Dell S4048-ON Configuration Manual Download Page 756

Page: 756 / 1039

ctr,aes256-ctr.

SSH server macs : hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-

sha2-256-96.

SSH server kex algorithms : diffie-hellman-group-exchange-sha1,diffie-hellman-group1-

sha1,diffie-hellman-group14-sha1.

Password Authentication : enabled.

Hostbased Authentication : disabled.

RSA Authentication : disabled.

Vty Encryption HMAC Remote IP

Using RSA Authentication of SSH

The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version
2.

On the SSH client (Unix machine), generate an RSA key, as shown in the following example.

Copy the public key

id_rsa.pub

to the Dell Networking system.

Disable password authentication if enabled.
CONFIGURATION mode

no ip ssh password-authentication enable

Enable RSA authentication in SSH.
CONFIGURATION Mode

ip ssh rsa-authentication enable

Install User’s public key for RSA authentication in SSH.
CONFIGURATION Mode

ip ssh rsa-authentication my-authorized-keys flash:

//public_key

Example of Generating RSA Keys

admin@Unix_client#ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/admin/.ssh/id_rsa):

/home/admin/.ssh/id_rsa already exists.

Overwrite (y/n)? y

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/admin/.ssh/id_rsa.

Your public key has been saved in /home/admin/.ssh/id_rsa.pub.

Configuring Host-Based SSH Authentication

Authenticate a particular host. This method uses SSH version 2.
To configure host-based authentication, use the following commands.

Configure RSA Authentication. Refer to

Using RSA Authentication of SSH

Create

shosts

by copying the public RSA key to the file

shosts

in the directory

.ssh

, and write the IP address of the host to the

file.

cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts

Refer to the first example.

Create a list of IP addresses and usernames that are permitted to SSH in a file called

rhosts

Refer to the second example.

Copy the file

shosts

and

rhosts

to the Dell Networking system.

Disable password authentication and RSA authentication, if configured
CONFIGURATION mode or EXEC Privilege mode

no ip ssh password-authentication

no ip ssh rsa-authentication

756

Security

Summary of Contents for S4048-ON

Page 1: ...Dell Configuration Guide for the S4048 ON System 9 9 0 0 ...

Page 2: ...problem WARNING A WARNING indicates a potential for property damage personal injury or death Copyright 2015 Dell Inc All rights reserved This product is protected by U S and international copyright and intellectual property laws Dell and the Dell logo are trademarks of Dell Inc in the United States and or other jurisdictions All other marks and names mentioned herein may be trademarks of their res...

Page 3: ...tion 45 Executing Local CLI Scripts Using an SSH Connection 45 Default Configuration 46 Configuring a Host Name 46 Accessing the System Remotely 46 Accessing the System Remotely 46 Configure the Management Port IP Address 47 Configure a Management Route 47 Configuring a Username and Password 47 Configuring the Enable Password 47 Configuration File Management 48 Copy Files to and from the System 48...

Page 4: ...stics 66 Limit Concurrent Login Sessions 67 Restrictions for Limiting the Number of Concurrent Sessions 67 Configuring Concurrent Session Limit 67 Enabling the System to Clear Existing Sessions 67 Log Messages in the Internal Buffer 68 Configuration Task List for System Log Management 68 Disabling System Logging 68 Sending System Messages to a Syslog Server 69 Configuring a UNIX System as a Syslog...

Page 5: ...s 86 Continuity Check Messages 87 Enabling CCM 88 Enabling Cross Checking 88 Sending Loopback Messages and Responses 88 Sending Linktrace Messages and Responses 88 Caching Link Trace 89 Enabling CFM SNMP Traps 90 Displaying Ethernet CFM Statistics 91 6 802 1X 93 Port Authentication Process 94 EAP over RADIUS 95 Configuring 802 1X 96 Related Configuration Tasks 96 Important Points to Remember 96 En...

Page 6: ...Route Redistribution 118 Configure a Route Map for Route Tagging 119 Continue Clause 119 IP Fragment Handling 119 IP Fragments ACL Examples 120 Layer 4 ACL Rules Examples 120 Configure a Standard IP ACL 121 Configuring a Standard IP ACL Filter 122 Configure an Extended IP ACL 123 Configuring Filters with a Sequence Number 123 Configuring Filters Without a Sequence Number 124 Configure Layer 2 and ...

Page 7: ...Configure BFD for VRRP 164 Configuring Protocol Liveness 167 Troubleshooting BFD 167 10 Border Gateway Protocol IPv4 BGPv4 169 Autonomous Systems AS 169 Sessions and Peers 171 Establish a Session 171 Route Reflectors 172 BGP Attributes 173 Best Path Selection Criteria 173 Weight 175 Local Preference 175 Multi Exit Discriminators MEDs 176 Origin 177 AS Path 177 Next Hop 178 Multiprotocol BGP 178 Im...

