Add new interfaces dialog click Apply and then click Close ...

Page 454: ...an in band port captures the capture packets transmitted to the Wireshark client Therefore when using remote capture over an in band port it is best to configure remote capture to capture only received packets to configure remote capture to operate over the out of band port or to configure local capture to capture to the in memory buffer or a local pcap file ...

Page 455: ...AN VLAN double tagged with the outer tag containing the RSPAN VLAN The last line in this configuration enables the monitor session It is recommended that configuration proceed with the destination switch first followed by the intermediate switches and then by the source switch 1 Configure RSPAN on VLAN 723 console configure console config vlan 723 console config vlan723 remote span console config ...

Page 456: ...nd transmitted tagged 1 Configure remote span on a VLAN console configure console config vlan 723 console config vlan723 remote span console config vlan723 exit 2 Configure the transit switch ports in trunk mode console config interface te1 0 1 console config if Te1 0 1 switchport mode trunk console config if Te1 0 1 interface te1 0 2 console config if Te1 0 2 switchport mode trunk RSPAN Destinati...

Page 457: ...23 console config if Te1 0 1 exit 3 Configure a mirroring session with the remote VLAN 723 as the source and inteface gi1 0 1 as the destination port console config monitor session 1 source remote vlan 723 console config monitor session 1 destination interface gi1 0 1 4 Enable the mirroring session console config monitor session 1 mode ...

Page 458: ...458 Monitoring Switch Traffic ...

Page 459: ...ization Web Configuring iSCSI Optimization CLI iSCSI Optimization Configuration Examples iSCSI Optimization Overview iSCSI optimization provides a means of monitoring iSCSI sessions and iSCSI traffic on the switch This is accomplished by monitoring or snooping traffic to detect packets used by iSCSI stations to establish iSCSI sessions and connections Data from these exchanges may optionally be us...

Page 460: ...otocol packets to the CPU for examination Devices that initiate iSCSI sessions generally use well known TCP ports 3260 or 860 to contact targets When iSCSI optimization is enabled by default the switch identifies IP packets to or from these ports as iSCSI session traffic In addition the switch separately tracks connections associated with a login session ISID dynamically allocated source destinati...

Page 461: ...deleted from the switch internal session table When all connections associated with a session age out or disconnect the session is deleted You can configure whether the iSCSI optimization feature uses the VLAN priority or IP DSCP mapping to determine the traffic class queue By default iSCSI flows are assigned to the highest VLAN priority tag or DSCP value mapped to the highest queue not used for s...

Page 462: ... tracking the session and creating the classifier entries that enable QoS treatment Initiator s IP Address Target s IP Address ISID Initiator defined session identifier Initiator s IQN iSCSI Qualified Name Target s IQN Initiator s TCP Port Target s TCP Port If no iSCSI traffic is detected for a session for a configurable aging period the session data is cleared ...

Page 463: ...is advisable to enable spanning tree portfast and disable unicast storm control on ports connected to the initiators as well If the iSCSI CoS policy feature is enabled on the switch and an EQL array is detected the switch applies additional iSCSI CoS policies to the EQL inter array traffic on TCP ports 9876 and 25555 If the iSCSI CoS policy is disabled and EQL arrays are present the additional CoS...

Page 464: ... 3260 AE Priority priority configured for iSCSI PFC by the iscsi cos vpt command default priority is 4 The existing application priority entries being transmitted if any will not be disturbed How Does iSCSI Optimization Interact with Dell Compellent Arrays Dell Networking switches support a macro that may be used to configure a port connected to a Dell Compellent storage array The name of the macr...

Page 465: ...classified based on the user priority present in the VLAN tag and in this case enabling iSCSI CoS classification via the iSCSI command set provides no benefit The only case for enabling iSCSI CoS prioritization is when using N4000 series switches to originate iSCSI configuration information via DCBX In this case enabling iSCSI CoS classification configures the N4000 switch to generate the iSCSI TL...

Page 466: ...AN instead of by DSCP values VLAN priority tag iSCSI flows are assigned by default the highest 802 1p VLAN priority tag mapped to the highest queue not used for stack management or the voice VLAN DSCP When DSCP is selected as the classification iSCSI flows are assigned by default the highest DSCP tag mapped to the highest queue not used for stack management or the voice VLAN Remark Not enabled iSC...

Page 467: ...es switches For details about the fields on a page click at the top of the page iSCSI Global Configuration Use the Global Configuration page to allow the switch to snoop for iSCSI sessions connections and to configure QoS treatment for packets where the iSCSI protocol is detected To access the iSCSI Global Configuration page click System iSCSI Global Configuration in the navigation panel Figure 17...

Page 468: ...figure iSCSI targets on the switch To access the Targets Table page click System iSCSI Targets in the navigation panel Figure 17 2 iSCSI Targets Table To add an iSCSI Target click Add at the top of the page and configure the relevant information about the iSCSI target Figure 17 3 Add iSCSI Targets ...

Page 469: ...an iSCSI initiator and iSCSI target communicate over one or more TCP connections The maximum number of iSCSI sessions is 192 Redundant MPIO paths may not be accounted for in the iSCSI sessions table if a separate iSCSI login is not issued during establishment of the session To access the Sessions Table page click System iSCSI Sessions Table in the navigation panel Figure 17 4 iSCSI Sessions Table ...

Page 470: ...tailed Use the Sessions Detailed page to view detailed information about an iSCSI sessions that the switch has discovered To access the Sessions Detailed page click System iSCSI Sessions Detailed in the navigation panel Figure 17 5 iSCSI Sessions Detail ...

Page 471: ...t port and optionally address and name tcp port n TCP port number or list of TCP port numbers on which the iSCSI target listens to requests Up to 16 TCP ports can be defined in the system in one command or by using multiple commands ip address IP address of the iSCSI target When the no form of this command is used and the tcp port to be deleted is one bound to a specific IP address the address fie...

Page 472: ...cp The VLAN Priority Tag or DSCP value to assign received iSCSI session packets remark Mark the iSCSI frames with the configured DSCP value when egressing the switch iscsi aging time time Optionally set aging time range 1 43 200 seconds for iSCSI connections When all connections associated with a session are aged out the session is deleted exit Exit to Privilege Exec mode show iscsi Display iSCSI ...

Page 473: ...nfiguration steps required Configuring iSCSI Optimization Between Servers and a Disk Array Figure 17 6 illustrates a stack of three Dell Networking series switches connecting two servers iSCSI initiators to a disk array iSCSI targets An iSCSI application running on the management unit the top unit in the diagram has installed priority filters to ensure that iSCSI traffic that is part of these two ...

Page 474: ... to the array console config console config macro global apply profile compellent nas interface_name te1 0 21 console config macro global apply profile compellent nas interface_name te1 0 22 console config macro global apply profile compellent nas interface_name te1 0 23 To configure a N4000 switch in a lossless DCBX environment where another switch connected to storage arrays supplies the DCBX co...

Page 475: ... 1 mode active console config if exit 7 Configure the port channel to be in trunk mode console config interface po1 console config if switchport mode trunk console config if exit To configure a N4000 switch in a lossless DCBX environment where the switch is directly connected to storage arrays and the CNAs no other switch is present perform the following steps starting from a default configuration...

Page 476: ...pped when congestion occurs console config if dcb priority flow control mode on console config if dcb priority flow control priority 4 no drop console config if dcb exit 9 Configure ETS by mapping the lossless traffic onto TC 1 and sharing bandwidth equally between the lossless and lossy traffic classes console config if classofservice traffic class group 0 0 console config if classofservice traff...

Page 477: ...Examples Port Overview A port is a physical interface Cables physically connect ports on devices such as PCs or servers to ports on the switch to provide access to the network The number and type of physical ports available on your Dell Networking N2000 N3000 and N4000 series switches depends on the model What Physical Port Characteristics Can Be Configured Table 18 1Table 18 2 provides a summary ...

Page 478: ... EEE which enables the low power idle mode Flow control This is a global setting that affects all ports For more information about this feature see Configuring Port Based Traffic Control on page 787 Storm control For more information about this feature see Configuring Port Based Traffic Control on page 787 Port security For more information about this feature see Configuring Port and System Securi...

Page 479: ... partner Speed Specifies the transmission rate for frames Duplex mode Specifies whether the interface supports transmission between the switch and the connected client in one direction at a time half or both directions simultaneously both Maximum frame size Indicates the maximum frame size that can be handled by the port Flow control This is a global setting that affects all ports For more informa...

Page 480: ...with the up link action essentially creates a backup link for the dependent link and alleviates the need to implement STP to handle the fail over Link Dependency Scenarios The Link Dependency feature supports the scenarios in the following list Port dependent on port If a port loses the link the switch brings up down the link on another port Port dependent on LAG If all ports in a channel group lo...

Page 481: ...Aggregation on page 913 Tunnels For more information see Configuring Routing Interfaces on page 1021 Loopback interfaces For more information see Configuring Routing Interfaces on page 1021 The Dell Networking switches includes the following Power over Ethernet PoE Plus models the N2024P N2048P N3024P N3048P For information about configuring PoE plus features for the ports see Managing General Sys...

Page 482: ...er is written above or below each port Odd numbered ports are on the top row and even numbered ports are on the bottom row The port numbers increase from left to right For ports on the optional modules the left port is 1 and the right port is 2 For example to enter Interface Configuration mode for Gigabit Ethernet port 10 on a switch that is not part of a stack use the following command console co...

Page 483: ...supports two per port power saving modes Energy detect Mode EEE All integrated 1G and module based 10G copper ports on Dell Networking series switches are capable of utilizing the Energy Detect and EEE modes for reduced power consumption When the Energy Detect mode is enabled and the port link is down the PHY automatically goes down for short period of time and then wakes up to check link pulses T...

Page 484: ...484 Configuring Port Characteristics NOTE Cable diagnostics may give misleading results if green mode is enabled on the port Disable green mode prior to running any cable diagnostics ...

Page 485: ...defined Auto negotiation Enabled Speed Auto negotiate Duplex mode Auto negotiate Flow control Enabled Maximum frame size 1518 Energy Detect mode Disabled EEE mode Disabled Link Dependency None configured Table 18 4 Default Port Values Feature Description Administrative status All ports are enabled Description None defined Auto negotiation Enabled Speed Auto negotiate Duplex mode Auto negotiate Flo...

Page 486: ...and monitoring port characteristics on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page Port Configuration Use the Port Configuration page to define port parameters To display the Port Configuration page click Switching Ports Port Configuration in the navigation panel Figure 18 1 Port Configuration ...

Page 487: ...for the port to configure 4 Select the desired settings 5 Click Apply Figure 18 2 Configure Port Settings 6 Select the Copy Parameters From check box and select the port with the settings to apply to other ports 7 In the Ports list select the check box es in the Copy To column that will have the same settings as the port selected in the Copy Parameters From field In the following example Ports 3 4...

Page 488: ...488 Configuring Port Characteristics Figure 18 3 Copy Port Settings 8 Click Apply ...

Page 489: ...re 18 4 Link Dependency Configuration Creating a Link Dependency Group To create link dependencies 1 Open the Link Dependency Configuration page 2 In the Group ID field select the ID of the group to configure 3 Specify the link action 4 To add a port to the Member Ports column click the port in the Available Ports column and then click the button to the left of the Available Ports column Ctrl clic...

Page 490: ...tics In the following example Group 1 is configured so that Port 3 is dependent on Port 4 Figure 18 5 Link Dependency Group Configuration 6 Click Apply The Link Dependency settings for the group are modified and the device is updated ...

Page 491: ...lays the groups whether they have been configured or not To display the Link Dependency Summary page click Switching Link Dependency Link Dependency Summary in the navigation panel Figure 18 6 Link Dependency Summary To configure a group click the Modify link associated with the ID of the group to configure Clicking the Modify link takes you to the Link Dependency Configuration page The Group ID i...

Page 492: ...on Use the Green Ethernet Configuration page to enable or disable energy saving modes on each port To display the Green Ethernet Configuration page click System Green Ethernet Green Ethernet Configuration in the navigation panel Figure 18 7 Green Ethernet Configuration ...

Page 493: ...tatistics Use the Green Ethernet Statistics page to view information about per port energy savings To display the Green Ethernet Statistics page click System Green Ethernet Green Ethernet Statistics in the navigation panel Figure 18 8 Green Ethernet Statistics ...

Page 494: ...iew a summary of energy savings for the switch and all ports click Summary Figure 18 9 Green Ethernet Statistics Summary To view a chart that shows the estimated per port energy savings click Chart Figure 18 10 Green Ethernet Statistics Chart ...

Page 495: ...een Ethernet LPI History page to view data about the amount of time the switch has spent in low power idle LPI mode To display the Green Ethernet LPI History page click System Green Ethernet Green Ethernet LPI History in the navigation panel Figure 18 11 Green Ethernet LPI History ...

Page 496: ...g commands to configure various port settings Command Purpose configure Enter Global Configuration mode interface interface Enter interface configuration mode for the specified interface The interface variable includes the interface type and number for example tengigabitethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range tengigabit...

Page 497: ... On combo ports it is possible to configure auto negotiation even if only the fiber interface is active The auto negotiation settings will be utilized when the copper port is active Auto negotiation settings are ignored for the fiber ports as fiber ports alway operate in full duplex fixed speed mode system jumbo mtu size Enable jumbo frames on the switch by adjusting the maximum size of a packet C...

Page 498: ...For example interface tengigabitethernet 1 0 8 10 1 0 20 configures interfaces 8 9 10 and 20 depends on interface Specify the port s upon which the member ports are dependent For information about the interface variable see the previous command description action down up Specifies the action the member ports take when the dependent link goes down down When the dependent link is down the group memb...

Page 499: ...es 8 9 10 11 and 12 green mode energy detect Enable energy detect mode on the interface green mode eee Enable EEE low power idle mode on the interface exit Exit to global configuration mode green mode eee lpi history sampling interval seconds max samples max Configure the global EEE LPI history collection interval and buffer size exit Exit to Privileged EXEC mode show green mode interface View gre...

Page 500: ...the port console config if Gi1 0 1 speed 100 console config if Gi1 0 1 exit 3 Enable jumbo frame support on the interfaces console config system jumbo mtu 9216 console config CTRL Z 4 View summary information about the ports console show interfaces configuration Port Type Duplex Speed Neg Admin St Gi1 0 1 Gigabit Level Full 100 Off Up Gi1 0 2 Gigabit Level N A Unknown Auto Up Gi1 0 3 Gigabit Level...

Page 501: ...h 1 Enter the configuration mode for Group 1 console configure console config link dependency group 1 2 Configure the member and dependency information for the group console config linkDep group 1 add tengigabitethernet 1 0 3 console config linkDep group 1 depends on tengigabitethernet 1 0 4 console config linkDep group 1 exit 3 Enter the configuration mode for Group 2 console config link dependen...

Page 502: ...502 Configuring Port Characteristics ...

Page 503: ...curity includes IEEE 802 1X authentication and port MAC locking IEEE 802 1X provides an authentication mechanism to devices connected to the switch Network access is permitted only to authorized devices clients Port MAC locking is used to enable security on a per port basis When a port is locked only packets with allowable source MAC addresses can be forwarded All other packets are discarded Port ...

Page 504: ...vice that prevents network access prior to authentication Authentication Server The network server such as a RADIUS server that performs the authentication on behalf of the authenticator and indicates whether the user is authorized to access system services Figure 19 1 shows the 802 1X network components Figure 19 1 IEEE 802 1X Network As shown in Figure 19 1 the Dell Networking N2000 N3000 and N4...

Page 505: ...vent network traffic on the port A port can configured to be in one of the following 802 1X control modes Auto default MAC based Force authorized Force unauthorized These modes control the behavior of the port The port state is either Authorized or Unauthorized If the port is in the authorized state the port sends and receives normal traffic without client port based authentication When a port is ...

Page 506: ...wable MAC address and corresponding access rights of the client must be pre populated in the authentication server When a port configured for MAB receives traffic from an unauthenticated client the switch Authenticator Sends a EAP Request packet to the unauthenticated client Waits a pre determined period of time for a response Retries resends the EAP Request packet up to three times Considers the ...

Page 507: ...he authentication or is a guest The RADIUS server informs the switch of the selected VLAN as part of the authentication Authenticated and Unauthenticated VLANs Hosts that authenticate normally use a VLAN that includes access to network resources Hosts that fail the authentication might be denied access to the network or placed on a quarantine VLAN with limited network access Much of the configurat...

Page 508: ...uest VLAN to visitors and contractors to permit network access that allows visitors to connect to external network resources such as the Internet with no ability to browse information on the internal LAN In port based 802 1X mode when a client that does not support 802 1X is connected to an unauthorized port that is 802 1X enabled the client does not respond to the 802 1X requests from the switch ...

Page 509: ... 802 1X configuration on the switch without affecting the network access to the users of the switch It allows network access even in case where there is a failure to authenticate but logs the results of the authentication process for diagnostic purposes The monitor mode can be configured globally on a switch If the switch fails to authenticate a user for any reason for example RADIUS access reject...

Page 510: ...ermit VLAN Default PVID of the port Unauth VLAN enabled Port State Deny Port State Permit VLAN Unauth EAPOL Timeout Default behavior Port State Deny Port State Permit 3 EAPOL Timeout Guest VLAN timer expiry or MAB timer expiry Guest VLAN enabled Port State Permit VLAN Guest Port State Permit VLAN Guest MAB Success Case Port State Permit VLAN Assigned Filter Assigned Port State Permit VLAN Assigned...

Page 511: ...rnal Authentication Server IAS is a dedicated database for localized authentication of users for network access through 802 1X In this database the switch maintains a list of username and password combinations to use for 802 1X authentication You can manually create entries in the database or you can upload the IAS information to the switch If the authentication method for 802 1X is IAS the switch...

Page 512: ...X status Disabled Port state automode Periodic reauthentication Disabled Seconds between reauthentication attempts 3600 Authentication server timeout 30 seconds Resending EAP identity Request 30 seconds Quiet period 60 seconds Supplicant timeout 30 seconds Max EAP request 2 times Maximum number of supplicants per port for MAC based authentication mode 16 Guest VLAN Disabled Unauthenticated VLAN Di...

Page 513: ...n page to configure the 802 1X administrative mode on the switch and to configure general 802 1X parameters for a port To display the Dot1x Authentication page click Switching Network Security Dot1x Authentication Authentication in the navigation panel Figure 19 2 Dot1x Authentication To configure 802 1X authentication on multiple ports 1 Open the Dot1x Authentication page ...

Page 514: ...1x Authentication page 2 Click Show All The Dot1x Authentication Table displays 3 Check Edit to select the Unit Port to re authenticate 4 Check Reauthenticate Now 5 Click Apply The authentication process is restarted on the specified port To reauthenticate multiple ports 1 Open the Dot1x Authentication page 2 Click Show All The Dot1x Authentication Table displays 3 Check Edit to select the Units P...

Page 515: ...t side of the table and select the Edit check box for each port to configure Change Admin Port Control to Authorized Unauthorized or Automode as needed for chosen ports Only MAC Based and Automode actually use 802 1X to authenticate Authorized and Unauthorized are manual overrides 4 Click Apply Admin Port Control is updated for the specified ports and the device is updated Authenticated Users The ...

Page 516: ...nable Monitor Mode to help troubleshoot 802 1X configuration issues To display the Port Access Control Configuration page click Switching Network Security Dot1x Authentication Monitor Mode Port Access Control Configuration in the navigation panel Figure 19 5 Port Access Control Configuration NOTE The VLAN Assignment Mode field is the same as the Admin Mode field on the System Management Security A...

Page 517: ... Configuration page click Switching Network Security Dot1x Authentication Monitor Mode Port Access Control History Log Summary in the navigation panel Figure 19 6 Port Access Control History Log Summary Internal Authentication Server Users Configuration Use the Internal Authentication Server Users Configuration page to add users to the local IAS database and to view the database entries To display...

Page 518: ...uthentication Server Users Add page 3 Specify a username and password in the appropriate fields Figure 19 8 Adding an IAS User 4 Click Apply To view the Internal Authentication Server Users Table page click Show All To delete an IAS user 1 Open the Internal Authentication Server Users Configuration page NOTE If no users exist in the IAS database the IAS Users Configuration Page does not display th...

Page 519: ...Configuring Port and System Security 519 2 From the User menu select the user to remove select the user to remove 3 Select the Remove check box Figure 19 9 Removing an IAS User 4 Click Apply ...

Page 520: ...e Enter Global Configuration mode aaa accounting dot1x default Sets 802 1X accounting to the default operational mode aaa authentication dot1x default method1 Specify the authentication method to use to authenticate 802 1X clients that connect to the switch method1 The method keyword can be radius none or ias dot1x system auth control Globally enable 802 1X authentication on the switch interface i...

Page 521: ...on of the client force unauthorized Denies all access through this interface by forcing the port to transition to the unauthorized state ignoring all attempts by the client to authenticate The switch cannot provide authentication services to the client through the interface mac based Enables 802 1X authentication on the interface and allows multiple hosts to authenticate on a single port The hosts...

Page 522: ... specified interface The interface variable includes the interface type and number for example tengigabitethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range tengigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 dot1x reauthentication Enable periodic re authentication of the client dot1x timeout re authperiod seconds Se...

Page 523: ...s supported on the port when MAC based 802 1X authentication is enabled on the port CTRL Z Exit to Privileged EXEC mode dot1x re authenticate interface Manually initiate the re authentication of all 802 1X enabled ports or on the specified 802 1X enabled port The interface variable includes the interface type and number dot1x initialize interface Start the initialization sequence on all ports or o...

Page 524: ... for example interface range tengigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 dot1x guest vlan vlan id Specify the guest VLAN dot1x unauth vlan vlan id Specify the unauthenticated VLAN The VLAN must already have been created CTRL Z Exit to Privileged EXEC mode show dot1x advanced interface View the current 802 1X configuration NOTE When dynamically creating VLANs the uplink port ...

Page 525: ... to access the network through the switch ports The administrator must configure the following settings on systems other than the switch before configuring the switch 1 Add the users to the client database on the Authentication Server such as a RADIUS server with Cisco Secure Access Control Server ACS software 2 Configure the settings on the client such a PC running Microsoft Windows to require 80...

Page 526: ...ication which allows multiple hosts to authenticate on a single port The hosts are distinguished by their MAC addresses and hosts authenticate separately with the RADIUS server Port 9 is connected to a server in a part of the network that has secure physical access i e the doors to the wiring closet and data center are locked so this port is set to the Authorized state meaning that the device conn...

Page 527: ... key secret console config exit 2 Enable 802 1X port based access control on the switch console config dot1x system auth control 3 Configure ports 9 and 24 to be in the Authorized state which allows the devices to connect to these ports to access the switch services without authentication console config interface range Gi1 0 9 Gi1 0 24 Authentication Server RADIUS LAN Dell Networking Switch Server...

Page 528: ...onsole config if Gi1 0 8 dot1x port control mac based console config if Gi1 0 8 dot1x max users 2 7 Set Port 8 to switchport mode general The port must be in general mode in order to enable MAC based 802 1X authentication console config if Gi1 0 8 switchport mode general console config if Gi1 0 8 exit console config exit 8 View the client connection status When the clients on Ports 1 3 and 7 suppl...

Page 529: ...w a summary of the port status console show dot1x Administrative Mode Enabled Port Admin Oper Reauth Reauth Mode Mode Control Period Gi1 0 1 auto Authorized FALSE 3600 Gi1 0 2 auto N A FALSE 3600 Gi1 0 3 auto Authorized FALSE 3600 Gi1 0 4 auto N A FALSE 3600 Gi1 0 5 auto N A FALSE 3600 Gi1 0 6 auto N A FALSE 3600 Gi1 0 7 mac based Authorized FALSE 3600 Gi1 0 8 mac based N A FALSE 3600 Gi1 0 9 forc...

Page 530: ...ing Authentication Based VLAN Assignment The network in this example uses three VLANs to control access to network resources When a client connects to the network it is assigned to a particular VLAN based on one of the following events It attempts to contact the 802 1X server and is authenticated It attempts to contact the 802 1X server and fails to authenticate It does not attempt to contact the ...

Page 531: ... the downlink or access ports ports connected to one or more hosts Ports 1 23 are downstream ports Port 24 is an uplink port An external RADIUS server handles the VLAN assignment NOTE Dynamic VLAN creation applies only to authorized ports The VLANs for unauthorized and guest users must be configured on the switch and cannot be dynamically created based on RADIUS based VLAN assignment NOTE The conf...

Page 532: ...onsole config radius server key qwerty123 console config radius server host 10 10 10 10 console Config auth radius exit 3 Enable 802 1X on the switch console config dot1x system auth control 4 Create a default authentication login list and use the RADIUS server for port based authentication for connected clients console config aaa authentication dot1x default radius 5 Allow the switch to accept VL...

Page 533: ...00 10 Set the guest VLAN on the ports to VLAN 300 This command automatically enables the Guest VLAN Mode on the downlink ports Any client that connects to the port and does not attempt to authenticate is placed on the guest VLAN console config if dot1x guest vlan 300 console config if exit 11 Enter Interface Configuration mode for port 24 the uplink trunk port console config interface Gi1 0 24 12 ...

Page 534: ... be forwarded on the trunk port even if the RADIUS server assigns a connected host to a VLAN in this range and the switch dynamically creates the VLAN To configure the switch 1 Configure information about the external RADIUS server the switch uses to authenticate clients The RADIUS server IP address is 10 10 10 10 and the shared secret is qwerty123 console config radius server key qwerty123 consol...

Page 535: ...tication exchange required This port does not connect to any end users so there is no need for 802 1X based authentication console config if Gi1 0 24 dot1x port control force authorized 10 Set the uplink port to trunk mode so that it accepts tagged traffic and transmits it to the connected device another switch or router console config if Gi1 0 24 switchport mode trunk 11 Forbid the trunk from for...

Page 536: ...erv service policy command to apply the filter to an interface if you configure the RADIUS server or 802 1X authenticator to assign the DiffServ filter In the following example Company XYZ uses IEEE 802 1X to authenticate all users Contractors and temporary employees at Company XYZ are not permitted to have access to SSH ports and data rates for Web traffic is limited When a contractor is authenti...

Page 537: ...onsole config policy classmap exit console config policy map class cl http console config policy classmap police simple 1000000 64 conform action transmit violate action drop console config policy classmap exit console config policy map exit 4 Enable DiffServ on the switch console config diffserv 5 Configure information about the external RADIUS server the switch uses to authenticate clients The R...

Page 538: ...ports 1 23 and enable MAC based authentication console config interface range Gi1 0 1 23 console config if dot1x port control mac based 9 Set the ports to an 802 1Q VLAN The ports must be in general mode in order to enable MAC based 802 1X authentication console config if switchport mode general console config if exit console config exit ...

Page 539: ...to forward frames into the network When link goes down on a port all of the dynamically locked addresses are cleared from the source MAC address table the feature maintains When the link is restored that port can once again learn addresses up to the specified limit The port can learn MAC addresses dynamically and you can manually specify a list of static MAC addresses for a port Default 802 1X Val...

Page 540: ...rity page click Switching Network Security Port Security in the navigation panel Figure 19 11 Network Security Port Security Configuring Port Security Settings on Multiple Ports To configure port security on multiple ports 1 Open the Port Security page 2 Click Show All to display the Port Security Table page 3 In the Ports list select the check box in the Edit column for the port to configure 4 Se...

Page 541: ...Configuring Port and System Security 541 Figure 19 12 Configure Port Security Settings 5 Click Apply ...

Page 542: ...s 8 9 10 11 and 12 port security discard trap seconds Enable port security on the port This prevents the switch from learning new addresses on this port after the maximum number of addresses has been learned discard Discards frames with unlearned source addresses This is the default if no option is indicated trap seconds Sends SNMP traps and defines the minimal amount of time in seconds between tw...

Page 543: ...om so that guests can connect to the Internet during their stay The hotel might charge for Internet use or the hotel might allow guests to connect only after they indicate that they have read and agree to the acceptable use policy What Does Captive Portal Do The Captive Portal feature allows you to require a user to enter login information on a custom Web page before gaining access to the network ...

Page 544: ...h or on a RADIUS server Is the Captive Portal Feature Dependent on Any Other Feature If you require RADIUS authentication you must configure the RADIUS server information on the switch see Using RADIUS Servers to Control Management Access on page 232 You must also configure the RADIUS attributes for Captive Portal users on the RADIUS server For information about the RADIUS attributes to configure ...

Page 545: ...word and another that only requires the username For each Captive Portal you can customize the welcome screen including the colors and logo If you require authentication consider the number of users that must exist in the user database The local user database supports up to 128 users If you need to support more than 128 authenticated users you must use a remote RADIUS server for authentication You...

Page 546: ...PS traffic from the unverified clients to the authenticating server on the switch A Captive Portal web page is sent back to the unverified client If the verification mode for the Captive Portal associated with the port is Guest the client can be verified without providing authentication information If the verification mode is Local or RADIUS the client must provide credentials that are compared ag...

Page 547: ...cifically request logout the connection status will remain authenticated until the Captive Portal deauthenticates the user based on the configured session timeout value In order for the user logout feature to function properly the client browser must have JavaScript enabled an must allow popup windows Localizing Captive Portal Pages The Captive Portal localization feature allows you to create up t...

Page 548: ... a name in the Username field selects the Acceptance Use Policy check box and clicks Connect to gain network access By default the user does not need to be defined in a database or enter a password to access the network because the default verification mode is Guest Note that duplicate Username entries can exist in this mode because the client IP and MAC addresses are obtained for identification T...

Page 549: ...nds Local Users None configured Interface associations None Interface status Not blocked If the Captive Portal is blocked users cannot gain access to the network through the Captive Portal Use this function to temporarily protect the network during unexpected events such as denial of service attacks Supported Captive Portal users 1024 Supported local users 128 Supported Captive Portals 10 Table 19...

Page 550: ... global settings that affect all captive portals configured on the switch To display the Captive Portal Global Configuration page click System Captive Portal Global Configuration Figure 19 16 Captive Portal Global Configuration Captive Portal Configuration Use the Captive Portal Configuration page to view summary information about captive portals on the system add a captive portal and configure ex...

Page 551: ... Captive Portal Configuration page click System Captive Portal Configuration Figure 19 17 Captive Portal Configuration From the Captive Portal Configuration page click Add to create a new Captive Portal instance Figure 19 18 Add Captive Portal Configuration ...

Page 552: ...e portal To configure the switch 1 From the Captive Portal Configuration page click the English tab The settings for the Authentication Page display and the links to the Captive Portal customization appear 2 Click Download Image to download one or more custom images to the switch You can use a downloaded custom image for the branding logo default Dell logo on the Authentication Page and Logout Suc...

Page 553: ...lable Images menu and click Browse 4 Browse to the directory where the image to be downloaded is located and select the image 5 Click Apply to download the selected file to the switch 6 To customize the Authentication Page which is the page that a user sees upon attempting to connect to the network click the Authentication Page link ...

Page 554: ...randing image to use and customize other page components such as the font for all text the page displays the page title and the acceptance use policy 8 Click Apply to save the settings to the running configuration or click Preview to view what the user will see To return to the default views click Clear ...

Page 555: ...or click Preview to view what the user will see To return to the default views click Clear 12 Click the Logout Success Page link to configure the page that contains the logout window A user is required to logout only if the User Logout Mode is selected on the Configuration page Figure 19 23 Captive Portal Logout Success Page NOTE You can configure the Logout Page settings only if the User Logout M...

Page 556: ...user s credentials By default each Captive Portal instance contains the default group The default group can be renamed or a different group can be created and assigned to each Captive Portal instance A Captive Portal instance can be associated to one user group only A user however can be assigned to multiple groups The Local User page allows you to add authorized users to the local database which ...

Page 557: ...Configuring Port and System Security 557 Figure 19 24 Local User Configuration From the Local User page click Add to add a new user to the local database Figure 19 25 Add Local User ...

Page 558: ...ation You must add all users to the RADIUS server The local database does not share any information with the remote RADIUS database Table 19 5 indicates the RADIUS attributes you use to configure authorized captive portal clients The table indicates both RADIUS attributes and vendor specific attributes VSA VSAs are denoted in the Attribute column and are comma delimited vendor ID attribute ID Tabl...

Page 559: ...ons on the switch To display the User Group page click System Captive Portal User Group Session Timeout 27 Logout once session timeout is reached seconds If the attribute is 0 or not present then use the value configured for the captive portal Integer seconds Optional 0 Dell Captive Portal Groups 6231 127 A comma delimited list of group names that correspond to the configured CP instance configura...

Page 560: ...Group From the User Group page click Add to configure a new user group Figure 19 28 Add User Group From the User Group page click Show All to view summary information about the user groups configured on the switch Figure 19 29 Captive Portal User Group Summary ...

Page 561: ...ly runs on the interfaces that you specify A captive portal can have multiple interfaces associated with it but an interface can be associated to only one Captive Portal at a time To display the Interface Association page click System Captive Portal Interface Association Figure 19 30 Captive Portal Interface Association NOTE When you associate an interface with a Captive Portal the interface is di...

Page 562: ...al Status Figure 19 31 Captive Portal Global Status Captive Portal Activation and Activity Status The Captive Portal Activation and Activity Status page provides information about each Captive Portal configured on the switch The Captive Portal Activation and Activity Status page has a drop down menu that contains all captive portals configured on the switch When you select a captive portal the act...

Page 563: ...tive portal instance To display the Interface Activation Status page click System Captive Portal Interface Status Interface Activation Status NOTE Use the Block and Unblock buttons to control the blocked status If the Captive Portal is blocked users cannot gain access to the network through the Captive Portal Use this function to temporarily protect the network during unexpected events such as den...

Page 564: ...em The page also contains status information for various capabilities Specifically this page indicates what services are provided through the Captive Portal to clients connected on this interface The list of services is determined by the interface capabilities To display the Interface Capability Status page click System Captive Portal Interface Status Interface Capability Status Figure 19 34 Inter...

Page 565: ...he Client Summary page click System Captive Portal Client Connection Status Client Summary Figure 19 35 Client Summary To force the captive portal to disconnect an authenticated client select the Remove check box next to the client MAC address and click Apply To disconnect all clients from all captive portals click Delete All Client Detail The Client Detail page shows detailed information about ea...

Page 566: ...rface To display the Interface Client Status page click System Captive Portal Client Connection Status Interface Client Status Figure 19 37 Interface Client Status Captive Portal Client Status Use the Client Status page to view clients that are authenticated to a specific Captive Portal configuration To display the Client Status page click System Captive Portal Client Connection Status Client Stat...

Page 567: ...Configuring Port and System Security 567 Figure 19 38 Captive Portal Client Status ...

Page 568: ...e Portal to monitor Use this command on networks that use an HTTP proxy server port num The port number to monitor Range 1 65535 excluding ports 80 443 and the configured switch management port https port port num Optional Configure an additional HTTPS port for Captive Portal to monitor Use this command on networks that use an HTTPS proxy server port num The port number to monitor Range 1 65535 ex...

Page 569: ...he Captive Portal configuration identified by CP ID 1 is the default CP configuration name string Add a name to the Captive Portal instance string CP configuration name Range 1 32 characters protocol http https Specify whether to use HTTP or HTTPs during the Captive Portal user verification process verification guest local radius Specify how to process user credentials the user enters on the verif...

Page 570: ...thentication through the Captive Portal url The URL for redirection Range 1 512 characters group group number For Local and RADIUS verification Configure the group number associated with this Captive Portal configuration By default only the default group exists To assign a different user group to the Captive Portal instance you must first configure the group group number The number of the group to...

Page 571: ... View summary information about a Captive Portal instance cp id The Captive Portal instance Range 1 10 status View additional information about the Captive Portal instance interface View information about the interface s associated with the specified Captive Portal show captive portal interface configuration cp id status View information about the interfaces associated with the specified Captive P...

Page 572: ...ve Portal user A user can be associated with more than one group user id User ID Range 1 128 group id Group ID Range 1 10 user user id session timeout timeout Enter the number of seconds to wait before terminating a session for the specified user The user is logged out once the session timeout is reached user id User ID Range 1 128 timeout Session timeout 0 indicates timeout not enforced Range 0 8...

Page 573: ...uthenticated to all Captive Portal configurations or a to specific configuration cp id The Captive Portal instance Range 1 10 show captive portal interface interface client status Display information about clients authenticated on all interfaces or no a specific interface interface Specific Ethernet interface such as gi1 0 8 show captive portal client macaddr status Display client connection detai...

Page 574: ...ure To configure the switch 1 If you plan to use a RADIUS server for authentication configure the RADIUS server settings on the switch 2 If authentication is required configure the user groups to associate with each Captive Portal 3 Create add the Captive Portals Table 19 6 Captive Portal Instances Captive Portal Name Description Guest Free Internet access is provided in each guest room but guests...

Page 575: ...Preview button is available to allow you to see the pages that a Captive Portal user will see 8 If you use the local database for user authentication configure the users on the switch 9 If you use a RADIUS server for authentication add the users to the database on the RADIUS server 10 Associate interfaces with the Captive Portal instances 11 Globally enable Captive Portal Detailed Configuration Pr...

Page 576: ...nfig CP 2 interface te1 0 2 console config CP 2 interface te1 0 4 console config CP 2 exit 4 Configure the Conference Captive Portal console config CP configuration 3 console config CP 3 name Conference console config CP 3 verification local console config CP 3 group 2 console config CP 4 interface te1 0 825 console config CP 4 interface te1 0 1533 console config CP 3 exit 5 Configure the Employee...

Page 577: ...rs Re enter password console config CP user 1 group 2 Continue entering username and password combinations to populate the local database 8 Add the User Name User Password Session Timeout and Dell Captive Portal Groups attributes for each employee to the database on the RADIUS server 9 Globally enable the Captive Portal console config CP enable NOTE Captive Portal page customization is supported o...

Page 578: ...egins again from the first method If all the methods fail then the Authentication Manager starts a timer for reauthentication Failure in this context means that host authentication was attempted and the host was unable to successfully authenticate At the expiry of the timer the Authentication Manager starts the authentication process again from the first method in the list The Authentication Manag...

Page 579: ...g the required configuration for the respective methods to authenticate successfully Authentication Restart Authentication restarts from the first configured method on any of the following events Link flap Authentication fails for all configured methods Authentication priority 802 1X packet received when a lower priority method is active 802 1X Interaction By default 802 1X drops all traffic prior...

Page 580: ...ion is in progress and the administrator changes the order of the authentication methods then the configuration will take effect for the next session onwards Configuration Example 802 1X and MAB In this scenario the authentication manager selects the first authentication method 802 1X If authentication using 802 1X is successful then the client is allowed network access If authentication using 802...

Page 581: ... Port and System Security 581 console config if Te1 0 4 dot1x reauthentication console config if Te1 0 4 dot1x port control mac based console config if Te1 0 4 dot1x mac auth bypass console config if Te1 0 4 exit ...

Page 582: ...ies which would interrupt the service of a host or make a network unstable Use the Denial of Service page to configure settings to help prevent DoS attacks DoS protection is disabled by default To display the Denial of Service page click System Management Security Denial of Service in the navigation panel Figure 19 39 Denial of Service ...

Page 583: ...rts A reduced functionality set of ACLs is implemented in firmware for the OOB port ACLs can also provide traffic rate limiting and decide which types of traffic are forwarded or blocked ACLs can reside in a firewall router a router connecting two internal networks or a Layer 3 switch such as a Dell Networking N2000 N3000 and N4000 series switches You can also create an ACL that limits access to t...

Page 584: ...entry or all traffic is denied dropped Egress ACLs filter switched traffic only Packets generated by the switch are sent regardless of any egress ACL deny rules You can set up ACLs to control traffic at Layer 2 Layer 3 or Layer 4 MAC ACLs operate on Layer 2 IP ACLs operate on Layers 3 and 4 Dell Networking series switches support both IPv4 and IPv6 ACLs What Are MAC ACLs MAC ACLs are Layer 2 ACLs ...

Page 585: ...rs and ranges IP TCP UDP packets only Destination layer 4 port with eq ne gt and lt operators and ranges IP TCP UDP packets only What Is the ACL Redirect Function The redirect function allows traffic that matches a permit rule to be redirected to a specific physical port or LAG instead of processed on the original port A packet that is redirected does not go through the normal forwarding process I...

Page 586: ...he time based ACL feature allows the switch to dynamically apply an explicit ACL rule within an ACL for a predefined time interval by specifying a time range on a per rule basis within an ACL so that the time restrictions are imposed on the ACL rule With a time based ACL you can define when and for how long an individual rule of an ACL is in effect To apply a time to an ACL first you define a spec...

Page 587: ...ssing diverting to a different port etc The egress matching engine processes packets after they are switched and queued for egress and supports policies such as rewriting the DSCP or CoS values as well as the normal permit forward and deny drop actions ACLs operate by matching on specific fields within packets Various match conditions operators are supported e g equal less than not equal etc along...

Page 588: ...ch conditions can reduce the maximum number of ACLs that can be configured to fewer than the published limits As an example the smallest IPv6 QoS match will take 6 slices from the switch The N4000 switches support the following hardware limits 2047 ingress rules and 1023 egress rules for a total of 3072 rules The hardware has 10 ingress slices and 4 egress slices with 4 ingress slices having a dep...