Page 8: ... 203 Manipulating the COMMUNITY Attribute 203 Changing MED Attributes 205 Changing the LOCAL_PREFERENCE Attribute 205 Changing the NEXT_HOP Attribute 206 Changing the WEIGHT Attribute 206 Enabling Multipath 206 Filtering BGP Routes 207 Filtering BGP Routes Using Route Maps 208 Filtering BGP Routes Using AS PATH Information 209 Configuring BGP Route Reflectors 209 Aggregating Routes 210 Configuring...

Page 9: ...ing Priority Based Flow Control 246 Configuring Lossless Queues 247 Configuring PFC in a DCB Map 248 PFC Configuration Notes 248 PFC Prerequisites and Restrictions 249 Applying a DCB Map on a Port 250 Configuring PFC without a DCB Map 250 Configuring Lossless QueuesExample 251 Priority Based Flow Control Using Dynamic Buffer Method 252 Pause and Resume of Traffic 252 Buffer Sizes for Lossless or P...

Page 10: ...for Automatic Address Allocation 284 Specifying a Default Gateway 286 Configure a Method of Hostname Resolution 286 Using DNS for Address Resolution 286 Using NetBIOS WINS for Address Resolution 286 Creating Manual Binding Entries 286 Debugging the DHCP Server 287 Using DHCP Clear Commands 287 Configure the System to be a Relay Agent 287 Configure the System to be a DHCP Client 289 Configuring the...

Page 11: ... 311 Using FIP Snooping 311 FIP Snooping Prerequisites 311 Important Points to Remember 312 Enabling the FCoE Transit Feature 312 Enable FIP Snooping on VLANs 313 Configure the FC MAP Value 313 Configure a Port for a Bridge to Bridge Link 313 Configure a Port for a Bridge to FCF Link 313 Impact on Other Software Features 313 FIP Snooping Restrictions 314 Configuring FIP Snooping 314 Displaying FIP...

Page 12: ...Configure GVRP Registration 339 Configure a GARP Timer 340 RPM Redundancy 340 20 High Availability HA 341 Component Redundancy 341 Automatic and Manual Stack Unit Failover 341 Synchronization between Management and Standby Units 342 Forcing an Stack Unit Failover 342 Specifying an Auto Failover Limit 342 Disabling Auto Reboot 343 Manually Synchronizing Management and Standby Units 343 Pre Configur...

Page 13: ...agement Route Configuration 360 Handling of Switch Initiated Traffic 361 Handling of Switch Destined Traffic 361 Handling of Transit Traffic Traffic Separation 362 Mapping of Management Applications and Traffic Type 362 Behavior of Various Applications for Switch Initiated Traffic 363 Behavior of Various Applications for Switch Destined Traffic 364 Interworking of EIS With Various Applications 365...

Page 14: ...N 381 Assigning an IP Address to a Port Channel 382 Deleting or Disabling a Port Channel 383 Load Balancing Through Port Channels 383 Changing the Hash Algorithm 383 Bulk Configuration 384 Interface Range 384 Bulk Configuration Examples 384 Defining Interface Range Macros 385 Define the Interface Range 386 Choosing an Interface Range Macro 386 Monitoring and Maintaining Interfaces 386 Maintenance ...

Page 15: ...6 Configuring the Duration to Establish a TCP Connection 407 Enabling Directed Broadcast 407 Resolution of Host Names 407 Enabling Dynamic Resolution of Host Names 408 Specifying the Local System Domain and a List of Domains 408 Configuring DNS with Traceroute 409 ARP 409 Configuration Tasks for ARP 410 Configuring Static ARP Entries 410 Enabling Proxy ARP 410 Clearing ARP Cache 411 ARP Learning v...

Page 16: ... Tasks for IPv6 428 Adjusting Your CAM Profile 428 Assigning an IPv6 Address to an Interface 429 Assigning a Static IPv6 Route 430 Configuring Telnet with IPv6 430 SNMP over IPv6 430 Displaying IPv6 Information 431 Displaying an IPv6 Interface Information 431 Showing IPv6 Routes 432 Showing the Running Configuration for an Interface 433 Clearing IPv6 Routes 433 Configuring IPv6 RA Guard 434 Config...

Page 17: ...Authentication Passwords 461 Setting the Overload Bit 462 Debugging IS IS 462 IS IS Metric Styles 463 Configure Metric Values 463 Maximum Values in the Routing Table 464 Change the IS IS Metric Style in One Level Only 464 Leaks from One Level to Another 465 Sample Configurations 466 28 Link Aggregation Control Protocol LACP 469 Introduction to Dynamic LAGs and LACP 469 Important Points to Remember...

Page 18: ... Redundant Pairs 490 Far End Failure Detection 491 FEFD State Changes 492 Configuring FEFD 492 Enabling FEFD on an Interface 493 Debugging FEFD 494 30 Link Layer Discovery Protocol LLDP 496 802 1AB LLDP Overview 496 Protocol Data Units 496 Optional TLVs 497 Management TLVs 497 TIA 1057 LLDP MED Overview 499 TIA Organizationally Specific TLVs 499 Configure LLDP 503 Related Configuration Tasks 503 I...

Page 19: ...ce Active Cache 526 Clearing the Source Active Cache 527 Enabling the Rejected Source Active Cache 527 Accept Source Active Messages that Fail the RFP Check 527 Specifying Source Active Messages 531 Limiting the Source Active Messages from a Peer 532 Preventing MSDP from Caching a Local Source 532 Preventing MSDP from Caching a Remote Source 533 Preventing MSDP from Advertising a Local Source 533 ...

Page 20: ...ions 555 34 Multicast Features 557 Enabling IP Multicast 557 Implementation Information 557 Multicast Policies 558 IPv4 Multicast Policies 558 35 Object Tracking 565 Object Tracking Overview 565 Track Layer 2 Interfaces 566 Track Layer 3 Interfaces 566 Track IPv4 and IPv6 Routes 566 Set Tracking Delays 567 VRRP Object Tracking 568 Object Tracking Configuration 568 Tracking a Layer 2 Interface 568 ...

Page 21: ...ute 615 Enabling OSPFv3 Graceful Restart 616 OSPFv3 Authentication Using IPsec 618 Troubleshooting OSPFv3 624 37 Policy based Routing PBR 626 Overview 626 Implementing Policy based Routing with Dell Networking OS 627 Configuration Task List for Policy based Routing 627 PBR Exceptions Permit 628 Create a Redirect List 628 Create a Rule for a Redirect list 628 Apply a Redirect list to an Interface u...

Page 22: ...t Mirroring 652 Encapsulated Remote Port Monitoring 655 Changes to Default BehaviorConfiguration steps for ERPM 655 ERPM Behavior on a typical Dell Networking OS 657 Decapsulation of ERPM packets at the Destination IP Analyzer 657 41 Private VLANs PVLAN 659 Private VLAN Concepts 659 Using the Private VLAN Commands 660 Configuration Task List 661 Creating PVLAN ports 661 Creating a Primary VLAN 662...

Page 23: ...D Profiles 695 Displaying WRED Drop Statistics 695 Displaying egress queue Statistics 695 Pre Calculating Available QoS CAM Space 696 Configuring Weights and ECN for WRED 696 Global Service Pools With WRED and ECN Settings 697 Configuring WRED and ECN Attributes 698 Guidelines for Configuring ECN for Classifying and Color Marking Packets 699 Sample configuration to mark non ecn packets as yellow w...

Page 24: ...s for Layer 2 Mode 727 Enabling Rapid Spanning Tree Protocol Globally 727 Adding and Removing Interfaces 730 Modifying Global Parameters 730 Enabling SNMP Traps for Root Elections and Topology Changes 731 Modifying Interface Parameters 731 Enabling SNMP Traps for Root Elections and Topology Changes 732 Influencing RSTP Root Selection 732 Configuring an EdgePort 732 Configuring Fast Hellos for Link...

Page 25: ...thorization 759 VTY MAC SA Filter Support 759 Role Based Access Control 760 Overview of RBAC 760 User Roles 762 AAA Authentication and Authorization for Roles 766 Role Accounting 768 Display Information About User Roles 769 49 Service Provider Bridging 771 VLAN Stacking 771 Important Points to Remember 772 Configure VLAN Stacking 772 Creating Access and Trunk Ports 773 Enable VLAN Stacking for a V...

Page 26: ...otocol SNMP 796 Protocol Overview 796 Implementation Information 796 SNMPv3 Compliance With FIPS 796 Configuration Task List for SNMP 797 Related Configuration Tasks 797 Important Points to Remember 798 Set up SNMP 798 Creating a Community 798 Setting Up User Based Security SNMPv3 799 Reading Managed Object Values 800 Writing Managed Object Values 800 Configuring Contact and Location Information u...

Page 27: ...er Failure 818 Troubleshooting SNMP Operation 819 52 Stacking 821 Stacking Overview 821 Stack Management Roles 821 Stack Master Election 821 Virtual IP 822 Failover Roles 822 MAC Addressing on Stacks 822 Stacking LAG 824 Supported Stacking Topologies 824 High Availability on Stacks 825 Management Access on Stacks 825 Important Points to Remember 826 Stacking Installation Tasks 826 Create an Stack ...