Page 589: ... be disassociated from the interface and then re associated Rules that are unable to be logged are still active in the ACL for purposes of permitting or denying a matching packet If console logging is enabled and the severity is set to a numerically lower severity than the console severity setting a log entry may appear on the screen Table 20 1 ACL Software Limits Limitation N2000 N3000 N4000 Maxi...

Page 590: ...Ls for either IPv4 or IPv6 ACLs The fragments and routing keywords are not supported for egress IPv6 ACLs The fragments keywords is not supported on IPv4 egress ACLs On the N4000 switches the IPv6 ACL routing keyword is not supported when any IPv6 address is specified The routing keyword is not support for IPv4 ACLs On the N4000 switches the IPv6 ACL fragment keyword matches only on the first two ...

Page 591: ...ccess list on the switch and then paste the updated access list back into the switch console Preventing False ACL Matches Be sure to specify ACL access list permit and deny rule criteria as fully as possible to avoid false matches This is especially important in networks with protocols that have different frame or EtherType values For example L3 ACL rules that specify a TCP or UDP port value shoul...

Page 592: ...s numbers Figure 20 3 lists commonly used IP protocol numbers Table 20 2 Common EtherType Numbers EtherType Protocol 0x0800 Internet Protocol version 4 IPv4 0x0806 Address Resolution Protocol ARP 0x0842 Wake on LAN Packet 0x8035 Reverse Address Resolution Protocol RARP 0x8100 VLAN tagged frame IEEE 802 1Q 0x86DD Internet Protocol version 6 IPv6 0x8808 MAC Control 0x8809 Slow Protocols IEEE 802 3 0...

Page 593: ... a wildcard or don t care value i e the access bits are not compared and match any possible value For example an IP address of 3 3 3 3 with a mask of 0 0 0 0 indicates that the ACL matches on all four bytes of the IP address Likewise a MAC address of 68 94 23 AD F3 18 with a mask of 00 00 00 00 00 ff indicates that the first five bytes must match e g 68 94 23 AD F3 and the last byte may take on an...

Page 594: ...s Enabling the feature causes the router to analyze packets entering the interface using a route map A VLAN can only have one associated route map but the administrator can configure multiple route map entries in the route map with different sequence numbers Packets entering the interface are filtered by a user selected ACL Packets that are allowed by the ACL are evaluated in order of increasing s...

Page 595: ...p priority IP access list match ip address Source or destination IP address Source or destination TCP UDP port L3 packet length in the IP header match length The Policy Based Routing feature overrides the normal routing decisions taken by the router and attempts to route the packet using the criteria in the set clause List of next hop IP addresses The set ip next hop command checks for the next ho...

Page 596: ...use Required Route map deny permit statements without set clauses are ignored No Implicit deny all Rule When an access group is applied to an interface an implicit rule of deny all is applied after the last access group on the interface When match rules in an ACL associated with a permit route map are successful the packets are considered as candidates to be routed according to the set clauses spe...

Page 597: ... multiple ACLs are applied on a single VLAN The sequence number or priority indicates the order in which ACLs and corresponding rules associated with ACLs are applied When an ACL is used in a route map s match clause it is applied to hardware with the same priority as if it were an independent ACL but with the exception of the implicit deny all rule A route map may have multiple statements with di...

Page 598: ...oute map utilize the hardware entries of the corresponding ACL This sharing does not consume additional hardware resources as DNOS supports multiple actions in an ACL rule However if conflicting actions are specified an error is thrown Locally Generated Packets Policy Based Routing does not affect locally generated packets i e packets generated by protocols running on the switch Route Map Changes ...

Page 599: ...ields on a page click at the top of the page IP ACL Configuration Use the IP ACL Configuration page to add or remove IP based ACLs To display the IP ACL Configuration page click Switching Network Security Access Control Lists IP Access Control Lists Configuration in the navigation panel Figure 20 1 IP ACL Configuration Adding an IPv4 ACL To add an IPv4 ACL 1 Open the IP ACL Configuration page 2 Cl...

Page 600: ...ng IPv4 ACLs To delete an IPv4 ACL 1 From the IP ACL Name menu on the IP ACL Configuration page select the ACL to remove 2 Select the Remove checkbox 3 Click Apply Viewing IPv4 ACLs To view configured ACLs click Show All from the IP ACL Configuration page Figure 20 3 View IPv4 ACLs ...

Page 601: ... particular queue filter on some traffic change VLAN tag shut down a port and or redirect the traffic to a particular port To display the IP ACL Rule Configuration page click Switching Network Security Access Control Lists IP Access Control Lists Rule Configuration in the navigation panel NOTE There is an implicit deny all rule at the end of an ACL list This means that if an ACL is applied to a pa...

Page 602: ...gure 20 4 IP ACL Rule Configuration Removing an IP ACL Rule To delete an IP ACL rule 1 From the Rule ID menu select the ID of the rule to delete 2 Select the Remove option near the bottom of the page 3 Click Apply to remove the selected rule ...

Page 603: ...Configuration page click Switching Network Security Access Control Lists MAC Access Control Lists Configuration in the navigation panel Figure 20 5 MAC ACL Configuration Adding a MAC ACL To add a MAC ACL 1 Open the MAC ACL Configuration page 2 Click Add to display the Add MAC ACL page 3 Specify an ACL name Figure 20 6 Add MAC ACL 4 Click Apply ...

Page 604: ...e menu on the MAC ACL Configuration page select the ACL to rename or remove 2 To rename the ACL select the Rename checkbox and enter a new name in the associated field 3 To remove the ACL select the Remove checkbox 4 Click Apply Viewing MAC ACLs To view configured ACLs click Show All from the MAC ACL Configuration page ...

Page 605: ...A default deny all rule is the last rule of every list To display the MAC ACL Rule Configuration page click Switching Network Security Access Control Lists MAC Access Control Lists Rule Configuration in the navigation panel Figure 20 7 MAC ACL Rule Configuration Removing a MAC ACL Rule To delete a MAC ACL rule 1 From the Rule ID menu select the ID of the rule to delete 2 Select the Remove option n...

Page 606: ...uration page click Switching Network Security Access Control Lists IPv6 Access Control Lists IPv6 ACL Configuration in the navigation panel Figure 20 8 IPv6 ACL Configuration Adding an IPv6 ACL To add an IPv6 ACL 1 Open the IPv6 ACL Configuration page 2 Click Add to display the Add IPv6 ACL page 3 Specify an ACL name Figure 20 9 Add IPv6 ACL 4 Click Apply ...

Page 607: ...er traffic matching the criteria is forwarded normally or discarded Additionally you can specify to assign traffic to a particular queue filter on some traffic change VLAN tag shut down a port and or redirect the traffic to a particular port By default no specific value is in effect for any of the IPv6 ACL rules There is an implicit deny all rule at the end of an ACL list This means that if an ACL...

Page 608: ... 20 10 IPv6 ACL Rule Configuration Removing an IPv6 ACL Rule To delete an IPv6 ACL rule 1 From the Rule ID menu select the ID of the rule to delete 2 Select the Remove option near the bottom of the page 3 Click Apply to remove the selected rule ...

Page 609: ... and Interfaces From the web interface you can configure the ACL rule in the ingress or egress direction so that the ACLs implement security rules for packets entering or exiting the port You can apply ACLs to any physical including 10 Gb interface LAG or routing port To display the ACL Binding Configuration page click Switching Network Security Access Control Lists Binding Configuration in the na...

Page 610: ...range has been added Otherwise the page indicates that no time ranges are configured and the time range configuration fields are not displayed Figure 20 12 Time Range Configuration NOTE A time range parameter in an ACL that is referred to by a route map statement is active only during the time range specified When the ACL is not active outside the time range the route map simply treats the ACL as ...

Page 611: ...e field select the name of the time range to configure 6 Specify an ID for the time range You can configure up to 10 different time range entries to include in the named range However only one absolute time entry is allowed per time range 7 Configure the values for the time range entry 8 Click Apply 9 To add additional entries to the named time range repeat step 5 through step 8 ...

Page 612: ... the following commands to create an IPv4 ACL configure rules for the ACL and bind the ACL to an interface NOTE The ip access group command can be issued in Global Configuration mode or Interface configuration mode If it is applied in Global Configuration mode the ACL binding is applied to all interfaces If it is applied in Interface Configuration mode it is applied only to the specified interface...

Page 613: ...otocol don t care srcip srcmask any host srcip Specifies a source IP address and netmask to match for the IP ACL rule Specifying any implies specifying srcip as 0 0 0 0 and srcmask as 255 255 255 255 for IPv4 Specifying host A B C D implies srcip as A B C D and srcmask as 0 0 0 0 eq neq lt gt portkey number range startport endport Specifies the layer 4 destination port match condition for the IP A...

Page 614: ...r 1 to 65535 When neq is specified IP ACL rule matches only if the layer 4 destination port number is not equal to the specified port number or portkey IPv4 TCP port names bgp domain echo ftp ftp data http smtp telnet www pop2 pop3 IPv4 UDP port names domain echo ntp rip snmp tftp time who dstip dstmask any host dstip Specifies a destination IP address and netmask for match condition of the IP ACL...

Page 615: ...ly if protocol is tcp icmp type icmp type icmp code icmp code icmp message icmp message Specifies a match condition for ICMP packets When icmp type is specified IP ACL rule matches on the specified ICMP message type a number from 0 to 255 When icmp code is specified IP ACL rule matches on the specified ICMP message code a number from 0 to 255 Specifying icmp message implies both icmp type and icmp...

Page 616: ...e is applied to an interface or bound to a VLAN then the ACL rule is applied immediately If a time range with specified name exists and the ACL containing this ACL rule is applied to an interface or bound to a VLAN then the ACL rule is applied when the time range with specified name becomes active The ACL rule is removed when the time range with specified name becomes inactive assign queue queue i...

Page 617: ... Bind the specified ACL to an interface NOTE To apply this ACL to all interfaces issue the command in Global Configuration mode name Access list name Range Valid IP access list name up to 31 characters in length direction Direction of the ACL Range In or out Default is in seqnum Precedence for this interface and direction A lower sequence number has higher precedence Range 1 4294967295 Default is1...

Page 618: ...interface Specify the rules match conditions for the MAC access list srcmac Valid source MAC address in format xxxx xxxx xxxx srcmacmask Valid MAC address bitmask for the source MAC address in format xxxx xxxx xxxx any Packets sent to or received from any MAC address dstmac Valid destination MAC address in format xxxx xxxx xxxx destmacmask Valid MAC address bitmask for the destination MAC address ...

Page 619: ...ddress and netmask for match condition of the IP ACL rule For IPv6 ACLs any implies 0 128 prefix and a mask of all ones Specifying host implies prefix length as 128 and a mask of 0 128 precedence precedence tos tos tosmask dscp dscp Specifies the TOS for an IP TCP UDP ACL rule depending on a match of precedence or DSCP values using the parameters dscp precedence or tos tosmask flag fin fin syn syn...

Page 620: ...fied ICMP message is decoded into corresponding ICMP type and ICMP code within that ICMP type This option is visible only if the protocol is icmpv6 ICMPv6 message types destination unreachable echo reply echo request header hop limit mld query mld reduction mld report nd na nd ns next header no admin no route packet too big port unreachable router solicitation router advertisement router renumberi...

Page 621: ... time range with specified name becomes inactive assign queue queue id Specifies the assign queue which is the queue identifier to which packets matching this rule are assigned mirror redirect unit slot port Specifies the mirror or redirect interface which is the unit slot port to which packets matching this rule are copied or forwarded respectively rate limit rate burst size Specifies the allowed...

Page 622: ...name up to 31 characters in length direction Direction of the ACL Range In or out Default is in seqnum Precedence for this interface and direction A lower sequence number has higher precedence Range 1 4294967295 Default is1 CTRL Z Exit to Privileged EXEC mode show mac access lists name Display all MAC access lists and all of the rules that are defined for the MAC ACL Use the optional name paramete...

Page 623: ...6 ACL configure rules for the ACL and bind the ACL to an interface Command Purpose configure Enter global configuration mode ipv6 traffic filter name Create an extended IPv6 ACL This command also enters IPv6 Access List Configuration mode If an IPv6 ACL with this name already exists this command enters the mode to update the existing ACL ...

Page 624: ...plies a prefix length as 128 and a mask of 0 128 range portkey startport portkey endport eq neq lt gt portkey 0 65535 Specifies the layer 4 destination port match condition for the IP TCp UDP ACL rule A destination port number which ranges from 0 65535 can be entered or a portkey which can be one of the following keywords bgp domain echo ftp ftp data http ntp pop2 pop3 rip smtp snmp telnet tftp te...

Page 625: ...ching this rule to be forwarded to the specified interface interface interface Optional Enter interface configuration mode for the specified interface The interface variable includes the interface type and number for example tengigabitethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range tengigabitethernet 1 0 8 12 configures interfa...

Page 626: ...ure Enter global configuration mode time range name Create a named time range and enter the Time Range Configuration mode for the range absolute start time date end time date Configure a nonrecurring time entry for the named time range start time date Time and date the ACL rule starts going into effect The time is expressed in a 24 hour clock in the form of hours minutes For example 8 00 is 8 00 a...

Page 627: ...ay or combinations of days Monday Tuesday Wednesday Thursday Friday Saturday Sunday Other possible values are daily Monday through Sunday weekdays Monday through Friday weekend Saturday and Sunday time Time the ACL rule starts going into effect first occurrence or ends second occurrence The time is expressed in a 24 hour clock in the form of hours minutes CTRL Z Exit to Privileged EXEC mode show t...

Page 628: ...e current or subsequent access lists and allow all packets not previously denied by a prior rule Inbound rule to drop all packets As the last rule in a list this rule is redundant as an implicit deny every is added after the end of the last access group configured on an interface deny every Administrators should be cautious when using the deny every rule in an access list especially when using mul...

Page 629: ...numerically so that the switch administrator through the use of ACLs can override the default switch behavior Some of the system rules are installed when the administrator enables specific protocols other rules are always present and may have their behaviors altered by enabling or disabling protocols For example spanning tree BPDUs LLDP packets and IEEE 802 1X packets are never forwarded by the sw...

Page 630: ...0 2 mac access group Allow ARP in 10 ip access group Allow 192 168 0 x in 20 exit Consider the following inbound rules that allow Telnet connections and UDP traffic from the 192 168 0 x network to host 10 1 1 23 ip access list Host10 1 1 23 Permit Telnet traffic from 192 168 0 X network to host 10 1 1 23 permit tcp 192 168 0 0 0 0 0 255 host 10 1 1 23 eq telnet Permit TCP traffic from 192 168 0 X ...

Page 631: ...0 0 0 0 0 255 host 10 1 1 23 eq telnet Permit UDP traffic from 192 168 0 X network to host 10 1 1 23 permit udp 192 168 0 0 0 0 0 255 host 10 1 1 23 The range operator is inclusive of the specified port parameters ACLs support TCP flags If multiple flags are set flag in a single rule only packets with the all the same flags asserted are matched logical AND Likewise if multiple flags are cleared fl...

Page 632: ... 255 host 10 1 1 23 ip access list Host10 1 1 23 Permit Telnet traffic from 192 168 0 X network to host 10 1 1 23 permit tcp 192 168 0 0 0 0 0 255 host 10 1 1 23 eq telnet Permit UDP traffic from 192 168 0 X network to host 10 1 1 23 permit udp 192 168 0 0 0 0 0 255 host 10 1 1 23 ip access list Host10 1 1 23 Permit Telnet traffic from 192 168 0 X network to host 10 1 1 23 permit tcp 192 168 0 0 0...

Page 633: ...onfigures an ACL that denies HTTP traffic from 8 00 pm to 12 00 pm and 1 00 pm to 6 00 pm on weekdays and from 8 30 am to 12 30 pm on weekends The ACL affects all hosts connected to ports that are members of VLAN 100 The ACL permits VLAN 100 members to browse the Internet only during lunch and after hours To configure the switch 1 Create a time range called work hours console config console config...

Page 634: ...t in console config if vlan100 exit console config exit 7 Verify the configuration console config show ip access lists web limit IP ACL Name web limit Rule Number 1 Action deny Match All FALSE Protocol 6 tcp Source IP Address any Destination IP Address any Destination Layer 4 Operator Equal To Destination L4 Port Keyword 80 www http Rule Number 2 Action permit Match All TRUE Denying FTP Traffic Th...

Page 635: ... allow ICMP from remote hosts so that the FTP server can receive ICMP feedback from clients utilizing the FTP service A better implementation would narrow the scope of the ICMP to eliminate ICMP messages not required for the FTP service e g echo echo reply redirect timestamp etc ip access list allow ftp server permit tcp any host 172 16 0 5 eq ftp data flag established permit tcp any host 172 16 0...

Page 636: ...internet in exit Assign Packets to a CoS Queue Assign a range of source or destination TCP ports to CoS queue 3 to provide elevated service Two rules are necessary to handle packets that have source or destination ports outside the range ip access list elevated cos permit tcp any range 49152 65535 any assign queue 3 permit tcp any any range 49152 65535 assign queue 3 permit every exit ip access gr...

Page 637: ...trol police simple 9216 128 conform action transmit violate action drop exit exit interface te1 0 1 service policy in rate limit policy exit Rate limit WWW traffic ACL This example creates an ACL to rate limit WWW traffic ingressing the switch on te1 0 1 Initial and established values require tuning for local traffic patterns and link speeds Note that this ACL applies to traffic sent to the switch...

Page 638: ...does not affect packets that are routed in software due to L3 table lookup failures nor does it affect packets sent to the CPU via the system rules as they are applied on ingress The established connection rate limit parameters are 1024 Kbits second and a burst of 128 Kbytes The non established rate limits are 12 Kbytes second with a 2 Kbyte burst ip access list rate limit inband mgmt permit tcp a...

Page 639: ...y eq 22 flag established rate limit 1024 128 deny tcp any any eq telnet permit tcp any any eq 22 rate limit 12 2 Rate limit TCP opens permit tcp any any flag syn rate limit 8 2 Rate limit TCP closes permit tcp any any flag fin rate limit 8 2 Block TCP UDP IP frag attacks deny ip any any fragments Limit SNMP should set source address to management stations Must be tuned for SNMP walks May need to a...

Page 640: ...cess list mgmt blocks permit vlan 99 service ssh permit vlan 99 service tftp deny vlan 99 permit service any exit Create an in band Management VLAN 99 assign it to two ports gi1 0 47 and gi1 0 48 and add both ACLs and Management ACLs to ALL ports in global config mode vlan 99 exit interface vlan 99 ip address dhcp exit interface gi1 0 47 48 switchport access vlan 99 exit management access class mg...

Page 641: ...s exit route map redirect vlan12 permit 32 match ip address subnet 172 16 subnet 192 168 subnet 10 0 set ip next hop 12 1 13 1 set ip next hop 12 1 14 1 exit Complete Example of Policy Based Routing on VLAN Routing Interfaces In this example an L3 router with four VLAN routing interfaces VLAN 10 VLAN 20 VLAN 30 and VLAN 40 is configured Each of these interfaces is connected to L2 switches Traffic ...

Page 642: ...rt trunk native vlan 10 exit interface gi 1 0 4 switchport mode trunk swithport trunk allowed vlan remove 1 switchport trunk native vlan 20 exit interface gi1 0 22 switchport mode trunk switch trunk allowed vlan remove 1 switch trunk native vlan 30 exit Layer 3 Switch L2 Switch L2 Switch VLAN 10 VLAN 20 L2 Switch VLAN 30 L2 Switch VLAN 40 Physical Port 1 0 2 VLAN Interface 10 1 1 1 1 24 Physical P...

Page 643: ...this configuration traffic from host 1 1 1 2 to host 2 2 2 2 is routed from VLAN routing interface 10 to VLAN routing interface 20 using the directly connected subnets as they appear in the routing table Configure Policy Routing To policy route such traffic to VLAN routing interface 30 the following additional steps should be performed 1 Create an access list matching all incoming IP traffic from ...

Page 644: ...10 interface vlan 10 ip policy route map Redirect_to_3_3_3_3 exit Traffic matching ACL Match ip 1_1_1_2 to 2_2_2_2 is now policy routed to VLAN interface 30 when an interface in VLAN 30 is connected via policy Redirect_to_3_3_3_3 Counters are incremented in the show route map command indicating that traffic is being policy routed console config show route map Redirect_to_3_3_3_3 route map Redirect...

Page 645: ...broadcast domains can result in network congestion and end users might complain that the network is slow In addition to latency large broadcast domains are a greater security risk since all hosts receive all broadcasts Virtual Local Area Networks VLANs allow you to divide a broadcast domain into smaller logical networks Like a bridge a VLAN switch forwards traffic based on the Layer 2 header which...

Page 646: ...port a configurable VLAN ID range of 1 4093 A VLAN with VLAN ID 1 is configured on the switch by default VLAN 1 is named default which cannot be changed However you can associate names with any other VLANs that you create In a tagged frame the VLAN is identified by the VLAN ID in the tag In an untagged frame the VLAN identifier is the Port VLAN ID PVID specified for the port that received the fram...

Page 647: ...AN configured for the port The VLAN membership for this network is port based or static Dell Networking series switches also support VLAN assignment based on any of the following criteria MAC address of the end station IP subnet of the end station Protocol of the packet transmitted by the end station Payroll VLAN 300 Engineering VLAN 100 Tech Pubs VLAN 200 Router Switch ...

Page 648: ...ive both tagged and untagged packets Tagged packets received on a trunk port are forwarded on the VLAN contained in the tag if the trunk port is a member of the VLAN Untagged packets received on a Table 21 1 VLAN Assignment VLAN Assignment Description Port based Static This is the most common way to assign hosts to VLANs The port where the traffic enters the switch determines the VLAN membership I...

Page 649: ...tagged frames are forwarded The port decides whether to forward or drop the frame when the port receives the frame VLAN Tagging Dell Networking series switches support IEEE 802 1Q tagging Ethernet frames on a tagged VLAN have a 4 byte VLAN tag in the header VLAN tagging is required when a VLAN spans multiple switches which is why trunk ports transmit and receive only tagged frames Table 21 2 Switc...

Page 650: ... a trunk port to accept frames only for a single VLAN both the native VLAN and the tagged VLAN membership settings must be configured If the native VLAN for a trunk port is deleted the trunk port drops untagged packets Access ports accept untagged traffic and traffic tagged with the access port PVID Untagged ingress traffic is considered to belong to the VLAN identified by the PVID If the PVID for...

Page 651: ...r required to divide the 4 byte VLAN ID space to send traffic on a Ethernet based MAN In short every frame that is transmitted from an interface has a double VLAN tag attached while every packet that is received from an interface has a tag removed if one or more tags are present In Figure 21 2 two customers share the same metro core The service provider assigns each customer a unique ID so that th...

Page 652: ...ssion rate is vital The priority level enables the separation of voice and data traffic coming onto the port A primary benefit of using Voice VLAN is to ensure that the sound quality of an IP phone is safeguarded from deteriorating when the data traffic on the port is high The switch uses the source MAC address of the traffic traveling through the port to identify the IP phone data flow The Voice ...

Page 653: ...ormation all traffic is tagged with the VLAN ID of the Voice VLAN The phone is considered to be authorized to send traffic but not necessarily authenticated Segregating Traffic with the Voice VLAN You can configure the switch to support Voice VLAN on a port that is connecting the VoIP phone Both of the following methods segregate the voice traffic and the data traffic in order to provide better se...

Page 654: ...he Voice VLAN port does not deteriorate the voice traffic Voice VLAN and LLDP MED The interactions with LLDP MED are important for Voice VLAN LLDP MED notifies the Voice VLAN component of the presence and absence of a VoIP phone on the network The Voice VLAN component interacts with LLDP MED for applying VLAN ID priority and tag information to the VoIP phone traffic Private VLANs Private VLANs par...

Page 655: ...secondary VLAN is an isolated VLAN Private VLANs may be configured across a stack and on physical and port channel interfaces Private VLAN Usage Scenarios Private VLANs are typically implemented in a DMZ for security reasons Servers in a DMZ are generally not allowed to communicate with each other but they must communicate to a router through which they are connected to the users Such servers are ...

Page 656: ... connected to a promiscuous port is allowed to communicate with any endpoint within the private VLAN Multiple promiscuous ports can be defined for a single private VLAN domain In the configuration shown in Figure 21 3 the port connected from SW1 to R1 TE1 1 1 is configured as a promiscuous port It is possible to configure a port channel as a promiscuous port in order to provide a level of redundan...

Page 657: ...able private VLAN operation across multiple switches that are not stacked trunk ports must be configured between the switches to transport the private VLANs The trunk ports must be configured with the promiscuous isolated and community VLANs Trunk ports must also be configured on all devices separating the switches In regular VLANs ports in the same VLAN switch traffic at L2 However for a private ...

Page 658: ...N A N A N A isolated N A N A N A N A N A stack trunk allow allow allow allow allow To From promiscuous community 1 community 2 isolated stack trunk promiscuous N A N A N A N A N A community 1 allow allow deny deny allow community 2 N A N A N A N A N A isolated N A N A N A N A N A stack trunk allow allow deny deny allow To From promiscuous community 1 community 2 isolated stack trunk promiscuous N ...

Page 659: ...LAN GVRP MVRP cannot be enabled after the private VLAN is configured The administrator will need to disable both before configuring the private VLAN DHCP snooping can be configured on the primary VLAN If it is enabled for a secondary VLAN the configuration does not take effect if a primary VLAN is already configured If IP source guard is enabled on private VLAN ports then DHCP snooping must be ena...

Page 660: ...rivate VLAN traffic Private VLAN Configuration Example See Configuring a Private VLAN on page 711 Additional VLAN Features The Dell Networking series switches also support the following VLANs and VLAN related features VLAN routing interfaces See Configuring Routing Interfaces on page 1021 Guest VLAN See Configuring Port and System Security on page 503 ...

Page 661: ...e all broadcast and multicast traffic received on any port When you create a new VLAN all trunk ports are members of the VLAN by default The configurable VLAN range is 2 4093 VLANs 4094 and 4095 are reserved for internal system use Ports in trunk and access mode have the default behavior shown in Table 21 2 and cannot be configured with different tagging or ingress filtering values When you add a ...

Page 662: ...ess Double VLAN tagging Disabled If double VLAN tagging is enabled the default EtherType value is 802 1Q Maximum number of configurable MAC to VLAN bindings 128 Maximum number of configurable IP Subnet to VLAN bindings 64 GVRP Disabled If GVRP is enabled the default per port parameters are GVRP State Disabled Dynamic VLAN Creation Enabled GVRP Registration Enabled Number of dynamic VLANs that can ...

Page 663: ...her dynamically through GVRP or when the Static row is changed and Apply is clicked There are two tables on the page Ports Displays and assigns VLAN membership to ports To assign membership click in Static for a specific port Each click toggles between U T and blank See Table 21 8 for definitions LAGs Displays and assigns VLAN membership to LAGs To assign membership click in Static for a specific ...

Page 664: ...e 21 4 VLAN Membership Adding a VLAN To create a VLAN 1 Open the VLAN Membership page 2 Click Add to display the Add VLAN page 3 Specify a VLAN ID and a VLAN name Blank Blank the interface is not a VLAN member Packets in this VLAN are not forwarded on this interface Table 21 8 VLAN Port Membership Definitions Port Control Definition ...

Page 665: ...orts to a VLAN 1 Open the VLAN Membership page 2 From the Show VLAN menu select the VLAN to which you want to assign ports 3 In the Static row of the VLAN Membership table click the blank field to assign the port as an untagged member Figure 21 6 shows 10 Gigabit Ethernet ports 8 10 being added to VLAN 300 ...

Page 666: ...666 Configuring VLANs Figure 21 6 Add Ports to VLAN 4 Click Apply 5 Verify that the ports have been added to the VLAN ...

Page 667: ...Configuring VLANs 667 In Figure 21 7 the presence of the letter U in the Current row indicates that the port is an untagged member of the VLAN Figure 21 7 Add Ports to VLAN ...

Page 668: ... in the navigation panel Figure 21 8 VLAN Port Settings From the Port Settings page click Show All to see the current VLAN settings for all ports You can change the settings for one or more ports by clicking the Edit option for a port and selecting or entering new values NOTE You can add ports to a VLAN through the table on the VLAN Membership page or through the PVID field on the Port Settings pa...

Page 669: ...ll Ports VLAN LAG Settings Use the VLAN LAG Settings page to map a LAG to a VLAN and to configure specific VLAN settings for the LAG To display the LAG Settings page click Switching VLAN LAG Settings in the navigation panel Figure 21 10 VLAN LAG Settings ...

Page 670: ... LAG Settings page click Show All to see the current VLAN settings for all LAGs You can change the settings for one or more LAGs by clicking the Edit option for a port and selecting or entering new values Figure 21 11 VLAN LAG Table ...

Page 671: ... ports of the switch The MAC to VLAN table supports up to 128 entries To display the Bind MAC to VLAN page click Switching VLAN Bind MAC to VLAN in the navigation panel Figure 21 12 Bind MAC to VLAN From the Bind MAC to VLAN page click Show All to see the MAC addresses that are mapped to VLANs From this page you can change the settings for one or more entries or remove an entry Figure 21 13 MAC VL...

Page 672: ...p to 64 entries configured in this table To display the Bind IP Subnet to VLAN page click Switching VLAN Bind IP Subnet to VLAN in the navigation panel Figure 21 14 Bind IP Subnet to VLAN From the Bind IP Subnet to VLAN page click Show All to see the IP subnets that are mapped to VLANs From this page you can change the settings for one or more entries or remove an entry Figure 21 15 Subnet VLAN Bi...

Page 673: ...LAN GVRP Parameters in the navigation panel Figure 21 16 GVRP Parameters From the GVRP Parameters page click Show All to see the GVRP configuration for all ports From this page you can change the settings for one or more entries NOTE Per port and per LAG GVRP Statistics are available from the Statistics RMON page For more information see Monitoring Switch Traffic on page 407 ...

Page 674: ...674 Configuring VLANs Figure 21 17 GVRP Port Parameters Table ...

Page 675: ...hich VLANs and then enable certain ports to use these settings Protocol based VLANs are most often used in situations where network segments contain hosts running multiple protocols To display the Protocol Group page click Switching VLAN Protocol Group in the navigation panel Figure 21 18 Protocol Group ...

Page 676: ...pply 5 Click Protocol Group to return to the main Protocol Group page 6 From the Group ID field select the group to configure 7 In the Protocol Settings table select the protocol and interfaces to associate with the protocol based VLAN In Figure 21 20 the Protocol Group 1 named IPX is associated with the IPX protocol and ports 14 16 Ports 20 22 are selected in Available Ports list After clicking t...

Page 677: ...Configuring VLANs 677 Figure 21 20 Configure Protocol Group 8 Click Apply 9 Click Show All to see the protocol based VLANs and their members Figure 21 21 Protocol Group Table ...

Page 678: ...ration page to specify the value of the EtherType field in the first EtherType tag pair of the double tagged frame To display the Double VLAN Global Configuration page click Switching VLAN Double VLAN Global Configuration in the navigation panel Figure 21 22 Double VLAN Global Configuration ...

Page 679: ... EtherType tag pair of the double tagged frame To display the Double VLAN Interface Configuration page click Switching VLAN Double VLAN Interface Configuration in the navigation panel Figure 21 23 Double VLAN Interface Configuration To view a summary of the double VLAN configuration for all interfaces and to edit settings for one or more interfaces click Show All ...

Page 680: ...680 Configuring VLANs Figure 21 24 Double VLAN Port Parameter Table ...

Page 681: ...lay the page click Switching VLAN Voice VLAN Configuration in the navigation panel Figure 21 25 Voice VLAN Configuration NOTE IEEE 802 1X must be enabled on the switch before you disable voice VLAN authentication Voice VLAN authentication can be disabled in order to allow VoIP phones that do not support authentication to send and receive unauthenticated traffic on the Voice VLAN ...

Page 682: ... can only be a member of one VLAN and will accept tagged packets with the access VLAN ID or untagged Command Purpose configure Enter global configuration mode vlan vlan id vlan range Create a new VLAN or a range of VLANs and enter the interface configuration mode for the specified VLAN or VLAN range vlan id A valid VLAN IDs Range 2 4093 vlan range A list of valid VLAN IDs to be added List separate...

Page 683: ...is Command Purpose configure Enter global configuration mode interface interface Enter interface configuration mode for the specified interface The interface variable includes the interface type and number for example tengigabitethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range tengigabitethernet 1 0 8 12 configures interfaces 8 9...

Page 684: ...de interface interface Enter interface configuration mode for the specified interface The interface variable includes the interface type and number for example tengigabitethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range tengigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 switchport mode trunk Configure the interfac...

Page 685: ... the list to be set at the same time add Adds the list of VLANs to the allowed set remove Removes the list of VLANs from the allowed set Removing the native VLAN from a trunk port forces the port to allow tagged packets only except Allows all VLANs other than those in the list vlan atom Either a single VLAN number from 1 to 4093 or a continuous range of VLANs described by two VLAN numbers the less...

Page 686: ...rface range tengigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 switchport mode general Configure the interface as a tagged and an untagged layer 2 VLAN interface switchport general allowed vlan add remove vlan list tagged untagged Configure the VLAN membership for the port You can also use this command to change the egress tagging for packets without changing the VLAN assignment ad...

Page 687: ...l acceptable frame type tagged only Optional Specifies that the port will only accept tagged frames Untagged frames are dropped at ingress switchport general ingress filtering disable Optional Turn off ingress filtering so that all received tagged frames are forwarded whether or not the port is a member of the VLAN in the tag CTRL Z Exit to Privileged EXEC mode show interfaces switchport interface...

Page 688: ...rt mode Command Purpose configure Enter global configuration mode interface port channel channel id Enter interface configuration mode for the specified interface channel id Specific port channel Range 1 48 You can also specify a range of LAGs with the interface range port channel command for example interface range port channel 4 8 switchport mode access general trunk Configure the interface as a...

Page 689: ...cept those configured as uplink ports Access ports must be configured with the uplink ports native VLAN as their PVID Command Purpose configure Enter global configuration mode vlan 100 Configure the DVLAN outer VLAN exit Exit VLAN configuration mode interface interface Enter interface configuration mode for the specified interface The interface variable includes the interface type and number for e...

Page 690: ...35 primary tpid Configure the primary outer TPID If this parameter is not present the inner TPID is configured Only a single outer TPID may be configured for a switch The inner VLAN TPID can be configured on all interfaces or on individual interfaces CTRL Z Exit to Privileged EXEC mode show dvlan tunnel Display all interfaces enabled for Double VLAN Tunneling show dvlan tunnel interface interface ...

Page 691: ...nd Purpose configure Enter global configuration mode vlan 10 Enter VLAN 10 configuration mode vlan association mac mac address Associate a MAC address with a VLAN mac address MAC address to associate Range Any MAC address in the format xxxx xxxx xxxx or xx xx xx xx xx xx CTRL Z Exit to Privileged EXEC mode show vlan association mac mac address Display the VLAN associated with a specific configured...

Page 692: ... vlan 10 Enter VLAN 10 configuration mode vlan association subnet ip address subnet mask vlanid Associate an IP subnet with a VLAN ip address Source IP address Range Any valid IP address subnet mask Subnet mask Range Any valid subnet mask vlanid VLAN to associated with subnet Range 1 4093 CTRL Z Exit to Privileged EXEC mode show vlan association subnet ip address ip mask Display the VLAN associate...

Page 693: ...ced VLAN is created prior to the creation of the protocol based group except when GVRP is expected to create the VLAN Command Purpose configure Enter global configuration mode vlan protocol group name Create a new protocol group exit Exit to Privileged EXEC mode show port protocol all Obtain the group ID for the newly configured group configure Enter global configuration mode vlan protocol group a...

Page 694: ... based VLAN group ID exit Exit to global configuration mode vlan 5 Enter VLAN 5 configuration mode protocol group groupid vlanid Attach a VLAN ID to the protocol based group identified by groupid A group may only be associated with one VLAN at a time However the VLAN association can be changed groupid The protocol based VLAN group ID which is automatically generated when you create a protocol base...

Page 695: ...nterface switchport general forbidden vlan add vlan list remove vlan list and switchport trunk allowed vlan add vlan list remove vlan list Optional Forbids dynamically adding the VLANs specified by the remove parameter to a port To revert to allowing the addition of specific VLANs to the port use the add parameter of this command add vlan list List of valid VLAN IDs to remove from the forbidden li...

Page 696: ...igured and defined vlan id Valid vlan ID Range is 2 4093 CTRL Z Exit to Privileged EXEC mode show gvrp configuration Display GVRP configuration information Timer values are displayed Other data shows whether GVRP is enabled and which ports are running GVRP show vlan Display the VLAN configuration including the VLAN configuration type and the associated ports Command Purpose ...

Page 697: ...1p priority none untagged data priority trust untrust auth enable disable dscp value Enable the voice vlan capability on the interface vlanid The voice VLAN ID priority The Dot1p priority for the voice VLAN on the port trust Trust the dot1p priority or DSCP values contained in packets arriving on the voice vlan port untrust Do not trust the dot1p priority or DSCP values contained in packets arrivi...

Page 698: ...n of RADIUS Assigned VLANs on page 534 Table 21 9 Example VLANs VLAN ID VLAN Name VLAN Type Purpose 100 Engineering Port based All employees in the Engineering department use this VLAN Confining this department s traffic to a single VLAN helps reduce the amount of traffic in the broadcast domain which increases bandwidth 200 Marketing Port based All employees in the Marketing department use this V...

Page 699: ...tiple ports and hosts The Payroll and File servers are connected to the switches through a LAG Some of the Marketing hosts connect to Switch 1 and some connect to Switch 2 The Engineering and Marketing departments share the same file server Because security is a concern for the Payroll VLAN the ports and LAG that are members of this VLAN will accept and transmit only traffic tagged with VLAN 400 T...

Page 700: ... LAG Function Switch 1 1 Connects to Switch 2 2 15 Host ports for Payroll 16 20 Host ports for Marketing LAG1 ports 21 24 Connects to Payroll server Switch 2 1 Connects to Switch 1 2 10 Host ports for Marketing 11 30 Host ports for Engineering LAG1 ports 35 39 Connects to file server LAG2 ports 40 44 Uplink to router ...

Page 701: ...necessary to create it on that switch To configure Switch 1 1 Create the Marketing Sales and Payroll VLANs a From the Switching VLAN VLAN Membership page click Add b In the VLAN ID field enter 200 c In the VLAN Name field enter Marketing d Click Apply Figure 21 27 Add VLANs e Repeat steps b d to create VLANs 300 Sales and 400 Payroll 2 Assign ports 16 20 to the Marketing VLAN a From the Switching ...

Page 702: ...ck the space for ports 2 15 and LAG 1 so the U untagged displays for each port and then click Apply 5 Configure LAG 1 to be in general mode and specify that the LAG will accept tagged or untagged frames but that untagged frames will be transmitted tagged with PVID 400 a From the Switching VLAN LAG Settings page make sure Po1 is selected b Configure the following settings Port VLAN Mode General PVI...

Page 703: ...ure port Gi1 0 1 is selected b From the Port VLAN Mode field select Trunk c Click Apply Figure 21 30 Trunk Port Configuration 7 From the Switching VLAN VLAN Membership page verify that port 1 is marked as a tagged member T for each VLAN Figure 21 31 shows VLAN 200 in which port 1 is a tagged member and ports 13 16 are untagged members ...

Page 704: ...field enter 300 which is the Sales VLAN ID d Click Apply Figure 21 32 Trunk Port Configuration e Repeat steps b d to add additional MAC address to VLAN information for the Sales department 9 To save the configuration so that it persists across a system reset use the following steps a Go to the System File Management Copy Files page b Select Copy Configuration and ensure that Running Config is the ...

Page 705: ...gh the uplink port For that reason Switch 2 must be aware of VLAN 400 so that traffic is not rejected by the trunk port 2 Configure LAG 1 as a general port so that it can be a member of multiple VLANs a From the Switching VLAN LAG Settings page make sure Po1 is selected b From the Port VLAN Mode field select General c Click Apply 3 Configure port 1 as a trunk port 4 Configure LAG2 as a trunk port ...

Page 706: ...re console config vlan 200 300 400 console config vlan 200 console config vlan200 name Marketing console config vlan200 exit console config vlan 300 console config vlan300 name Sales console config vlan300 exit console config vlan 400 console config vlan400 name Payroll console config vlan400 exit 2 Assign ports 16 20 to the Marketing VLAN console config interface range tengigabitEthernet 1 0 16 2...

Page 707: ...ose created after the trunk port has been created console config interface tengigabitEthernet 1 0 1 console config if Te1 0 1 switchport mode trunk console config if Te1 0 1 exit 6 Configure the MAC based VLAN information The following commands show how to associate a system with a MAC address of 00 1C 23 55 E9 8B with VLAN 300 Repeat the vlan association mac command to associate additional MAC ad...