Page 28: ... Interface STP Parameters 849 Enabling PortFast 849 Prevent Network Disruptions with BPDU Guard 850 Selecting STP Root 852 STP Root Guard 852 Root Guard Scenario 852 Configuring Root Guard 853 Enabling SNMP Traps for Root Elections and Topology Changes 854 Configuring Spanning Trees as Hitless 854 STP Loop Guard 854 Configuring Loop Guard 855 Displaying STP Guard Configuration 856 55 SupportAssist...

Page 29: ...the Tunnel Source Anylocal 876 58 Uplink Failure Detection UFD 877 Feature Description 877 How Uplink Failure Detection Works 878 UFD and NIC Teaming 879 Important Points to Remember 879 Configuring Uplink Failure Detection 880 Clearing a UFD Disabled Interface 881 Displaying Uplink Failure Detection 882 Sample Configuration Uplink Failure Detection 884 59 Upgrade Procedures 886 Get Help with Upgr...

Page 30: ...figuration 912 Preventing Forwarding Loops in a VLT Domain 912 Sample RSTP Configuration 912 Configuring VLT 913 PVST Configuration 923 Sample PVST Configuration 923 eVLT Configuration Example 924 eVLT Configuration Step Examples 924 PIM Sparse Mode Configuration Example 926 Verifying a VLT Configuration 927 Additional VLT Sample Configurations 930 Troubleshooting VLT 932 Reconfiguring Stacked Swi...

Page 31: ...Format 951 Configuring and Controlling VXLAN from the NVP Controller GUI 952 Configuring VxLAN Gateway 954 Connecting to an NVP Controller 954 Advertising VXLAN Access Ports to Controller 955 Displaying VXLAN Configurations 957 VXLAN Service nodes for BFD 958 Examples of the show bfd neighbors command 958 64 Virtual Routing and Forwarding VRF 959 VRF Overview 959 VRF Configuration Notes 960 DHCP 9...

Page 32: ...are Commands 1006 Enabling Environmental Monitoring 1007 Recognize an Overtemperature Condition 1007 Troubleshoot an Over temperature Condition 1008 Recognize an Under Voltage Condition 1008 Troubleshoot an Under Voltage Condition 1008 Buffer Tuning 1009 Deciding to Tune Buffers 1010 Using a Pre Defined Buffer Profile 1013 Sample Buffer Profile Configuration 1013 Troubleshooting Packet Loss 1014 D...

Page 33: ...teway Protocol BGP 1032 Open Shortest Path First OSPF 1032 Intermediate System to Intermediate System IS IS 1033 Routing Information Protocol RIP 1033 Multicast 1034 Network Management 1034 MIB Location 1039 33 ...

Page 34: ...se files MIBs Audience This document is intended for system administrators who are responsible for configuring and maintaining networks and assumes knowledge in Layer 2 and Layer 3 networking technologies Conventions This guide uses the following conventions to describe command syntax Keyword Keywords are in Courier a monospaced font and must be entered in the CLI as listed parameter Parameters ar...

Page 35: ... virtual terminal line before you can Telnet into the system Therefore you must use a console connection when connecting to the system for the first time telnet 172 31 1 53 Trying 172 31 1 53 Connected to 172 31 1 53 Escape character is Login username Password Dell CLI Modes Different sets of commands are available in each mode A command found in one mode cannot be executed from another mode excep...

Page 36: ...nd virtual terminal lines NOTE At any time entering a question mark displays the available command options For example when you are in CONFIGURATION mode entering the question mark first lists all available commands including the possible submodes The CLI modes are EXEC EXEC Privilege CONFIGURATION AS PATH ACL CONTROL PLANE CLASS MAP DCB POLICY DHCP DHCP POOL ECMP GROUP EXTENDED COMMUNITY FRRP INT...

Page 37: ...er the enable command From any other mode use the end command CONFIGURATION Dell conf From EXEC privilege mode enter the configure command From every mode except EXEC and EXEC Privilege enter the exit command NOTE Access all of the following modes from CONFIGURATION mode AS PATH ACL Dell config as path ip as path access list 10 Gigabit Ethernet Interface Dell conf if te 1 1 interface INTERFACE mod...

Page 38: ...PANNING TREE Dell config rstp protocol spanning tree rstp REDIRECT Dell conf redirect list ip redirect list ROUTE MAP Dell config route map route map ROUTER BGP Dell conf router_bgp router bgp BGP ADDRESS FAMILY Dell conf router_bgp_af for IPv4 Dell conf routerZ_bgpv6_af for IPv6 address family ipv4 multicast ipv6 unicast ROUTER BGP Mode ROUTER ISIS Dell conf router_isis router isis ISIS ADDRESS F...

Page 39: ...SIST Dell support assist support assist VLT DOMAIN Dell conf vlt domain vlt domain VRRP Dell conf if interface type slot port vrid vrrp group id vrrp group u Boot Dell Press any key when the following line appears on the console during a system boot Hit any key to stop autoboot UPLINK STATE GROUP Dell conf uplink state group groupID uplink state group The following example shows how to change the ...

Page 40: ...mmands Dell conf interface tengigabitethernet 2 17 Dell conf if te 2 17 ip address 192 168 10 1 24 Dell conf if te 2 17 show config interface TenGigabitEthernet 2 17 ip address 192 168 10 1 24 no shutdown Dell conf if te 2 17 no ip address Dell conf if te 2 17 show config interface TenGigabitEthernet 2 17 no ip address no shutdown Layer 2 protocols are disabled by default To enable Layer 2 protoco...

Page 41: ...and The UP and DOWN arrow keys display previously entered commands refer to Command History The BACKSPACE and DELETE keys erase the previous letter Key combinations are available to move quickly across the command line The following table describes these short cut key combinations Short Cut Key Combination Action CNTL A Moves the cursor to the beginning of the command line CNTL B Moves the cursor ...

Page 42: ...ow run grep ethernet does not return that search result because it only searches for instances containing a non capitalized ethernet show run grep Ethernet ignore case returns instances containing both Ethernet and ethernet The grep command displays only the lines containing specified text The following example shows this command used in combination with the show linecard all command Dell conf do ...

Page 43: ...l users when there are multiple users logged in to CONFIGURATION mode A warning message indicates the username type of connection console or VTY and in the case of a VTY connection the IP address of the terminal on which the connection was established For example On the system that telnets into the switch this message appears Warning The following users are currently configuring the system User us...

Page 44: ...ntals chapter Console Access The device has one RJ 45 RS 232 console port an out of band OOB Ethernet port and a micro USB B console port Serial Console The RJ 45 RS 232 console port is labeled on the upper right hand side as you face the I O side of the chassis Figure 1 RJ 45 Console Port 1 RJ 45 Console Port Accessing the Console Port To access the console port follow these steps For the console...

Page 45: ...ssion you can also use SSH for secure protected communication with the device You can open an SSH session and run commands or script files This method of connectivity is supported with S4810 S4048 ON S3048 ON S4820T and Z9000 switches and provides a reliable safe communication mechanism Entering CLI commands Using an SSH Connection You can run CLI commands by entering any one of the following synt...

Page 46: ...d back over SSH Default Configuration Although a version of Dell Networking OS is pre loaded onto the system the system is not configured when you power up the first time except for the default hostname which is Dell You must configure the system using the CLI Configuring a Host Name The host name appears in the prompt The default host name is Dell Host names must start with a letter and end with ...

Page 47: ...p address mask gateway ip address the network address in dotted decimal format A B C D mask a subnet mask in prefix length format xx gateway the next hop for network traffic originating from the management port Configuring a Username and Password To access the system remotely configure a system username and password To configure a system username and password use the following command Configure a ...

Page 48: ...ode Copy Files to and from the System The command syntax for copying files is similar to UNIX The copy command uses the format copy source file url destination file url NOTE For a detailed description of the copy command refer to the Dell Networking OS Command Reference To copy a local file to a remote system combine the file origin syntax for a local file location with the file destination syntax...

Page 49: ... mount an NFS file system perform the following steps Table 4 Mounting an NFS File System File Operation Syntax To mount an NFS file system mount nfs rhost path mount point username password The foreign file system remains mounted as long as the device is up and does not reboot You can run the file system commands without having to mount or un mount the file system each time you run a command When...

Page 50: ...e name test c 225 bytes successfully copied Dell Save the Running Configuration The running configuration contains the current system configuration Dell Networking recommends coping your running configuration to the startup configuration The commands in this section follow the same format as those commands in the Copy Files to and from the System section but use the filenames startup configuration...

Page 51: ...2 Mar 30 1919 10 31 04 NVTRACE_LOG_DIR 6 drw 8192 Mar 30 1919 10 31 04 CORE_DUMP_DIR 7 d 8192 Mar 30 1919 10 31 04 ADMIN_DIR 8 rw 33059550 Jul 11 2007 17 49 46 FTOS EF 7 4 2 0 bin 9 rw 27674906 Jul 06 2007 00 20 24 FTOS EF 4 7 4 302 bin 10 rw 27674906 Jul 06 2007 19 54 52 boot image FILE 11 drw 8192 Jan 01 1980 00 18 28 diag 12 rw 7276 Jul 20 2007 01 52 40 startup config bak 13 rw 7341 Jul 20 2007...