Page 708: ...bled Acceptable Frame Type VLAN Only Default Priority 0 GVRP status Disabled Protected Disabled Port Te1 0 1 is member in VLAN Name Egress rule Type 200 Marketing Tagged Static 300 Sales Tagged Static 400 Payroll Tagged Static VLAN Name Ports Type Authorization 1 Default Po1 1248 Te1 0 2 15 Te1 0 21 24 Te1 1 1 2 Default Required 200 Marketing Te1 0 1 Te1 0 16 20 Static Required 300 Sales Te1 0 1 S...

Page 709: ...2 to reach the rest of the network and Internet through the uplink port For that reason Switch 2 must be aware of VLAN 400 so that traffic is not rejected by the trunk port 2 Configure ports 2 10 as access ports and add VLAN 200 to the ports 3 Configure ports 11 30 as access ports and add VLAN 100 to the ports 4 Configure LAG 1 as a general port so that it can be a member of multiple untagged VLAN...

Page 710: ...tem Security on page 503 To configure the switch 1 Create the voice VLAN console configure console config vlan 25 console config vlan25 exit 2 Enable the Voice VLAN feature on the switch console config voice vlan 3 Configure port 10 to be in general mode console config interface gi1 0 10 console config if Gi1 0 10 switchport mode general 4 Enable port based 802 1X authentication on the port This s...

Page 711: ... VLAN Authentication Disabled Configuring a Private VLAN 1 Configure the VLANs and their roles This example configures VLAN 100 as the primary VLAN secondary VLAN 101 as the community VLAN and secondary VLANs 102 and 103 as the isolated VLANs switch configure switch config vlan 100 switch config vlan 100 private vlan primary switch config vlan 100 exit switch config vlan 101 switch config vlan 101...

Page 712: ...n 100 101 console config if Gi1 0 11 interface gi1 0 12 console config if Gi1 0 12 switchport mode private vlan host console config if Gi1 0 12 switchport private vlan host association 100 101 5 Assign the isolated VLAN ports console config interface gi1 0 10 console config if Gi1 0 10 switchport mode private vlan host console config if Gi1 0 10 switchport private vlan host association 100 102 con...

Page 713: ...ate vlan Primary VLAN Secondary VLAN Community 100 102 101 console config show vlan VLAN Name Ports Type 1 default Po1 128 Default Te1 1 1 Gi1 0 1 10 Gi1 0 13 24 100 VLAN0100 Te1 1 1 Static Gi1 0 11 12 101 VLAN0101 Gi1 0 11 Static 102 VLAN0102 Gi1 0 12 Static ...

Page 714: ...714 Configuring VLANs ...

Page 715: ...without the risk of network loops STP uses the spanning tree algorithm to provide a single path between end stations on a network Dell Networking series switches support Classic STP Multiple STP and Rapid STP What Are Classic STP Multiple STP and Rapid STP Classic STP provides a single path between end stations avoiding and eliminating loops Multiple Spanning Tree Protocol MSTP supports multiple i...

Page 716: ...igurable priority number When two switches have an equal bridge ID value the switch with the lowest MAC address is the root bridge After the root bridge is elected each switch finds the lowest cost path to the root bridge The port that connects the switch to the lowest cost path is the root port on the switch The switches in the spanning tree also determine which ports have the lowest path cost fo...

Page 717: ...e 22 1 Small Bridged Network Assume that Switch A is elected to be the Root Bridge and Port 1 on Switch B and Switch C are calculated to be the root ports for those bridges Port 2 on Switch B and Switch C would be placed into the Blocking state This creates a loop free topology End stations in VLAN 10 can talk to other devices in VLAN 10 and end stations in VLAN 20 have a single path to communicat...

Page 718: ... Port 2 on Switch B and Switch C could be used these inefficiencies could be eliminated MSTP does just that by allowing the configuration of MSTIs based upon a VLAN or groups of VLANs In this simple case VLAN 10 could be associated with Multiple Spanning Tree Instance MSTI 1 with an active topology similar to Figure 22 2 and VLAN 20 could be associated with MSTI 2 where Port 1 on both Switch A and...

Page 719: ...Configuring the Spanning Tree Protocol 719 The logical representation of the MSTP environment for these three switches is shown in Figure 22 3 Figure 22 3 Logical MSTP Environment ...

Page 720: ...alternate paths through each Region Above Switch A is elected as both the MSTI 1 Regional Root and the CIST Regional Root Bridge and after adjusting the Bridge Priority on Switch C in MSTI 2 it would be elected as the MSTI 2 Regional Root To further illustrate the full connectivity in an MSTP active topology the following rules apply 1 Each Bridge or LAN is in only one Region 2 Every frame is asso...

Page 721: ...thout considering the VLAN membership of the ports This results in unexpected behavior if the active topology of an MSTI depends on a port that is not a member of the VLAN assigned to the MSTI and the port is selected as root port In this configuration port TE 1 0 11 is selected as the root port and ports TE1 0 12 and TE1 0 13 are blocked To resolve the issue set the port path cost of the directly...

Page 722: ...e connected to end devices such as a desktop computer printer or file server to transition to the forwarding state without going through the listening and learning states BPDU Filtering Ports that have the PortFast feature enabled continue to transmit BPDUs The BPDU filtering feature prevents PortFast enabled ports from sending BPDUs If BPDU filtering is configured globally on the switch the featu...

Page 723: ...ate port in the CIST etc Root guard is a per port not a per port instance command configuration so all the MSTP instances this port participates in should not be expected to take on a root role Loop Guard Loop guard protects a network from forwarding loops induced by BPDU packet loss The reasons for failing to receive packets are numerous including heavy traffic software problems incorrect configu...

Page 724: ...ree Per VLAN RSTP PV and Spanning Tree Per VLAN STP PV with a high degree of interoperability with other vendor implementations such as Cisco s PVST and RPVST RSTP PV is the IEEE 802 1w RSTP standard implemented per VLAN A single instance of rapid spanning tree RSTP runs on each configured VLAN Each RSTP instance on a VLAN has a root switch The RSTP PV protocol state machine port roles port states...

Page 725: ... address 0100 0ccc cccd tagged with a corresponding IEEE 802 1Q VLAN tag If the native VLAN on an IEEE 802 1Q trunk is not VLAN 1 VLAN 1 STP BPDUs are sent to the SSTP MAC address tagged with a corresponding IEEE 802 1Q VLAN tag VLAN 1 STP BPDUs are also sent to the IEEE STP MAC address on the Native VLAN of the IEEE 802 1Q trunk untagged Non VLAN 1 STP BPDUs are sent to the SSTP MAC address tagge...

Page 726: ... restored DRC and Link Up Events In the event of failure of the primary uplink a replacement uplink is immediately selected from the uplink group and put into the forwarding state If another port is enabled that in accordance with STP rules should become the primary uplink root port the switch delays migrating to the new port for twice the forwarding delay The purpose of this delay is two fold Sta...

Page 727: ...ath cost to the root has increased above the path cost of the local switch IEEE 802 1s behavior is to ignore inferior BPDUs IRC retains the inferior BPDUs sent by the designated bridge and processes them to determine if a failure has occurred on the path to the root In this case it must age out at least one port This process occurs only in the case that a bridge in the network detects a direct lin...

Page 728: ...ccess the root bridge via a particular port it immediately ages out the port on which the inferior BPDU was received If the switch only received responses with a root different from the original root it has lost the root port and restarts the STP calculation immediately Inferior BDPU received Are there other non self looped non designated ports Connectivity to root is lost Recompute spanning tree ...

Page 729: ...E standard BPDUs are processed by the peer switch running MSTP RSTP and the SSTP format BPDUs are flooded across the MSTP RSTP domain Figure 22 6 RSTP PV and IEEE Spanning Tree Interoperability Common Spanning Tree There are differences between the ways that MSTP and RSTP PV map spanning tree instances to VLANs RSTP PV creates a spanning tree instance for each VLAN and MSTP maps one or more VLANs ...

Page 730: ...DUs because they do not use the standard destination MAC address so it makes no spanning tree decisions based on them Instead it floods the SSTP BPDUs over all ports in the corresponding VLAN These SSTP BPDUs may be multicast over the MSTP region to other RSTP PV switches which use them to maintain the VLAN 1 spanning tree topology across the MSTP non RSTP PV switches The RSTP PV switches also sen...

Page 731: ...AC address as untagged frames across the link At the same time SSTP BPDUs are sent as untagged frames IEEE switches simply flood the SSTP BPDUs throughout VLAN 1 This facilitates RSTP PV connectivity in case there are other RSTP PV switches connected to the IEEE STP domain For non native VLANs VLANs 2 4093 the RSTP PV switch sends SSTP BPDUs tagged with their VLAN number The VLAN STP instances are...

Page 732: ...trees Therefore the simplest way to ensure the correct behavior is to join ALL RSTP PV trees to the CST Connecting RSTP PV trees to the CST ensures that changes in any of the RSTP PV STP instances will affect the CST and all MSTIs This approach ensures that no changes go unnoticed and no black holes occur in a single VLAN As with IEEE STP every tree in the RSTP PV domain views the MSTP regions as ...

Page 733: ...s the only supported topology as the administrator can manipulate uplink costs on the RSTP PV side and obtain optimal traffic engineering results In Figure 22 8 VLANs 2 and 3 have their STP costs configured to select different uplinks connected to the MSTP region s boundary ports Since the CIST Root is inside the MSTP region both boundary ports are non blocking designated and the load balancing sc...

Page 734: ... contain the bridge with the best Bridge ID to ensure that the CIST Root is also the root for all RSTP PV trees In any other case the MSTP border switch will place the ports that receive superior BPDUs from the RSTP PV region in the root inconsistent state To resolve this issue ensure that the RSTP PV domain does not have any bridges with Bridge IDs better than the CIST Root Bridge ID Native VLAN ...

Page 735: ...bled globally and on all ports Spanning tree mode RSTP Classic STP STP PV RSTP PV and MSTP are disabled Switch priority 32768 BPDU flooding Disabled PortFast mode Disabled PortFast BPDU filter Disabled Loop guard Disabled BPDU protection Disabled Spanning tree port priority 128 Maximum aging time 20 seconds Forward delay time 15 seconds Maximum hops 20 Spanning tree transmit hold count 6 MSTP regi...

Page 736: ...uring and monitoring STP settings on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page STP Global Settings The STP Global Settings page contains fields for enabling STP on the switch To display the STP Global Settings page click Switching Spanning Tree Global Settings in the navigation panel ...

Page 737: ...Configuring the Spanning Tree Protocol 737 Figure 22 9 Spanning Tree Global Settings ...

Page 738: ...ocol STP Port Settings Use the STP Port Settings page to assign STP properties to individual ports To display the STP Port Settings page click Switching Spanning Tree STP Port Settings in the navigation panel Figure 22 10 STP Port Settings ...

Page 739: ...STP settings for multiple ports 1 Open the STP Port Settings page 2 Click Show All to display the STP Port Table Figure 22 11 Configure STP Port Settings 3 For each port to configure select the check box in the Edit column in the row associated with the port 4 Select the desired settings 5 Click Apply ...

Page 740: ...orts parameters To display the STP LAG Settings page click Switching Spanning Tree STP LAG Settings in the navigation panel Figure 22 12 STP LAG Settings Configuring STP Settings for Multiple LAGs To configure STP settings on multiple LAGS 1 Open the STP LAG Settings page 2 Click Show All to display the STP LAG Table ...

Page 741: ...h the LAG 4 Select the desired settings 5 Click Apply Rapid Spanning Tree Rapid Spanning Tree Protocol RSTP detects and uses network topologies that allow a faster convergence of the spanning tree without creating forwarding loops To display the Rapid Spanning Tree page click Switching Spanning Tree Rapid Spanning Tree in the navigation panel Figure 22 14 Rapid Spanning Tree ...

Page 742: ...742 Configuring the Spanning Tree Protocol To view RSTP Settings for all interfaces click the Show All link The Rapid Spanning Tree Table displays Figure 22 15 RSTP Settings ...

Page 743: ...Spanning Tree to efficiently channel VLAN traffic over different interfaces MSTP is compatible with both RSTP and STP a MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge To display the MSTP Settings page click Switching Spanning Tree MSTP Settings in the navigation panel Figure 22 16 MSTP Settings ...

Page 744: ...tings for multiple VLANS 1 Open the MSTP Settings page 2 Click Show All to display the MSTP Settings Table Figure 22 17 Configure MSTP Settings 3 For each Instance ID to modify select the check box in the Edit column in the row associated with the VLAN 4 Update the Instance ID settings for the selected VLANs 5 Click Apply ...

Page 745: ...Interface Settings in the navigation panel Figure 22 18 MSTP Interface Settings Configuring MSTP Settings for Multiple Interfaces To configure MSTP settings for multiple interfaces 1 Open the MSTP Interface Settings page 2 Click Show All to display the MSTP Interface Table 3 For each interface to configure select the check box in the Edit column in the row associated with the interface 4 Update th...

Page 746: ...ng tree priority priority Specify the priority of the bridge Range 0 61440 The switch with the lowest priority value is elected as the root switch spanning tree max age seconds Specify the switch maximum age time which indicates the amount of time in seconds a bridge waits before implementing a topological change Valid values are from 6 to 40 seconds spanning tree forward time seconds Specify the ...

Page 747: ...d in PortFast mode from sending BPDUs spanning tree loopguard default Enable loop guard on all ports spanning tree bpdu protection Enable BPDU protection on the switch interface interface Enter interface configuration mode for the specified interface The interface variable includes the interface type and number for example tengigabitethernet 1 0 3 or port channel 4 You can also specify a range of ...

Page 748: ...erfaces with the interface range command for example interface range tengigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 The range keyword is also valid for LAGs port channels spanning tree disable Disable spanning tree on the port spanning tree port priority priority Specify the priority of the port Range 0 240 The priority value is used to determine which ports are put in the forw...

Page 749: ...added to the existing MST instance To specify a range of VLANs use a hyphen To specify a series of VLANs use a comma Range 1 4093 exit Return to global configuration mode spanning tree mst instance id priority priority Set the switch priority for the specified spanning tree instance instance id ID of the spanning tree instance Range 1 4094 priority Sets the switch priority for the specified spanni...

Page 750: ...e common spanning tree Range 0 200000000 spanning tree mst instance id cost cost Configure the path cost for MST calculations If a loop occurs the spanning tree considers path cost when selecting an interface to put in the forwarding state instance ID ID of the spanning tree instance Range 1 4094 cost The port path cost Range 0 200 000 000 spanning tree mst instance id port priority priority Speci...

Page 751: ...ples STP Configuration Example MSTP Configuration Example RSTP PV Access Switch Configuration Example STP Configuration Example This example shows a LAN with four switches On each switch ports 1 2 and 3 connect to other switches and ports 4 20 connect to hosts in Figure 22 19 each PC represents 17 host systems ...

Page 752: ... these reasons the administrator selects it as the root bridge for the spanning tree The administrator configures Switch A with the highest priority and uses the default priority values for Switch B Switch C and Switch D For all switches the administrator also configures ports 4 17 in Port Fast mode because these ports are connected to hosts and can transition directly to the Forwarding state to s...

Page 753: ...rface range gi1 0 4 20 console config if spanning tree portfast console config if exit 3 Enable Loop Guard on ports 1 3 to help prevent network loops that might be caused if a port quits receiving BPDUs console config interface range gi1 0 1 3 console config if spanning tree guard loop console config if exit 4 Enable Port Fast BPDU Filter This feature is configured globally but it affects only Por...

Page 754: ...N 20 all switches console configure console config vlan 10 20 console config vlan10 20 exit console config vlan exit 2 Set the STP operational mode to MSTP console config spanning tree mode mst 3 Create MST instance 10 and associate it to VLAN 10 console config spanning tree mst configuration NOTE Even Switch B does not have any ports that are members of VLAN 10 this VLAN must be created to allow ...

Page 755: ...ing a higher root bridge priority console config spanning tree priority 8192 7 Switch A only Make Switch A the Regional Root for MSTI 1 by configuring a higher priority for MST ID 10 console config spanning tree mst 10 priority 12288 8 Switch A only Change the priority of MST ID 20 to ensure Switch C is the Regional Root bridge for this MSTI console config spanning tree mst 20 priority 61440 conso...

Page 756: ... 4 and return to Global Config mode console configure console config vlan 2 4 console config vlan2 4 exit 2 Enable RSTP PV console config spanning tree mode rapid pvst 3 Configure for a maximum network diameter of 4 console config spanning tree vlan 1 4 max age 16 4 Configure access and trunk ports console config interface range gi1 0 1 48 console config if switchport mode access console config if...

Page 757: ...57 console config if exit console config interface range gi1 0 1 12 console config if switchport access vlan 3 console config if exit console config interface range gi1 0 1 12 console config if switchport access vlan 4 console config if exit ...

Page 758: ...iguration for the two aggregation layer switches is identical except for the diversity configuration noted below For forwarding diversity the even numbered switch is made the root for the even numbered VLANs The odd numbered switch is made the root for the odd numbered VLANs 1 Create VLANs 2 through 4 console configure console config vlan 2 4 console config vlan2 4 exit 2 Enable RSTP PV console co...

Page 759: ...fig if te1 0 1 4 channel group 2 mode active console config if te1 0 1 4 exit 9 Configure the uplinks into a port channel console config interface port channel 1 console config if port channel 1 switchport mode trunk console config if port channel 1 exit 10 Configure the peer links into a port channel and prefer to go to the core router or access switches directly i e block the peer link unless it...

Page 760: ...760 Configuring the Spanning Tree Protocol ...

Page 761: ...tch to broadcast information about itself and to learn information about neighboring devices What Is ISDP The Industry Standard Discovery Protocol ISDP is a proprietary Layer 2 network protocol that inter operates with Cisco devices running the Cisco Discovery Protocol CDP ISDP is used to share information between neighboring devices The switch software participates in the CDP protocol and is able...

Page 762: ...matically translate into configuration An external application may query the MED MIB and take management actions in configuring functionality Why are Device Discovery Protocols Needed The device discovery protocols are used primarily in conjunction with network management tools to provide information about network topology and configuration and to help troubleshoot problems that occur on the netwo...

Page 763: ...ameter Default Value ISDP Mode Enabled globally and on all ports ISDPv2 Mode Enabled globally and on all ports Message Interval 30 seconds Hold Time Interval 180 seconds Device ID none Device ID Format Capability Serial Number Host Name Device ID Format Serial Number Table 23 2 LLDP Defaults Parameter Default Value Transmit Mode Enabled on all ports Receive Mode Enabled on all ports Transmit Inter...

Page 764: ...able 23 3 summarizes the default values for LLDP MED Table 23 3 LLDP MED Defaults Parameter Default Value LLDP MED Mode Disabled on all ports Config Notification Mode Disabled on all ports Transmit TVLs MED Capabilities Network Policy ...

Page 765: ...etworking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page ISDP Global Configuration From the ISDP Global Configuration page you can configure the ISDP settings for the switch such as the administrative mode To access the ISDP Global Configuration page click System ISDP Global Configuration in the navigation panel Figure 23 1 ISDP Global Con...

Page 766: ... From the ISDP Neighbor Table page you can view information about other devices the switch has discovered through the ISDP To access the ISDP Neighbor Table page click System ISDP Neighbor Table in the navigation panel Figure 23 2 ISDP Neighbor Table ...

Page 767: ...rface to transmit ISDP packets If the ISDP mode on the ISDP Global Configuration page is disabled the interface will not transmit ISDP packets regardless of the mode configured on the interface To access the ISDP Interface Configuration page click System ISDP Interface Configuration in the navigation panel Figure 23 3 ISDP Interface Configuration To view view the ISDP mode for multiple interfaces ...

Page 768: ... Statistics From the ISDP Statistics page you can view information about the ISDP packets sent and received by the switch To access the ISDP Statistics page click System ISDP Statistics in the navigation panel Figure 23 5 ISDP Statistics ...

Page 769: ...ration page to specify LLDP parameters Parameters that affect the entire system as well as those for a specific interface can be specified here To display the LLDP Configuration page click Switching LLDP Configuration in the navigation panel Figure 23 6 LLDP Configuration ...

Page 770: ...ices To view the LLDP Interface Settings Table click Show All From the LLDP Interface Settings Table page you can view and edit information about the LLDP settings for multiple interfaces Figure 23 7 LLDP Interface Settings Table ...

Page 771: ...etwork Devices 771 LLDP Statistics Use the LLDP Statistics page to view LLPD related statistics To display the LLDP Statistics page click Switching LLDP Statistics in the navigation panel Figure 23 8 LLDP Statistics ...

Page 772: ...ections Use the LLDP Connections page to view the list of ports with LLDP enabled Basic connection details are displayed To display the LLDP Connections page click Switching LLDP Connections in the navigation panel Figure 23 9 LLDP Connections ...

Page 773: ...information about a device connected to a port that has been discovered through LLDP click the port number in the Local Interface table it is a hyperlink or click Details and select the port with the connected device Figure 23 10 LLDP Connection Detail ...

Page 774: ...LDP MED Global Configuration page to change or view the LLDP MED parameters that affect the entire system To display the LLDP MED Global Configuration page click Switching LLDP LLDP MED Global Configuration in the navigation panel Figure 23 11 LLDP MED Global Configuration ...

Page 775: ...P MED parameters that affect a specific interface To display the LLDP MED Interface Configuration page click Switching LLDP LLDP MED Interface Configuration in the navigation panel Figure 23 12 LLDP MED Interface Configuration To view the LLDP MED Interface Summary table click Show All Figure 23 13 LLDP MED Interface Summary ...

Page 776: ...LLDP LLDP MED Local Device Information in the navigation panel Figure 23 14 LLDP MED Local Device Information LLDP MED Remote Device Information Use the LLDP MED Remote Device Information page to view the advertised LLDP data advertised by remote devices To display the LLDP MED Remote Device Information page click Switching LLDP LLDP MED Remote Device Information in the navigation panel Figure 23 ...

Page 777: ...leged EXEC mode use the following commands to configure ISDP settings that affect the entire switch Command Purpose configure Enter Global Configuration mode isdp enable Administratively enable ISDP on the switch isdp advertise v2 Allow the switch to send ISDPv2 packets isdp holdtime time Specify the number of seconds the device that receives ISDP packets from the switch should store information s...

Page 778: ...er interface configuration mode for the specified interface isdp enable Administratively enable ISDP on the switch exit Exit to Global Config mode exit Exit to Privileged Exec mode show isdp interface all View the ISDP mode on all interfaces Command Purpose show isdp entry all deviceid View information about all entries or a specific entry in the ISDP table show isdp neighbors View the neighboring...

Page 779: ...rts enabled for LLDP transmit interval The interval in seconds at which to transmit local data LLDP PDUs Range 5 32768 seconds hold value Multiplier on the transmit interval used to set the TTL in local data LLDP PDUs Range 2 10 reinit delay The delay in seconds before re initialization Range 1 10 seconds exit Exit to Privileged EXEC mode show lldp View global LLDP settings Command Purpose configu...

Page 780: ...e system capabilities TLV port desc Transmits the port description TLV exit Exit to Global Config mode exit Exit to Privileged EXEC mode show lldp interface all View LLDP settings for all interfaces Command Purpose show lldp local device all interface detail interface View LLDP information advertised by all ports or the specified port Include the keyword detail to see additional information show l...

Page 781: ...rface interface Enter interface configuration mode for the specified Ethernet interface lldp med Enable LLDP MED on the interface lldp med confignotification Allow the port to send topology change notifications lldp med transmit tlv capabilities network policy location inventory Specify which optional TLVs in the LLDP MED set are transmitted in the LLDP PDUs exit Exit to Global Config mode exit Ex...

Page 782: ...the switch before discarding it console configure console config isdp holdtime 60 2 Specify how often in seconds the ISDP enabled ports should transmit information console config isdp timer 45 3 Enable ISDP on interface 1 0 3 console config interface tengigabitEthernet1 0 3 console config if Te1 0 3 isdp enable 4 Exit to Privileged EXEC mode and view the LLDP settings for the switch and for interf...

Page 783: ...ization delay for LLDP PDUs sent from the switch console configure console config lldp timers interval 60 hold 5 reinit 3 2 Enable port 1 0 3 to transmit and receive LLDP PDUs console config interface TengigabitEthernet1 0 3 console config if Te1 0 3 lldp transmit console config if Te1 0 3 lldp receive 3 Enable port 1 0 3 to transmit management address information in the LLDP PDUs and to send topo...

Page 784: ...ration on port 1 0 3 console show lldp interface te1 0 3 LLDP Interface Configuration Interface Link Transmit Receive Notify TLVs Mgmt Te1 0 3 Down Enabled Enabled Enabled 0 1 2 3 Y TLV Codes 0 Port Description 1 System Name 2 System Description 3 System Capabilities 9 View detailed information about the LLDP configuration on port 1 0 3 console show lldp local device detail te1 0 3 LLDP Local Devi...

Page 785: ...Discovering Network Devices 785 Port Description Test Lab Port System Capabilities Supported bridge router System Capabilities Enabled bridge Management Address Type IPv4 Address 192 168 2 1 ...

Page 786: ...786 Discovering Network Devices ...

Page 787: ...Configuring Port Based Traffic Control Web Configuring Port Based Traffic Control CLI Port Based Traffic Control Configuration Example Port Based Traffic Control Overview Table 24 1 provides a summary of the features this chapter describes Table 24 1 Port Based Traffic Control Features Feature Description Flow control Allows traffic transmission between a switch port and another Ethernet device to...

Page 788: ...dcast multicast or unknown unicast messages simultaneously transmitted across a network by a single port Forwarded message responses can overload network resources and cause network congestion The storm control feature allows the switch to measure the incoming broadcast multicast and or unknown unicast packet rate per port and discard packets when the rate exceeds the defined threshold Storm contr...

Page 789: ...sible between two protected ports What is Link Local Protocol Filtering The Link Local Protocol Filtering LLPF feature can help troubleshoot network problems that occur when a network includes proprietary protocols running on standards based switches LLPF allows Dell Networking N2000 N3000 and N4000 series switches to filter out various Cisco proprietary protocol data units PDUs and or ISDP packet...

Page 790: ...y Protocol ISDP is enabled on an interface and the LLPF feature on an interface is enabled and configured to drop ISDP PDUs the ISDP configuration overrides the LLPF configuration and the ISDP PDUs are allowed on the interface Default Port Based Traffic Control Values Table 24 2 lists the default values for the port based traffic control features that this chapter describes Table 24 2 Default Port...

Page 791: ...affic on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page Flow Control Global Port Parameters Use the Global Parameters page for ports to enable or disable flow control support on the switch To display the Global Parameters page click Switching Ports Global Parameters in the navigation menu Figure 24 1 Global Port Parameter...

Page 792: ...g Ports Storm Control in the navigation menu Figure 24 2 Storm Control Configuring Storm Control Settings on Multiple Ports To configure storm control on multiple ports 1 Open the Storm Control page 2 Click Show All to display the Storm Control Settings Table 3 In the Ports list select the check box in the Edit column for the port to configure 4 Select the desired storm control settings ...

Page 793: ...Configuring Port Based Traffic Control 793 Figure 24 3 Storm Control 5 Click Apply ...

Page 794: ...o see each other s traffic To display the Protected Port Configuration page click Switching Ports Protected Port Configuration in the navigation menu Figure 24 4 Protected Port Configuration Configuring Protected Ports To configure protected ports 1 Open the Protected Ports page 2 Click Add to display the Add Protected Group page 3 Select a group 0 2 4 Specify a name for the group ...

Page 795: ... Group 5 Click Apply 6 Click Protected Port Configuration to return to the main page 7 Select the port to add to the group 8 Select the protected port group ID Figure 24 6 Add Protected Ports 9 Click Apply 10 To view protected port group membership information click Show All ...

Page 796: ...rt and click Apply LLPF Configuration Use the LLPF Interface Configuration page to filter out various proprietary protocol data units PDUs and or ISDP if problems occur with these protocols running on standards based switches To display the LLPF Interface Configuration page click Switching Network Security Proprietary Protocol Filtering LLPF Interface Configuration the navigation menu ...

Page 797: ...Configuring Port Based Traffic Control 797 Figure 24 8 LLPF Interface Configuration To view the protocol types that have been blocked for an interface click Show All Figure 24 9 LLPF Filtering Summary ...

Page 798: ...tethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range tengigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 storm control broadcast level rate Enable broadcast storm recovery mode on the interface and optionally set the threshold rate threshold as percentage of port speed The percentage is converted to a PacketsPerSecon...

Page 799: ...r all interfaces or the specified interface Command Purpose configure Enter global configuration mode switchport protected groupid name name Specify a name for one of the three protected port groups groupid Identifies which group the port is to be protected in Range 0 2 name Name of the group Range 0 32 characters interface interface Enter interface configuration mode for the specified interface T...

Page 800: ...tethernet 1 0 3 You can also specify a range of interfaces with the interface range command for example interface range tengigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 service acl input blockcdp blockvtp blockdtp blockudld blockpagp blocksstp blockall Use the appropriate keyword or combination of keywords to block any or all of the following PDUs on the interface VTP DTP UDLD PA...

Page 801: ...d to ports 3 4 and 9 from being able to communicate with each other To configure the switch 1 Configure storm control for broadcast traffic on all physical interfaces console config interface range te1 0 1 24 console config if storm control broadcast level 10 2 Configure LLPF to block PAgP and VTP PDUs on all physical interfaces console config if service acl blockpagp blockvtp console config if ex...

Page 802: ...st Ucast Intf Mode Level Mode Level Mode Level Te1 0 1 Enable 10 Enable 5 Disable 5 console show service acl interface te1 0 1 Protocol Mode CDP Disabled VTP Enabled DTP Disabled UDLD Disabled PAGP Enabled SSTP Disabled ALL Disabled console show switchport protected 0 Name clients Member Ports Te1 0 1 Te1 0 2 Te1 0 3 Te1 0 4 Te1 0 9 ...

Page 803: ...icast traffic is traffic from one source that has multiple destinations The L2 multicast features on the switch help control network flooding of Ethernet multicast and IP multicast traffic by keeping track of multicast group membership It is essential that a multicast router be connected to a Dell Networking layer 2 multicast switch for IGMP MLD snooping to operate properly The presence of a multi...

Page 804: ...e packet is forwarded only to the ports that are members of that multicast group within the VLAN Multicast traffic destined to well known reserved multicast IP addresses control plane traffic is always flooded to all ports in the VLAN The well known IP multicast addresses are 224 0 0 x for IPv4 and FF0x for IPv6 Multicast data traffic is flooded to all ports in the VLAN if no multicast router port...

Page 805: ...s the switch adds the host s interface VLAN to the L2 multicast group forwarding table and floods the report to all ports in the VLAN When the switch sees a leave message for the group it removes the host interface VLAN from the L2 multicast group forwarding table IGMP snooping learns about multicast routers by listening for the following messages An IGMP query packet PIMv1 IGMP type 0x14 packets ...

Page 806: ...ng behavior for multicast groups Multicast data is flooded in the VLAN until a multicast router port is identified IGMP snooping is enabled by default IGMP snooping forwards multicast sources to multicast routers by default Reserved multicast IP addresses 224 0 0 x are always flooded to all ports in the VLAN Unregistered multicast traffic may be flooded in the VLAN by a user configuration option N...

Page 807: ...cal querier stops querying What Is MLD Snooping In IPv4 Layer 2 switches use IGMP snooping to limit the flooding of multicast traffic by dynamically configuring the multicast forwarding database so that multicast data traffic is forwarded to only those ports associated with a multicast router or host that has indicated an interest in receiving a particular multicast group In IPv6 MLD snooping perf...

Page 808: ...ording the MLD snooping rules What Is Multicast VLAN Registration IGMP snooping helps limit multicast traffic when member ports are in the same VLAN however when ports belong to different VLANs a copy of the multicast stream is sent to each VLAN that has member ports in the multicast group MVR eliminates the need to duplicate the multicast traffic when multicast group member ports belong to differ...

Page 809: ...e network with the MVR switch Enabling MVR and IGMP on the Same Interface MVR and IGMP snooping operate independently and can both be enabled on an interface When both MVR and IGMP snooping are enabled MVR listens to the IGMP join and report messages for static multicast group information and IGMP snooping manages dynamic multicast groups When Are L3 Multicast Features Required In addition to L2 m...

Page 810: ...on GVRP and GMRP use the same set of GARP Timers to specify the amount of time to wait before transmitting various GARP messages NOTE If a multicast source is connected to a VLAN on which both L3 multicast and IGMP snooping are enabled the multicast source is forwarded to the mrouter ports that have been discovered when the multicast source is first seen If a new mrouter is later discovered on a d...

Page 811: ...nooping in its purpose but IGMP snooping is more widely used GMRP must be running on both the host and the switch to function properly and IGMP MLD snooping must be disabled on the switch as IGMP snooping and GMRP cannot simultaneously operate within the same VLAN ...

Page 812: ... 00 5E 03 03 03 As a result if a host requests 225 1 1 1 then it might receive multicast traffic of group 226 1 1 1 as well IGMP MLD Snooping in a Multicast Router IGMP MLD snooping is a Layer 2 feature and is achieved by using the L2 multicast forwarding table If a multicast source is connected to a VLAN on which both L3 multicast and IGMP MLD snooping are enabled the multicast source is forwarde...

Page 813: ...C group addresses on a port in a VLAN it is necessary to configure all ports in the VLAN over which it is desired that the group traffic flow both host and router on all switches IGMP snooping does not dynamically add ports to a VLAN for a multicast group when a static entry is configured for that group in the VLAN This restriction applies to both multicast router connected ports and host connecte...

Page 814: ...t router timeout 300 seconds IGMP MLD snooping leave timeout 10 seconds IGMP snooping querier Disabled IGMP version v2 MLD version v1 IGMP MLD snooping querier query interval 60 seconds IGMP MLD snooping querier expiry interval 60 seconds IGMP MLD snooping VLAN querier Disabled VLAN querier election participate mode Disabled Snooping Querier VLAN Address 0 0 0 0 MVR running Disabled MVR multicast ...

Page 815: ...Configuring L2 Multicast Features 815 GMRP Disabled globally and per interface Table 25 1 L2 Multicast Defaults Continued Parameter Default Value ...

Page 816: ...Use the Multicast Global Parameters page to enable or disable IGMP snooping or MLD snooping on the switch To display the Multicast Global Parameters page click Switching Multicast Support Global Parameters in the navigation menu Figure 25 1 Multicast Global Parameters NOTE It is strongly recommended that users enable IGMP snooping if MLD snooping is enabled and vice versa This is because both IGMP...

Page 817: ...ast Group tables display which Ports and LAGs are members of the multicast group and whether they re static S dynamic D or forbidden F The tables have two rows Static and Current Only the Static row is accessible from this page The Current row is updated when the Static row is changed and Apply is clicked The Bridge Multicast Group page contains two editable tables Unit and Ports Displays and assi...

Page 818: ...3 For a new group specify the multicast group IP or MAC address associated with the selected VLAN Table 25 2 Port LAG IGMP Management Settings Port Control Definition D Dynamic Indicates that the port LAG was dynamically joined to the Multicast group displays in the Current row S Static Attaches the port to the Multicast group as a static member in the Static row Displays in the Current row once A...

Page 819: ...ssigned to the group with the Current rows being updated with the Static settings and the switch is updated Removing a Bridge Multicast Group To delete a bridge multicast group 1 Open the Bridge Multicast Group page 2 Select the VLAN ID associated with the bridge multicast group to be removed from the drop down menu The Bridge Multicast Address and the assigned ports LAGs display 3 Check the Remov...

Page 820: ...s MRouter Status Use the MRouter Status page to display the status of dynamically learned multicast router interfaces To access this page click Switching Multicast Support MRouter Status in the navigation panel Figure 25 4 MRouter Status ...

Page 821: ...ick Switching Multicast Support IGMP Snooping General in the navigation menu Figure 25 5 General IGMP Snooping Modifying IGMP Snooping Settings for Multiple Ports LAGs or VLANs To modify the IGMP snooping settings 1 From the General IGMP snooping page click Show All The IGMP Snooping Table displays 2 Select the Edit checkbox for each Port LAG or VLAN to modify In Figure 25 6 2 and 3 are to be modi...

Page 822: ...iple Ports LAGs or VLANs To copy IGMP snooping settings 1 From the General IGMP snooping page click Show All The IGMP Snooping Table displays 2 Select the Copy Parameters From checkbox 3 Select a Unit Port LAG or VLAN to use as the source of the desired parameters 4 Select the Copy To checkbox for the Unit Ports LAGs or VLANs that these parameters will be copied to In Figure 25 7 the settings for ...

Page 823: ...Configuring L2 Multicast Features 823 Figure 25 7 Copy IGMP Snooping Settings 5 Click Apply The IGMP snooping settings are modified and the device is updated ...

Page 824: ...ing querier settings such as the IP address to use as the source in periodic IGMP queries when no source address has been configured on the VLAN To display the Global Querier Configuration page click Switching Multicast Support IGMP Snooping Global Querier Configuration in the navigation menu Figure 25 8 Global Querier Configuration ...

Page 825: ...ge click Switching Multicast Support IGMP Snooping VLAN Querier in the navigation menu Figure 25 9 VLAN Querier Adding a New VLAN and Configuring its VLAN Querier Settings To configure a VLAN querier 1 From the VLAN Querier page click Add The page refreshes and the Add VLAN page displays Figure 25 10 Add VLAN Querier 2 Enter the VLAN ID and if desired an optional VLAN name ...

Page 826: ... the new VLAN from the VLAN ID menu 4 Specify the VLAN querier settings 5 Click Apply The VLAN Querier settings are modified and the device is updated To view a summary of the IGMP snooping VLAN querier settings for all VLANs on the switch click Show All Figure 25 11 Add VLAN Querier ...

Page 827: ... VLAN Querier Status page to view the IGMP snooping querier settings for individual VLANs To display the VLAN Querier Status page click Switching Multicast Support IGMP Snooping VLAN Querier Status in the navigation menu Figure 25 12 IGMP Snooping VLAN Querier Status ...

Page 828: ...age to view the multicast forwarding database MFDB IGMP Snooping Table and Forbidden Ports settings for individual VLANs To display the MFDB IGMP Snooping Table page click Switching Multicast Support IGMP Snooping MFDB IGMP Snooping Table in the navigation menu Figure 25 13 MFDB IGMP Snooping Table ...

Page 829: ...dd MLD members To access this page click Switching Multicast Support MLD Snooping General in the navigation panel Figure 25 14 MLD Snooping General Modifying MLD Snooping Settings for VLANs To configure MLD snooping 1 From the General MLD snooping page click Show All The MLD Snooping Table displays ...

Page 830: ...Multicast Features Figure 25 15 MLD Snooping Table 2 Select the Edit checkbox for each VLAN to modify 3 Edit the MLD snooping fields as needed 4 Click Apply The MLD snooping settings are modified and the device is updated ...

Page 831: ...he Copy To checkbox for the VLANs that these parameters will be copied to 5 Click Apply The MLD snooping settings are modified and the device is updated MLD Snooping Global Querier Configuration Use the MLD Snooping Global Querier Configuration page to configure the parameters for the MLD snooping querier To display the Global Querier Configuration page click Switching Multicast Support MLD Snoopi...

Page 832: ...oping VLAN Querier page click Switching Multicast Support MLD Snooping VLAN Querier in the navigation menu Figure 25 17 MLD Snooping VLAN Querier Adding a New VLAN and Configuring its MLD Snooping VLAN Querier Settings To configure an MLD snooping VLAN querier 1 From the VLAN Querier page click Add The page refreshes and the Add VLAN page displays Figure 25 18 Add MLD Snooping VLAN Querier ...

Page 833: ...VLAN Querier page and select the new VLAN from the VLAN ID menu 4 Specify the VLAN querier settings 5 Click Apply The VLAN Querier settings are modified and the device is updated To view a summary of the IGMP snooping VLAN querier settings for all VLANs on the switch click Show All Figure 25 19 Add VLAN Querier ...

Page 834: ... Use the VLAN Querier Status page to view the MLD snooping querier settings for individual VLANs To display the VLAN Querier Status page click Switching Multicast Support MLD Snooping VLAN Querier Status in the navigation menu Figure 25 20 MLD Snooping VLAN Querier Status ...

Page 835: ... MFDB MLD Snooping Table page to view the MFDB MLD snooping table settings for individual VLANs To display the MFDB MLD Snooping Table page click Switching Multicast Support MLD Snooping MFDB MLD Snooping Table in the navigation menu Figure 25 21 MFDB MLD Snooping Table ...

Page 836: ...ion Use the MVR Global Configuration page to enable the MVR feature and configure global parameters To display the MVR Global Configuration page click Switching MVR Configuration Global Configuration in the navigation panel Figure 25 22 MVR Global Configuration ...

Page 837: ...R Members page click Switching MVR Configuration MVR Members in the navigation panel Figure 25 23 MVR Members Adding an MVR Membership Group To add an MVR membership group 1 From the MVR Membership page click Add The MVR Add Group page displays Figure 25 24 MVR Member Group 2 Specify the MVR group IP multicast address 3 Click Apply ...