Page 52: ...figuration will group all the similar looking configuration thereby reducing the size of the configuration For this release the compression will be done only for interface related configuration VLAN physical interfaces The following table describes how the standard and the compressed configuration differ Table 6 Standard and Compressed Configurations int vlan 2 no ip address no shut int vlan 3 tag...

Page 53: ...n 2 no ip address no shutdown interface Vlan 3 tagged te 1 1 no ip address shutdown interface Vlan 4 tagged te 1 1 no ip address shutdown interface Vlan 5 interface TenGigabitEthernet 1 34 ip address 2 1 1 1 16 shutdown interface group Vlan 2 Vlan 100 no ip address no shutdown interface group Vlan 3 5 tagged te 1 1 no ip address shutdown interface Vlan 1000 ip address 1 1 1 1 16 no shutdown snip C...

Page 54: ...ion file to another location Dell Networking OS supports IPv4 and IPv6 addressing for FTP TFTP and SCP in the hostip field Managing the File System The Dell Networking system can use the internal Flash external Flash or remote devices to store files The system stores files on the internal Flash by default but can be configured to store files elsewhere To view file system information use the follow...

Page 55: ...in CONFIGURATION mode NOTE The no feature vrf command is not supported on any of the platforms To enable the VRF feature and cause all VRF related commands to be available or viewable in the CLI interface use the following command You must enable the VRF feature before you can configure its related attributes Dell conf feature vrf Based on whether VRF feature is identified as supported in the Feat...

Page 56: ...nstallation of corrupted or modified images The verify md5 sha256 command calculates and displays the hash of any file on the specified local flash drive You can compare the displayed hash against the appropriate hash published on i Support Optionally the published hash can be included in the verify md5 sha256 command which will display whether it matches the calculated hash of the indicated file ...

Page 57: ...ity If you want the HTTP server to use a VRF table that is attached to an interface configure that HTTP server to use a specific routing table You can use the ip http vrf command to inform the HTTP server to use a specific routing table After you configure this setting the VRF table is used to look up the destination address NOTE To enable HTTP to be VRF aware as a prerequisite you must first defi...

Page 58: ...C mode restricting access A user can access all commands at his privilege level and below Removing a Command from EXEC Mode To remove a command from the list of available commands in EXEC mode for a specific privilege level use the privilege exec command from CONFIGURATION mode In the command specify a level greater than the level given to a user or terminal line then the first keyword of each com...

Page 59: ...buffer size command from EXEC Privilege to EXEC mode by requiring a minimum privilege level 3 which is the configured level for VTY 0 allows access to CONFIGURATION mode with the banner command allows access to INTERFACE and LINE modes are allowed with no commands Remove a command from the list of available commands in EXEC mode CONFIGURATION mode privilege exec level level command command Move a ...

Page 60: ...terface port channel Port channel interface range Configure interface range sonet SONET interface tengigabitethernet TenGigabit Ethernet interface vlan VLAN interface Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 end Exit from configuration mode exit Exit from interface configuration mode Dell conf if te 1 1 exit Dell conf line aux Auxiliary line console Primary terminal line vty ...

Page 61: ...ing on Disable logging to the logging buffer CONFIGURATION mode no logging buffer Disable logging to terminal lines CONFIGURATION mode no logging monitor Disable console logging CONFIGURATION mode no logging console Audit and Security Logs This section describes how to configure display and clear audit and security logs The following is the configuration task list for audit and security logs Enabl...

Page 62: ...and system events Only the system administrator and security administrator user roles can view security logs The network administrator and network operator user roles can view system events NOTE If extended logging is disabled you can only view system events regardless of RBAC user role Example of Enabling Audit and Security Logs Dell conf logging extended Displaying Audit and Security Logs To dis...

Page 63: ...w logging Command Dell show logging syslog logging enabled Console logging level Debugging Monitor logging level Debugging Buffer logging level Debugging 40 Messages Logged Size 40960 bytes Trap logging level Informational IRC 6 IRC_COMMUP Link to peer RPM is up RAM 6 RAM_TASK RPM1 is transitioning to Primary RPM RPM 2 MSG CP1 POLLMGR 2 MMC_STATE External flash disk missing in slot0 CHMGR 5 CARDDE...

Page 64: ...sites To configure a secure connection from the switch to the syslog server 1 On the switch enable the SSH server Dell conf ip ssh server enable 2 On the syslog server create a reverse SSH tunnel from the syslog server to FTOS switch using following syntax ssh R remote port syslog server syslog server listen port user remote_host nNf In the following example the syslog server IP address is 10 156 ...

Page 65: ...ogin attempts that have occurred in the last 30 days by default You can change the default value to any number of days from 1 to 30 By default login activity tracking is disabled You can enable it using the login statistics enable command from the configuration mode Restrictions for Tracking Login Activity These restrictions apply for tracking login activity Only the system and security administra...

Page 66: ...s the successful and failed login details of all users in the last 30 days or the custom defined time period Dell show login statistics all User admin Last login time Mon Feb 16 04 40 00 2015 Last login location Line vty0 10 14 1 97 Unsuccessful login attempt s since the last successful login 0 Unsuccessful login attempt s in last 7 day s 3 User secadm Last login time Mon Feb 16 04 45 29 2015 Last...

Page 67: ...e enable command Configuring Concurrent Session Limit To configure concurrent session limit follow this procedure Limit the number of concurrent sessions for all users CONFIGURATION mode login concurrent session limit number of sessions Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4 Dell config login concurrent se...

Page 68: ...ffer All error messages except those beginning with BOOTUP Message are log in the internal buffer For example BOOTUP RPM0 CP PORTPIPE INIT SUCCESS Portpipe 0 enabled Configuration Task List for System Log Management There are two configuration tasks for system log management Disable System Logging Send System Messages to a Syslog Server Disabling System Logging By default logging is enabled and lo...

Page 69: ...NIX system local7 debugging var adm ftos log In the previous lines local7 is the logging facility level and debugging is the severity level Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location The default is to log all messages up to debug level that is all system messages By changing the severity level i...

Page 70: ...ytes Trap logging level Informational IRC 6 IRC_COMMUP Link to peer RPM is up RAM 6 RAM_TASK RPM1 is transitioning to Primary RPM RPM 2 MSG CP1 POLLMGR 2 MMC_STATE External flash disk missing in slot0 CHMGR 5 CARDDETECTED Line card 0 present CHMGR 5 CARDDETECTED Line card 2 present CHMGR 5 CARDDETECTED Line card 4 present CHMGR 5 CARDDETECTED Line card 5 present CHMGR 5 CARDDETECTED Line card 8 pr...

Page 71: ...cal6 for local use local7 for local use lpr for line printer system messages mail for mail system messages news for USENET news messages sys9 system use sys10 system use sys11 system use sys12 system use sys13 system use sys14 system use syslog for syslog messages user for user programs uucp UNIX to UNIX copy protocol Example of the show running config logging Command To view nondefault settings u...

Page 72: ...the range is from 0 to 7 The default is 2 Use the all keyword to include all messages limit the range is from 20 to 300 The default is 20 To view the logging synchronous configuration use the show config command in LINE mode Enabling Timestamp on Syslog Messages By default syslog messages do not include a time date stamp stating when the error or message was created To enable timestamp use the fol...

Page 73: ...E To transmit large files Dell Networking recommends configuring the switch as an FTP server Configuration Task List for File Transfer Services The configuration tasks for file transfer services are Enable FTP Server mandatory Configure FTP Server Parameters optional Configure FTP Client Parameters optional Enabling the FTP Server To enable the system as an FTP server use the following command To ...

Page 74: ...ig ftp command in EXEC privilege mode as shown in the example for Enable FTP Server Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles Terminal lines on the system provide different means of accessing the system The console line console connects you through the console port in the route processor modules RPMs The virtual terminal lines VTY...

Page 75: ...ip access list standard myvtyacl seq 5 permit host 10 11 0 1 Dell config std nacl line vty 0 Dell config line vty show config line vty 0 access class myvtyacl Dell conf ipv6 acl do show run acl ip access list extended testdeny seq 10 deny ip 30 1 1 0 24 any seq 15 permit ip any any ip access list extended testpermit seq 15 permit ip any any ipv6 access list testv6deny seq 10 deny ipv6 3001 64 any ...

Page 76: ...tion method in the method list you applied to the terminal line configure a password for the terminal line LINE mode password Example of Terminal Line Authentication In the following example VTY lines 0 2 use a single authentication method line Dell conf aaa authentication login myvtymethodlist line Dell conf line vty 0 2 Dell config line vty login authentication myvtymethodlist Dell config line v...

Page 77: ...you for one Enter an IPv4 address in dotted decimal format A B C D Enter an IPv6 address in the format 0000 0000 0000 0000 0000 0000 0000 0000 Elision of zeros is supported Example of the telnet Command for Device Access Dell telnet 10 11 80 203 Trying 10 11 80 203 Connected to 10 11 80 203 Exit character is Login Login admin Password Dell exit Dell telnet 2200 2200 2200 2200 2200 2201 Trying 2200...