Page 838: ...p To display the MVR Interface Configuration page click Switching MVR Configuration MVR Interface Configuration in the navigation panel Figure 25 25 MVR Interface Configuration To view a summary of the MVR interface configuration click Show All Figure 25 26 MVR Interface Summary Adding an Interface to an MVR Group To add an interface to an MVR group 1 From the MVR Interface page click Add ...

Page 839: ... the MVR group IP multicast address 4 Click Apply Removing an Interface from an MVR Group To remove an interface from an MVR group 1 From the MVR Interface page click Remove Figure 25 28 MVR Remove from Group 2 Select the interface to remove from an MVR group 3 Specify the IP multicast address of the MVR group 4 Click Apply ...

Page 840: ...st Features MVR Statistics Use the MVR Statistics page to view MVR statistics on the switch To display the MVR Statistics page click Switching MVR Configuration MVR Statistics in the navigation panel Figure 25 29 MVR Statistics ...

Page 841: ...rs used by GVRP and GMRP on the switch To display the Timers page click Switching GARP Timers in the navigation panel Figure 25 30 GARP Timers Configuring GARP Timer Settings for Multiple Ports To configure GARP timers on multiple ports 1 Open the Timers page 2 Click Show All to display the GARP Timers Table ...

Page 842: ...g L2 Multicast Features Figure 25 31 Garp Timers Table 3 For each port or LAG to configure select the check box in the Edit column in the row associated with the port 4 Specify the desired timer values 5 Click Apply ...

Page 843: ... the same settings as the port selected in the Copy Parameters From field 3 Click Apply to copy the settings GMRP Parameters Use the GMRP Parameters page to configure the administrative mode of GMRP on the switch and on each port or LAG To display the GMRP Parameters page click Switching GARP GMRP Parameters in the navigation panel Figure 25 32 GMRP Parameters Configuring GMRP Parameters on Multip...

Page 844: ...ulticast Features Figure 25 33 GMRP Port Configuration Table 3 For each port or LAG to configure select the check box in the Edit column in the row associated with the port 4 Specify the desired timer values 5 Click Apply ...

Page 845: ...r LAGs list select the check box es in the Copy To column that will have the same settings as the port selected in the Copy Parameters From field 3 Click Apply to copy the settings MFDB GMRP Table Use the MFDB GMRP Table page to view all of the entries in the Multicast Forwarding Database that were created for the GMRP To display the MFDB GMRP Table page click Switching GARP MFDB GMRP Table in the...

Page 846: ...table static mac multicast address vlan vlan id interface interface id Register a MAC layer Multicast address in the bridge table mac multicast address MAC multicast address in the format xxxx xxxx xxxx or xx xx xx xx xx xx interface id A physical interface or port channel mac address table multicast forbidden address vlan vlan id mac multicast address ip multicast address add remove interface int...

Page 847: ...P report for a multicast group is not received in the number of seconds specified by the seconds value this port is deleted from the VLAN member list of that multicast group This command also enables IGMP snooping on the VLAN ip igmp snooping vlan vlan id last member query interval seconds Specify the leave time out value for the VLAN If an IGMP report for a multicast group is not received within ...

Page 848: ...ping querier on the switch or on the VLAN specified with the vlan id parameter Use the optional ip address parameter to specify the IP address that the snooping querier switch should use as the source address when generating periodic queries ip igmp snooping querier query interval interval count Set the IGMP snooping querier query interval time which is the amount of time in seconds that the switc...

Page 849: ... to Privileged EXEC mode show ip igmp snooping querier detail vlan vlan id View IGMP snooping querier settings configured on the switch on all VLANs or on the specified VLAN Command Purpose configure Enter global configuration mode ipv6 mld snooping vlan vlan id Enable MLD snooping on the specified VLAN ipv6 mld snooping vlan vlan id groupmembership interval seconds Specify the host time out value...

Page 850: ...ping vlan vlan id mcrtexpiretime seconds Specify the multicast router time out value for to associate with a VLAN This command sets the number of seconds to wait to age out an automatically learned multicast router port CTRL Z Exit to Privileged EXEC mode show ipv6 mld snooping vlan vlan id View the MLD snooping settings on the VLAN Command Purpose configure Enter global configuration mode ipv6 ml...

Page 851: ...pv6 address Specify the IP address that the snooping querier switch should use as the source address when generating periodic queries ipv6 mld snooping querier query interval interval count Set the MLD snooping querier query interval time which is the amount of time in seconds that the switch waits before sending another periodic query The range is 1 1800 seconds ipv6 mld snooping querier timer ex...

Page 852: ...faces 8 9 10 11 and 12 mvr Enable MVR on the port mvr immediate Enable MVR immediate leave mode on the port mvr type source receiver Specify the MVR port type mvr vlan vlan id group mcast address Allow the port to participate in the specified MVR group The vlan id parameter is the ID of the MVR multicast VLAN CTRL Z Exit to Privileged EXEC mode show ip dhcp snooping interfaces View the DHCP snoopi...

Page 853: ...ve and 200 6000 for leaveall gmrp enable Enable GMRP globally on the switch interface interface Enter interface configuration mode for the specified port or LAG The interface variable includes the interface type and number for example tengigabitethernet 1 0 3 For a LAG the interface type is port channel You can also specify a range of ports with the interface range command for example interface ra...

Page 854: ... the topology that the scenarios in this case study use Figure 25 35 Case Study Topology The topology in Figure 25 35 includes the following elements Snooping Switches D1 D2 D3 with IGMP snooping enabled on VLANs 10 20 Multicast Router D4 with PIM SM enabled and IGMP snooping disabled on VLANs 10 20 Multicast Listeners Client A G ...

Page 855: ...a report for 239 20 30 42 2 The report is forwarded to multicast router D4 via D1 1 0 15 and D3 1 0 20 3 A forwarding entry is created by D1 for VLAN 20 239 20 30 42 1 0 8 1 0 15 4 Client G receives the multicast stream from Server B 5 D3 receives the multicast stream and it is forwarded to D4 because D4 is a multicast router 6 Client D sends a report for 239 20 30 42 7 The report is forwarded to ...

Page 856: ... 20 to reach their respective attached clients PIM SM is enabled and IGMP snooping is disabled on router D4 and IGMP snooping is enabled on D1 D2 and D3 Multicast Source and Listener directly connected to Multicast Router on the same routing VLAN Server A Client B 1 Because multicast routing is enabled on D4 VLAN 10 an IP multicast table entry is created to include D4 1 0 15 D4 1 0 20 as part of t...

Page 857: ...urce connected to Multicast Router via intermediate snooping switches and Listener directly connected to multicast router in a different routing interface Server B Client B Server A and Clients B C and E are on the same subnet VLAN10 192 168 10 70 24 Server B is in a different subnet VLAN20 192 168 20 70 24 1 Client B sends a report for 239 20 30 42 2 Multicast Router D4 learns group 239 20 30 42 ...

Page 858: ...el 1 3 The report from Client E is forwarded to D3 via D2 PortChannel 1 4 A multicast forwarding entry is created on D3 VLAN10 239 20 30 42 PortChannel 1 1 0 20 5 The report from Client E is forwarded to D4 via D3 1 0 20 6 Multicast Router D4 learns group 239 20 30 42 7 The multicast stream from Server B reaches D4 via trunk links because it is a multicast router 8 An IP multicast routing entry is...

Page 859: ...Overview Default Dot1ag Values Configuring Dot1ag Web Configuring Dot1ag CLI Dot1ag Configuration Example Dot1ag Overview With the emergence of Ethernet as a Metropolitan and Wide Area Networking technology different operators often work together to provide end to end services to enterprise customers This has driven the need of a new set of OAM Operations Administration and Maintenance Protocols S...

Page 860: ...domain Figure 26 1 depicts three domains the customer subscribes to the services of a provider who in turn subscribes to the services of two operators This scenario is a likely one since no operator has complete coverage of a large region A service instance would span the provider network covering one or more operators Every domain has its own network management system Dot1ag defines OAM services ...

Page 861: ...ing of CFM messages between domains for example among operators or between operators and customers Each MEP has a configurable unique identifier MEPID in a maintenance domain MEPs periodically issue Continuity Check Messages CCM to discover each other and issue SNMP traps to report connectivity losses or malformed or incorrect CCMs A MEP can be defined as down MEP or an up MEP A down MEPs reside i...

Page 862: ...service instance Each MA is associated with a unique SVLAN ID An MA is identified by a maintenance association ID All MEPs in the MA are assigned the maintenance identifier MAID for the association An MD consists of one or more MAs at the same domain level Figure 26 3 depicts one provider level domain and two operator level domains Dot1ag operation for a service instance is indicated by the path t...

Page 863: ...he Administrator can also use utilities to troubleshoot connectivity faults when reported via SNMP traps All the domains within the customer domain should use different domain levels Configuration Tasks The administrator defines the maintenance domains by configuring the domain level from 0 7 and a name For each domain the administrator defines maintenance associations that are specified by a SVLA...

Page 864: ...lt and no maintenance domains associations or endpoints are configured by default Table 26 1 shows the global default values for Dot1ag When you configure an association between a VLAN and a maintenance domain the following default value applies When you associate endpoints with SVLAN IDs the following default values apply and are configurable Table 26 1 Dot1ag Global Defaults Parameter Default Va...

Page 865: ... of the page Dot1ag Global Configuration Use the Global Configuration page to enable and disable the Dot1ag admin mode and to configure the time after which inactive RMEP messages are removed from the MEP database To display the page click Switching Dot1ag Global Configuration in the tree view Figure 26 4 Dot1ag Global Configuration Dot1ag MD Configuration Use the MD Configuration page to configur...

Page 866: ...guration page to associate a maintenance domain level with one or more VLAN ID provide a name for each maintenance association MA and to set the interval between continuity check messages sent by MEPs for the MA To display the page click Switching Dot1ag MA Configuration in the tree view Figure 26 6 Dot1ag MA Configuration ...

Page 867: ...the top of the page Dot1ag MEP Configuration Use the MEP Configuration page to define switch ports as Management End Points MEPs are configured per domain and per VLAN To display the page click Switching Dot1ag MEP Configuration in the tree view Figure 26 7 Dot1ag MEP Configuration ...

Page 868: ...elected domain before you configure a MEP to be used within an MA see the MA Configuration page Dot1ag MIP Configuration Use the MIP Configuration page to define a switch port as an intermediate bridge for a selected domain To display the page click Switching Dot1ag MIP Configuration in the tree view Figure 26 8 Dot1ag MIP Configuration ...

Page 869: ...MEP Summary Use the RMEP Summary page to view information on remote MEPs that the switch has learned through CFM PDU exchanges with MEPs on the switch To display the page click Switching Dot1ag RMEP Summary in the tree view Figure 26 9 Dot1ag RMEP Summary ...

Page 870: ...MEP ID or by its MAC address To display the page click Switching Dot1ag L2 Ping in the tree view Figure 26 10 Dot1ag L2 Ping Dot1ag L2 Traceroute Use the L2 Traceroute page to generate a Link Trace message from a specified MEP The MEP can be specified by the MAC address or by the remote MEP ID To display the page click Switching Dot1ag L2 Traceroute in the tree view ...

Page 871: ...1 Dot1ag L2 Traceroute Dot1ag L2 Traceroute Cache Use the L2 Traceroute Cache page to view link traces retained in the link trace database To display the page click Switching Dot1ag L2 Traceroute Cache in the tree view Figure 26 12 Dot1ag L2 Traceroute Cache ...

Page 872: ...vity Fault Management Dot1ag Statistics Use the Statistics page to view Dot1ag information for a selected domain and VLAN ID To display the page click Switching Dot1ag Statistics in the tree view Figure 26 13 Dot1ag Statistics ...

Page 873: ...e ethernet cfm enable Enables connectivity fault management services ethernet cfm mep archive hold time time Set the time interval range 1 65535 seconds after which inactive RMEPs are removed ethernet cfm cc level level vlan vlan id interval 1 10 60 600 Configure the Continuity Check Message CCM transmit interval for the specified VLAN ethernet cfm domain name level level Create a maintenance doma...

Page 874: ... Define the port as a maintenance endpoint MEP and associate it with an SVLAN in a domain When the MEP is enabled it will generate CCM messages ethernet cfm mep level level direction up down mpid mep id vlan vlan id Enable a MEP at the specified level and direction ethernet cfm mep active Set the administrative state of the MEP to active ethernet cfm mip level level Create a MIP at the specified l...

Page 875: ... a loopback message from the MEP with the specified MAC address ping ethernet cfm remote mpid mep id Generate a loopback message from the MEP with the specified MEP ID traceroute ethernet cfm mac mac addr Generate a Link Trace message from the MEP with the specified MAC address traceroute ethernet cfm remote mpid mep id Generate a Link Trace message from the MEP with the specified MEP ID show ethe...

Page 876: ...traffic on the provider network Figure 26 14 Dot1ag Configuration for a Metro Ethernet Customer Network To configure the switch 1 Enable CFM globally on the switch and then create a level 6 management domain named CustDom for end to end CFM on the Metro Ethernet network VLAN 200 is associated with this domain console config console config ethernet cfm enable console config ethernet cfm domain Cust...

Page 877: ...enabled and activated as a MEP console config interface gigabitethernet 1 0 5 console config if Gi1 0 5 ethernet cfm mep level 6 direction down mpid 20 vlan 200 console config if Gi1 0 5 ethernet cfm mep enabled level 6 vlan 200 mpid 20 console config if Gi1 0 5 ethernet cfm mep active level 6 vlan 200 mpid 20 console config if Gi1 0 5 exit 3 On an intermediate switch configure the MIP for the cus...

Page 878: ...878 Configuring Connectivity Fault Management ...

Page 879: ... Snooping and Inspection Configuration Examples Traffic Snooping and Inspection Overview DHCP Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server to filter harmful DHCP messages and to build a bindings database The IPSG and DAI features use the DHCP Snooping bindings database to help enforce switch and network security IP Source Guard allows the switch ...

Page 880: ... specified on individual physical ports or LAGS that are members of a VLAN When a port or LAG is configured as untrusted it could potentially be used to launch a network attack DHCP servers must be reached through trusted ports DHCP snooping enforces the following security rules DHCP packets from a DHCP server DHCPOFFER DHCPACK DHCPNAK DHCPRELEASEQUERY are dropped if they are received on an untrus...

Page 881: ...tatic bindings into the binding database When a switch learns of new bindings or loses bindings the switch immediately updates the entries in the database The switch also updates the entries in the binding file The frequency at which the file is updated is based on a configurable delay and the updates are batched If the absolute lease time of the snooping database entry expires that entry is remov...

Page 882: ...h the application logs the event and drops the message For valid client messages DHCP snooping compares the source MAC address to the DHCP client hardware address When there is a mismatch DHCP snooping drops the packet and generates a log message if logging of invalid packets is enabled If DHCP relay co exists with DHCP snooping DHCP client messages are sent to DHCP relay for further processing To...

Page 883: ...ty controls source MAC address learning in the layer 2 forwarding database MAC address table When a frame is received with a previously unlearned source MAC address port security queries the IPSG feature to determine whether the MAC address belongs to a valid binding If IPSG is disabled on the ingress port IPSG replies that the MAC is valid If IPSG is enabled on the ingress port IPSG checks the bi...

Page 884: ...s trusted or untrusted The trust configuration for DAI is independent of the trust configuration for DHCP snooping Optional DAI Features If the network administrator has configured the option DAI verifies that the sender MAC address equals the source MAC address in the Ethernet header There is a configurable option to verify that the target MAC address equals the destination MAC address in the Eth...

Page 885: ...and the DHCP server is enabled hosts that attempt to acquire network information from the legitimate network DHCP server might obtain incorrect information from the rogue DHCP server However if the workstation with the rogue DHCP server is connected to a port that is configured as untrusted and is a member of a DHCP Snooping enabled VLAN the port discards the DHCP server messages Default Traffic S...

Page 886: ...e MAC Disabled DAI validate destination MAC Disabled DAI validate IP Disabled DAI trust state Disabled untrusted DAI Rate limit Disabled DAI Burst interval 1 second DAI mode Disabled on all VLANs DAI logging invalid packets Disabled DAI ARP ACL None configured DAI Static flag Disabled validation by ARP ACL and DHCP snooping binding database Table 27 1 Traffic Snooping Defaults Continued Parameter ...

Page 887: ... N3000 and N4000 series switches For details about the fields on a page click at the top of the page DHCP Snooping Configuration Use the DHCP Snooping Configuration page to control the DHCP Snooping mode on the switch and to specify whether the sender MAC Address for DHCP Snooping must be validated To access the DHCP Snooping Configuration page click Switching DHCP Snooping Global Configuration in...

Page 888: ...nooping Interface Configuration page to configure the DHCP Snooping settings on individual ports and LAGs To access the DHCP Snooping Interface Configuration page click Switching DHCP Snooping Interface Configuration in the navigation panel Figure 27 3 DHCP Snooping Interface Configuration ...

Page 889: ...Snooping and Inspecting Traffic 889 To view a summary of the DHCP snooping configuration for all interfaces click Show All Figure 27 4 DHCP Snooping Interface Configuration Summary ...

Page 890: ... DHCP snooping mode on each VLAN To access the DHCP Snooping VLAN Configuration page click Switching DHCP Snooping VLAN Configuration in the navigation panel Figure 27 5 DHCP Snooping VLAN Configuration To view a summary of the DHCP snooping status for all VLANs click Show All Figure 27 6 DHCP Snooping VLAN Configuration Summary ...

Page 891: ...bindings database can be stored locally on the switch or on a remote system somewhere else in the network The switch must be able to reach the IP address of the remote system to send bindings to a remote database To access the DHCP Snooping Persistent Configuration page click Switching DHCP Snooping Persistent Configuration in the navigation panel Figure 27 7 DHCP Snooping Persistent Configuration...

Page 892: ...P Snooping Static Bindings Configuration page click Switching DHCP Snooping Static Bindings Configuration in the navigation panel Figure 27 8 DHCP Snooping Static Bindings Configuration To view a summary of the DHCP snooping status for all VLANs click Show All Figure 27 9 DHCP Snooping Static Bindings Summary To remove a static binding select the Remove checkbox associated with the binding and cli...

Page 893: ... Dynamic Bindings Summary lists all the DHCP snooping dynamic binding entries learned on the switch ports To access the DHCP Snooping Dynamic Bindings Summary page click Switching DHCP Snooping Dynamic Bindings Summary in the navigation panel Figure 27 10 DHCP Snooping Dynamic Bindings Summary ...

Page 894: ...nooping Statistics The DHCP Snooping Statistics page displays DHCP snooping interface statistics To access the DHCP Snooping Statistics page click Switching DHCP Snooping Statistics in the navigation panel Figure 27 11 DHCP Snooping Statistics ...

Page 895: ...itching IP Source Guard IPSG Interface Configuration in the navigation panel Figure 27 12 IPSG Interface Configuration IPSG Binding Configuration Use the IPSG Binding Configuration page displays DHCP snooping interface statistics To access the IPSG Binding Configuration page click Switching IP Source Guard IPSG Binding Configuration in the navigation panel Figure 27 13 IPSG Binding Configuration ...

Page 896: ...page displays the IPSG Static binding list and IPSG dynamic binding list the static bindings configured in Binding configuration page To access the IPSG Binding Summary page click Switching IP Source Guard IPSG Binding Summary in the navigation panel Figure 27 14 IPSG Binding Summary ...

Page 897: ...iguration Use the DAI Configuration page to configure global DAI settings To display the DAI Configuration page click Switching Dynamic ARP Inspection Global Configuration in the navigation panel Figure 27 15 Dynamic ARP Inspection Global Configuration ...

Page 898: ...terface for which information is to be displayed or configured To display the DAI Interface Configuration page click Switching Dynamic ARP Inspection Interface Configuration in the navigation panel Figure 27 16 Dynamic ARP Inspection Interface Configuration To view a summary of the DAI status for all interfaces click Show All ...

Page 899: ...Snooping and Inspecting Traffic 899 Figure 27 17 DAI Interface Configuration Summary ...

Page 900: ...s to be displayed or configured To display the DAI VLAN Configuration page click Switching Dynamic ARP Inspection VLAN Configuration in the navigation panel Figure 27 18 Dynamic ARP Inspection VLAN Configuration To view a summary of the DAI status for all VLANs click Show All Figure 27 19 Dynamic ARP Inspection VLAN Configuration Summary ...

Page 901: ...ction ACL Configuration To view a summary of the ARP ACLs that have been created click Show All Figure 27 21 Dynamic ARP Inspection ACL Summary To remove an ARP ACL select the Remove checkbox associated with the ACL and click Apply DAI ACL Rule Configuration Use the DAI ARP ACL Rule Configuration page to add or remove DAI ARP ACL Rules To display the DAI ARP ACL Rule Configuration page click Switc...

Page 902: ...ed click Show All Figure 27 23 Dynamic ARP Inspection ACL Rule Summary To remove an ARP ACL rule select the Remove checkbox associated with the rule and click Apply DAI Statistics Use the DAI Statistics page to display the statistics per VLAN To display the DAI Statistics page click Switching Dynamic ARP Inspection Statistics in the navigation panel ...

Page 903: ...Snooping and Inspecting Traffic 903 Figure 27 24 Dynamic ARP Inspection Statistics ...

Page 904: ...ch ip dhcp snooping verify mac address Enable the verification of the source MAC address with the client MAC address in the received DHCP message ip dhcp snooping log invalid Enable the logging of DHCP messages filtered by the DHCP Snooping application ip dhcp snooping binding mac address vlan vlan id ip address interface interface Configure a static binding in the DHCP snooping static bindings da...

Page 905: ...rface type is port channel You can also specify a range of ports with the interface range command for example interface range tengigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 ip dhcp snooping trust Configure the interface or range of interfaces as a trusted port DHCP server messages are not filtered on trusted ports exit Exit to Global Configuration mode interface range vlan vlan...

Page 906: ...thernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 ip verify source port security and ipv6 verify source port security Enable IPSG on the port or LAG to prevent packet forwarding if the source IP address in the packet is not in the DHCP snooping binding database Use the optional port security keyword to also prevent packet forwarding if the sender MAC address is not in forwarding database tab...

Page 907: ...ge logging Enable Dynamic ARP Inspection on a single VLAN or a range of VLANs Use the logging keyword to enable logging of invalid packets ip arp inspection validate src mac dst mac ip Enable additional validation checks like source MAC address validation destination MAC address validation or IP address validation on the received ARP packets Each command overrides the configuration of the previous...

Page 908: ...Enter interface configuration mode for the specified port or LAG The interface variable includes the interface type and number for example tengigabitethernet 1 0 3 For a LAG the interface type is port channel You can also specify a range of ports with the interface range command for example interface range tengigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 ip arp inspection limit n...

Page 909: ...es for source MAC validation destination MAC validation and invalid IP validation show ip arp inspection statistics vlan vlan range View the statistics of the ARP packets processed by Dynamic ARP Inspection for the switch or for the specified VLAN s show arp access list acl name View all configured ARP ACL and their rules or use the ACL name to view information about that ARP ACL only Command Purp...

Page 910: ...aximum number of DHCP packets with a rate limit of 100 packets per second LAG 1 which is also a member of VLAN 100 and contains ports 21 24 is the trunk port that connects the switch to the data center so it is configured as a trusted port Figure 27 25 DHCP Snooping Configuration Topology The commands in this example also enforce rate limiting and remote storage of the bindings database The switch...

Page 911: ... per second LAG 1 is a trusted port and keeps the default value for rate limiting unlimited console config interface range gi1 0 1 20 console config if ip dhcp snooping limit rate 100 console config if exit 4 Specify that the DHCP snooping database is to be stored remotely in a file called dsDb txt on a TFTP server with and IP address of 10 131 11 1 console config ip dhcp snooping database tftp 10...

Page 912: ...configure the switch 1 Enter interface configuration mode for the host ports and enable IPSG console config interface range gi1 0 1 20 console config if ip verify source port security 2 Enable port security on the ports console config if port security 3 View IPSG information console show ip verify source More or q uit Interface Filter IP Address MAC Address Vlan Gi1 0 1 ip mac 192 168 3 45 00 1C 2...

Page 913: ...namic LAGs is based on a maximum of 144 interfaces assigned to dynamic LAGs a maximum of 72 dynamic LAGs and a maximum of 8 interfaces per dynamic LAG For example 72 LAGs may be assigned 2 interfaces each or 18 LAGs may be assigned 8 interfaces each Each LAG can consist of up to eight 1 Gbps or eight 10 Gbps ports or even eight 40 Gbps interfaces When eight Gigabit Ethernet ports are configured as...

Page 914: ... Between Static and Dynamic Link Aggregation Link aggregation can be configured as either dynamic or static Dynamic configuration is supported using the IEEE 802 3ad standard which is known as Link Aggregation Control Protocol LACP Static configuration is used when connecting a Dell Networking N2000 N3000 and N4000 series switches to an external Gigabit Ethernet switch that does not support LACP O...

Page 915: ...e switch supports the following set of packet attributes to be used for hash computation Source MAC VLAN EtherType and incoming port Destination MAC VLAN EtherType and incoming port Source IP and Source TCP UDP port numbers Destination IP and Destination TCP UDP port numbers Source Destination MAC VLAN EtherType and incoming port Source Destination IP and Source Destination TCP UDP port numbers En...

Page 916: ...tree does not maintain state for members of a LAG but does maintain state for the LAG interface As far as STP is concerned members of a LAG do not have individual link state Internally the STP state of the LAG interface is replicated for the member links When members are deleted from a LAG they become normal links and spanning tree maintains their individual link state information Statistics Stati...

Page 917: ... interface can be a member of only one LAG Default Link Aggregation Values The LAGs on the switch are created by default but no ports are members Table 28 1 summarizes the default values for the MAC address table Table 28 1 MAC Address Table Defaults Parameter Default Value LACP system priority 1 LACP port priority 1 LACP timeout Long LAG hash algorithm type Enhanced 7 ...

Page 918: ...ring LAGs on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page LAG Configuration Use the LAG Configuration page to set the name and administrative status up down of a LAG To display the LAG Configuration page click Switching Ports LAG Configuration in the navigation panel Figure 28 2 LAG Configuration ...

Page 919: ...ck Show All LACP Parameters Dynamic link aggregation is initiated and maintained by the periodic exchanges of LACP PDUs Use the LACP Parameters page to configure LACP LAGs To display the LACP Parameters page click Switching Link Aggregation LACP Parameters in the navigation panel ...

Page 920: ...ring Link Aggregation Figure 28 3 LACP Parameters Configuring LACP Parameters for Multiple Ports To configure LACP settings 1 Open the LACP Parameters page 2 Click Show All The LACP Parameters Table page displays ...

Page 921: ... 4 Specify the LACP port priority and LACP timeout for each port 5 Click Apply LAG Membership Your switch supports 48 LAGs per system and eight ports per LAG Use the LAG Membership page to assign ports to static and dynamic LAGs To display the LAG Membership page click Switching Link Aggregation LAG Membership in the navigation panel ...

Page 922: ...til the number reaches the maximum LAG number and then returns to blank no LAG assigned 3 Click Apply The port is assigned to the selected LAG and the device is updated Adding a LAG Port to a Dynamic LAG by Using LACP To add a dynamic LAG member 1 Open the LAG Membership page 2 Click in the LACP row to toggle the desired LAG port to L 3 Click Apply The LAG port is added as a dynamic LAG member to ...

Page 923: ...play the LAG Hash Configuration page click Switching Link Aggregation LAG Hash Configuration in the navigation panel Figure 28 6 LAG Hash Configuration LAG Hash Summary The LAG Hash Summary page lists the channels on the system and their assigned hash algorithm type To display the LAG Hash Summary page click Switching Link Aggregation LAG Hash Summary in the navigation panel ...

Page 924: ...924 Configuring Link Aggregation Figure 28 7 LAG Hash Summary ...

Page 925: ...erface interface Enter interface configuration mode for the specified LAG The interface variable includes the interface type which is port channel and the LAG number for example port channel 3 You can also specify a range of LAGs with the interface range port channel command for example interface range port channel 3 6 configures LAGs 3 4 5 and 6 description description Configure a description for...

Page 926: ...figures interfaces 8 9 10 11 and 12 channel group port channel number mode on auto Add the port s to the LAG specified with the port channel number value Use the auto keyword to add the port s as dynamic members or use on to specify that the LAG membership is static port channel number Number of a valid port channel for the current port to join on Forces the port to join a channel without LACP sta...

Page 927: ...ce TCP UDP port 4 Destination IP and destination TCP UDP port 5 Source destination MAC VLAN EtherType and source MODID port 6 Source destination IP and source destination TCP UDP port 7 Enhanced hashing mode CTRL Z Exit to Privileged EXEC mode show interfaces port channel port channel number View LAG information for the specified LAG or for all LAGs show statistics port channel port channel number...

Page 928: ...nd 10 lacp port priority value Set the Link Aggregation Control Protocol priority for the port or range of ports The priority value range is 1 65535 lacp timeout long short Specify whether to wait a long or short time between LACP PDU transmissions exit Exit to Privileged EXEC mode show lacp interface View LACP parameters for an Ethernet interface or a LAG The interface parameter includes the inte...

Page 929: ...and the member ports are 1 2 3 6 and 7 To configure the switch 1 Enter interface configuration mode for the ports that are to be configured as LAG members console config interface range te1 0 1 3 te1 0 6 7 2 Add the ports to LAG 2 with LACP console config if channel group 1 mode active NOTE The examples in this section show the configuration of only one switch Because LAGs involve physical links b...

Page 930: ... te1 0 10 12 te1 0 14 te1 0 17 2 Add the ports to LAG 2 without LACP console config if channel group 2 mode on Channel Ports Ch Type Hash Type Min links Local Prf Po1 Active Te1 0 1 Inactive Te1 0 2 Te1 0 3 Te1 0 6 Te1 0 7 Dynamic 7 1 Disabled Hash Algorithm Type 1 Source MAC VLAN EtherType source module and port Id 2 Destination MAC VLAN EtherType source module and port Id 3 Source IP and source ...

Page 931: ...e1 0 6 Te1 0 7 Static 7 1 Disabled Hash Algorithm Type 1 Source MAC VLAN EtherType source module and port Id 2 Destination MAC VLAN EtherType source module and port Id 3 Source IP and source TCP UDP port 4 Destination IP and destination TCP UDP port 5 Source Destination MAC VLAN EtherType source MODID port 6 Source Destination IP and source destination TCP UDP port 7 Enhanced hashing mode ...

Page 932: ...gation Group LAG and appear as a single link in the spanning tree topology The advantage is that all LAG member links can be in the forwarding state and a link failure can be recovered in milliseconds This allows the bandwidth on the redundant links to be utilized However LAGs are limited to connecting multiple links between two partner switches which leaves the switch as a single point of failure...

Page 933: ... traffic Figure 28 8 STP Blocking MLAG reduces some of the bandwidth shortcomings of STP in an L2 network It provides a reduced convergence period when a port channel link goes down and provides more bandwidth because all links can forward traffic In the figure below if SW1 and SW2 form an MLAG with SW3 and SW4 none of the links are blocked which means traffic can flow over both links from SW4 thr...

Page 934: ...934 Configuring Link Aggregation Figure 28 9 MLAG in an L2 Network SW2 SW1 Traffic flows on all available links MLAG Peer Link SW4 SW3 ...

Page 935: ...are MLAG peer switches These two switches form a single logical end point for the MLAG from the perspective of switch A MLAG interfaces MLAG functionality is a property of port channels Port channels configured as MLAGs are called MLAG interfaces Administrators can configure multiple instances of MLAG interfaces on the peer MLAG switches Port channel limitations and capabilities like min links and...

Page 936: ...configured on the peer link as well MLAG Dual Control Plane Detection link A virtual link that is used to advertise the Dual Control Plane Detection Protocol DCPDP packets between the two MLAG switches ports P4 S4 DCPDP is optional but should be used with caution The protocol is used as a secondary means of detecting the presence of the peer switch in the network The DCPDP protocol must not be con...

Page 937: ...lowing STP configuration parameters must be the identical on both MLAG peers Spanning tree version RSTP or MSTP Bpdufilter Bpduflood Auto edge TCN guard Cost Edgeport STP Version STP MST VLAN configuration STP MST instance configuration MST instance ID port priority port cost mode Root guard Loop guard 3 Port channel interface The following port channel attributes must be identical for MLAG port c...

Page 938: ...orted 6 Switch firmware versions Except during firmware upgrade the peer switch firmware versions must be identical as subtle differences between versions may cause instability The administrator must ensure that the above configuration items are configured identically on the MLAG interfaces on both of the MLAG peers before enabling the MLAG feature If the configuration settings are not in sync the...

Page 939: ... peer link P3 P4 S3 S4 Ports P1 S1 are members of MLAG1 and ports P2 S2 are members of MLAG2 3 A port channel must be configured as the peer link In Figure 28 11 P3 P4 and S3 S4 are the port channel ports that form the peer link 4 MLAG devices select the roles based on keep alive messages that run over the peer link 5 A B and C are MLAG unaware devices 6 A B and C are partner devices that form an ...

Page 940: ...he peer To sync FDB entries learned on MLAG interfaces between the two MLAG peer switches To forward STP BPDUs and LACPDUs received on secondary MLAG member ports to the primary MLAG switch To send interface events related to MLAG interface and member ports that occur on the secondary switch to the primary switch To transfer MLAG control information between the primary and secondary MLAG switches ...

Page 941: ...ot sent from the primary to the secondary switch Always use the management interface on the primary switch to examine MLAG status Peer Link Keep alive Protocol MLAG peers exchange keep alive packets over the peer link The keep alive protocol is L2 based Keep alive messages are used for electing roles and to inform the MLAG peer that the MLAG switch is alive and functioning properly The keep alive ...

Page 942: ...LACP running on the partner device detects that the port channel connected to the secondary MLAG switch is sending LACPDUs with a different system ID and brings down the links connected to secondary MLAG peer This behavior reduces or eliminates spanning tree reconvergence due to the MLAG switches sending BPDUs with different bridge IDs to the partner switch On a peer link failure with DCPDP disabl...

Page 943: ...consist of multiple physical links with sufficient bandwidth to carry all MLAG traffic expected to be carried by either MLAG peer Disable spanning tree on the peer link Enable trunking on the peer link Remove any non MLAG VLANs from the peer link trunk port VLANs cannot be configured to contain both MLAG ports and non MLAG non redundant ports Ensure that the peer link has a native VLAN configured ...

Page 944: ...s an MLAG interface and assign to a VPC Each MLAG must have a unique VPC ID and the VPC configuration must be identical on both switches The port channels on the MLAG peer must be assigned to the same VPC ID However the member ports for the port channel may be different The administrator must ensure that the port channel configuration on both the switches is in sync before enabling MLAG After the ...

Page 945: ...n capability e g TCP will experience a limited interruption of service Network operators must ensure that the aggregate bandwidth in use on the MLAG can be supported on a single MLAG peer Use the show vpc brief command to determine which switch is the primary switch This procedure upgrades the standby switch first followed by the primary switch Following this order reduces the reconvergence time t...

Page 946: ...he MLAG is fully functional Static Routing on MLAG Interfaces MLAG interfaces can be enabled as L3 VLANs that is they can be assigned IP addresses Static inter VLAN routing is NOT supported on MLAG VLANs on the MLAG peers and every MLAG VLAN must terminate on two MLAG partners There is no support for routing protocols such as OSPF RIP etc on MLAG interfaces VRRP can be configured on these routing ...

Page 947: ...LANs traverse the MLAG topology from the top switches routers to the bottom switches routers The LAGs for each VLAN host are in a separate VPC The router sees the port channel as a single logical interface with multiple VLANs This topology is highly recommended as it utilizes MLAG in the scenario for which it was intended redundant full bandwidth replacement for spanning tree and allows the MLAG p...

Page 948: ...y L2 topology and allows the MLAG peers to detect failures and unblock the appropriate VLANs on the peer link so that traffic flow can continue unimpeded The lower pair of switches connects clusters of storage and servers in a TOR role in support of devices that do not support link aggregation Switching between the storage and the servers within the rack proceeds in the normal manner and remains i...

Page 949: ... not automatically unblock the downstream routed VLANs which are not correlated with the upstream MLAG VLANs across the peer link Specifically MLAG does not correlate the failure in VLAN 30 with VLAN 20 This leads to a black hole Adding a backup routed link solves the black hole issue but it also makes the MLAG solution unnecessary L3 routed VLAN termination on the MLAG peers is not supported VLAN...

Page 950: ... of the MLAG packets remain blocked when transiting the MLAG peer link L3 routed VLANs termination on the MLAG peers is not supported VLANs must extend across the MLAG peers Figure 28 15 L3 VLAN Termination on MLAG Example 2 Degenerate Routing Topology In a one armed topology the MLAG is partnered with a single router or switch The router is configured with a LAG toward the MLAG peer switches and ...

Page 951: ... the MLAG Figure 28 16 Degenerate Routing Topology In the one armed scenario in Figure 28 16 the MLAG cannot associate the failure of the VLAN 30 link with VLAN 20 Traffic from the routed or switched network towards the upstream router is routed over the backup router link when the MLAG link fails solely based on the routing configuration Traffic from the upstream router on VLAN 30 to the switched...

Page 952: ...es that both MLAG devices become VRRP Masters Consider the scenario in Figure 28 17 Figure 28 17 MLAG with VRRP When L3 data is received by the MLAG primary switch destined to A P would trigger an ARP request to learn A s MAC address In this case the ARP request originated by P would have its interface MAC address as the source MAC address MAC P for example and interface IP address as the source I...

Page 953: ...e the same model and have the same port count and module occupancy if modules are used in the MLAG domain Specifically a port referred to on the secondary must be present on the master to be accepted for configuration This is due to the table sizes ARP FDB etc where the primary switch may learn more MAC addresses than the secondary switch and then upon failover the secondary will not be able to fo...

Page 954: ...m the non MLAG VLANs to not cross the peer link can reduce the number of root bridges in the network to two The peer link requires a native VLAN to be configured This is a limitation of the peer link keep alive protocol On primary switch failover the secondary switch flushes the FDB MAC addresses and uses its own MAC address in spanning tree BPDUs and in the LACP actor ID This will cause LACP to r...

Page 955: ...ndary MLAG peer The Dell Networking MLAG solution is not peer compatible with other vendor s multichassis LAG solutions Dell Networking switches configured for MLAG cannot peer with another vendor switch IGMP snooping is not supported on MLAG enabled switches Disable IGMP snooping before enabling MLAG MLAG interfaces and non redundant ports cannot be members of the same VLAN i e a VLAN may contain...

Page 956: ...re may be configured on an MLAG VLAN and will synchronize state across the MLAG peers The configuration for features marked Yes must be identical on both switches MLAG does not synchronize configuration with the MLAG peer A No entry indicates that the switch feature does not synchronize state across the MLAG peers and the feature may not be configured on an MLAG VLAN Table 28 2 MLAG State Synchron...

Page 957: ... N A MACVLAN N A Protected Port No DHCP Snooping No IP Source Guard No Dynamic ARP Inspection No Auto Negotiation N A L2 Relay No MRP No MMRP No DOT1AS No 802 1qav No DOT1AG No ACL N A DiffServ N A COS N A ACL Logging N A Flow based port mirroring N A Table 28 2 MLAG State Synchronization Per Feature Continued Components MLAG State Synchronization Support ...

Page 958: ... ACL No UDLD N A Private VLAN No LLPF No Port Aggregator No EAV No MSRP No MVR No Class Based VLAN No DHCP Filtering No EASY_ACL No Media VLAN No PBVLAN No VLAN Rate Limit No Flow Control N A LLDP N A Jumbo Frames N A Table 28 2 MLAG State Synchronization Per Feature Continued Components MLAG State Synchronization Support ...

Page 959: ...Current Configuration System Description Dell Networking N3024F 6 0 0 0 Linux 3 6 5 858bcf6e System Software Version 6 0 0 0 configure vlan 10 exit hostname MLAG Peer A slot 1 0 2 Dell Networking N3024F stack member 1 2 N3024F exit interface Gi1 0 23 channel group 2 mode active description MLAG Partner Link exit interface Te1 0 1 channel group 1 mode active description MLAG Peer Link exit interfac...

Page 960: ...m Software Version 6 0 0 0 configure vlan 10 exit hostname MLAG Peer B slot 1 0 2 Dell Networking N3024F stack member 1 2 N3024F exit interface Gi1 0 23 channel group 2 mode active description MLAG Partner Link exit interface Te1 0 1 channel group 1 mode active description MLAG Peer Link exit interface port channel 1 description MLAG Peer Link spanning tree disable switchport mode trunk vpc peer l...

Page 961: ...Networking N2048 6 0 0 0 Linux 3 6 5 858bcf6e System Software Version 6 0 0 0 configure hostname LAG SW slot 1 0 5 Dell Networking N2048 stack member 1 8 N2048 exit interface vlan 1 ip address dhcp exit interface Gi1 0 1 channel group 1 mode active exit interface Gi1 0 2 channel group 1 mode active exit interface port channel 1 switchport mode trunk exit snmp server engineid local 800002a203001ec9...

Page 962: ...t as noted otherwise MLAG Peer A config show vpc brief VPC admin status Enabled Keep alive admin status Enabled VPC operational status Enabled Self role Primary Peer role Secondary Peer detection admin status Disabled Peer Link details Interface Po1 Peer link admin status Enabled Peer link STP admin status Disabled Configured VLANs 1 10 Egress tagged VLANs 10 VPC Details Number of VPCs configured ...

Page 963: ...C address 0000 0000 0000 LAG SW config show vpc peer keepalive Peer IP address 0 0 0 0 Source IP address 0 0 0 0 UDP port 50000 Peer detection Disabled Peer detection operational status Down Peer is detected False MLAG Peer A config show interfaces status po1 Port Description Channel Po1 MLAG Peer Link Operational State Up Admin Mode Enabled Port Channel Flap Count 1 Member Device Port Port Flap P...

Page 964: ...d Active Count Gi1 0 23 actor long 1000 True 0 partner long MLAG Peer A config show interfaces utilization po1 Port Load Rx bits s Rx packets s Tx bits s Tx packets s Channel Interval Po1 300 792 1 1192 2 MLAG Peer A config show vpc role Self Keep alive admin status Enabled Keep alive operational status Enabled Priority 100 System MAC address 001E C9DE C52B Timeout 5 VPC state Primary VPC role Pri...

Page 965: ... messages transmitted 777 Peer link data messages Tx errors 0 Peer link data messages Tx timeout 0 Peer link data messages received 878 Peer link BPDU s transmitted to peer 2 Peer link BPDU s Tx errors 0 Peer link BPDU s received from peer 11 Peer link BPDU s Rx errors 0 Peer link LACPDU s tranmsitted to peer 775 Peer link LACPDU s Tx errors 0 Peer link LACPDU s received from peer 867 Peer link LA...

Page 966: ... to a legacy Cisco 3750 over port channel 3 on each MLAG peer and is also running LACP The Cisco configuration is shown for completeness Spanning tree instance 0 is configured for VLAN 1 Spanning tree instance 1 is configured for VLANs 10 17 The Cisco 3750 acts as the root bridge for the topology MLAG Peer A Configuration Current Configuration System Description Dell Networking N3024F 6 0 0 0 Linu...

Page 967: ...on MLAG Partner Link exit interface Te1 0 1 channel group 1 mode active description MLAG Peer Link udld enable udld port aggressive exit interface Te1 0 2 channel group 1 mode active description MLAG Peer Link udld enable udld port aggressive exit interface port channel 1 description MLAG Peer Link spanning tree disable switchport mode trunk switchport trunk allowed vlan 1 99 101 4093 vpc peer lin...

Page 968: ...8 0 1 peer detection enable exit exit MLAG Peer B Configuration Current Configuration System Description Dell Networking N3024F 6 0 0 0 Linux 3 6 5 858bcf6e System Software Version 6 0 0 0 configure vlan 10 17 100 exit hostname MLAG Peer B slot 1 0 2 Dell Networking N3024F stack member 1 2 N3024F exit interface vlan 100 ip address 192 168 0 2 255 255 255 0 exit spanning tree mode mst spanning tree...

Page 969: ...Te1 0 1 channel group 1 mode active description MLAG Peer Link udld enable udld port aggressive exit interface Te1 0 2 channel group 1 mode active description MLAG Peer Link udld enable udld port aggressive exit interface port channel 1 description MLAG Peer Link spanning tree disable switchport mode trunk switchport trunk allowed vlan 1 99 101 4093 vpc peer link exit interface port channel 2 swit...

Page 970: ... 168 0 2 peer detection enable exit exit MLAG Partner Configuration Current Configuration System Description Dell Networking N2048 6 0 0 0 Linux 3 6 5 858bcf6e System Software Version 6 0 0 0 configure hostname LAG SW slot 1 0 5 Dell Networking N2048 stack member 1 8 N2048 exit interface vlan 1 ip address dhcp exit spanning tree mode mst spanning tree mst configuration instance 1 add vlan 10 17 ex...

Page 971: ...on Current configuration 1913 bytes version 12 2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password encryption service unsupported transceiver hostname Switch boot start marker boot end marker no aaa new model switch 1 provision ws c3750g 24ts system mtu routing 1500 ip subnet zero spanning tree mode mst spanning tree extend system id spa...

Page 972: ...nterface GigabitEthernet1 0 6 interface GigabitEthernet1 0 7 interface GigabitEthernet1 0 8 interface GigabitEthernet1 0 9 interface GigabitEthernet1 0 10 interface GigabitEthernet1 0 11 interface GigabitEthernet1 0 12 interface GigabitEthernet1 0 13 interface GigabitEthernet1 0 14 interface GigabitEthernet1 0 15 interface GigabitEthernet1 0 16 interface GigabitEthernet1 0 17 interface GigabitEthe...

Page 973: ... switchport trunk encapsulation dot1q switchport mode trunk channel group 1 mode active interface GigabitEthernet1 0 26 description MLAG Peer Link switchport trunk encapsulation dot1q switchport mode trunk channel group 1 mode active interface GigabitEthernet1 0 27 interface GigabitEthernet1 0 28 interface Vlan1 no ip address ip classless ip http server ip http secure server control plane line con...

Page 974: ...0 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 priority 32768 sys id ext 0 Address 0013 c4bd f080 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio Nbr Type Po1 Desg FWD 10000 128 488 P2p Bound STP MST1 Spanning tree enabled protocol mstp Root ID Priority 32769 Address 0013 c4bd f080 This bridge is the root He...

Page 975: ...No Gi1 0 2 Enabled 128 2 0 DIS Disb No Gi1 0 3 Enabled 128 3 0 DIS Disb No Gi1 0 4 Enabled 128 4 0 DIS Disb No Gi1 0 5 Enabled 128 5 0 DIS Disb No Gi1 0 6 Enabled 128 6 0 DIS Disb No Gi1 0 7 Enabled 128 7 0 DIS Disb No Gi1 0 8 Enabled 128 8 0 DIS Disb No Gi1 0 9 Enabled 128 9 0 DIS Disb No Gi1 0 10 Enabled 128 10 0 DIS Disb No Gi1 0 11 Enabled 128 11 0 DIS Disb No Gi1 0 12 Enabled 128 12 0 DIS Dis...

Page 976: ...No Gi1 0 42 Enabled 128 42 0 DIS Disb No Gi1 0 43 Enabled 128 43 0 DIS Disb No Gi1 0 44 Enabled 128 44 0 DIS Disb No Gi1 0 45 Enabled 128 45 0 DIS Disb No Gi1 0 46 Enabled 128 46 0 DIS Disb No Gi1 0 47 Enabled 128 47 0 DIS Disb No Gi1 0 48 Enabled 128 48 0 DIS Disb No Te1 0 1 Enabled 128 49 0 DIS Disb No Te1 0 2 Enabled 128 50 0 DIS Disb No Tw1 0 1 Enabled 128 51 0 DIS Disb No Tw1 0 2 Enabled 128 ...

Page 977: ... Po33 Enabled 96 682 0 DIS Disb No Po34 Enabled 96 683 0 DIS Disb No Po35 Enabled 96 684 0 DIS Disb No Po36 Enabled 96 685 0 DIS Disb No Po37 Enabled 96 686 0 DIS Disb No Po38 Enabled 96 687 0 DIS Disb No Po39 Enabled 96 688 0 DIS Disb No Po40 Enabled 96 689 0 DIS Disb No Po41 Enabled 96 690 0 DIS Disb No Po42 Enabled 96 691 0 DIS Disb No Po43 Enabled 96 692 0 DIS Disb No MLAG Peer A show spanning...

Page 978: ...b No Gi1 0 14 Enabled 128 14 0 DIS Disb No Gi1 0 15 Enabled 128 15 0 DIS Disb No Gi1 0 16 Enabled 128 16 0 DIS Disb No Gi1 0 17 Enabled 128 17 0 DIS Disb No Gi1 0 18 Enabled 128 18 0 DIS Disb No Gi1 0 19 Enabled 128 19 0 DIS Disb No Gi1 0 20 Enabled 128 20 0 DIS Disb No Gi1 0 21 Enabled 128 21 0 DIS Disb No Gi1 0 22 Enabled 128 22 0 DIS Disb No Gi1 0 23 Enabled 128 23 0 DIS Disb No Gi1 0 24 Enable...

Page 979: ... 10 11 12 13 14 15 16 17 Egress tagging 10 11 12 13 14 15 16 17 VPC Details Number of VPCs configured 2 Number of VPCs operational 2 VPC id 1 Interface Po2 Configured Vlans 1 10 11 12 13 14 15 16 17 VPC Interface State Active Local MemberPorts Status Gi1 0 23 UP Gi1 0 24 UP Peer MemberPorts Status Gi1 0 23 UP Gi1 0 24 UP VPC id 2 Interface Po3 Configured Vlans 1 10 11 12 13 14 15 16 17 VPC Interfa...

Page 980: ...rts Status Gi1 0 23 UP Gi1 0 24 UP MLAG Peer A show vpc 2 VPC id 2 Config mode Enabled Operational mode Enabled Port channel Po3 Local MemberPorts Status Gi1 0 1 UP Peer MemberPorts Status Gi1 0 1 UP MLAG Peer A show vpc peer keepalive Peer IP address 192 168 0 2 Source IP address 192 168 0 1 UDP port 50000 Peer detection Enabled Peer detection operational status Up Peer is detected TRUE ...

Page 981: ...0 Peer link control messages ACK transmitted 119 Peer link control messages ACK Tx errors 0 Peer link control messages received 119 Peer link data messages transmitted 1294 Peer link data messages Tx errors 0 Peer link data messages Tx timeout 0 Peer link data messages received 1886 Peer link BPDU s transmitted to peer 11 Peer link BPDU s Tx errors 0 Peer link BPDU s received from peer 751 Peer li...

Page 982: ...982 Configuring Link Aggregation ...

Page 983: ... support Data Center Bridging DCB features to increase the reliability of Ethernet based networks in the data center The N4000 switches support PFC ETS and DCBX capability exchange with the ability to autoconfigure from a peer switch The Ethernet enhancements that DCB provides are well suited for iSCSI applications Table 29 1 provides a summary of the features this chapter describes NOTE The data ...

Page 984: ...tly connected peers ETS Supports the ETS configuration and Application Priority TLVs which are accepted from auto upstream devices and propagated to auto downstream devices The N4000 switches support the automatic configuration of the switch with received ETS parameters Table 29 2 Default Port Based Traffic Control Values Feature Default PFC Disabled no priority classifications are configured DCBx...

Page 985: ...1p priority value These priority values must be mapped to internal class of service CoS values The PFC feature allows you to specify the CoS values that should be paused due to greater loss sensitivity instead of dropped when congestion occurs on a link Unless configured as no drop all CoS priorities are considered non pausable drop when priority based flow control is enabled until no drop is spec...

Page 986: ...ue on an interface ensure that VLAN tagging is enabled on the interface so that the 802 1p priority values are carried through the network see VLAN Tagging on page 649 Additionally make sure that 802 1p priority values are mapped to CoS values see Configuring Class of Service on page 1313 If DCBX is enabled the manually configured PFC parameters no drop priorities must match the peers PFC paramete...

Page 987: ...riorities are subject to being paused to prevent data loss To display the PFC Configuration page click Switching PFC PFC Configuration in the navigation menu Figure 29 1 PFC Configuration PFC Statistics Page Use the PFC Statistics page to view the PFC statistics for interfaces on the switch To display the PFC Statistics page click Switching PFC PFC Statistics in the navigation menu ...

Page 988: ...ng in Privileged EXEC mode use the following commands to configure PFC NOTE If DCBx is enabled and the switch is set to autoconfigure from a DCBX peer configuring PFC is not necessary because the DCBx protocol automatically configures the PFC parameters Command Purpose configure Enter global configuration mode ...

Page 989: ...rity flow control to enable if the lldp dcbx port role auto down or lldp dcbx port role auto up command has already been applied priority flow control priority priority id drop no drop Use the no drop option to enable the priority group for lossless behavior To enable lossy behavior use the drop form of the command priority id Specify the IEEE 802 1p priority value range 0 7 NOTE Only two queues c...

Page 990: ...s the priority to traffic class mapping to be one to one based upon the default switch settings For lossless service a priority must be mapped one to one to a traffic class For more information about traffic classes see Configuring Class of Service on page 1313 For a complete example of manually configuring a N4000 switch for iSCSI with PFC refer to iSCSI Optimization Configuration Examples on pag...

Page 991: ...ridging Features 991 console config dcb exit 4 Enable VLAN tagging on the ports so the 802 1p priority is identified Trunk mode can also be enabled on port channels console config if switchport mode trunk console config if exit ...

Page 992: ...feature specific because some features may allow asymmetric configuration Peer configuration of DCB features DCBx can be used by a device to perform configuration of DCB features in its peer device if the peer device is willing to accept configuration For discussion and examples of configuring iSCSI with DCBX refer to Configuring iSCSI Optimization on page 459 The DCBx protocol supports the propag...

Page 993: ...out multiple peers are detected the link is reset link down up or if commanded by the operator DCBx resets its operational mode to IEEE The interaction between the DCBx component and other components remains the same irrespective of the operational mode it is executing For instance the DCBx component interacts with PFC to get needed information to pack the TLVs to be sent out on the interface Base...

Page 994: ...eter is enabled on the port and the recommendation TLV is sent to the peer and processed if received locally The first auto upstream port to successfully accept a compatible configuration becomes the configuration source The configuration source propagates its configuration to other auto upstream and auto downstream ports Only the configuration source may propagate configuration to other ports int...

Page 995: ...down Since only one port in the system can be configured as the configuration source configuring interfaces as auto up is a preferable alternative to a config source setting Configuration Source Port Selection Process When an auto upstream or auto downstream port receives a configuration from a peer the DCBx client first checks if there is an active configuration source If there is a configuration...

Page 996: ...eam ports other than the configuration source are marked as willing disabled To reduce flapping of configuration information if the configuration source port is disabled disconnected or loses LLDP connectivity the system clears the selection of configuration source port if not manually selected and enables the willing bit on all auto upstream ports The configuration on the auto configuration ports...

Page 997: ...ersion based on the peer response default cin Force the mode to Cisco Intel Nuova DCBx 1 0 cee Force the mode to CEE DCBx 1 06 ieee Force the mode to IEEE 802 1Qaz lldp tlv select dcbxp pfc application priority Enable LLDP to send specific DCBx TLVs if LLDP is enabled to transmit on the given interface Entering the command with no parameters enables transmission of all TLVs pfc Transmit the PFC co...

Page 998: ... to accept one from the link partner However the port will accept a configuration propagated internally by the configuration source These ports have the willing bit set to disabled Selection of a port based upon compatibility of the received configuration is suppressed These ports should be connected to a trusted FCF manual Ports operating in the Manual role do not have their configuration affecte...

Page 999: ...haring and lossless or best effort transmit characteristics Dell Networking N4000 switches support strict priority and Weighted Deficit Round Robin WDRR scheduling with up to two lossless traffic classes WDRR schedules traffic based on average bandwidth consumed vs frame counts ETS Operation The normal default operation of Dell Networking switches when uncongested is that packets are scheduled for...

Page 1000: ... namely scheduler algorithm min bandwidth and drop mechanism are honored and the packet is either dropped or forwarded to next level Only frames selected by the first level scheduler are forwarded to the second level Strict priority traffic classes are serviced first in order of traffic class number A strict priority traffic class is one that is configured as strict priority or has a traffic class...

Page 1001: ... first but have their bandwidth reduced by the minimum bandwidth guarantees configured on other TCGs Strict priority TCGs are scheduled from highest numbered TCG to lowest When all TCGs have met their minimum bandwidth limits or the queues are empty TCGs that have not met their maximum bandwidth limit are scheduled Once the limits for a TCG are satisfied maximum bandwidth no frames available for t...

Page 1002: ...roup max bandwidth Specifies the maximum transmission bandwidth limit for each TCG as a percentage of the interface rate Also known as rate shaping this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bound traffic class group min bandwidth Specifies the minimum transmission bandwidth guaranteed for each TCG before processing frames from lower...

Page 1003: ...nge of interfaces or all interfaces To ensure lossless behavior the dot1p priority must be mapped one to one to a CoS queue for the lossless priorities Up to two lossless priorities may be configured on N4000 switches CoS queue 7 is reserved by the system and is not assignable It is generally recommended that the administrator utilize CoS queues 0 3 as CoS queues 4 6 may be utilized by the system ...

Page 1004: ...tting has no effect The min bandwidth setting guarantees that any particular CoS queue is serviced often enough to ensure that the offered load can achieve the minimum transfer rate The bandwidth is measured internally as bytes transferred per second The minimum bandwidth setting is enforced on the egress queue it does not rate limit incoming frames The minimum bandwidth setting is configured as a...

Page 1005: ... scheduling be assigned to a single strict priority enabled TCG other than TCG0 The following example sets CoS queue traffic class number 3 to be serviced with strict priority console config if Te1 0 1 cos queue strict 3 To show the minimum bandwidth and scheduler modes for CoS queues use the following command console show interfaces cos queue tengigabitethernet 1 0 1 Interface Te1 0 1 Interface S...

Page 1006: ...up 0 0 console config if Te1 0 1 classofservice traffic class group 1 1 console config if Te1 0 1 classofservice traffic class group 2 1 console config if Te1 0 1 classofservice traffic class group 3 2 To show the CoS queue to TCG mapping use the following command console show classofservice traffic class group tengigabitethernet 1 0 1 Traffic Class Traffic Class Group 0 0 1 1 2 1 3 2 4 0 5 0 6 0 ...

Page 1007: ...gress TCG regardless of the scheduling mode and does not directly affect incoming traffic The minimum bandwidth for a TCG is configured as a percentage of the total bandwidth and the configured minimum bandwidths may sum to less than 100 The sum may not exceed 100 Minimum bandwidth may be configured on a single interface a range of interfaces or all interfaces It is recommended that the minimum ba...

Page 1008: ... selects that TCG for transmission before the WDRR TCGs Use the no command to disable strict priority scheduling It is recommended that all CoS queues enabled for strict priority scheduling be assigned to a single TCG other than TCG0 This scheme allows a larger number of priorities to be configured as strict priorities console config if Te1 0 1 traffic class group strict 2 To show the weight minim...

Page 1009: ...same TCG The minimum bandwidth setting on the CoS queue does not have any effect TCG1 would receive 10 each of pri1 and pri3 and 80 of pri2 Even though strict mode is enabled for pri2 the minimum bandwidth of pri1 and pri3 is first honored before applying strict mode on pri2 TCG2 receives 25 each of pri4 and pri5 traffic and the other 50 can be of pri6 or pri7 This is based on the minimum bandwidt...

Page 1010: ...d be guaranteed a sufficiently high priority to meet the requirement of low latency Figure 29 3 Converged Link on the DCB Environment In this example to ensure that the server cluster traffic has low latency it may be assigned to a TCG say TCG0 and a strict mode of scheduling is enabled on this group weight set to 0 SAN traffic can be assigned to TCG1 and LAN to TCG2 The TCG1 and TCG2 can be set t...

Page 1011: ...egress interfaces It is recommended that either a CoS queue level min bandwidth setting be utilized to ensure a minimum amount of bandwidth is processed on the non strict priority queues if there is a possibility that the strict priority traffic is not limited in bandwidth by some other means It is recommended that the sum of the minimum bandwidth percentages allocated to the group of CoS queues m...

Page 1012: ...ironment the following minimum steps must be performed 1 Configure the CoS queue to Traffic Class Group mapping for the egress ports 2 Enable the appropriate scheduling algorithm for each TCG 3 Configure the weight percentage for each TCG Variation on the Example Configuration This example configures three classes of traffic and utilizes the secondary ETS scheduler only Best effort traffic CoS Que...

Page 1013: ...odified and applied to the system via the DCBX Mapping function as follows references are to the 802 1Qaz parameters Like traffic classes are combined up to the limits of the system e g no more than 2 lossless CoS queues may be configured The Priority Assignment Table user priority to CoS queue mapping is utilized by the system to map user priorities to the traffic classes CoS queues The TSA Assig...

Page 1014: ...wed to be the bandwidth of the individual TCG divided by the sum of the weights of all WDRR configured TCGs The administrator may configure other parameters to work in conjunction with the received DCBX configuration e g min bandwidth per CoS queue and minimum or maximum bandwidth per TCG ...

Page 1015: ...ss Table Populated The MAC address table can contain two types of addresses Static The address has been manually configured and does not age out Dynamic The address has been automatically learned by the switch and can age out when it is not in use Static addresses are configured by the administrator and added to the table Dynamic addresses are learned by examining information in the Ethernet frame...

Page 1016: ...ress can be associated with multiple VLANs How Is the MAC Address Table Maintained Across a Stack The MAC address table is synchronized across all stack members When a member joins the stack its previous MAC address table is overwritten by the table maintained by the stack Default MAC Address Table Values Table 30 1 summarizes the default values for the MAC address table Table 30 1 MAC Address Tab...

Page 1017: ... click at the top of the page Static Address Table Use the Static Address Table page to view MAC addresses that have been manually added to the MAC address table and to configure static MAC addresses To display the Static Address Table page click Switching Address Tables Static Address Table in the navigation panel Figure 30 1 Static MAC Address Adding a Static MAC Address To add a static MAC addr...

Page 1018: ...0 2 Adding Static MAC Address 3 Select the interface to associate with the static address 4 Specify the MAC address and an associated VLAN ID 5 Click Apply The new static address is added to the Static MAC Address Table and the device is updated ...

Page 1019: ...es VLAN and table sorting key Packets forwarded to an address stored in the address table are forwarded directly to those ports The Global Address Table also contains information about the aging time before a dynamic MAC address is removed from the table To display the Global Address Table click Switching Address Tables Global Address Table in the navigation panel Figure 30 3 Global Address Table ...

Page 1020: ... or LAG including the interface type and number mac address table aging time 0 10 1000000 Specify the number of seconds that must pass before an unused dynamically learned MAC address is removed from the MAC address table A value of 0 disables the aging time for the MAC address table exit Exit to Privileged EXEC mode show mac address table static dynamic View information about the entries in the M...

Page 1021: ...pter For a configuration example that includes tunnel and loopback interface creation see Interconnecting an IPv4 Backbone and Local IPv6 Network on page 1187 Routing Interface Overview Routing interfaces are logical interfaces that can be configured with an IP address Routing interfaces provide a means of transmitting IP packets between subnets on the network What Are VLAN Routing Interfaces VLAN...

Page 1022: ...hysical networks or when additional segmentation or security is required What Are Loopback Interfaces A loopback interface is a logical interface that is always up and because it cannot go down allows the switch to have a stable IP address that other network devices and protocols can use to reach the switch The loopback can provide the source address for sent packets The loopback interface does no...

Page 1023: ...v4 tunnels to provide functionality to facilitate the transition of IPv4 networks to IPv6 networks The switch supports two types of tunnels configured 6 in 4 and automatic 6 to 4 Configured tunnels have an explicit configured endpoint and are considered to be point to point interfaces Automatic tunnels determine the endpoint of the tunnel from the destination address of packets routed into the tun...

Page 1024: ...tions VLAN Routing VLAN routing is required when the switch is used as a layer 3 device VLAN routing must be configured to allow the switch to forward IP traffic between subnets and allow hosts in different networks to communicate In Figure 31 1 the Dell Networking switch is configured as an L3 device and performs the routing functions for hosts connected to the L2 switches For Host A to communica...

Page 1025: ...ere you need to send traffic to a switch such as in switch management The loopback interface IP address is a good choice for communicating with the switch in these cases because the loopback interface cannot go down when the switch is powered on and operational Tunnel Interface Tunnels can be used in networks that support both IPv6 and IPv4 The tunnel allows non contiguous IPv6 networks to be conn...

Page 1026: ... you cannot change the default values However when you create a loopback interface the default values are similar to those of VLAN routing interfaces as Table 31 1 shows When you create a tunnel it has the default values shown in Table 31 2 Table 31 1 VLAN Routing Interface and Loopback Interface Defaults Parameter Default Value Forward Net Directed Broadcasts Disabled Encapsulation Type Ethernet ...

Page 1027: ...0 and N4000 series switches For details about the fields on a page click at the top of the page IP Interface Configuration Use the IP Interface Configuration page to update IP interface data for this switch The IP interface configuration includes the ability to configure the bandwidth Destination Unreachable messages and ICMP Redirect messages To display the page click Routing IP IP Interface Conf...

Page 1028: ...to an interface by the DHCP server To display the page click Routing IP DHCP Lease Parameters in the navigation panel Figure 31 3 DHCP Lease Parameters VLAN Routing Summary Use the VLAN Routing Summary page to view summary information about VLAN routing interfaces configured on the switch To display the page click Routing VLAN Routing Summary in the navigation panel ...

Page 1029: ...igure 31 4 VLAN Routing Summary Tunnel Configuration Use the Tunnels Configuration page to create configure or delete a tunnel To display the page click Routing Tunnels Configuration in the navigation panel Figure 31 5 Tunnel Configuration ...

Page 1030: ...ring Routing Interfaces Tunnels Summary Use the Tunnels Summary page to display a summary of configured tunnels To display the page click Routing Tunnels Summary in the navigation panel Figure 31 6 Tunnels Summary ...

Page 1031: ...Configuration page to create configure or remove loopback interfaces You can also set up or delete a secondary address for a loopback To display the page click Routing Loopback Interfaces Loopback Interfaces Configuration in the navigation panel Figure 31 7 Loopback Configuration ...

Page 1032: ...s Summary Use the Loopbacks Summary page to display a summary of configured loopback interfaces on the switch To display the page click Routing Loopback Interfaces Loopback Interfaces Summary in the navigation panel Figure 31 8 Loopbacks Summary ...

Page 1033: ...ne ip_address subnet_mask secondary Configure the IP address Use the dhcp keyword to enable the DHCP client and obtain an IP address from a network DHCP server Use none to release the address obtained from the DHCP server Use ip_address and subnet_mask to assign a static IP address If you configure a static address you can use the secondary keyword to specify that the address is a secondary IP add...

Page 1034: ... packets received on the interface ip redirects Allow the switch to send ICMP Redirect messages in response to packets received on the interface exit Exit to Global Config mode ip default gateway ip_address Configure the default gateway All switch interfaces use the same default gateway exit Exit to Privileged EXEC mode show dhcp lease interface interface View information about the DHCP leases acq...

Page 1035: ... loopback id Create the loopback interface and enter Interface Configuration mode for the specified loopback interface ip address ip_address subnet_mask secondary Configure a static IP address and subnet mask Use the secondary keyword to specify that the address is a secondary IP address CTRL Z Exit to Privileged EXEC mode show ip interface loopback loopback id View interface configuration informa...

Page 1036: ...tunnel tunnel mode ipv6ip 6to4 Specify the mode of the tunnel If you use the 6to4 keyword the tunnel is an automatic tunnel If you omit the keyword the tunnel is a point to point configured tunnel ipv6 enable Enable IPv6 on this interface using the Link Local address tunnel source ipv4addr vlan vlan id Specify the source transport address of the tunnel either which can be an IPv4 address or a VLAN...

Page 1037: ...er information DHCP Snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP server It filters harmful DHCP messages and builds a bindings database of MAC address IP address VLAN ID port tuples that are specified as authorized DHCP snooping can be enabled globally and on specific VLANs For information about DHCP Snooping see Snooping and Inspecting Traffic on page ...

Page 1038: ...as an address pool After a client leases an IP address from the DHCP server the server adds an entry to its database The entry is called a binding What are DHCP Options DHCP options are collections of data with type codes that indicate how the options should be used Options can specify information that is required for the DHCP protocol IP stack configuration parameters for the client information a...

Page 1039: ...eceived The Remote ID is configurable by the administrator on a per switch basis Consider a network with multiple DHCP servers where the administrator wishes to serve addresses from a specific server based on the switch and port to which the user station is connected User traffic is served on VLAN 10 or 20 The administrator globally enables DHCP relay and configures DHCP relay on the end user port...

Page 1040: ...ow this web link http blogs technet com b teamdhcp archive 2009 07 06 dhcp server callout api usage aspx For Linux based systems which natively support option 82 a configuration to serve two private pools Pool1 and Pool2 and one public pool of DHCP addresses based upon the remote id and circuit id might look like the following dhcpd conf file class Pool1 match option agent remote id match option a...

Page 1041: ...k 255 255 255 224 pool allow members of Pool2 range 10 2 109 226 10 2 109 254 option routers 10 2 109 225 option subnet mask 255 255 255 224 option domain name servers 10 1 218 3 10 1 219 3 default lease time 21600 max lease time 43200 What Additional DHCP Features Does the Switch Support The switch software includes a DHCP client that can request network information from a DHCP server on the netw...

Page 1042: ...d VLANs For information about Layer 2 and Layer 3 DHCP Relay see Configuring L2 and L3 Relay Features on page 1087 Default DHCP Server Values By default the DHCP server is disabled and no address pools are configured You must create at least one address pool and enable the DHCP server to allow the switch to dynamically assign network information to hosts with DHCP clients that broadcast requests T...

Page 1043: ... N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page DHCP Server Network Properties Use the Network Properties page to define global DHCP server settings and to configure addresses that are not included in any address pools To display the Network Properties page click Routing IP DHCP Server Network Properties in the navigation panel Figure 32 2...

Page 1044: ...m field is the only address to exclude or if the excluded addresses are non contiguous leave the To field as the default value of 0 0 0 0 Otherwise enter the last IP address to excluded from a contiguous range of IP addresses In Figure 32 3 the From field contains the IP address 192 168 2 1 and the To field contains the IP address 192 168 2 5 This means that the following IP addresses are not avai...

Page 1045: ...Delete Excluded Addresses page 3 Select the check box next to the address or address range to delete Figure 32 4 Delete Excluded Addresses 4 Click Apply Address Pool Use the Address Pool page to create the pools of IP addresses and other network information that can be assigned by the server To display the Address Pool page click Routing IP DHCP Server Address Pool in the navigation panel ...

Page 1046: ...Add Network Pool to display the Add Network Pool page 3 Assign a name to the pool and complete the desired fields In Figure 32 6 the network pool name is Engineering and the address pool contains all IP addresses in the 192 168 5 0 subnet which means a client that receives an address from the DHCP server might lease an address in the range of 192 168 5 1 to 192 168 5 254 ...

Page 1047: ...5 as the primary and secondary DNS servers 4 Click Apply Adding a Static Pool To create and configure a static pool of IP addresses 1 Open the Address Pool page 2 Click Add Static Pool to display the Add Static Pool page 3 Assign a name to the pool and complete the desired fields NOTE The IP address 192 168 5 1 should be added to the global list of excluded addresses so that it is not leased to a ...

Page 1048: ...ab and the name of the client in the pool is LabHost1 The client s MAC address is mapped to the IP address 192 168 11 54 the default gateway is 192 168 11 1 and the DNS servers the client will use have IP addresses of 192 168 5 100 and 192 168 2 5 Figure 32 7 Add Static Pool 4 Click Apply ...

Page 1049: ... DHCP Server Address Pool Options in the navigation panel Figure 32 8 Address Pool Options Defining DHCP Options To configure DHCP options 1 Open the Address Pool page 2 Select the Add Options check box 3 Select the check box that corresponds to the value type ASCII Hexadecimal or IP address 4 Specify the value s in the corresponding field Figure 32 9 shows an example of adding the SMTP server IP ...

Page 1050: ...1050 Configuring DHCP Server and Relay Settings Figure 32 9 Add DHCP Option 5 Click Apply 6 To verify that the option has been added to the address pool open the Address Pool Options page ...

Page 1051: ...ss Pool Options DHCP Bindings Use the DHCP Bindings page to view information about the clients that have leased IP addresses from the DHCP server To display the DHCP Bindings page click Routing IP DHCP Server DHCP Bindings in the navigation panel Figure 32 11 DHCP Bindings ...

Page 1052: ... display the Reset Configuration page click Routing IP DHCP Server Reset Configuration in the navigation panel Figure 32 12 Reset DHCP Bindings DHCP Server Conflicts Information Use the Conflicts Information page to view information about clients that have leased an IP address that is already in use on the network To display the Conflicts Information page click Routing IP DHCP Server Conflicts Inf...

Page 1053: ...e Server Statistics page to view general DHCP server statistics messages received from DHCP clients and messages sent to DHCP clients To display the Server Statistics page click Routing IP DHCP Server Server Statistics in the navigation panel Figure 32 14 DHCP Server Statistics ...

Page 1054: ...Enter Global Configuration mode service dhcp Enable the DHCP server ip dhcp ping packets Specify the number in a range from 2 10 of packets a DHCP server sends to a pool address as part of a ping operation ip dhcp conflict logging Enable conflict logging on DHCP server ip dhcp bootp automatic Enable the allocation of the addresses to the BootP client ip dhcp excluded address lowaddress highaddress...

Page 1055: ...ation infinite Specify the duration of the lease for an IP address that is assigned from a DHCP server to a DHCP client duration Days the lease is valid You can optionally specify the hours and minutes after specifying the days infinite 60 day lease default router address1 address2 address8 Specify the list of default gateway IP addresses to be assigned to the DHCP client dns server address1 addre...

Page 1056: ...dotted hexadecimal format type Indicates the protocol of the hardware platform It is 1 for Ethernet and 6 for IEEE 802 client identifier uniqueidentifier Specify the unique identifier for a DHCP client The unique identifier is a valid notation in hexadecimal format In some systems such as Microsoft DHCP clients the client identifier is required instead of hardware addresses The unique identifier i...

Page 1057: ...xit to Privileged EXEC mode show ip dhcp pool configuration name all View the settings for the specified address pool or for all configured address pools Command Purpose show ip dhcp binding address View the current binding information in the DHCP server database Specify the IP address to view a specific binding clear ip dhcp binding address Delete an automatic address binding from the DHCP server...

Page 1058: ...le the DHCP service and create an address pool named Engineering and then enter into DHCP pool configuration mode for the pool console configure console config service dhcp console config ip dhcp pool Engineering 2 Specify the IP addresses that are available in the pool console config dhcp pool network 192 168 5 0 255 255 255 0 3 Specify the IP address to use as the default gateway console config ...

Page 1059: ...xit 8 View DHCP server settings console show ip dhcp global configuration Service DHCP Enable Number of Ping Packets 2 Excluded Address 192 168 2 1 to 192 168 2 20 1 2 2 2 to 1 5 5 5 192 168 5 1 to 192 168 5 20 192 168 5 100 to 192 168 5 100 Conflict Logging Enable Bootp Automatic Disable 9 View information about all configured address pools console show ip dhcp pool configuration all Pool Enginee...

Page 1060: ...hcp console config ip dhcp pool Tyler PC 2 Specify the IP addresses that are available in the pool console config dhcp pool hardware address 00 1C 23 55 E9 F3 3 Specify the IP address and subnet mask to assign to the client console config dhcp pool host 192 168 2 10 255 255 255 0 4 Specify the IP address to use as the default gateway console config dhcp pool default router 192 168 2 1 5 Specify th...

Page 1061: ...le show ip dhcp pool configuration Tyler PC Pool Tyler PC Pool Type Static Client Name TylerPC Hardware Address 00 1c 23 55 e9 f3 Hardware Address Type ethernet Host 192 168 2 10 255 255 255 0 Lease Time 1 days 0 hrs 0 mins DNS Servers 192 168 2 101 Default Routers 192 168 2 1 Domain Name executive dell com Option 69 ip 192 168 1 33 ...

Page 1062: ...1062 Configuring DHCP Server and Relay Settings ...

Page 1063: ...ort static and dynamic routing Table 33 1 describes some of the general routing features that you can configure on the switch Table 33 1 IP Routing Features Feature Description ICMP message control You can configure the type of ICMP messages that the switch responds to as well as the rate limit and burst size Default gateway The switch supports a single default gateway A manually configured defaul...

Page 1064: ...nd a packet if the routing table does not contain a longer matching prefix for the packet s destination Static A static route is a route that you manually add to the routing table Static Reject Packets that match a reject route are discarded instead of forwarded The router may send an ICMP Destination Unreachable message Route preferences The common routing table collects static local and dynamic ...

Page 1065: ...ects Enabled ICMP Rate Limit Interval 1000 milliseconds ICMP Rate Limit Burst Size 100 Maximum Next Hops 4 Global Default Gateway None Dynamic ARP Entry Age Time 1200 seconds Automatic Renewal of Dynamic ARP Entries Disabled ARP Response Timeout 1 second ARP Retries 4 Maximum Static ARP Entries 128 IRDP Advertise Mode Disabled IRDP Advertise Address 224 0 0 1 IRDP Maximum Advertise Interval 600 se...

Page 1066: ...ally learned ARP entry times out and updates the ARP table if a response is received Host or VM movement within the same VLAN L2 topology change does not trigger an ARP refresh Only if the ARP entry is timed out or the port associated with the ARP entry goes down does the ARP entry get refreshed If the traffic to a host is bidirectional it will result in the host ARP entry pointing to the new port...

Page 1067: ...000 and N4000 series switches For details about the fields on a page click at the top of the page IP Configuration Use the Configuration page to configure routing parameters for the switch as opposed to an interface The IP configuration settings allow you to enable or disable the generation of various types of ICMP messages To display the page click Routing IP Configuration in the navigation panel...

Page 1068: ...figuring IP Routing IP Statistics The IP statistics reported on the Statistics page are as specified in RFC 1213 To display the page click Routing IP Statistics in the navigation panel Figure 33 2 IP Statistics ...

Page 1069: ...ing IP Routing 1069 ARP Create Use the Create page to add a static ARP entry to the Address Resolution Protocol table To display the page click Routing ARP Create in the navigation panel Figure 33 3 ARP Create ...

Page 1070: ...ation page to change the configuration parameters for the Address Resolution Protocol Table You can also use this screen to display the contents of the table To display the page click Routing ARP Table Configuration in the navigation panel Figure 33 4 ARP Table Configuration ...

Page 1071: ...ter Discovery Configuration Use the Configuration page to enter or change router discovery parameters To display the page click Routing Router Discovery Configuration in the navigation panel Figure 33 5 Router Discovery Configuration ...

Page 1072: ...Routing Router Discovery Status Use the Status page to display router discovery data for each interface To display the page click Routing Router Discovery Status in the navigation panel Figure 33 6 Router Discovery Status ...

Page 1073: ...iguring IP Routing 1073 Route Table Use the Route Table page to display the contents of the routing table To display the page click Routing Router Route Table in the navigation panel Figure 33 7 Route Table ...

Page 1074: ... Routing Best Routes Table Use the Best Routes Table page to display the best routes from the routing table To display the page click Routing Router Best Routes Table in the navigation panel Figure 33 8 Best Routes Table ...

Page 1075: ... to add new and configure router routes To display the page click Routing Router Route Entry Configuration in the navigation panel Figure 33 9 Route Entry Configuration Adding a Route and Configuring Route Preference To configure routing table entries 1 Open the Route Entry Configuration page ...

Page 1076: ...c Reject route The fields to configure are different for each route type Default Enter the default gateway address in the Next Hop IP Address field Static Enter values for Network Address Subnet Mask Next Hop IP Address and Preference Static Reject Enter values for Network Address Subnet Mask and Preference 3 Click Apply The new route is added to the routing table ...

Page 1077: ...k Routing Router Configured Routes in the navigation panel Figure 33 11 Configured Routes To remove a configured route select the check box in the Remove column of the route to delete and click Apply NOTE For a static reject route the next hop interface value is Null0 Packets to the network address specified in static reject routes are intentionally dropped ...

Page 1078: ...ic routes These values are arbitrary values that range from 1 to 255 and are independent of route metrics Most routing protocols use a route metric to determine the shortest path known to the protocol independent of any other protocol To display the page click Routing Router Route Preferences Configuration in the navigation panel Figure 33 12 Router Route Preferences Configuration ...

Page 1079: ... Globally enable IPv4 routing on the switch ip icmp echo reply Allow the switch to generate ICMP Echo Reply messages ip icmp error interval burst interval burst size Limit the rate at which IPv4 ICMP error messages are sent burst interval How often the token bucket is initialized Range 0 2147483647 milliseconds burst size The maximum number of messages that can be sent during a burst interval Rang...

Page 1080: ... the ARP count of maximum requests for retries The range is 1 10 arp cachesize integer Configure the maximum number of entries in the ARP cache arp dynamicrenew Allow the ARP component to automatically renew dynamic ARP entries when they age out exit Exit to Privileged EXEC mode show arp brief View the user configured static ARP entries The static entries display regardless of whether they are rea...

Page 1081: ... 0 1 all hosts IP multicast address or 255 255 255 255 limited broadcast address ip irdp holdtime seconds Configure the value of the holdtime field of the router advertisement sent from this interface ip irdp maxadvertinterval seconds Configure the maximum time allowed between sending router advertisements from the interface ip irdp minadvertinterval seconds Configure the minimum time allowed betw...

Page 1082: ...eference Configure a static route Use the keyword null instead of the next hop router IP address to configure a static reject route ip address IP address of destination interface subnet mask Subnet mask of destination interface prefix length Length of prefix Must be preceded with a forward slash Range 0 32 bits nextHopRtr IP address of the next hop router null Specifies that the route is a static ...