Page 78: ... admin on line vty1 10 1 1 1 NOTE The CONFIGURATION mode lock corresponds to a VTY session not a user Therefore if you configure a lock and then exit CONFIGURATION mode and another user enters CONFIGURATION mode when you attempt to re enter CONFIGURATION mode you are denied access even though you are the one that configured the lock NOTE If your session times out and you return to EXEC mode the CO...

Page 79: ...artition contains a valid image If a valid image exists on the primary partition and the secondary partition does not contain a valid image then the primary boot line is set to A and the secondary and default boot lines are set to a Null string If the secondary partition also contains a valid image then the primary boot line value is set to the partition that is configured to be used to boot the d...

Page 80: ... mask For example 255 255 0 0 5 Assign an IP address as the default gateway for the system uBoot mode setenv gatewayip gateway_ip_address For example 10 16 150 254 6 Save the modified environmental variables uBoot mode saveenv 7 Reload the system uBoot mode reset 80 Management ...

Page 81: ...ronic commerce messaging protocol ECMP configurations ping and traceroute are not designed to verify data connectivity in the network and within each node in the network such as in the switching fabric and hardware forwarding tables when networks are built from different operational domains access controls impose restrictions that cannot be overcome at the IP level resulting in poor fault visibili...

Page 82: ...int is an interface demarcation that confines CFM frames to a domain There are two types of maintenance points Maintenance end points MEPs a logical entity that marks the end point of a domain Maintenance intermediate points MIPs a logical entity configured at a port of a switch that is an intermediate point of a maintenance entity ME An ME is a point to point relationship between two MEPs within ...

Page 83: ...the internal forwarding path is effectively the switch fabric and forwarding engine Down MEP monitors the forwarding path external another bridge Configure Up MEPs on ingress ports ports that send traffic towards the bridge relay Configure Down MEPs on egress ports ports that send traffic away from the bridge relay Figure 5 Maintenance End Points Implementation Information The S Series has a singl...

Page 84: ...mands 1 Spawn the CFM process No CFM configuration is allowed until the CFM process is spawned CONFIGURATION mode ethernet cfm 2 Disable Ethernet CFM without stopping the CFM process ETHERNET CFM disable Creating a Maintenance Domain Connectivity fault management CFM divides a network into hierarchical maintenance domains as shown in Maintenance Domains 1 Create maintenance domain ETHERNET CFM mod...

Page 85: ...Ps within a single domain These roles define the relationships between all devices so that each device can monitor the layers under its responsibility Creating a Maintenance End Point A maintenance endpoint MEP is a logical entity that marks the endpoint of a domain There are two types of MEPs defined in 802 1ag for an 802 1 bridge Up MEP monitors the forwarding path internal to a bridge on the cu...

Page 86: ...ints local mip MPID Domain Name Level Type Port CCM Status MA Name VLAN Dir MAC 0 service1 4 MIP Te 1 5 Disabled My_MA 3333 DOWN 00 01 e8 0b c6 36 0 service1 4 MIP Te 1 5 Disabled Your_MA 3333 UP 00 01 e8 0b c6 36 Displaying the MP Databases CFM maintains two MP databases MEP Database MEP DB Every MEP must maintain a database of all other MEPs in the MA that have announced their presence via CCM M...

Page 87: ...and process these messages MIPs may optionally process the CCM messages the MEPs originate and construct a MIP CCM database MEPs and MIPs filter CCMs from higher and lower domain levels as described in the following table Table 7 Continuity Check Message Processing Frames at Frames from UP MEP Action Down MEP Action MIP Action Less than my level Bridge relay side or Wire side Drop Drop Drop My lev...

Page 88: ...ss check operation for an MEP ETHERNET CFM mode mep cross check mep id 3 Configure the amount of time the system has to wait for a remote MEP to come up before the cross check operation is started ETHERNET CFM mode mep cross check start delay number Sending Loopback Messages and Responses Loopback message and response LBM LBR also called Layer 2 Ping is an administrative echo transmitted by MEPs t...

Page 89: ...Multicast message sent to the entire ME EXEC Privilege traceroute ethernet domain Caching Link Trace After you execute a Link Trace command the trace information can be cached so that you can view it later without retracing To enable set display and delete link trace caching use the following commands Enable Link Trace caching CONFIGURATION mode traceroute cache Set the amount of time a trace resu...

Page 90: ...er1 at Level 7 VLAN 1000 Error CCM defect ECFM 5 ECFM_ERROR_ALARM Error CCM Defect detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000 MAC Status defect ECFM 5 ECFM_MAC_STATUS_ALARM MAC Status Defect detected by MEP 1 in Domain provider at Level 4 VLAN 3000 Remote CCM defect ECFM 5 ECFM_REMOTE_ALARM Remote CCM Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 RDI defect ECFM...

Page 91: ...atistics EXEC Privilege mode show ethernet cfm