Page 1083: ... prefixes Indicates that the ip address and subnet mask pair becomes the prefix and the command displays the routes to the addresses that match that prefix protocol Specifies the protocol that installed the routes Range connected ospf rip static show ip route configured View the configured routes whether they are reachable or not show ip route summary View summary information about the routing tab...

Page 1084: ...bnet is configured on Switch A Additionally a default route is configured on Switch A so that all traffic with an unknown destination is sent to the backbone router through port 24 which is a member of VLAN 50 A default route is configured on Dell Networking Switch B to use Switch A as the default gateway The hosts use the IP address of the VLAN routing interface as their default gateway This exam...

Page 1085: ... console config interface vlan 20 console config if vlan20 ip address 192 168 20 20 255 255 255 0 console config if vlan20 exit 4 Assign an IP address to VLAN 50 console configure console config interface vlan 50 console config if vlan50 ip address 192 168 50 50 255 255 255 0 console config if vlan50 exit 5 Configure a static route to the network that VLAN 30 is in using the IP address of the VLAN...

Page 1086: ...if vlan20 ip address 192 168 20 25 255 255 255 0 console config if vlan20 exit 3 Assign an IP address to VLAN 30 This command also enables IP routing on the VLAN console configure console config interface vlan 30 console config if vlan30 ip address 192 168 30 30 255 255 255 0 console config if vlan30 exit 4 Configure the VLAN 20 routing interface on Switch A as the default gateway so that any traf...

Page 1087: ...often impractical The relay features on the Dell Networking series switches can help enable communication between DHCP clients and DHCP servers that reside in different subnets Configuring L3 DHCP relay also enables the bootstrap protocol BOOTP relay What Is L3 DHCP Relay Network infrastructure devices can be used to relay packets between a DHCP client and server on different subnets Such a device...

Page 1088: ...re than one IP address the relay agent uses the primary IP address configured as its relay agent IP address What Is L2 DHCP Relay In Layer 2 switched networks there may be one or more infrastructure devices for example a switch between the client and the L3 Relay agent DHCP server In this instance some of the client device information required by the L3 Relay agent may not be included in the DHCP ...

Page 1089: ... on routing interfaces Each relay entry maps an ingress interface and destination UDP port number to a single IPv4 address the helper address Multiple relay entries may be configured for the same interface and UDP port in which case the relay agent relays matching packets to each server address Interface configuration takes priority over global configuration If the destination UDP port for a packe...

Page 1090: ...packets to the client that the DHCP server unicasts back to the relay agent For other protocols the relay agent only relays broadcast packets from the client to the server Packets from the server back to the client are assumed to be unicast directly to the client Because there is no relay in the return direction for protocols other than DHCP the relay agent retains the source IP address from the o...

Page 1091: ...ss must be the all ones broadcast address FF FF FF FF FF FF The destination IP address must be the limited broadcast address 255 255 255 255 or a directed broadcast address for the receive interface The IP time to live TTL must be greater than 1 The protocol field in the IP header must be UDP 17 The destination UDP port must match a configured relay entry NOTE If the packet matches a discard relay...

Page 1092: ...P data FTP Data 21 FTP FTP 37 Time Time 42 NAMESERVER Host Name Server 43 NICNAME Who is 53 DOMAIN Domain Name Server 69 TFTP Trivial File Transfer 111 SUNRPC Sun Microsystems Rpc 123 NTP Network Time 137 NetBiosNameService NT Server to Station Connections 138 NetBiosDatagramService NT Server to Station Connections 139 NetBios SessionServiceNT Server to Station Connections 161 SNMP Simple Network ...

Page 1093: ... Parameter Default Value L2 DHCP Relay Admin Mode Disabled globally and on all interfaces and VLANs Trust Mode Disabled on all interfaces Circuit ID Disabled on all VLANs Remote ID None configured L3 DHCP Relay UDP Relay Mode IP Helper Enabled Hop Count 4 Minimum Wait Time 0 seconds Circuit ID Option Mode Disabled Circuit ID Check Mode Enabled Information Option Insert Disabled on all VLAN interfa...

Page 1094: ... page to enable or disable the switch to act as a DHCP Relay agent This functionality must also be enabled on each port you want this service to operate on see DHCP Relay Interface Configuration on page 1095 The switch can also be configured to relay requests only when the VLAN of the requesting client corresponds to a service provider s VLAN ID that has been enabled with the L2 DHCP relay functio...

Page 1095: ... on individual ports To access this page click Switching DHCP Relay Interface Configuration in the navigation panel Figure 34 2 DHCP Relay Interface Configuration To view a summary of the L2 DHCP relay configuration on all ports and LAGS click Show All NOTE L2 DHCP relay must also be enabled globally on the switch ...

Page 1096: ...1096 Configuring L2 and L3 Relay Features Figure 34 3 DHCP Relay Interface Summary ...

Page 1097: ...Relay Interface Statistics Use this page to display statistics on DHCP Relay requests received on a selected port To access this page click Switching DHCP Relay Interface Statistics in the navigation panel Figure 34 4 DHCP Relay Interface Statistics ...

Page 1098: ...cess this page click Switching DHCP Relay VLAN Configuration in the navigation panel Figure 34 5 DHCP Relay VLAN Configuration To view a summary of the L2 DHCP relay configuration on all VLANs click Show All Figure 34 6 DHCP Relay VLAN Summary DHCP Relay Agent Configuration Use the Configuration page to configure and display a DHCP relay agent ...

Page 1099: ...Configuring L2 and L3 Relay Features 1099 To display the page click Routing BOOTP DHCP Relay Agent Configuration in the navigation panel Figure 34 7 DHCP Relay Agent Configuration ...

Page 1100: ... UDP Relay and Helper IP configuration To display the page click Routing IP Helper Global Configuration in the navigation panel Figure 34 8 IP Helper Global Configuration Adding an IP Helper Entry To configure an IP helper entry 1 Open the IP Helper Global Configuration page 2 Click Add to display the Add Helper IP Address page ...

Page 1101: ... 4 Enter the IP address of the server to which the packets with the given UDP Destination Port will be relayed 5 Click Apply The UDP Helper Relay is added and the device is updated NOTE If the DefaultSet option is specified the device by default forwards UDP Broadcast packets for the following services IEN 116 Name Service port 42 DNS port 53 NetBIOS Name Server port 137 NetBIOS Datagram Server po...

Page 1102: ...nfiguration for a specific interface To display the page click Routing IP Helper Interface Configuration in the navigation panel Figure 34 10 IP Helper Interface Configuration Adding an IP Helper Entry to an Interface To add an IP helper entry to an interface 1 Open the IP Helper Interface Configuration page 2 Click Add to display the Add IP Helper Address page ...

Page 1103: ... packets arriving on the given interface with the given destination UDP port 6 Enter the IP address of the server to which the packets with the given UDP Destination Port will be relayed 7 Click Apply The UDP Helper Relay is added to the interface and the device is updated NOTE If the DefaultSet option is specified the device by default forwards UDP Broadcast packets for the following services IEN...

Page 1104: ...nd L3 Relay Features IP Helper Statistics Use the Statistics page to view UDP Relay Statistics for the switch To display the page click Routing IP Helper Statistics in the navigation panel Figure 34 12 IP Helper Statistics ...

Page 1105: ...cified port or LAG The interface variable includes the interface type and number for example tengigabitethernet 1 0 3 For a LAG the interface type is port channel You can also specify a range of ports with the interface range command for example interface range tengigabitethernet 1 0 8 12 configures interfaces 8 9 10 11 and 12 dhcp l2relay Enable L2 DHCP relay on the port s or LAG s dhcp l2relay t...

Page 1106: ...nterfaces or for the specified interface show dhcp l2relay vlan vlan range View L2 DHCP relay settings for the specified VLAN show dhcp l2relay stats interface all interface View the number of DHCP packets processed and relayed by the L2 relay agent To reset the statistics to 0 use the clear dhcp l2relay statistics interface all interface command show dhcp l2relay agent option vlan vlan id View th...

Page 1107: ...f certain UDP broadcast packets received on any interface Specify the one of the protocols defined in the command or the UDP port number server address The IPv4 unicast or directed broadcast address to which relayed UDP broadcast packets are sent The server address cannot be an IP address configured on any interface of the local router dest udp port A destination UDP port number from 0 to 65535 in...

Page 1108: ...ber server address The IPv4 unicast or directed broadcast address to which relayed UDP broadcast packets are sent The server address cannot be an IP address configured on any interface of the local router dest udp port A destination UDP port number from 0 to 65535 exit Exit to Global Config mode exit Exit to Privileged EXEC mode show ip helper address vlan vlan id View IP helper L3 relay settings ...

Page 1109: ... assumes that multiple VLAN routing interfaces have been created and configured with IP addresses To configure the switch 1 Relay DHCP packets received on VLAN 10 to 192 168 40 35 console config console config interface vlan 10 console config if vlan10 ip helper address 192 168 40 35 dhcp VLAN 30 DHCP Server 192 168 40 35 DHCP Clients VLAN 10 L3 Switch VLAN 20 No DHCP DHCP Server 192 168 40 22 SNM...

Page 1110: ...ip helper address discard dhcp console config if vlan20 exit 5 DHCP packets received from clients in any VLAN other than VLAN 10 and VLAN 20 are relayed to 192 168 40 22 console config ip helper address 192 168 40 22 dhcp 6 Verify the configuration console show ip helper address IP helper is enabled NOTE The following command is issued in Global Configuration mode so it applies to all interfaces e...

Page 1111: ... separately within the software but their functionality is largely similar for IPv4 and IPv6 networks The topics covered in this chapter include OSPF Overview OSPF Feature Details Default OSPF Values Configuring OSPF Features Web Configuring OSPFv3 Features Web Configuring OSPF Features CLI Configuring OSPFv3 Features CLI OSPF Configuration Examples NOTE In this chapter references to OSPF apply to...

Page 1112: ...are not used as actual IP addresses For simplicity the area can be configured and referred to in normal integer notation For example Area 20 is identified as 0 0 0 20 and Area 256 as 0 0 1 0 The area identified as 0 0 0 0 is referred to as Area 0 and is considered the OSPF backbone All other OSPF areas in the network must connect to Area 0 directly or through a virtual link The backbone area is re...

Page 1113: ...rom other protocols and originate external LSAs How Are Routes Selected OSPF determines the best route using the route metric and the type of the OSPF route The following order is used for choosing a route if more than one type of route exists 1 Intra area the destination prefix is in the same area as the router computing the route 2 Inter area the destination is not in the same area as the router...

Page 1114: ...trics in this way Stub router mode is global and applies to router LSAs for all areas Other routers prefer alternate paths that avoid the stub router however if no alternate path is available another router may compute a transit route through a stub router Because the stub router does not adjust the metric for stub links in its router LSA routes to destinations on these networks are unaffected Thu...

Page 1115: ...underlying path has cost greater than hexadecimal 0xffff the maximum size of an interface cost in a router LSA should be considered non operational To configure a router for stub router mode use the max metric router lsa command in Global Router Configuration mode The following example sets the router to start in stub router mode on a restart and remain in stub router mode for 5 minutes ABR R0 con...

Page 1116: ...on it is common to give the network administrator the option of configuring the cost for an area range When a static cost is configured the cost advertised in the type 3 LSA does not depend on the cost of the component networks Thus topology changes within an area do not propagate outside the area resulting in greater stability within the OSPF domain Dell Networking switches also use area ranges t...

Page 1117: ...or eliminate the packet drops caused by bursts in OSPF control packets The changes are as follows Introduce LSA transmit pacing limiting the rate of LS Update packets that OSPF can send Introduce LSA refresh groups so that OSPF efficiently bundles LSAs into LS Update packets when periodically refreshing self originated LSAs To configure LSA transmit pacing use the timers pacing flood command in ro...

Page 1118: ...r and link failures This feature enables a network administrator to disable LSA flooding on an interface Flood blocking only affects flooding of LSAs with area or AS i e domain wide scope Such LSAs are expected to be flooded to neighbors on other unblocked interfaces and eventually reach neighbors on blocked interfaces An LSA with interface flooding scope cannot be blocked there is no other way fo...

Page 1119: ...lowed on virtual interfaces it is less likely to be used on a virtual interface since virtual interfaces are created specifically to allow flooding between two backbone routers So the option of flood blocking on virtual interfaces is not supported See Configuring Flood Blocking on page 1195 for a configuration example ...

Page 1120: ...obal Defaults Parameter Default Value Router ID None Admin Mode Enabled RFC 1583 Compatibility Enabled OSPFv2 only ABR Status Enabled Opaque LSA Status Enabled OSPFv2 only Exit Overflow Interval Not configured SPF Delay Time 5 OSPFv2 only SPF Hold Time 10 OSPFv2 only External LSDB Limit None Default Metric Not configured Maximum Paths 4 AutoCost Reference Bandwidth 100 Mbps Default Passive Setting...

Page 1121: ...lt Value Admin Mode Disabled Advertise Secondaries Enabled OSPFv2 only Router Priority 1 Retransmit Interval 5 seconds Hello Interval 10 seconds Dead Interval 40 seconds LSA Ack Interval 1 second Interface Delay Interval 1 second MTU Ignore Disabled Passive Mode Disabled Network Type Broadcast Authentication Type None OSPFv2 only Metric Cost Not configured ...

Page 1122: ...toring OSPF features on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page OSPF Configuration Use the Configuration page to enable OSPF on a router and to configure the related OSPF settings To display the page click Routing OSPF Configuration in the navigation panel Figure 35 1 OSPF Configuration ...

Page 1123: ...ting OSPF Interface Configuration At least one router must have OSPF enabled for this web page to display To display the page click Routing OSPF Area Configuration in the navigation panel If a Stub Area has been created the fields in the Stub Area Information are available If a NSSA has been created the fields in the NSSA Area Information are available Figure 35 2 OSPF Area Configuration ...

Page 1124: ...ub Area To configure the area as an OSPF stub area click Create Stub Area The pages refreshes and displays additional fields that are specific to the stub area Figure 35 3 OSPF Stub Area Configuration Use the Delete Stub Area button to remove the stub area ...

Page 1125: ... So Stubby Area To configure the area as an OSPF not so stubby area NSSA click NSSA Create The pages refreshes and displays additional fields that are specific to the NSSA Figure 35 4 OSPF NSSA Configuration Use the NSSA Delete button to remove the NSSA area ...

Page 1126: ...ng OSPF and OSPFv3 OSPF Stub Area Summary The Stub Area Summary page displays OSPF stub area detail To display the page click Routing OSPF Stub Area Summary in the navigation panel Figure 35 5 OSPF Stub Area Summary ...

Page 1127: ...ange Configuration Use the Area Range Configuration page to configure and display an area range for a specified NSSA To display the page click Routing OSPF Area Range Configuration in the navigation panel Figure 35 6 OSPF Area Range Configuration ...

Page 1128: ...s Use the Interface Statistics page to display statistics for the selected interface The information is displayed only if OSPF is enabled To display the page click Routing OSPF Interface Statistics in the navigation panel Figure 35 7 OSPF Interface Statistics ...

Page 1129: ...1129 OSPF Interface Configuration Use the Interface Configuration page to configure an OSPF interface To display the page click Routing OSPF Interface Configuration in the navigation panel Figure 35 8 OSPF Interface Configuration ...

Page 1130: ...ay the OSPF neighbor table list When a particular neighbor ID is specified detailed information about a neighbor is given The information below is only displayed if OSPF is enabled To display the page click Routing OSPF Neighbor Table in the navigation panel Figure 35 9 OSPF Neighbor Table ...

Page 1131: ...or ID When a particular neighbor ID is specified detailed information about a neighbor is given The information below is only displayed if OSPF is enabled and the interface has a neighbor The IP address is the IP address of the neighbor To display the page click Routing OSPF Neighbor Configuration in the navigation panel Figure 35 10 OSPF Neighbor Configuration ...

Page 1132: ...ng OSPF Link State Database in the navigation panel Figure 35 11 OSPF Link State Database OSPF Virtual Link Configuration Use the Virtual Link Configuration page to create or configure virtual interface information for a specific area and neighbor A valid OSPF area must be configured before this page can be displayed To display the page click Routing OSPF Virtual Link Configuration in the navigati...

Page 1133: ...Configuring OSPF and OSPFv3 1133 Figure 35 12 OSPF Virtual Link Creation After you create a virtual link additional fields display as the Figure 35 13 shows Figure 35 13 OSPF Virtual Link Configuration ...

Page 1134: ...v3 OSPF Virtual Link Summary Use the Virtual Link Summary page to display all of the configured virtual links To display the page click Routing OSPF Virtual Link Summary in the navigation panel Figure 35 14 OSPF Virtual Link Summary ...

Page 1135: ...configure redistribution in OSPF for routes learned through various protocols You can choose to redistribute routes learned from all available protocols or from selected ones To display the page click Routing OSPF Route Redistribution Configuration in the navigation panel Figure 35 15 OSPF Route Redistribution Configuration ...

Page 1136: ...tribution Summary Use the Route Redistribution Summary page to display OSPF Route Redistribution configurations To display the page click Routing OSPF Route Redistribution Summary in the navigation panel Figure 35 16 OSPF Route Redistribution Summary ...

Page 1137: ...mation for the OSPF feature NSF is a feature used in switch stacks to maintain switching and routing functions in the event of a stack unit failure For information about NSF see What is Nonstop Forwarding on page 178 in the Managing a Switch Stack chapter To display the page click Routing OSPF NSF OSPF Configuration in the navigation panel Figure 35 17 NSF OSPF Configuration ...

Page 1138: ...g and monitoring OSPFv3 features on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page OSPFv3 Configuration Use the Configuration page to activate and configure OSPFv3 for a switch To display the page click IPv6 OSPFv3 Configuration in the navigation panel Figure 35 18 OSPFv3 Configuration ...

Page 1139: ...Fv3 1139 OSPFv3 Area Configuration Use the Area Configuration page to create and configure an OSPFv3 area To display the page click IPv6 OSPFv3 Area Configuration in the navigation panel Figure 35 19 OSPFv3 Area Configuration ...

Page 1140: ...b Area To configure the area as an OSPFv3 stub area click Create Stub Area The pages refreshes and displays additional fields that are specific to the stub area Figure 35 20 OSPFv3 Stub Area Configuration Use the Delete Stub Area button to remove the stub area ...

Page 1141: ...o Stubby Area To configure the area as an OSPFv3 not so stubby area NSSA click Create NSSA The pages refreshes and displays additional fields that are specific to the NSSA Figure 35 21 OSPFv3 NSSA Configuration Use the Delete NSSA button to remove the NSSA area ...

Page 1142: ...F and OSPFv3 OSPFv3 Stub Area Summary Use the Stub Area Summary page to display OSPFv3 stub area detail To display the page click IPv6 OSPFv3 Stub Area Summary in the navigation panel Figure 35 22 OSPFv3 Stub Area Summary ...

Page 1143: ... OSPFv3 Area Range Configuration Use the Area Range Configuration page to configure OSPFv3 area ranges To display the page click IPv6 OSPFv3 Area Range Configuration in the navigation panel Figure 35 23 OSPFv3 Area Range Configuration ...

Page 1144: ...PFv3 Interface Configuration Use the Interface Configuration page to create and configure OSPFv3 interfaces To display the page click IPv6 OSPFv3 Interface Configuration in the navigation panel Figure 35 24 OSPFv3 Interface Configuration ...

Page 1145: ...atistics Use the Interface Statistics page to display OSPFv3 interface statistics Information is only displayed if OSPF is enabled To display the page click IPv6 OSPFv3 Interface Statistics in the navigation panel Figure 35 25 OSPFv3 Interface Statistics ...

Page 1146: ...bor ID When a particular neighbor ID is specified detailed information about that neighbor is given Neighbor information only displays if OSPF is enabled and the interface has a neighbor The IP address is the IP address of the neighbor To display the page click IPv6 OSPFv3 Neighbors in the navigation panel Figure 35 26 OSPFv3 Neighbors ...

Page 1147: ...play the OSPF neighbor table list When a particular neighbor ID is specified detailed information about a neighbor is given The neighbor table is only displayed if OSPF is enabled To display the page click IPv6 OSPFv3 Neighbor Table in the navigation panel Figure 35 27 OSPFv3 Neighbor Table ...

Page 1148: ... the link state and external LSA databases The OSPFv3 Link State Database page has been updated to display external LSDB table information in addition to OSPFv3 link state information To display the page click IPv6 OSPFv3 Link State Database in the navigation panel Figure 35 28 OSPFv3 Link State Database ...

Page 1149: ...tion page to define a new or configure an existing virtual link To display this page a valid OSPFv3 area must be defined through the OSPFv3 Area Configuration page To display the page click IPv6 OSPFv3 Virtual Link Configuration in the navigation panel Figure 35 29 OSPFv3 Virtual Link Configuration ...

Page 1150: ...1150 Configuring OSPF and OSPFv3 After you create a virtual link additional fields display as the Figure 35 30 shows Figure 35 30 OSPFv3 Virtual Link Configuration ...

Page 1151: ...Virtual Link Summary Use the Virtual Link Summary page to display virtual link data by Area ID and Neighbor Router ID To display the page click IPv6 OSPFv3 Virtual Link Summary in the navigation panel Figure 35 31 OSPFv3 Virtual Link Summary ...

Page 1152: ...ibution Configuration Use the Route Redistribution Configuration page to configure route redistribution To display the page click IPv6 OSPFv3 Route Redistribution Configuration in the navigation panel Figure 35 32 OSPFv3 Route Redistribution Configuration ...

Page 1153: ...stribution Summary Use the Route Redistribution Summary page to display route redistribution settings by source To display the page click IPv6 OSPFv3 Route Redistribution Summary in the navigation panel Figure 35 33 OSPFv3 Route Redistribution Summary ...

Page 1154: ...tion for the OSPFv3 feature NSF is a feature used in switch stacks to maintain switching and routing functions in the event of a stack unit failure For information about NSF see What is Nonstop Forwarding on page 178 in the Managing a Switch Stack chapter To display the page click Routing OSPFv3 NSF OSPFv3 Configuration in the navigation panel Figure 35 34 NSF OSPFv3 Configuration ...

Page 1155: ...ose configure Enter global configuration mode router ospf Enter OSPF configuration mode router id ip address Set the 4 digit dotted decimal number that uniquely identifies the router auto cost reference bandwidth ref_bw Set the reference bandwidth used in the formula to compute link cost for an interface link cost ref_bw interface bandwidth The ref_bw variable is the reference bandwidth in Mbps Ra...

Page 1156: ...ospf external inter area intra area distance Set the preference values of OSPF route types in the router The range for the distance variable is 1 255 Lower route preference values are preferred when determining the best route enable Enable OSPF exit overflow interval seconds Specify the exit overflow interval for OSPF as defined in RFC 1765 The interval is the number of seconds after entering over...

Page 1157: ... SPF delay and hold time delay time SPF delay time Range 0 65535 seconds hold time SPF hold time Range 0 65535 seconds exit Exit to Global Configuration mode exit Exit to Privileged EXEC mode show ip ospf View OSPF global configuration and status show ip ospf statistics View OSPF routing table calculation statistics clear ip ospf configuration redistribution counters neighbor interface vlan vlan i...

Page 1158: ...Set the OSPF priority for the interface The number value variable specifies the priority of an interface Range 0 to 255 The default priority is 1 which is the highest router priority A value of 0 indicates that the router is not eligible to become the designated router on this network ip ospf retransmit interval seconds Set the OSPF retransmit interval for the interface The seconds variable is the...

Page 1159: ... interface to broadcast or point to point OSPF selects a designated router and originates network LSAs only for broadcast networks No more than two OSPF routers may be present on a point to point link ip ospf authentication none simple key encrypt key key id Set the OSPF Authentication Type and Key for the specified interface encrypt MD5 encrypted authentication key key Authentication key for the ...

Page 1160: ...rface a member of the specified area ip address Base IPv4 address of the network area wildcard mask The network mask indicating the subnet area id The ID of the area Range IP address or decimal from 0 4294967295 exit Exit to Global Config mode exit Exit to Privileged EXEC mode show ip ospf interface vlan vlan id View summary information for all OSPF interfaces configured on the switch or for the s...

Page 1161: ...rea area id nssa translator stab intv integer Configure the translator stability interval of the NSSA The integer variable is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router Range 0 3600 area area id nssa default information originate metric metric value metric type metric type value Con...

Page 1162: ...nk If the area has not been previously created it is created by this command If the area already exists the virtual link information is added or modified authentication Specifies authentication type message digest Specifies that message digest authentication is used null No authentication is used Overrides password or message digest authentication if configured for the area md5 Use MD5 Encryption ...

Page 1163: ...econds variable indicates the number of seconds to wait before the virtual interface is assumed to be dead Range 1 65535 area area id virtual link neighbor id transmit delay seconds Set the OSPF Transit Delay for the interface The seconds variable is the number of seconds to increment the age of the LSA before sending based on the estimated time it takes to transmit from the interface Range 0 3600...

Page 1164: ...advertise Configure a summary prefix for routes learned in a given area area id Identifies the OSPF NSSA to configure Range IP address or decimal from 0 4294967295 ip address IP address subnet mask Subnet mask associated with IP address summarylink Specifies a summary link LSDB type nssaexternallink Specifies an NSSA external link LSDB type advertise Advertisement of the area range not advertise S...

Page 1165: ...p static connected metric integer metric type 1 2 tag integer subnets Configure OSPF to allow redistribution of routes from the specified source protocol routers rip Specifies RIP as the source protocol static Specifies that the source is a static route connected Specifies that the source is a directly connected route metric Specifies the metric to use when redistributing the route Range 0 1677721...

Page 1166: ...d is the number of seconds that the restarting router asks its neighbors to wait before exiting helper mode The restarting router includes the restart interval in its grace LSAs range 1 1800 seconds nsf helper planned only Allow OSPF to act as a helpful neighbor for a restarting router Include the planned only keyword to indicate that OSPF should only help a restarting router performing a planned ...

Page 1167: ...fies the router auto cost reference bandwidth ref_bw Set the reference bandwidth used in the formula to compute link cost for an interface link cost ref_bw interface bandwidth The ref_bw variable is the reference bandwidth in Mbps Range 1 4294967 default information originate always metric metric value metric type type value Control the advertisement of default routes always Normally OSPFv3 origin...

Page 1168: ... then there is no limit The limit variable is the maximum number of non default AS external LSAs allowed in the router s link state database Range 1 to 2147483647 maximum paths maxpaths Set the number of paths that OSPFv3 can report for a given destination Range 1 4 passive interface default Configure OSPFv3 interfaces as passive by default This command overrides any interface level passive mode s...

Page 1169: ...pecifies the priority of an interface Range 0 to 255 The default priority is 1 which is the highest router priority A value of 0 indicates that the router is not eligible to become the designated router on this network ipv6 ospf retransmit interval seconds Set the OSPFv3 retransmit interval for the interface The seconds variable is the number of seconds between link state advertisements for adjace...

Page 1170: ...OSPFv3 network type on the interface to broadcast or point to point OSPFv3 selects a designated router and originates network LSAs only for broadcast networks No more than two OSPFv3 routers may be present on a point to point link ipv6 ospf cost interface cost Set the metric cost of the interface The interface cost variable specifies the cost link state metric of the OSPFv3 interface Range 1 65535...

Page 1171: ...ng interface show ipv6 ospf interface stats interface type interface number View per interface OSPFv3 statistics Command Purpose configure Enter global configuration mode ipv6 router ospf Enter OSPFv3 configuration mode area area id stub Create a stub area for the specified area ID area area id stub no summary Prevent Summary LSAs from being advertised into the stub area area area id default cost ...

Page 1172: ... LSAs are not advertised into the NSSA role The translator role where role is one of the following always The router assumes the role of the translator when it becomes a border router candidate The router to participate in the translator election process when it attains border router status interval The period of time that an elected translator continues to perform its duties after it determines t...

Page 1173: ...d virtual link neighbor id hello interval seconds Set the OSPFv3 hello interval for the virtual link The seconds variable indicates the number of seconds to wait before sending Hello packets from the virtual interface Range 1 65535 area area id virtual link neighbor id dead interval seconds Set the OSPFv3 dead interval for the virtual link The seconds variable indicates the number of seconds to wa...

Page 1174: ...gure a summary prefix for routes learned in a given area area id Identifies the OSPFv3 NSSA to configure Range IP address or decimal from 0 4294967295 ipv6 prefix prefix length IPv6 address and prefix length summarylink Specifies a summary link LSDB type nssaexternallink Specifies an NSSA external link LSDB type advertise Advertisement of the area range not advertise Suppresses advertisement of th...

Page 1175: ...es from the specified source protocol routers static Specifies that the source is a static route connected Specifies that the source is a directly connected route metric Specifies the metric to use when redistributing the route Range 0 16777214 metric type 1 Type 1 external route metric type 2 Type 2 external route tag Value attached to each external route which might be used to communicate inform...

Page 1176: ...word is the number of seconds that the restarting router asks its neighbors to wait before exiting helper mode The restarting router includes the restart interval in its grace LSAs range 1 1800 seconds nsf helper planned only Allow OSPFv3 to act as a helpful neighbor for a restarting router Include the planned only keyword to indicate that OSPFv3 should only help a restarting router performing a p...

Page 1177: ...OSPFv3 Configuring an OSPF Border Router and Setting Interface Costs This example shows how to configure the Dell Networking switch as an OSPF border router The commands in this example configure the areas and interfaces on Border Router A shown in Figure 35 35 Figure 35 35 OSPF Area Border Router Area 2 Area 3 Area 0 Backbone Area Internal Router Border Router A Border Router B VLAN 70 192 150 2 ...

Page 1178: ... 1 interface gi1 0 3 console config if Gi1 0 2 switchport access vlan 90 3 Assign IP addresses for VLANs 70 80 and 90 console config interface vlan 70 console config if vlan70 ip address 192 150 2 2 255 255 255 0 console config if vlan70 exit console config interface vlan 80 console config if vlan80 ip address 192 150 3 1 255 255 255 0 console config if vlan80 exit console config interface vlan 90...

Page 1179: ...ole config if vlan80 ip ospf area 0 0 0 2 console config if vlan80 ip ospf priority 255 console config if vlan80 ip ospf cost 64 console config if vlan80 exit console config interface vlan 90 console config if vlan90 ip ospf area 0 0 0 2 console config if vlan90 ip ospf priority 255 console config if vlan90 ip ospf cost 64 console config if vlan90 exit NOTE OSPF is globally enabled by default To m...

Page 1180: ... 1 is defined as a stub area and Area 2 is defined as an NSSA area Figure 35 36 illustrates this example OSPF configuration Figure 35 36 OSPF Configuration Stub Area and NSSA Area NOTE OSPFv2 and OSPFv3 can operate concurrently on a network and on the same interfaces although they do not interact This example configures both protocols simultaneously ...

Page 1181: ...n 12 3 Configure IP and IPv6 addresses on VLAN routing interface 6 console config if interface vlan 6 console config if vlan6 ip address 10 2 3 3 255 255 255 0 console config if vlan6 ipv6 address 3000 2 3 64 eui64 4 Associate the interface with area 0 0 0 0 and enable OSPFv3 console config if vlan6 ip ospf area 0 0 0 0 console config if vlan6 ipv6 ospf console config if vlan6 exit 5 Configure IP ...

Page 1182: ...rotocols are not injected into stub areas such as Area 1 console configure console config ipv6 unicast routing console config ipv6 route 3000 44 44 64 3000 2 3 210 18ff fe82 c14 console config ip route 10 23 67 0 255 255 255 0 10 2 3 3 2 Create VLANs 5 10 and 17 console config vlan 5 10 17 console config vlan5 10 17 interface gi1 0 1 console config if Gi1 0 1 switchport access vlan 5 console confi...

Page 1183: ...f vlan17 ip address 10 2 4 2 255 255 255 0 console config if vlan17 ipv6 address 3000 2 4 64 eui64 console config if vlan17 ipv6 ospf console config if vlan17 ipv6 ospf areaid 2 console config if vlan17 exit 4 For IPv4 Configure the router ID define an OSPF router and define Area 1 as a stub and define Area 2 as an NSSA console config router ospf console config router router id 2 2 2 2 console con...

Page 1184: ...tes when they are redistributed via OSPF console config ipv6 router ospf console config rtr router id 2 2 2 2 console config rtr area 0 0 0 1 stub console config rtr area 0 0 0 2 nssa console config rtr redistribute static metric 105 metric type 1 console config rtr exit Configuring a Virtual Link for OSPF and OSPFv3 In this example Area 0 connects directly to Area 1 A virtual link is defined that...

Page 1185: ... NSSAs The following commands define a virtual link that traverses Area 1 to Switch C 5 5 5 5 To configure Switch B 1 Configure the virtual link to Switch C for IPv4 console configure console config router ospf console config router area 0 0 0 1 virtual link 5 5 5 5 console config router exit 2 Configure the virtual link to Switch C for IPv6 console configure console config ipv6 router ospf consol...

Page 1186: ... C 1 For IPv4 assign the router ID create the virtual link to Switch B and associate the VLAN routing interfaces with the appropriate areas console config router ospf console config router area 0 0 0 1 virtual link 2 2 2 2 console config router exit 2 For IPv6 assign the router ID and create the virtual link to Switch B console config ipv6 router ospf console config rtr area 0 0 0 1 virtual link 2...

Page 1187: ...he local IPv6 network OSPFv3 is used to exchange IPv6 routes between the two devices The tunnel interface allows data to be transported between the two remote IPv6 networks over the IPv4 network Figure 35 38 IPv4 and IPv6 Interconnection Example To configure Switch A 1 Create the VLANs console config vlan 2 15 console config vlan70 80 90 interface te1 0 1 console config if Te1 0 1 switchport mode ...

Page 1188: ...lan2 ipv6 ospf console config if vlan2 ipv6 ospf network point to point console config if vlan2 exit 7 Configure the tunnel console config interface tunnel 0 console config if tunnel0 ipv6 address 2001 1 64 console config if tunnel0 tunnel mode ipv6ip console config if tunnel0 tunnel source 20 20 20 1 console config if tunnel0 tunnel destination 10 10 10 1 console config if tunnel0 ipv6 ospf conso...

Page 1189: ...v4 address and OSPF area for VLAN 15 console config interface vlan 15 console config if vlan15 ip address 10 10 10 1 255 255 255 0 console config if vlan15 ip ospf area 0 0 0 0 console config if vlan15 exit 6 Configure the IPv6 address and OSPFv3 information for VLAN 2 console config interface vlan 2 console config if vlan2 ipv6 address 2020 2 2 64 console config if vlan2 ipv6 ospf console config ...

Page 1190: ...255 0 console config if loopback0 exit console config exit Configuring the Static Area Range Cost Figure 35 39 shows a topology for the configuration that follows Figure 35 39 Static Area Range Cost Example Topology 1 Configure R0 terminal length 0 config hostname ABR R0 line console exec timeout 0 exit vlan 101 103 exit ip routing router ospf router id 10 10 10 10 R3 ABR R0 VLAN 103 Area 0 R1 R2 ...

Page 1191: ...ort mode trunk description R1 exit interface vlan 102 ip address 172 21 2 10 255 255 255 0 ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 22 description R2 switchport mode trunk exit interface vlan 103 ip address 172 20 1 10 255 255 255 0 ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 23 swi...

Page 1192: ...witchport mode trunk exit interface vlan 104 ip address 172 21 3 1 255 255 255 0 routing ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 22 switchport mode trunk exit interface loopback 0 ip address 172 21 254 1 255 255 255 255 exit exit 3 Configure R2 terminal length 0 config line console serial timeout 0 exit ip routing router ospf router id 2...

Page 1193: ...terval 4 ip ospf network point to point exit interface te1 0 22 switchport mode trunk exit interface loopback 0 ip address 172 21 254 2 255 255 255 255 exit exit 4 R3 config terminal length 0 config line console serial timeout 0 exit ip routing router ospf router id 3 3 3 3 network 172 21 0 0 0 0 255 255 area 0 timers spf 3 5 exit vlan 103 exit interface vlan 103 ip address 172 21 1 1 255 255 255 ...

Page 1194: ... LSA LS Id 172 21 0 0 network prefix Advertising Router 10 10 10 10 LS Seq Number 0x80000002 Checksum 0x8ee1 Length 28 Network Mask 255 255 0 0 Metric 2 Min The cost can be set to 0 the minimum value OSPF re advertises the summary LSA with a metric of 0 ABR R0 config router area 1 range 172 21 0 0 255 255 0 0 summarylink advertise cost 0 16777215 Set area range cost ABR R0 config router area 1 ran...

Page 1195: ...he maximum value 16 777 215 which is LSInfinity Since OSPF cannot send a type 3 summary LSA with this metric according to RFC 2328 the summary LSA is flushed The individual routes are not re advertised Configuring Flood Blocking Figure 35 40 shows an example topology for flood blocking The configuration follows Figure 35 40 Flood Blocking Topology 1 Configure R0 terminal length 0 config hostname R...

Page 1196: ...twork point to point exit interface te1 0 21 switchport mode trunk description R1 exit interface vlan 102 ip address 172 21 2 10 255 255 255 0 ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 22 description R2 switchport mode trunk exit interface vlan 103 ip address 172 20 1 10 255 255 255 0 ip ospf hello interval 1 ip ospf dead interval 4 ip osp...

Page 1197: ... hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 21 switchport mode trunk exit interface vlan 104 ip address 172 21 3 1 255 255 255 0 routing ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 22 switchport mode trunk exit interface loopback 0 ip address 172 21 254 1 255 255 255 255 exit exit 3 Configure...

Page 1198: ...terface te1 0 21 switchport mode trunk exit interface vlan 104 ip address 172 21 3 2 255 255 255 0 routing ip ospf hello interval 1 ip ospf dead interval 4 ip ospf network point to point exit interface te1 0 22 switchport mode trunk exit interface loopback 0 ip address 172 21 254 2 255 255 255 255 exit exit 4 Configure R3 terminal length 0 config line console serial timeout 0 exit ip routing route...

Page 1199: ... via R2 Even though R1 does not receive this LSA directly from R0 it still correctly computes the route through the R0 R1 show ip route console show ip route Route Codes R RIP Derived O OSPF Derived C Connected S Static B BGP Derived E Externaly Derived IA OSPF Inter Area E1 OSPF External Type 1 E2 OSPF External Type 2 N1 OSPF NSSA External Type 1 N2 OSPF NSSA External Type 2 O IA 100 0 0 0 24 110...

Page 1200: ...1200 Configuring OSPF and OSPFv3 ...

Page 1201: ...ine the best route to transmit IP traffic RIP is best suited for small homogenous networks How Does RIP Determine Route Information The routing information is propagated in RIP update packets that are sent out both periodically and in the event of a network topology change On receipt of a RIP update depending on whether the specified route exists or does not exist in the route table the router may...

Page 1202: ...IP RIP 1 defined in RFC 1058 Routes are specified by IP destination network and hop count The routing table is broadcast to all stations on the attached network RIP 2 defined in RFC 1723 Route specification is extended to include subnet mask and gateway The routing table is sent to a multicast address reducing network traffic An authentication method is used for security The Dell Networking series...

Page 1203: ...r interface default values for RIP Table 36 1 RIP Global Defaults Parameter Default Value Admin Mode Enabled Split Horizon Mode Simple Auto Summary Mode Disabled Host Routes Accept Mode Enabled Default Information Originate Disabled Default Metric None configured Route Redistribution Disabled for all sources Table 36 2 RIP Per Interface Defaults Parameter Default Value Admin Mode Disabled Send Ver...

Page 1204: ...onitoring RIP features on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page RIP Configuration Use the Configuration page to enable and configure or disable RIP in Global mode To display the page click Routing RIP Configuration in the navigation panel Figure 36 1 RIP Configuration ...

Page 1205: ...figuration Use the Interface Configuration page to enable and configure or to disable RIP on a specific interface To display the page click Routing RIP Interface Configuration in the navigation panel Figure 36 2 RIP Interface Configuration ...

Page 1206: ...P RIP Interface Summary Use the Interface Summary page to display RIP configuration status on an interface To display the page click Routing RIP Interface Summary in the navigation panel Figure 36 3 RIP Interface Summary ...

Page 1207: ... values are entered an alert message is displayed with the list of all the valid values To display the page click Routing RIP Route Redistribution Configuration in the navigation panel Figure 36 4 RIP Route Redistribution Configuration NOTE Static reject routes are not redistributed by RIP For a static reject route the next hop interface value is Null0 Packets to the network address specified in s...

Page 1208: ...ibution Summary Use the Route Redistribution Summary page to display Route Redistribution configurations To display the page click Routing RIP Route Redistribution Summary in the navigation panel Figure 36 5 RIP Route Redistribution Summary ...

Page 1209: ...figuration mode split horizon none simple poison Set the RIP split horizon mode none RIP does not use split horizon to avoid routing loops simple RIP uses split horizon to avoid routing loops poison RIP uses split horizon with poison reverse increases routing packet update size auto summary Enable the RIP auto summarization mode no hostroutesaccept Prevent the switch from accepting host routes def...

Page 1210: ...he interface to allow RIP control packets of the specified version s to be received ip rip authentication none simple key encrypt key key id set the RIP Version 2 Authentication Type and Key for the interface key Authentication key for the specified interface Range 16 bytes or less encrypt Specifies the Ethernet unit port of the interface to view information key id Authentication key identifier fo...

Page 1211: ...commands you use to configure ACLs see Configuring ACLs CLI on page 612 accesslistname The name used to identify an existing ACL ospf Apply the specified access list when OSPF is the source protocol static Apply the specified access list when packets come through the static route connected Apply the specified access list when packets come from a directly connected route redistribute static connect...

Page 1212: ...stributed external 2 Adds routes imported into OSPF as Type 2 external routes into any match types presently being redistributed nssa external 1 Adds routes imported into OSPF as NSSA Type 1 external routes into any match types presently being redistributed nssa external 2 Adds routes imported into OSPF as NSSA Type 2 external routes into any match types presently being redistributed distance rip ...

Page 1213: ...Create VLANs 10 20 and 30 console config vlan 10 20 30 console config vlan10 20 30 interface gi1 0 1 console config if Gi1 0 1 switchport access vlan 10 console config if Gi1 0 1 interface gi1 0 2 console config if Gi1 0 2 switchport access vlan 20 console config if Gi1 0 2 interface gi1 0 3 console config if Gi1 0 3 switchport access vlan 30 3 Assign an IP address and enable RIP on each interface...

Page 1214: ...ddress 192 168 30 1 255 255 255 0 console config if vlan30 ip rip console config if vlan30 ip rip receive version both console config if vlan30 ip rip send version rip2 console config if vlan30 exit 4 Enable auto summarization of subprefixes when crossing classful boundaries console config router rip console config router auto summary console config router exit console config exit 5 Verify the con...

Page 1215: ...Configuring RIP 1215 Vl10 192 168 10 1 RIP 2 Both Enable Down Vl20 192 168 10 1 RIP 2 Both Enable Down Vl30 192 168 10 1 RIP 2 Both Disable Down ...

Page 1216: ...1216 Configuring RIP ...

Page 1217: ...g a scheme to dynamically elect a backup router VRRP can help minimize black hole periods due to the failure of the default gateway router during which all traffic directed towards it is lost until the failure is detected How Does VRRP Work VRRP eliminates the single point of failure associated with static default routes by enabling a backup router to take over from a master router without affecti...

Page 1218: ...er with the highest configured priority is the VRRP master If multiple routers have the same priority the router with the highest IP address becomes the VRRP master If the VRRP master fails other members of the VRRP group will elect a master based on the configured router priority values For example router A is the interface owner and master and it has a priority of 255 Router B is configured with...

Page 1219: ...VRRP master responds to both fragmented and un fragmented ICMP Echo Request packets The VRRP master responds to Echo Requests sent to the virtual router s primary address or any of its secondary addresses Members of the virtual router who are in backup state discard ping packets destined to VRRP addresses just as they discard any Ethernet frame sent to a VRRP MAC address When the VRRP master respo...

Page 1220: ...s up the value of the priority decrement is added to the current router priority If the resulting priority is more than the backup router priority the original VRRP master resumes control VRRP route tracking monitors the reachability of an IP route A tracked route is considered up when a routing table entry exists for the route and the route is accessible When the tracked route is removed from the...

Page 1221: ...rameter Default Value Admin Mode Disabled Virtual Router ID VRID None Range 1 255 Preempt Mode Enabled Preempt Delay 0 Seconds Learn Advertisement Timer Interval Enabled Accept Mode Disabled Priority 100 Advertisement Interval 1 Authentication None Route Tracking No routes tracked Interface Tracking No interfaces tracked ...

Page 1222: ...ng VRRP features on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page VRRP Configuration Use the Configuration page to enable or disable the administrative status of a virtual router To display the page click Routing VRRP Configuration in the navigation panel Figure 37 1 VRRP Configuration ...

Page 1223: ...ng VRRP 1223 VRRP Virtual Router Status Use the Router Status page to display virtual router status To display the page click Routing VRRP Router Status in the navigation panel Figure 37 2 Virtual Router Status ...

Page 1224: ...Virtual Router Statistics Use the Router Statistics page to display statistics for a specified virtual router To display the page click Routing VRRP Router Statistics in the navigation panel Figure 37 3 Virtual Router Statistics ...

Page 1225: ...25 VRRP Router Configuration Use the Configuration page to configure a virtual router To display the page click Routing VRRP Router Configuration Configuration in the navigation panel Figure 37 4 VRRP Router Configuration ...

Page 1226: ... to add new tracked routes To display the page click Routing VRRP Router Configuration Route Tracking Configuration in the navigation panel Figure 37 5 VRRP Route Tracking Configuration Configuring VRRP Route Tracking To configure VRRP route tracking 1 From the Route Tracking Configuration page click Add The Add Route Tracking page displays ...

Page 1227: ...estination network address track route prefix for the route to track Use dotted decimal format for example 192 168 10 0 4 Specify the prefix length for the tracked route 5 Specify a value for the Priority Decrement to define the amount that the router priority will be decreased when a tracked route becomes unreachable 6 Click Apply to update the switch ...

Page 1228: ...new tracked interfaces To display the page click Routing VRRP Router Configuration Interface Tracking Configuration in the navigation panel Figure 37 7 VRRP Interface Tracking Configuration Configuring VRRP Interface Tracking To configure VRRP interface tracking 1 From the Interface Tracking Configuration page click Add The Add Interface Tracking page displays ...

Page 1229: ...virtual router ID and VLAN routing interface that will track the interface 3 Specify the interface to track 4 Specify a value for the Priority Decrement to define the amount that the router priority will be decreased when a tracked interface goes down 5 Click Apply to update the switch ...

Page 1230: ...id Enter Interface Configuration mode for the specified VLAN vrrp vr id Allow the interface to create in the VRRP group specified by the vr id parameter which is a number from 1 255 vrrp vr id description Optional Create a text description that identifies the VRRP group vrrp vr id preempt delay seconds Enable the preemption mode value for the virtual router configured on a specified interface You ...

Page 1231: ...rement priority Specify an interface the virtual router vr id on the interface will track If the interface goes down the virtual router priority is decreased by the amount specified by the priority value vrrp vr id track ip route ip address prefix length decrement priority Specify a route that the virtual router vr id on the interface will track If the route to the destination network specified by...

Page 1232: ...haring VRRP with Route and Interface Tracking VRRP with Load Sharing In Figure 37 9 two L3 Dell Networking switches are performing the routing for network clients Router A is the default gateway for some clients and Router B is the default gateway for other clients Figure 37 9 VRRP with Load Sharing Network Diagram ...

Page 1233: ...onsole config interface vlan 10 console config if vlan10 ip address 192 168 10 1 255 255 255 0 console config if vlan10 exit 3 Enable VRRP for the switch console config ip vrrp 4 Assign a virtual router ID to the VLAN routing interface for the first VRRP group console config interface vlan 10 console config if vlan10 vrrp 10 5 Specify the IP address that the virtual router function will use The ro...

Page 1234: ...ate and configure the VLAN routing interface to use as the default gateway for network clients This example assumes all other routing interfaces such as the interface to the external network have been configured console config interface vlan 10 console config if vlan10 ip address 192 168 10 2 255 255 255 0 console config if vlan10 exit 3 Enable VRRP for the switch console config ip vrrp 4 Assign a...

Page 1235: ...vlan10 vrrp 20 mode console config if vlan10 exit console config exit Troubleshooting VRRP When configuring VRRP ensure that the L2 network facing the VRRP router is up Both VRRP peers will show as being in the Master state until the layer 2 network is operational Likewise ensure that the link or path between the virtual routers is operational If the link is not operational one VR instance will sh...

Page 1236: ... IP address 192 168 10 15 as the default gateway Figure 37 10 VRRP with Tracking Network Diagram Without VRRP interface or route tracking if something happened to VLAN 25 or the route to the external network as long as Router A remains up it will continue to be the VRRP master even though traffic from the clients does not have a path to the external network However if the interface and or route tr...

Page 1237: ...ress that the virtual router function will use console config if vlan10 vrrp 10 ip 192 168 10 15 6 Configure the router priority console config if vlan10 vrrp 10 priority 200 7 Enable preempt mode so that the router can regain its position as VRRP master if its priority is greater than the priority of the backup router console config if vlan10 vrrp 10 preempt 8 Enable the VRRP groups on the interf...

Page 1238: ...p routing 2 Create and configure the VLAN routing interface to use as the default gateway for network clients This example assumes all other routing interfaces such as the interface to the external network have been configured console config interface vlan 10 console config if vlan10 ip address 192 168 10 2 255 255 255 0 console config if vlan10 exit 3 Enable VRRP for the switch console config ip ...

Page 1239: ...Configuring VRRP 1239 8 Enable the VRRP groups on the interface console config if vlan10 vrrp 10 mode console config if vlan10 exit console config exit ...

Page 1240: ...1240 Configuring VRRP ...

Page 1241: ...65 For information about IPv6 multicast see Managing IPv4 and IPv6 Multicast on page 1337 For configuration examples that include IPv6 interface configuration see OSPF Configuration Examples on page 1177 IPv6 Routing Overview IPv6 is the next generation of the Internet Protocol With 128 bit addresses versus 32 bit addresses for IPv4 IPv6 solves the address depletion issues seen with IPv4 and remov...

Page 1242: ...FC2462 Unlike IPv4 IPv6 does not have broadcasts There are two types of IPv6 addresses unicast and multicast Unicast addresses allow direct one to one communication between two hosts whereas multicast addresses allow one to many communication Multicast addresses are used as destinations only Unicast addresses will have 00 through fe in the most significant octets and multicast addresses will have ...

Page 1243: ...p addresses computed by routing protocols are usually link local addresses During the period of transitioning the Internet to IPv6 a global IPv6 Internet backbone may not be available One transition mechanism is to tunnel IPv6 packets inside IPv4 to reach remote IPv6 islands When a packet is sent over such a link it is encapsulated in IPv4 in order to traverse an IPv4 network and has the IPv4 head...

Page 1244: ...ss AutoConfig Mode Disabled Routing Mode Enabled Interface Maximum Transmit Unit 1500 Router Duplicate Address Detection Transmits 1 Router Advertisement NS Interval Not configured Router Lifetime Interval 1800 seconds Router Advertisement Reachable Time 0 seconds Router Advertisement Interval 600 seconds Router Advertisement Managed Config Flag Disabled Router Advertisement Other Config Flag Disa...

Page 1245: ...ll Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page Global Configuration Use the Global Configuration page to enable IPv6 forwarding on the router enable the forwarding of IPv6 unicast datagrams and configure global IPv6 settings To display the page click Routing IPv6 Global Configuration in the navigation panel Figure 38 1 IPv6 G...

Page 1246: ...face Configuration page to configure IPv6 interface parameters This page has been updated to include the IPv6 Destination Unreachables field To display the page click Routing IPv6 Interface Configuration in the navigation panel Figure 38 2 IPv6 Interface Configuration ...

Page 1247: ...outing 1247 Interface Summary Use the Interface Summary page to display settings for all IPv6 interfaces To display the page click Routing IPv6 Interface Summary in the navigation panel Figure 38 3 IPv6 Interface Summary ...

Page 1248: ...6 Routing IPv6 Statistics Use the IPv6 Statistics page to display IPv6 traffic statistics for one or all interfaces To display the page click Routing IPv6 IPv6 Statistics in the navigation panel Figure 38 4 IPv6 Statistics ...

Page 1249: ...g 1249 IPv6 Neighbor Table Use the IPv6 Neighbor Table page to display IPv6 neighbor details for a specified interface To display the page click IPv6 IPv6 Neighbor Table in the navigation panel Figure 38 5 IPv6 Neighbor Table ...

Page 1250: ...t the network information automatically assigned to an interface by the DHCPv6 server This page displays information only if the DHCPv6 client has been enabled on an IPv6 routing interface To display the page click Routing IPv6 DHCPv6 Client Lease Parameters in the navigation panel Figure 38 6 DHCPv6 Lease Parameters ...

Page 1251: ...Use the DHCPv6 Client Statistics page to view information about DHCPv6 packets received and transmitted on a DHCPv6 client interface To display the page click Routing IPv6 DHCPv6 Client Statistics in the navigation panel Figure 38 7 DHCPv6 Lease Parameters ...

Page 1252: ... Configuration Use the IPv6 Route Entry Configuration page to configure information for IPv6 routes To display the page click Routing IPv6 IPv6 Routes IPv6 Route Entry Configuration in the navigation panel Figure 38 8 IPv6 Route Entry Configuration ...

Page 1253: ... 1253 IPv6 Route Table Use the IPv6 Route Table page to display all active IPv6 routes and their settings To display the page click Routing IPv6 IPv6 Routes IPv6 Route Table in the navigation panel Figure 38 9 IPv6 Route Table ...

Page 1254: ... any other protocol The best route to a destination is chosen by selecting the route with the lowest preference value When there are multiple routes to a destination the preference values are used to determine the preferred route If there is still a tie the route with the best route metric is chosen To avoid problems with mismatched metrics you must configure different preference values for each o...

Page 1255: ...Pv6 Routes Configured IPv6 Routes in the navigation panel Figure 38 11 Configured IPv6 Routes To remove a configured route select the check box in the Delete column of the route to remove and click Apply NOTE For a static reject route the next hop interface value is Null0 Packets to the network address specified in static reject routes are intentionally dropped ...

Page 1256: ...se configure Enter global configuration mode sdm prefer dual ipv4 and ipv6 default Select a Switch Database Management SDM template to enable support for both IPv4 and IPv6 Changing the SDM template requires a system reload ipv6 unicast routing Globally enable IPv6 routing on the switch ipv6 hop limit limit Set the TTL value for the router The valid range is 0 to 255 ipv6 icmp error interval burst...

Page 1257: ...v6 address enables IPv6 on the interface You can also use the ipv6 enable command to enable IPv6 on the interface without setting an address Link local multicast IPv4 compatible and IPv4 mapped addresses are not allowed to be configured Include the EUI 64 keyword to have the system add the 64 bit interface ID to the address You must use a network prefix length of 64 in this case For VLAN interface...

Page 1258: ...onfiguration off link Do not use the prefix for onlink determination ipv6 nd ra interval maximum minimum Set the transmission interval between router Neighbor Discovery advertisements maximum The maximum interval duration Range 4 1800 seconds minimum The minimum interval duration Range 3 0 75 maximum seconds ipv6 nd ra lifetime seconds Set the value that is placed in the Router Lifetime field of t...

Page 1259: ...teful configuration flag in router advertisements sent from the interface ipv6 nd managed config flag Set the managed address configuration flag in router advertisements When the value is true end nodes use DHCPv6 When the value is false end nodes automatically configure addresses ipv6 nd reachable time milliseconds Set the router advertisement time to consider a neighbor reachable after neighbor ...

Page 1260: ...next hop address The IPv6 address of the next hop that can be used to reach the specified network A link local next hop address must have a prefix length of 128 The next hop address cannot be an unspecified address all zeros a multicast address or a loopback address If a link local next hop address is specified the interface VLAN or tunnel must also be specified preference Also known as Administra...

Page 1261: ...ce integer Set the default distance preference for static IPv6 routes Lower route preference values are preferred when determining the best route The default distance preference for static routes is 1 exit Exit to Global Config mode Command Purpose ...

Page 1262: ...ength protocol interface type interface number best View the routing table ipv6 address Specifies an IPv6 address for which the best matching route would be displayed protocol Specifies the protocol that installed the routes Is one of the following keywords connected ospf static ipv6 prefix prefix length Specifies an IPv6 network for which the matching route would be displayed interface type inter...

Page 1263: ...te 0 null 254 Use this in all routers except the ones with direct Internet connectivity Routers with direct Internet connectivity should advertise a default route The effect of this route is that when a router does not have connectivity to the Internet the router will quickly discard packets that it cannot deliver If the router learns a default route from another router the learned route will have...

Page 1264: ...cific route will have precedence Another use for the Reject route is to prevent internal hosts from communication with specific addresses or ranges of addresses The effect is the same as an outgoing access list with a deny statement A route is generally more efficient than an access list that performs the same function If you need more fine grained filtering such as protocols or port numbers use t...

Page 1265: ...ients and servers for the purpose of assigning IP addresses gateways and other networking definitions such as Domain Name System DNS and Network Time Protocol NTP parameters However IPv6 natively provides IP address auto configuration through IPv6 Neighbor Discovery Protocol NDP and through the use of Router Advertisement messages Thus the role of DHCPv6 within the network is different than that o...

Page 1266: ... response A DHCPv6 server then responds by providing only networking definitions such as DNS domain name and server definitions NTP server definitions or SIP definitions What Is the DHCPv6 Relay Agent Information Option The DHCPv6 Relay Agent Information Option allows for various sub options to be attached to messages that are being relayed by the local router to a DHCPv6 server The DHCPv6 server ...

Page 1267: ...lients may request multiple IPv6 prefixes Also DHCPv6 clients may request specific IPv6 prefixes If the configured DHCPv6 pool contains the specific prefix that a DHCPv6 client requests then that prefix will be delegated to the client Otherwise the first available IPv6 prefix within the configured pool will be delegated to the client Default DHCPv6 Server and Relay Values By default the DHCPv6 ser...

Page 1268: ...d monitoring the DHCPv6 server on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page DHCPv6 Global Configuration Use the Global Configuration page to configure DHCPv6 global parameters To display the page click Routing IPv6 DHCPv6 Server Global Configuration in the navigation panel Figure 39 2 DHCPv6 Global Configuration ...

Page 1269: ...omain names of DNS servers To display the page click Routing IPv6 DHCPv6 Pool Configuration in the navigation panel Figure 39 3 shows the page when no pools have been created After a pool has been created additional fields display Figure 39 3 Pool Configuration Configuring a DHCPv6 Pool To configure the pool 1 Open the Pool Configuration page 2 Select Create from the Pool Name menu and type a name...

Page 1270: ...om the DNS Server Address menu select an existing DNS Server Address to associate with this pool or select Add and specify a new server to add 5 From the Domain Name menu select an existing domain name to associate with this pool or select Add and specify a new domain name 6 Click Apply ...

Page 1271: ...iguration page to configure a delegated prefix for a pool At least one pool must be created using DHCPv6 Pool Configuration before a delegated prefix can be configured To display the page click Routing IPv6 DHCPv6 Prefix Delegation Configuration in the navigation panel Figure 39 5 Prefix Delegation Configuration ...

Page 1272: ...se the Pool Summary page to display settings for all DHCPv6 Pools At least one pool must be created using DHCPv6 Pool Configuration before the Pool Summary displays To display the page click Routing IPv6 DHCPv6 Pool Summary in the navigation panel Figure 39 6 Pool Summary ...

Page 1273: ...e the DHCPv6 Interface Configuration page to configure a DHCPv6 interface To display the page click Routing IPv6 DHCPv6 Interface Configuration in the navigation panel The fields that display on the page depend on the selected interface mode Figure 39 7 DHCPv6 Interface Configuration ...

Page 1274: ...Figure 39 8 shows the screen when the selected interface mode is Server Figure 39 8 DHCPv6 Interface Configuration Server Mode Figure 39 9 shows the screen when the selected interface mode is Relay Figure 39 9 DHCPv6 Interface Configuration Relay Mode ...

Page 1275: ...tings 1275 DHCPv6 Server Bindings Summary Use the Server Bindings Summary page to display all DHCPv6 server bindings To display the page click Routing IPv6 DHCPv6 Bindings Summary in the navigation panel Figure 39 10 Server Bindings Summary ...

Page 1276: ...nd Relay Settings DHCPv6 Statistics Use the DHCPv6 Statistics page to display DHCPv6 statistics for one or all interfaces To display the page click Routing IPv6 DHCPv6 Statistics in the navigation panel Figure 39 11 DHCPv6 Statistics ...

Page 1277: ...gure pool parameters for DHCPv6 clients that obtain IPv6 network information dynamically Command Purpose configure Enter Global Configuration mode service dhcpv6 Enable the DHCPv6 server ipv6 dhcp relay agent info opt option Configure a number to represent the DHCPv6 Relay Agent Information Option The option parameter is an integer from 54 65535 ipv6 dhcp relay agent info remote id subopt suboptio...

Page 1278: ...efix length client DUID name hostname valid lifetime valid lifetime infinite preferred lifetime preferred lifetime infinite Define an IPv6 prefixes within a pool for distributing to specific DHCPv6 Prefix delegation clients prefix prefix length Delegated IPv6 prefix client DUID DHCP Unique Identifier for the client e g 00 01 00 09 f8 79 4e 00 04 76 73 43 76 hostname Client hostname used for loggin...

Page 1279: ...interface vlan vlan id interface vlan vlan id remote id duid ifid user defined string Configure the interface for DHCPv6 relay functionality destination Keyword that sets the relay server IPv6 address relay address An IPv6 address of a DHCPv6 relay server interface Sets the relay server interface vlan id A valid VLAN ID remote id duid ifid user defined string The Relay Agent Information Option rem...

Page 1280: ...viated exchange between the client and server pref value Preference value used by clients to determine preference between multiple DHCPv6 servers Range 0 4294967295 CTRL Z Exit to Privileged Exec Mode show ipv6 dhcp interface tunnel tunnel id vlan vlan id View DHCPv6 information for all interfaces or for the specified interface Command Purpose show ipv6 dhcp binding address View the current bindin...

Page 1281: ...l VLAN routing interface 100 is configured as a DHCPv6 server Setting NDP on the interface to send the other config flag option allows the interface to prompt DHCPv6 clients to request only stateless server information To configure the switch 1 Enable the DHCPv6 feature console configure console config service dhcpv6 2 Create the DHCPv6 pool and configure stateless information console config ipv6 ...

Page 1282: ...nts The prefix to DUID mapping is defined within the DHCPv6 pool To configure the switch 1 Create the DHCPv6 pool and specify the domain name and DNS server information console config ipv6 dhcp pool my pool2 console config dhcp6s pool domain name dell com console config dhcp6s pool dns server 2001 DB8 A328 22C 1 2 Specify the prefix delegations for specific clients The first two commands provide m...

Page 1283: ... the destination address of the relay server and the interface used for reachability to the relay server To configure the switch 1 Create VLAN 300 and define its IPv6 address console config interface vlan 300 console config if vlan300 ipv6 address 2001 DB8 03a 64 2 Configure the interface as a DHCPv6 relay agent and specify the IPv6 address of the relay server The command also specifies that the r...

Page 1284: ...1284 Configuring DHCPv6 Server and Relay Settings Relay Interface Number Vl100 Relay Remote ID Option Flags ...

Page 1285: ...v CLI DiffServ Configuration Examples DiffServ Overview Standard IP based networks are designed to provide best effort data delivery service Best effort service implies that the network delivers the data in a timely fashion although there is no guarantee that it will During times of congestion packets may be delayed sent sporadically or dropped For typical Internet applications such as email and f...

Page 1286: ...g the appropriate queue management algorithms Before configuring DiffServ on Dell Networking series switches you must determine the QoS requirements for the network as a whole The requirements are expressed in terms of rules which are used to classify inbound or outbound traffic on a particular interface What Are the Elements of DiffServ Configuration During configuration you define DiffServ rules...

Page 1287: ...kets by dropping or re marking those that exceed the class s assigned data rate Counting the traffic within the class Service Assigns a policy to an interface for inbound traffic Default DiffServ Values Table 40 1 shows the global default values for DiffServ NOTE You can use an 802 1X authenticator or RADIUS server to dynamically assign DiffServ filters to ports when a host connects to a port and ...

Page 1288: ...eries switches For details about the fields on a page click at the top of the page DiffServ Configuration Use the DiffServ Configuration page to display the DiffServ administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables To display the page click Quality of Service Differentiated Services DiffServ Configuration in the navigatio...

Page 1289: ...me or delete an existing class To display the page click Quality of Service Differentiated Services Class Configuration in the navigation panel Figure 40 2 DiffServ Class Configuration Adding a DiffServ Class To add a DiffServ class 1 From the DiffServ Class Configuration page click Add to display the Add Class page Figure 40 3 Add DiffServ Class ...

Page 1290: ...the classes configured on the switch click Show All Figure 40 4 View DiffServ Class Summary Class Criteria Use the DiffServ Class Criteria page to define the criteria to associate with a DiffServ class As packets are received these DiffServ classes are used to identify packets To display the page click Quality of Service Differentiated Services Class Criteria in the navigation panel ...

Page 1291: ...Configuring Differentiated Services 1291 Figure 40 5 DiffServ Class Criteria ...

Page 1292: ...n of classes with one or more policy statements To display the page click Quality of Service Differentiated Services Policy Configuration in the navigation panel Figure 40 6 DiffServ Policy Configuration Adding a New Policy Name To add a policy 1 From the DiffServ Policy Configuration page click Add to display the Add Policy page ...

Page 1293: ...ted Services 1293 Figure 40 7 Add DiffServ Policy 2 Enter the new Policy Name 3 Click Apply to save the new policy 4 To view a summary of the policies configured on the switch click Show All Figure 40 8 View DiffServ Policies ...

Page 1294: ...e to associate a class to a policy and to define attributes for that policy class instance To display the page click Quality of Service Differentiated Services Policy Class Definition in the navigation panel Figure 40 9 DiffServ Policy Class Definition To view a summary of the policy attributes click Show All ...

Page 1295: ...marked with either an IP DSCP IP precedence or CoS value 1 Select Marking from the Traffic Conditioning drop down menu on the DiffServ Policy Class Definition page The Packet Marking page displays Figure 40 11 Policy Class Definition Attributes 2 Select IP DSCP IP Precedence or Class of Service to mark for this policy class 3 Select or enter a value for this field 4 Click Apply to define the polic...

Page 1296: ...icing page displays the Policy Name Class Name and Policing Style Select a value for the following fields Color Mode The type of color policing used Color Blind or Color Aware Conform Action Selector The action taken on packets that are considered conforming below the police rate Options are Send Drop Mark CoS Mark IP DSCP Mark IP Precedence Violate Action The action taken on packets that are cons...

Page 1297: ...age to activate a policy on a port To display the page click Quality of Service Differentiated Services Service Configuration in the navigation panel Figure 40 13 DiffServ Service Configuration To view a summary of the services configured on the switch click Show All Figure 40 14 DiffServ Service Summary ...

Page 1298: ...the DiffServ Service Detailed Statistics page to display packet details for a particular port and class To display the page click Quality of Service Differentiated Services Service Detailed Statistics in the navigation panel Figure 40 15 DiffServ Service Detailed Statistics ...

Page 1299: ... to create a mirroring session in which the traffic that matches the specified policy and member class is mirrored to a destination port To display the Flow Based Mirroring page click Switching Ports Traffic Mirroring Flow Based Mirroring in the navigation panel Figure 40 16 Flow Based Mirroring ...

Page 1300: ...elated information CLI Command Description configure Enter global configuration mode diffserv Set the DiffServ operational mode to active exit Exit to Privileged EXEC mode show diffserv Display the DiffServ general information which includes the current administrative mode setting as well as the current and maximum number of DiffServ components CLI Command Description configure Enter global config...

Page 1301: ... match ip dscp Add to the specified class definition a match condition based on the value of the IP DiffServ Code Point DSCP field in a packet match ip precedence Add to the specified class definition a match condition based on the value of the IP match ip tos Add to the specified class definition a match condition based on the value of the IP TOS field in a packet match protocol Add to the specif...

Page 1302: ...iption configure Enter global configuration mode class map match all class map name ipv6 Define a new DiffServ class match any Configure a match condition for all the packets match class map Add to the specified class definition the set of match conditions defined for another class match dstip6 Add to the specified class definition a match condition based on the destination IPv6 address of a packe...

Page 1303: ...o the specified class definition a match condition based on the source IPv6 address of a packet match srcl4port Add to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword a numeric notation or a numeric range notation CLI Command Description configure Enter global configuration mode policy map policy name in Create a new DiffServ pol...

Page 1304: ...m action drop set cos transmit cos set prectransmit cos set dscp transmit dscpval transmit violateaction drop set cos transmit cos set prec transmit cos set dscp transmit dscpval transmit Establish the traffic policing style for the specified class The simple form of the police command uses a single data rate and burst size resulting in two outcomes conform and nonconform datarate Data rate in kil...

Page 1305: ...ue Mark all packets for the associated traffic stream with the specified IP DSCP value mark ip precedence value Mark all packets for the associated traffic stream with the specified IP precedence value range 0 7 mirror interface redirect interface Use mirror to mirror all packets for the associated traffic stream that matches the defined class to the specified destination port or LAG Use redirect ...

Page 1306: ...Global Configuration mode for all system interfaces or Interface Configuration mode for a specific interface exit Exit to Privilege Exec mode show diffserv service brief in out Display all interfaces in the system to which a DiffServ policy has been attached show diffserv service interface interface in out Display policy service information for the specified interface where interface is replaced b...

Page 1307: ...nternet or other external network to different departments within a company Each of four departments has its own Class B subnet that is allocated 25 of the available bandwidth on the port accessing the Internet Figure 40 17 DiffServ Internet Access Example Network Diagram Finance Marketing Test Development Internet Layer 3 Switch Port 1 0 5 Outbound 1 0 1 1 0 2 1 0 3 1 0 4 Source IP 172 16 10 0 25...

Page 1308: ...5 0 console config classmap exit console config class map match all development_dept console config classmap match srcip 172 16 40 0 255 255 255 0 console config classmap exit 3 Create a DiffServ policy for inbound traffic named internet_access adding the previously created department classes as instances within this policy This policy uses the assign queue attribute to put each department s traff...

Page 1309: ..._access console config if Te1 0 3 exit console config interface tengigabitethernet 1 0 4 console config if Te1 0 4 service policy in internet_access console config if Te1 0 4 exit 5 Set the CoS queue configuration for the presumed egress 10 Gigabit Ethernet interface 1 0 1 such that each of queues 1 2 3 and 4 get a minimum guaranteed bandwidth of 25 All queues for this interface use weighted round...

Page 1310: ...ample shows one way to provide the necessary quality of service how to set up a class for UDP traffic have that traffic marked on the inbound side and then expedite the traffic on the outbound side The configuration script is for Router 1 in the accompanying diagram a similar script should be applied to Router 2 Figure 40 18 DiffServ VoIP Example Network Diagram Internet Layer 3 Switch Operating a...

Page 1311: ... DiffServ code point DSCP of EF expedited forwarding This handles incoming traffic that was previously marked as expedited elsewhere in the network console config class map match all class_ef console config classmap match ip dscp ef console config classmap exit 4 Create a DiffServ policy for inbound traffic named pol_voip then add the previously created classes class_ef and class_voip as instances...

Page 1312: ...cy classmap exit console config policy map exit 5 Attach the defined policy to an inbound service interface console config interface tengigabitethernet 1 0 1 console config if Te1 0 1 service policy in pol_voip console config if Te1 0 1 exit console config exit ...

Page 1313: ...s chapter include CoS Overview Default CoS Values Configuring CoS Web Configuring CoS CLI CoS Configuration Example CoS Overview The CoS feature lets you give preferential treatment to certain types of traffic over others To set up this preferential treatment you can configure the ingress ports the egress ports and individual queues on the egress ports to provide customization that suits your envi...

Page 1314: ... priority designations based on one of the following fields in the packet header 802 1 Priority values 0 7 IP DSCP values 0 63 A mapping table associates the designated field values in the incoming packet headers with a traffic class priority actually a CoS traffic queue Ports in Untrusted Mode If you configure an ingress port in untrusted mode the system ignores any priority designations encoded ...

Page 1315: ... have an equal offered load toward a congested output port CoS queue 2 will receive 3 6 of the bandwidth CoS queue 1 will receive 2 6 of the bandwidth and CoS queue 0 will receive 1 6 of the bandwidth The minimum bandwidth setting can be used to override the strict priority and weighted settings The highest numbered strict priority queue will receive no more bandwidth than 100 percent minus the su...

Page 1316: ...is value provides a scaling factor for increasing the number of packets of the selected drop precedence level that are dropped as the queue depth increases The drop probability supports configuration in the range of 0 to 10 and the discrete values 25 50 and 75 Values not listed are truncated to the next lower value in hardware CoS Queue Usage CoS queue 7 is reserved by the system and is not assign...

Page 1317: ...47 2 48 63 3 Interface Shaping Rate 0 Kbps Minimum Bandwidth 0 Scheduler Type Weighted Queue Management Type Taildrop Drop Precedence Level 1 WRED Decay Exponent 9 WRED Minimum Threshold 40 WRED Maximum Threshold 100 WRED Drop Probability Scale 10 Table 41 1 CoS Global Defaults Parameter Default Value ...

Page 1318: ... a page click at the top of the page Mapping Table Configuration Use the Mapping Table Configuration page to define how class of service is assigned to a packet To display the page click Quality of Service Class of Service Mapping Table Configuration in the navigation panel CoS 802 1P is the default mode so this is the page that displays when Mapping Table Configuration is selected from the Class ...

Page 1319: ...isplay the Queue Mapping Table for the selected Trust Mode click the Show All link at the top of the page The following figure shows the queue mapping table when CoS 802 1p is selected as the Trust Mode Figure 41 2 DSCP Queue Mapping Table ...

Page 1320: ... the decay exponent for WRED queues defined on the interface Each interface CoS parameter can be configured globally or per port A global configuration change is applied to all interfaces in the system To display the Interface Configuration page click Quality of Service Class of Service Interface Configuration in the navigation panel Figure 41 3 Interface Configuration ...

Page 1321: ...ing method and the queue management method The configuration process is simplified by allowing each CoS queue parameter to be configured globally or per port A global configuration change is applied to the same queue ID on all ports in the system To display the Interface Queue Configuration page click Quality of Service Class of Service Interface Queue Configuration in the navigation panel Figure ...

Page 1322: ...led interface queue The settings you configure control the minimum and maximum thresholds and a drop probability scaling factor for the selected drop precedence level These parameters can be applied to each drop precedence level on a per interface queue basis or can be set globally for the same drop precedence level and queue ID on all interfaces To display the Interface Queue Drop Precedence Conf...

Page 1323: ...Configuring Class of Service 1323 Figure 41 5 Interface Queue Drop Precedence Configuration To access the Interface Queue Drop Precedence Status page click the Show All link at the top of the page ...

Page 1324: ...t slot port tengigabitethernet unit slot port or port channel port channel number classofservice dotlp mapping priority Map an 802 1p priority to an internal traffic class for a switch You can also use this command in Global Configuration mode to configure the same mappings on all interfaces classofservice trust dot1p ip dscp untrusted Set the class of service trust mode of an interface exit Exit ...

Page 1325: ...s the shaping bandwidth value from 64 to 4294967295 kbps random detect exponential weighting constant exponent Configure the WRED decay exponent range 0 15 for the interface The weighting constant exponent determines how much of the previous average queue length sample is added to the current average queue length A value of 0 indicates that no weight is given to the previous sample and only the in...

Page 1326: ...e for each specified queue The queue id value ranges from 0 to 6 cos queue random detect queue id Set the queue management type for the specified queue to WRED The no version of this command resets the value to taildrop exit Exit to Global Config mode exit Exit to Privilege Exec mode show interfaces cos queue Display the class of service queue configuration for a specified interface or all interfa...

Page 1327: ...terface Configuration mode where interface is replaced by gigabitethernet unit slot port tengigabitethernet unit slot port or port channel port channel number random detect queue parms queue id queue id min thresh min1 min2 min3 min4 max thresh max1 max2 max3 max4 drop prob prob1 prob2 prob3 prob4 Configure the maximum and minimum thresholds for one or more queue IDs on a WRED enabled interface qu...

Page 1328: ...hich serves to direct packets A B and D to their respective queues on the egress port These three packets utilize the 802 1p to CoS Mapping Table for port te1 0 10 In this example the 802 1p user priority 3 is configured to send the packet to queue 5 instead of the default queue 3 Since packet C does not contain a VLAN tag the 802 1p user priority does not exist so port te1 0 10 relies on its defa...

Page 1329: ...port 10 console config console config interface tengigabitethernet 1 0 10 console config if Te1 0 10 classofservice trust dot1p 2 For port 10 configure the 802 1p user priority 3 to send the packet to queue 5 instead of the default queue queue 3 console config if Te1 0 10 classofservice dot1p mapping 3 5 3 For port 10 specify that untagged VLAN packets should have a default priority of 2 console c...

Page 1330: ...mple the following commands assign user priority 4 to CoS queue 4 and reserve 50 of the scheduler bandwidth to CoS queue 4 This implies that when the switch is congested the scehduler will service CoS queue 4 fifty percent of the time to the exclusion of all other CoS queues including higher priority CoS queues classofservice dot1p mapping 4 4 cos queue min bandwidth 0 0 0 0 50 0 0 1 Lossless beha...

Page 1331: ...limited to 16 sessions Voice VLAN is the preferred solution for enterprises wishing to deploy a large scale voice service The topics covered in this chapter include Auto VoIP Overview Default Auto VoIP Values Configuring Auto VoIP Web Configuring Auto VoIP CLI Auto VoIP Overview The Auto VoIP feature explicitly matches VoIP streams in Ethernet switches and provides them with a better class of serv...

Page 1332: ...ists from the global system pool ACL lists allocated by Auto VoIP reduce the total number of ACLs available for use by the network operator Enabling Auto VoIP uses one ACL list to monitor for VoIP sessions Each monitored VoIP session utilizes two rules from an additional ACL list This means that the maximum number of ACL lists allocated by Auto VoIP is two Default Auto VoIP Values Table 42 1 shows...

Page 1333: ...bal Configuration Use the Global Configuration page to enable or disable Auto VoIP on all interfaces To display the Auto VoIP Global Configuration page click Quality of Service Auto VoIP Global Configuration in the navigation menu Figure 42 1 Auto VoIP Global Configuration Auto VoIP Interface Configuration Use the Interface Configuration page to enable or disable Auto VoIP on a particular interfac...

Page 1334: ...nfiguring Auto VoIP Figure 42 2 Auto VoIP Interface Configuration To display summary Auto VoIP configuration information for all interfaces click the Show All link at the top of the page Figure 42 3 Auto VoIP ...

Page 1335: ...in Privileged Exec mode use the following commands in to enable Auto VoIP and view its configuration CLI Command Description configure Enter Global Configuration mode switchport voice detect auto Enable the VoIP Profile on all the interfaces of the switch You can also enter Interface Configuration mode and use the same command to enable it on a specific interface exit Exit to Global Configuration ...

Page 1336: ...1336 Configuring Auto VoIP ...

Page 1337: ...ulticast group address and multicast routers forward the datagram only to hosts who are members of the multicast group Multicast enables efficient use of network bandwidth because each multicast datagram needs to be transmitted only once on each network link regardless of the number of destination hosts Multicasting contrasts with IP unicasting which sends a separate datagram to each NOTE This fea...

Page 1338: ...ance with the IEEE MAC Bridge standard Eventually the packet is made accessible to all nodes connected to the network This approach works well for broadcast packets that are intended to be seen or processed by all connected nodes In the case of multicast packets however this approach could lead to less efficient use of network bandwidth particularly when the packet is intended for only a small num...

Page 1339: ...cast distribution tree that enables forwarding multicast datagrams only on the links that are required to reach a destination group member Protocols such as DVMRP and PIM handle this function IGMP and MLD are multicast group discovery protocols that are used between the clients and the local multicast router PIM SM PIM DM and DVMRP are multicast routing protocols that are used across different sub...

Page 1340: ...ll ports in the VLAN Multicast packets ingressing a port that is a member of a routed VLAN are flooded to all ports in the VLAN other than the receiving port It is strongly recommended that multicast routed VLANs only contain two ports one on each connecting switch A VLAN carrying multicast traffic should never traverse a multicast router as ingress multicast traffic is L2 switched across the VLAN...

Page 1341: ...IPv4 systems hosts L3 switches and routers to report their IP multicast group memberships to any neighboring multicast routers The Dell Networking N2000 N3000 and N4000 series switches performs the multicast router role of the IGMP protocol which means it collects the membership information needed by the active multicast routing protocol IGMP is automatically enabled when PIM or DVMRP are enabled ...

Page 1342: ...at wish to receive the multicast data packets on its directly attached interfaces The protocol specifically discovers which multicast addresses are of interest to its neighboring nodes and provides this information to the active multicast routing protocol that makes decisions on the flow of multicast data packets MLD is automatically enabled whenever IPv6 PIM is enabled on IPv6 interfaces via the ...

Page 1343: ...the multicast traffic unless they specifically ask for it It initially creates a shared distribution tree centered on a defined rendezvous point RP through which source traffic is relayed to the ultimate receiver Multicast traffic sources first send the multicast data to the RP which in turn sends the data down the shared tree to the receivers Shared trees centered on an RP do not necessarily prov...

Page 1344: ...applications and help ensure that the multicast traffic is recovered quickly in such scenarios PIM SM Protocol Operation This section describes the workings of PIM SM protocol per RFC 4601 The protocol operates essentially in three phases as explained in the following sections Phase 1 RP Tree Figure 43 1 PIM SM Shared Tree Join In this example an active receiver attached to leaf router at the bott...

Page 1345: ... an active source for group G sends a packet the designated router DR that is attached to this source is responsible for Registering this source with the RP and requesting the RP to build a tree back to that router To do this the source router encapsulates the multicast data from the source in a special PIM SM message called the Register message and unicasts that data to the RP When the RP receive...

Page 1346: ...ted in the entire router path along the SPT including the RP Figure 43 3 PIM SM Sender Registration Part 2 As soon as the SPT is built from the Source router to the RP multicast traffic begins to flow unencapsulated from source S to the RP Once this is complete the RP Router will send a Register Stop message to the first hop router to tell it to stop sending the encapsulated data to the RP ...

Page 1347: ...fic function called SwitchToSptDesired S G in the standard and generally takes a number of seconds to switch to the SPT In the above example the last hop router at the bottom of the drawing sends an S G Join message toward the source to join the SPT and bypass the RP This S G Join messages travels hop by hop to the first hop router i e the router connected directly to the source thereby creating a...

Page 1348: ...art 2 Finally special S G RP bit Prune messages are sent up the Shared Tree to prune off this S G traffic from the Shared Tree If this were not done S G traffic would continue flowing down the Shared Tree resulting in duplicate S G packets arriving at the receiver ...

Page 1349: ... and IPv6 Multicast 1349 Figure 43 6 PIM SM SPT Part 3 At this point S G traffic is now flowing directly from the first hop router to the last hop router and from there to the receiver Figure 43 7 PIM SM SPT Part 4 ...

Page 1350: ... and from there to the receiver Notice that traffic is no longer flowing to the RP The PIM standard requires support for multi hop RP in that a router running PIM can act as an RP even if it is multiple router hops away from the multicast source This requires that the first hop router perform encapsulation of the multicast data and forward it as unicast toward the RP In practice this encapsulation...

Page 1351: ... hop router subsequently receives the PIM Join from the RP the block is replaced with a regular multicast forwarding entry so that subsequent data packets are forwarded in the hardware If the initial Register message s does not reach the RP or the PIM Join sent in response does not reach the first hop router then the data stream would never get forwarded To solve this the negative entry is timed o...

Page 1352: ...ing data all downstream routers and hosts want to receive a multicast datagram PIM DM initially floods multicast traffic throughout the network Routers that do not have any downstream neighbors prune back the unwanted traffic In addition to PRUNE messages PIM DM makes use of graft and assert messages Graft messages are used whenever a new host wants to join the group Assert messages are used to sh...

Page 1353: ... avoided Understanding DVMRP Multicast Packet Routing DVMRP is based on RIP it forwards multicast datagrams to other routers in the AS and constructs a forwarding table based on information it learns in response More specifically it uses this sequence A new multicast packet is forwarded to the entire multicast network with respect to the time to live TTL of the packet The TTL restricts the area to...

Page 1354: ...t a given multicast traffic stream DVMRP is similar to PIM DM in that it floods multicast packets throughout the network and prunes branches where the multicast traffic is not desired DVMRP was developed before PIM DM and it has several limitations that do not exist with PIM DM You might use DVMRP as the multicast routing protocol if it has already been widely deployed within the network Microsoft...

Page 1355: ...2000 N3000 1536 IPv4 512 IPv6 N4000 512 IPv4 256 IPv6 Static Multicast Routes None configured Interface TTL Threshold 1 IGMP Defaults IGMP Admin Mode Disabled globally and on all interfaces IGMP Version v3 IGMP Robustness 2 IGMP Query Interval 125 seconds IGMP Query Max Response Time 100 seconds IGMP Startup Query Interval 31 seconds IGMP Startup Query Count 2 IGMP Last Member Query Interval 1 sec...

Page 1356: ...ne Interval 60 seconds when enabled on an interface PIM SM BSR Border Disabled PIM SM DR Priority 1 when enabled on an interface PIM Candidate Rendezvous Points RPs None configured PIM Static RP None configured PIM Source Specific Multicast SSM Range None configured Default SSM group address is 232 0 0 0 8 for IPv4 multicast and ff3x 32 for IPv6 multicast PIM BSR Candidate Hash Mask Length 30 IPv4...

Page 1357: ...fic on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page Multicast Global Configuration Use the Global Configuration page to configure the administrative status of Multicast Forwarding in the router and to display global multicast parameters To display the page click IPv4 Multicast Multicast Global Configuration in the navig...

Page 1358: ...ge to configure the TTL threshold of a multicast interface At least one VLAN routing interface must be configured on the switch before fields display on this page To display the page click IPv4 Multicast Multicast Interface Configuration in the navigation panel Figure 43 10 Multicast Interface Configuration ...

Page 1359: ...Route Table Use the Route Table page to view information about the multicast routes in the IPv4 multicast routing table To display the page click IPv4 Multicast Multicast Multicast Route Table Multicast Route Table Figure 43 11 Multicast Route Table ...

Page 1360: ...n range of multicast addresses on a given routing interface Use the Admin Boundary Configuration page to configure a new or existing administratively scoped boundary To see this page you must have configured a valid routing interface and multicast To display the page click IPv4 Multicast Multicast Admin Boundary Configuration in the navigation panel Figure 43 12 Multicast Admin Boundary Configurat...

Page 1361: ...st Admin Boundary Summary in the navigation panel Figure 43 13 Multicast Admin Boundary Summary Multicast Static MRoute Configuration Use the Static MRoute Configuration page to configure a new static entry in the Mroute table or to modify an existing entry To display the page click IPv4 Multicast Multicast Static MRoute Configuration in the navigation panel Figure 43 14 Multicast Static MRoute Co...

Page 1362: ... Static MRoute Summary Use the Static MRoute Summary page to display static routes and their configurations To display the page click IPv4 Multicast Multicast Static MRoute Summary in the navigation panel Figure 43 15 Multicast Static MRoute Summary ...

Page 1363: ...es that are not protocol specific on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page IPv6 Multicast Route Table Use the Multicast Route Table page to view information about the multicast routes in the IPv6 multicast routing table To display the page click IPv6 Multicast Multicast Multicast Route Table Figure 43 16 IPv6 Mul...

Page 1364: ...IGMP and IGMP proxy features on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page IGMP Global Configuration Use the Global Configuration page to set IGMP on the system to active or inactive To display the page click IPv4 Multicast IGMP Global Configuration in the navigation panel Figure 43 17 IGMP Global Configuration ...

Page 1365: ... and or display router interface parameters You must configure at least one valid routing interface before you can access this page and configure IP Multicast IGMP To display the page click IPv4 Multicast IGMP Routing Interface Interface Configuration in the navigation panel Figure 43 18 IGMP Interface Configuration ...

Page 1366: ...ticast IGMP Routing Interface Interface Summary in the navigation panel Figure 43 19 IGMP Interface Summary IGMP Cache Information Use the Cache Information page to display cache parameters and data for an IP multicast group address Group membership reports must have been received on the selected interface for data to display on the page To display the page click IPv4 Multicast IGMP Routing Interf...

Page 1367: ...Managing IPv4 and IPv6 Multicast 1367 Figure 43 20 IGMP Cache Information ...

Page 1368: ...lay detailed membership information for an interface Group membership reports must have been received on the selected interface for data to display information To display the page click IPv4 Multicast IGMP Routing Interface Source List Information in the navigation panel Figure 43 21 IGMP Interface Source List Information ...

Page 1369: ...e acts as proxy to all hosts residing on its router interfaces Use the Interface Configuration page to configure IGMP proxy for a VLAN interface You must have configured at least one VLAN routing interface before configuring or displaying data for an IGMP proxy interface and it should not be an IGMP routing interface To display the page click IPv4 Multicast IGMP Proxy Interface Interface Configura...

Page 1370: ...display proxy interface configurations by interface You must have configured at least one VLAN routing interface configured before data displays on this page To display the page click IPv4 Multicast IGMP Proxy Interface Configuration Summary in the navigation panel Figure 43 23 IGMP Proxy Configuration Summary ...

Page 1371: ...red at least one VLAN routing interface before you can display interface membership information and it should not be an IGMP routing interface Also if no group membership reports have been received on the selected interface no data displays on this page To display the page click IPv4 Multicast IGMP Proxy Interface Interface Membership Info in the navigation panel Figure 43 24 IGMP Proxy Interface ...

Page 1372: ...ne VLAN routing interface before you can display detailed interface membership information and it should not be an IGMP routing interface Also if no group membership reports have been received on the selected interface you cannot display data To display the page click IPv4 Multicast IGMP Proxy Interface Interface Membership Info Detailed in the navigation panel Figure 43 25 IGMP Proxy Interface Me...

Page 1373: ...D and MLD proxy features on a Dell Networking N2000 N3000 and N4000 series switches For details about the fields on a page click at the top of the page MLD Global Configuration Use the Global Configuration page to administratively enable and disable the MLD service To display the page click IPv6 Multicast MLD Global Configuration in the navigation panel Figure 43 26 MLD Global Configuration ...

Page 1374: ...ted IPv6 router interfaces to discover the presence of multicast listeners the nodes who wish to receive the multicast data packets on its directly attached interfaces To access this page click IPv6 Multicast MLD Routing Interface Interface Configuration in the navigation panel Figure 43 27 MLD Routing Interface Configuration ...

Page 1375: ...is page click IPv6 Multicast MLD Routing Interface Interface Summary in the navigation panel Figure 43 28 MLD Routing Interface Summary MLD Routing Interface Cache Information The Interface Cache Information page displays cache parameters and data for an IP multicast group address that has been reported to operational MLD routing interfaces You must configure at least one MLD VLAN routing interfac...

Page 1376: ... Source List Information The Interface Source List Information page displays detailed membership information for an interface You must configure at least one MLD VLAN routing interface to access this page Also group membership reports must have been received on the selected interface in order for data to be displayed here To access this page click IPv6 Multicast MLD Routing Interface Source List I...

Page 1377: ...377 MLD Traffic The MLD Traffic page displays summary statistics on the MLD messages sent to and from the router To access this page click IPv6 Multicast MLD Routing Interface MLD Traffic in the navigation panel Figure 43 31 MLD Traffic ...

Page 1378: ...ership reports on one VLAN interface for MLD Membership reports received on all other MLD enabled VLAN routing interfaces Use the Interface Configuration page to enable and disable ports as MLD proxy interfaces To display this page click IPv6 Multicast MLD Proxy Interface Interface Configuration in the navigation panel Figure 43 32 MLD Proxy Interface Configuration ...

Page 1379: ...Summary Use the Configuration Summary page to view configuration and statistics on MLD proxy enabled interfaces To display this page click IPv6 Multicast MLD Proxy Interface Configuration Summary in the navigation panel Figure 43 33 MLD Proxy Configuration Summary ...

Page 1380: ...terface Membership Information page lists each IP multicast group for which the MLD proxy interface has received membership reports To display this page click IPv6 Multicast MLD Proxy interface Interface Membership Info in the navigation panel Figure 43 34 Interface Membership Information ...

Page 1381: ...ation Detailed page provides additional information about the IP multicast groups for which the MLD proxy interface has received membership reports To display this page click IPv6 Multicast MLD Proxy Interface Interface Membership Info Detailed in the navigation panel Figure 43 35 Interface Membership Information Detailed ...

Page 1382: ...d on any switch for which IPv6 PIM is enabled This ensures that the multicast router behaves as expected The CLI behavior is different than the web interface Enabling PIM on an IPv4 interface via the CLI automatically enables IGMP on the interface Likewise enabling PIM on an IPv6 interface via the CLI automatically enables MLD on the interface To display the page click IPv4 Multicast PIM Global Co...

Page 1383: ...Status Use the Global Status page to view the administrative status of PIM DM or PIM SM on the switch To display the page click IPv4 Multicast PIM Global Status or IPv6 Multicast PIM Global Status in the navigation panel Figure 43 37 PIM Global Status ...

Page 1384: ...e the Interface Configuration page to configure specific VLAN routing interfaces with PIM To display the page click IPv4 Multicast PIM Interface Configuration or IPv6 Multicast PIM Interface Configuration in the navigation panel Figure 43 38 PIM Interface Configuration ...

Page 1385: ... the Interface Summary page to display a PIM enabled VLAN routing interface interface and its settings To display the page click IPv4 Multicast PIM Interface Summary or IPv6 Multicast PIM Interface Summary in the navigation panel Figure 43 39 PIM Interface Summary ...

Page 1386: ...figured rendezvous points RPs for each port using PIM To access the page click IPv4 Multicast PIM Candidate RP Configuration or IPv6 Multicast PIM Candidate RP Configuration Figure 43 40 Candidate RP Configuration Adding a Candidate RP To add PIM Candidate rendezvous points RPs for each IP multicast group 1 Open the Candidate RP Configuration page 2 Click Add The Add Candidate RP page displays ...

Page 1387: ... be configured 4 Enter the group address transmitted in Candidate RP Advertisements 5 Enter the prefix length transmitted in Candidate RP Advertisements to fully identify the scope of the group which the router supports if elected as a Rendezvous Point 6 Click Apply Changes The new Candidate RP is added and the device is updated ...

Page 1388: ...e PIM domain uses the BSR to dynamically learn the RP configuring a static RP is not required However you can configure the static RP to override any dynamically learned RP from the BSR To access the page click IPv4 Multicast PIM Static RP Configuration or IPv6 Multicast PIM Static RP Configuration Figure 43 42 Static RP Configuration Adding a Static RP To add a static RP for the PIM router 1 Open...

Page 1389: ... of the RP for the group range 4 Enter the group address of the RP 5 Enter the group mask of the RP 6 Check the Override option to configure the static RP to override the dynamic candidate RPs learned for same group ranges 7 Click Apply The new Static RP is added and the device is updated ...

Page 1390: ...uter To display the page click IPv4 Multicast PIM SSM Range Configuration or IPv6 Multicast PIM SSM Range Configuration Figure 43 44 SSM Range Configuration Adding an SSM Range To add the Source Specific Multicast SSM Group IP Address and Group Mask IPv4 or Prefix Length IPv6 for the PIM router 1 Open the SSM Range Configuration page 2 Click Add The Add SSM Range page displays ...

Page 1391: ...SM Range check box to add the default SSM Range The default SSM Range is 232 0 0 0 8 for IPv4 multicast and ff3x 32 for IPv6 multicast 4 Enter the SSM Group IP Address 5 Enter the SSM Group Mask IPv4 or SSM Prefix Length IPv6 6 Click Apply The new SSM Range is added and the device is updated ...

Page 1392: ...n Use this page to configure information to be used if the interface is selected as a bootstrap router To display the page click IPv4 Multicast PIM BSR Candidate Configuration or IPv6 Multicast PIM BSR Candidate Configuration Figure 43 46 BSR Candidate Configuration ...

Page 1393: ... BSR Candidate Summary Use this page to display information about the configured BSR candidates To display this page click IPv4 Multicast PIM BSR Candidate Summary or IPv6 Multicast PIM BSR Elected Summary Figure 43 47 BSR Elected Summary ...

Page 1394: ...age click at the top of the page DVMRP Global Configuration Use the Global Configuration page to configure global DVMRP settings It is strongly recommended that IGMP be enabled on any switch on which DVMRP is enabled The use cases for enabling DVMRP without IGMP are few and enabling IGMP ensures that the multicast router behaves as expected To display the page click IPv4 Multicast DVMRP Global Con...

Page 1395: ...RP interface Otherwise you see a message telling you that no router interfaces are available and the configuration screen is not displayed It is strongly recommended that IGMP be enabled on any interface on which DVMRP is enabled This ensures that the multicast router behaves as expected To display the page click IPv4 Multicast DVMRP Interface Configuration in the navigation panel Figure 43 49 DVM...

Page 1396: ... must configure at least one VLAN routing interface before you can display data for a DVMRP interface Otherwise you see a message telling you that no VLAN router interfaces are available and the configuration summary screen is not displayed To display the page click IPv4 Multicast DVMRP Configuration Summary in the navigation panel Figure 43 50 DVMRP Configuration Summary ...

Page 1397: ...ast 1397 DVMRP Next Hop Summary Use the Next Hop Summary page to display the next hop summary by Source IP To display the page click IPv4 Multicast DVMRP Next Hop Summary in the navigation panel Figure 43 51 DVMRP Next Hop Summary ...

Page 1398: ...p IP To display the page click IPv4 Multicast DVMRP Prune Summary in the navigation panel Figure 43 52 DVMRP Prune Summary DVMRP Route Summary Use the Route Summary page to display the DVMRP route summary To display the page click IPv4 Multicast DVMRP Route Summary in the navigation panel Figure 43 53 DVMRP Route Summary ...

Page 1399: ...rce address mask rpf address preference Create a static multicast route for a source range source address The IP address of the multicast data source mask The IP subnet mask of the multicast data source rpf address The IP address of the next hop towards the source preference The cost of the route Range 1 255 interface vlan vlan id Enter Interface Configuration mode for the specified VLAN ip mcast ...

Page 1400: ...guration settings such as flags timer settings incoming and outgoing interfaces RPF neighboring routers and expiration times of all the entries in the multicast mroute table containing the groupipaddr value show ip mcast mroute source sourceipaddr summary groupipaddr View the multicast configuration settings such as flags timer settings incoming and outgoing interfaces RPF neighboring routers and ...

Page 1401: ...e VLAN interface is not required preference The cost of the route Range 1 255 exit Exit to Privileged EXEC mode show ipv6 mroute detail summary View a summary or all the details of the multicast table show ipv6 mroute group groupipaddr detail summary View the multicast configuration settings such as flags timer settings incoming and outgoing interfaces RPF neighboring routers and expiration times ...

Page 1402: ...allows tuning of the interface that is tuning for the expected packet loss on a subnet If a subnet is expected to have significant loss the robustness variable may be increased for the interface The range for robustness is 1 255 ip igmp query interval seconds Configure the query interval for the specified interface The query interval determines how fast IGMP Host Query packets are transmitted on t...

Page 1403: ... Set the number of Group Specific Queries sent before the router assumes that there are no local members on the interface The range for count is 1 20 CTRL Z Exit to Privileged EXEC mode show ip igmp View system wide IGMP information show ip igmp interface vlan vlan id View IGMP information for all interfaces or for the specified interface show ip igmp interface stats vlan vlan id View IGMP statist...

Page 1404: ...bal configuration mode interface vlan vlan id Enter Interface Configuration mode for the specified VLAN ip igmp proxy Configure the interface as an IGMP proxy interface ip igmp proxy reset status Optional Reset the host interface status parameters of the IGMP Proxy ip igmp proxy unsolicit rprt interval seconds Configure the unsolicited report interval for the IGMP proxy interface The range for sec...

Page 1405: ...ed interface The query interval determines how fast MLD Host Query packets are transmitted on this interface The range for seconds is 0 3600 seconds ipv6 mld query max response time seconds Configure the maximum response time interval for the specified interface It is the maximum query response time advertised in MLD queries on this interface The range for seconds is 0 25 seconds ipv6 mld last mem...

Page 1406: ...nterface vlan vlan id View the registered multicast groups on the interface show ipv6 mld membership View the list of interfaces that have registered in any multicast group NOTE Configure only the upstream interface as the MLD proxy MLD should be enabled on all downstream interfaces IPv6 routing must be enabled on the switch for the MLD proxy feature to operate Command Purpose configure Enter glob...

Page 1407: ... This command displays information only when MLD Proxy is operational Command Purpose configure Enter global configuration mode ip routing Enable ip routing Routing is required for PIM to calculate where to prune the multicast trees ip pim dense Enable PIM DM on the switch ip igmp Enable IGMP IGMP is required for PIM to operate properly ip multicast Enable IPv4 IPv6 multicast routing interface vla...

Page 1408: ...ble IP routing Routing is required for PIM operation ipv6 unicast routing Enable IPv6 routing IPv6 routing is required for the operation of PIM ipv6 pim dense Enable PIM DM on the switch ip multicast Enable IPv6 IPv6 multicast routing ip igmp Enable IGMP IGMP is required for PIM to operate properly interface vlan vlan id Enter Interface Configuration mode for the specified VLAN ipv6 pim Enable PIM...

Page 1409: ...ulticast 1409 show ipv6 pim interface vlan vlan id View the PIM information for the specified interface show ipv6 pim neighbor interface vlan vlan id all View a summary or all the details of the multicast table Command Purpose ...

Page 1410: ... mask length priority interval interval Configure the switch to announce its candidacy as a bootstrap router BSR vlan id A valid VLAN ID hash mask length The length of a mask that is to be ANDed with the group address before the hash function is called All groups with the same seed hash correspond to the same RP For example if this value is 24 only the first 24 bits of the group addresses matter T...

Page 1411: ...hat if there is a conflict the RP configured with this command prevails over the RP learned by BSR ip pim ssm default group address group mask Define the Source Specific Multicast SSM range of IP multicast addresses default Defines the SSM range access list to 232 0 0 0 8 group address group mask defines the SSM range interface vlan vlan id Enter Interface Configuration mode for the specified VLAN...

Page 1412: ... groupaddr View the RP router being selected for the specified multicast group address from the set of active RP routers The RP router for the group is selected by using a hash algorithm show ip pim bsr router candidate elected View the bootstrap router BSR information show ip pim rp mapping View group to RP mappings of which the router is aware either configured or learned from the BSR Command Pu...

Page 1413: ...onal Indicates the BSR candidate advertisement interval The range is from 1 to 16383 seconds The default value is 60 seconds ipv6 pim rp candidate vlan vlan id group address prefix length interval interval Configure the router to advertise itself to the BSR router as a PIM candidate Rendezvous Point RP for a specific multicast group range vlan id A valid VLAN ID group address prefix length Group I...

Page 1414: ... sending PIM hello messages on the interface ipv6 pim bsr border Prevent bootstrap router BSR messages from being sent or received through the interface ipv6 pim dr priority priority Set the priority value for which a router is elected as the designated router DR The election priority range is 0 2147483647 ipv6 pim join prune interval interval Configure the interface join prune interval for the PI...

Page 1415: ...lticast group address from the set of active RP routers The RP router for the group is selected by using a hash algorithm show ipv6 pim bsr router View the bootstrap router BSR information show ipv6 pim rp mapping View group to RP mappings of which the router is aware either configured or learned from the BSR Command Purpose ...

Page 1416: ...ng interface ip dvmrp Enable DVMRP on the interface ip dvmrp metric metric Configure the metric range 1 31 for an interface This value is used in the DVMRP messages as the cost to reach this network exit Exit to Privileged EXEC mode show ip dvmrp interface vlan vlan id View the multicast information for the specified interface show ip dvmrp neighbor View neighbor information for DVMRP show ip dvmr...

Page 1417: ... enabled on the switch and interfaces to manage the multicast routing VLAN 10 is statically configured as the RP for the multicast group The configuration in this example takes place on L3 switch A shown in Figure 43 54 The red arrows indicate the path that multicast traffic takes L3 Switch A is configured as the RP for the PIM domain so it is in charge of sending the multicast stream to L3 Switch...

Page 1418: ...r switches OSPF is configured to route unicast traffic between the VLANs and PIM is enabled to rout multicast traffic between the two VLANs Since IGMP snooping is enabled by default on all VLANs no commands to enable it appear in the example below To configure Switch A 1 Create the two VLANs IGMP MLD Snooping is disabled globally Port 23 Port 24 L3 Switch A PIM RP Video Server VLAN 10 Members VLAN...

Page 1419: ... config router router id 3 3 1 1 console config router exit 4 Configure VLAN 10 as a VLAN routing interface and specify the OSPF area When you assign an IP address to the VLAN routing is automatically enabled console config interface vlan 10 console config if vlan10 ip address 192 168 10 4 255 255 255 0 console config if vlan10 ip ospf area 0 5 Enable IGMPv2 and PIM SM on the VLAN routing interfac...

Page 1420: ...nsole config ip igmp console config ip pim sparse 9 Configure VLAN 10 as the RP and specify the range of multicast groups for PIM SM to control The 239 9 x x address is chosen as it is a locally administered address that maps to MAC addresses that do not conflict with control plane protocols console config ip pim rp address 192 168 10 4 239 9 0 0 255 255 0 0 ...

Page 1421: ...r it is recommended that it be enabled to ensure correct operation of multicast routing Disable IGMP MLD snooping console config ip igmp console config no ip igmp snooping console config no ipv6 mld snooping 3 Globally enable DVMRP console config ip dvmrp 4 Enable DVMRP and IGMP on VLAN routing interfaces 10 and 20 console config interface vlan 10 console config if vlan10 ip address 192 168 10 1 2...

Page 1422: ...1422 Managing IPv4 and IPv6 Multicast ...

Page 1423: ... 72 72 72 Switching features Port Mirroring Number of monitor sessions Max source ports in a session 1 624 1 624 1 816 RMON 1 2 3 9 Max Ether Stats entries Max History entries Max buckets per History entry Max Alarm entries Max Event entries Max Log entries per Event entry 762 270 50 32 32 100 762 270 50 32 32 100 954 270 50 32 32 100 Management ACL MACAL Max Rules 64 64 64 Cut through mode thresh...

Page 1424: ...sions 16 16 16 16 16 16 User management features User ID configuration Max number of configured users Max user name length Max password length Max number of IAS users internal user database 8 64 64 100 8 64 64 100 8 64 64 100 Authentication login list Max Count Max methods per list Max name length 5 6 15 5 6 15 5 6 15 Authentication Enable lists Max Count Max methods per list Max name length 5 6 1...

Page 1425: ...Max name length 1 6 15 1 6 15 1 6 15 Authorization Exec lists Max Count Max methods per list Max name length 5 4 20 5 4 20 5 4 20 Authorization Command lists Max Count Max methods per list Max name length 5 4 20 5 4 20 5 4 20 Accounting Exec lists Max Count Max methods per list Max name length 5 2 15 5 2 15 5 2 15 Accounting Commands lists Max Count Max methods per list Max name length 5 1 15 5 1 ...

Page 1426: ...024 1024 16 1024 1024 16 252 252 Stacking features Max physical units per stack 12 12 12 Max physical slots per unit 3 3 3 Max physical ports per slot 52 52 58 Max physical ports per unit 56 56 68 Max physical ports per stack 672 572 816 Max active stack ports per unit 2 2 8 Table A 1 Feature Limitations Continued Feature N2000 Series N3000 Series N4000 Series ...

Page 1427: ...um number of remote SSH connections 5 5 5 Number of MAC addresses supported 8192 16384 131072 Maximum Agetime in seconds 1000000 1000000 1000000 Number of VLANs 4096 4096 4096 Maximum VLAN ID 4093 4093 4093 Number of 802 1p traffic classes 7 7 7 IEEE 802 1x Number of 1x clients per stack Number of 1x clients per port 2496 64 2496 64 2496 64 Number of LAGs max lags ports max dynamic LAG ports per s...

Page 1428: ...IGMPv3 MLDv2 HW entries when Routing w o IP Multicast IGMPv3 MLDv2 HW entries when Switching only 1024 4096 8192 1024 4096 8192 512 2048 4096 Jumbo frame support Max size supported 9216 9216 9216 Number of IP Source Guard stations 1020 1020 378 Number of DHCP snooping bindings 32768 32768 32768 Number of DHCP snooping static entries 1024 1024 1024 LLDP MED Number of remote nodes LLDP Remote Manage...

Page 1429: ...ng IPv4 IPv6 build IPv4 routes 32 due to prefix length sharing IPv6 routes RIP application route scaling OSPF application route scaling 512 256 128 256 N A 12288 8160 4096 512 8160 12288 8160 4096 512 8160 Number of static routes IPv4 IPv6 256 128 1024 1024 1024 1024 OSPF Max OSPFv2 LSAs IPv4 only build IPv4 IPv6 build OSPFv2 max neighbors Max OSPFv3 LSAs OSPFv2 max neighbors OSPFv3 max neighbors ...

Page 1430: ... 64 128 32 16 8 6 64 128 32 DHCPv6 Max number of pools DNS domain names within a pool DNS server addresses within a pool Delegated prefix definitions within a pool 16 5 8 10 16 5 8 10 16 5 8 10 Number of VLAN routing interfaces 128 128 128 Number of ARP entries Hosts Device hardware capacity v4 v6 IPv4 only build IPv4 IPv6 build v4 v6 Static v4 ARP entries 1024 512 1024 1024 512 128 16384 8192 614...

Page 1431: ... 5 73 1024 512 IPv4 256 IPv6 2048 each for IPv4 and IPv6 256 256 256 5 20 5 73 ACL limits Maximum number of ACLs any type Maximum number of configurable rules per list Maximum ACL Rules per Interface and Direction IPv4 L2 Maximum ACL Rules per Interface and Direction IPv6 Maximum ACL Rules system wide Maximum VLAN interfaces with ACLs applied Maximum ACL Logging Rules system wide 100 1023 1023 ing...

Page 1432: ... Max table entries Class Table Class Rule Table Policy Table Policy Instance Table Policy Attribute Table Max Nested Class Reference Chain Rule Count 7 8 13 12 3 184 800 32 416 64 768 2304 26 7 8 13 12 3 184 800 32 416 64 768 2304 26 7 8 13 12 3 196 944 32 416 64 768 2304 26 Datacenter Device Limits PFC number of lossless prioirities ETS number of traffic class groups N A N A N A N A 2 3 AutoVoIP ...

Page 1433: ...ask USB etc bcmATP RX bcmATP TX BCM system task Acknowledged Transport Protocol bcmCNTR 0 BCM system task SDK Statistics collection bcmDISC BCM system task SDK Discovery task bcmDPC BCM system task SDK DPC task bcmL2X 0 BCM system task SDK L2 SOC shadow table maintenance bcmLINK 0 BCM system task SDK Physical link status monitor bcmNHOP BCM system task SDK transport Next Hop task bcmRLINK BCM syst...

Page 1434: ...tor Update task cliWebIORedirectTask CLI Web IO Redirection Task cmgrInsertTask Card Manager Insertion Handler cmgrTask Card Manager Status built in and plug in card configuration processing Cnfgr_Thread Configurator startup manager CP Wired If Captive Portal cpuUtilMonitorTask CPU Utilities monitor DapiDebugTask Device API debug processing DHCP Server Processing Task DHCP snoop dhcpsPingTask DHCP...

Page 1435: ...tlAddrTask dtlTask Device Transform Layer Silicon Integration Layer dvmrpMapTask DVMRP Mapping Layer Dynamic ARP Inspection Dynamic ARP Inspection task EDB Entity MIB Processing task EDB Trap Entity MIB Trap task emWeb UI processing task envMonTask Environment Monitor fans power supplies temperature fdbTask Forwarding Data Base Manager fftpTask FTP processing gccp_t GARP Central Control Point task...

Page 1436: ...k ip6MapLocalDataTask ip6MapNbrDiscTask ip6MapProcessingTask ip6MapRadvdTask ipcom_sysl IpHelperTask ipMapForwardingTask ipMapProcessingTask ipnetd IP Stack iscsiTask ISCSI task isdpTask ISDP task lldpTask LLDP task LOG System LOG processing LOGC System LOG processing MAC Age Task MAC address table aging MAC Send Task MAC address table learning macalTask Management ACL packet processing Table B 1 ...

Page 1437: ...sk pimsmMapTask PIMSM task pingAsync Ping response processing pktRcvrTask Multicast control plane packet receiver dispatch pmlTask Port MAC Locking management task portAggTask Port Aggregator task radius_rx_task radius_task RADIUS server tasks ripMapProcessingTask RIP Mapping layer RLIM cnfgr task VRRP configuration RLIM task VRRP message processing RMONTask RMON Statistics Collection serialInput ...

Page 1438: ...acket processing sshdEvTask SSH task ssltTask SSL task Stk Mgr Task Stack Manager Task tacacs_rx_task tacacs_task TACACS tasks tArpCallback tArpReissue ARP tasks tArpTimerExp ARP Timer Expiry tCpktSvc NSF Processing tCptvPrtl Captive portal control plane processing tDhcp6sTask tDhcpsTask DHCP Tasks tEmWeb Web page server tErfTask VxWorks Task tExcTask VxWorks Executive TimeRange Processing Task AC...

Page 1439: ...cessing tTffsPTask VxWorks True Flash File System driver tXbdService VxWorks flash file system load leveler usbFlashDriveTask USB Flash driver processing umCfgUpdateTask umWorkerTask unitMgrTask Stack Management Unit Manager tasks USL Worker Task USL Message processing primarily MAC address table CLI commands UtilTask Mgmt UI login logout processing voipTask Voice Over IP VRRPdaemon VRRP task Tabl...

Page 1440: ...1440 System Process Definitions ...

Page 1441: ...ACL IPv6 ACL and MAC ACL active images 368 address table See MAC address table administrative profiles 213 defaults 240 RADIUS authorization 232 TACACS authorization 228 alternate store and forward 71 Amber 98 110 111 122 123 ARP 82 dynamic ARP inspection 68 ARP inspection see DAI ARP table configuring CLI 1080 configuring web 1070 authentication 211 examples 215 tiered 578 authentication key SNTP...

Page 1442: ...uto VoIP CLI configuration 1335 defaults 1332 understanding 1331 web based configuration 1333 auto provisioning iSCSI 463 Auto VoIP and ACLs 1332 B back pressure 72 banner CLI 315 baud rate 120 BOOTP DHCP relay agent 83 BPDU filtering 80 722 flooding 722 guard 80 protection 724 bridge multicast address groups configuring 818 bridge multicast group table 817 bridge table 1015 broadcast storm contro...

Page 1443: ...viated 140 entering 139 history buffer 141 Compellent storage arrays 464 configuration file defined 362 DHCP auto configuration 395 downloading 365 editing 365 SNMP 366 USB auto configuration 392 USB device 386 configuration scripts 365 384 configuration saving the 366 Configuring 1037 connectivity fault management See IEEE 802 1ag console port connecting to 135 description 120 Console Port Descri...

Page 1444: ...ocols 762 device view 132 DHCP understanding 1037 DHCP auto configuration dependencies 399 enabling 405 monitoring 398 process 393 DHCP client 1041 default VLAN 161 OOB port 161 DHCP relay 76 1041 CLI configuration 1105 defaults 1093 example 1109 layer 2 1088 layer 3 1087 understanding 1087 VLAN 1089 web based configuration 1094 DHCP server 57 address pool configuration 1058 CLI configuration 1054...

Page 1445: ...02 1X 511 and RADIUS 511 and switch role 1286 CLI configuration 1300 defaults 1287 elements 1286 example 1307 understanding 1285 VoIP 1310 web based configuration 1288 diffServ 86 discovery device 761 document conventions 52 domain name server 157 domain name default 158 Dot1x 66 dot1x authentication 211 double VLAN tagging 651 downloading files 370 DSCP value and iSCSI 461 dual images 58 dual IPv...

Page 1446: ...rations 364 copying 374 purpose 361 supported protocols 363 web based 367 file system 367 files and stacking 366 downloading to the switch 364 types 359 uploading from the switch 364 filter assignments authentication server 535 filter DiffServ 511 firmware managing 364 updating the stack 177 upgrade example 381 firmware synchronization stacking 177 Flashing Green 99 112 124 flow control configurin...

Page 1447: ... 802 1ag administrator 863 carrier network 860 configuration CLI 873 configuration web 865 defaults 864 defining domains and ports 863 example 876 MEPs and MIPs 861 troubleshooting tasks 864 understanding 859 IEEE 802 1d 79 IEEE 802 1Q 78 IEEE 802 1Qaz 993 IEEE 802 1X 66 and DiffServ 511 authentication 66 configuring 525 defined 504 monitor mode 66 509 522 port authentication 520 port states 505 R...

Page 1448: ...uthentication server see IAS IP ACL configuration 599 defined 585 IP address configuring 149 default 151 default VLAN 154 163 OOB port 163 IP helper 83 1089 IP multicast traffic layer 2 804 layer 3 1338 IP protocol numbers common 592 IP routing CLI configuration 1079 defaults 1065 example 1084 understanding 1063 web based configuration 1067 IP source guard 67 IPSG and port security 883 example 912...

Page 1449: ...ow detection 460 information tracking 462 servers and a disk array 473 understanding 459 using 460 web based configuration 467 ISDP and CDP 60 CLI configuration 777 configuring 778 enabling 778 example 782 understanding 761 web based configuration 765 J jumbo frames 71 L LACP 81 adding a LAG port 922 CLI configuration 927 web based configuration 920 LAG and STP 916 CLI configuration 925 defaults 9...

Page 1450: ... 762 viewing information 782 LLPF defaults 790 984 example 801 understanding 789 localization captive portal 547 locating the switch 133 locator LED enabling 133 267 log messages 57 log server remote 260 logging ACL 586 CLI configuration 267 considerations 247 defaults 248 destination for log messages 244 example 274 file 259 log message format 246 operation logs 245 severity levels 245 system sta...

Page 1451: ...IX auto 72 MEP configuring 874 MIB SNMP 323 Microsoft Network Load Balancing 1354 mirror ACL 585 mirroring flow based 1299 MLAG 932 MLD 90 defaults 1355 understanding 1342 web based configuration 1373 MLD snooping 88 defaults 814 885 understanding 807 VLAN configuration 849 mode interface configuration 481 monitor mode IEEE 802 1X 509 monitoring system information 243 MSTP example 753 operation in...

Page 1452: ...ce 838 N N2000 back panel 95 N2000 Port Description 91 N3000 back panel 106 N3000 Port Description 102 netinfo 147 network information CLI configuration 161 default 151 defined 147 example 166 purpose 148 web based configuration 152 network pool DHCP 1046 nonstop forwarding see NSF NSF and DHCP snooping 201 and routed access 204 and the storage access network 202 and VoIP 200 in the data center 19...

Page 1453: ...agement 149 P password protecting management access 63 strong 63 PFC 985 PIM defaults 1355 IPv4 web based configuration 1382 IPv6 web based configuration 1382 PIM DM using 1352 PIM SM using 1343 SSM range 1390 understanding 1343 plug in modules configuring 284 PoE 285 313 policy based routing PBR 594 port access control 516 characteristics 477 configuration examples 500 configuring multiple 487 de...

Page 1454: ...l 985 priority based flow control 74 985 private VLAN edge 68 private VLANs 654 711 protected port defined 789 example 801 protocol filtering Cisco 76 protocol based VLAN 648 Q QoS CoS queuing diffserv 86 QSFP module 118 queues CoS 1315 R RADIUS 64 and DiffServ 511 authentication 225 authorization 231 232 for management access control 232 supported attributes 234 understanding 232 RAM log 258 real...

Page 1455: ...ing 1063 routing interfaces CLI configuration 1033 defaults 1026 understanding 1021 using 1024 web based configuration 1027 routing table best routes 1074 configuring 1082 IPv6 1260 1262 RSPAN 73 411 RSTP understanding 715 RSTP PV 724 running config saving 366 S save system settings 366 SDM template configuration guidelines 283 managing 309 understanding 281 SDM templates 58 security port defined ...

Page 1456: ...it horizon 1202 SSH files 363 SSH SSL 64 SSL files 363 SSM range 1390 stacking adding a switch 176 and NSF 62 CLI configuration 192 defaults 182 defined 171 design consideration 181 failover 62 failover example 195 failover initiating 179 features 61 file management 366 firmware synchronization 177 firmware update 177 MAC address table 1016 MAC addresses 181 NSF usage scenario 195 preconfiguration...

Page 1457: ...49 system information CLI configuration 307 default 286 defined 279 example 315 purpose 281 web based configuration 287 system LEDs 119 system time 283 T TACACS 63 authentication 217 authorization 227 228 management access control 237 supported attributes 238 understanding 237 tagging VLAN 649 Telnet configuration options 64 connecting to the switch 136 TFTP image download 375 tiered authenticatio...

Page 1458: ...irtual link OSPF 1184 VLAN 916 authenticated and unauthenticated 507 CLI configuration 682 defaults 661 double 78 double VLAN tagging 651 dynamic 508 example 701 706 guest 78 508 534 IP subnet based 77 MAC based 77 648 port based 77 648 private 654 711 protocol based 77 648 RADIUS assigned 534 routing 82 routing interfaces 1021 1033 static 648 support 77 switchport modes 648 trunk port 683 underst...

Page 1459: ...1310 VoIP auto 1331 VRRP 84 accept mode 1219 CLI configuration 1230 defaults 1221 example 1232 interface tracking 1219 load sharing example 1232 preemption 1218 route and interface tracking example 1236 route tracking 1219 router priority 1218 understanding 1217 web based configuration 1222 W web based configuration 128 web based interface understanding 129 writing to memory 366 ...

Page 1460: ...Index 1460 ...

Reviews:

No comments

Related manuals for N2000 Series

Brand: Pakedge Pages: 24

Brand: Qlogic Pages: 4

Brand: Jasco Pages: 2

Brand: Sangamo Pages: 2

Brand: Enttec Pages: 22

tecatlantis EASY LED CONTROL 2 PLUS

Brand: Aquatlantis Pages: 4

Brand: Elements Pages: 2

Brand: Kobold Pages: 23

Brand: Bridgetek Pages: 2

Brand: T.I.P. Pages: 42

FiberPlex 1004E

Brand: Patton Pages: 39

Brand: Qvis Pages: 7

Brand: Marmitek Pages: 32

Brand: LevelOne Pages: 6

Brand: H3C Pages: 19

Brand: Cooper Crouse-Hinds Pages: 24

Thyro-S 1S H 1 Series

Brand: Advanced Energy Pages: 54

Brand: Comelit Pages: 7

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands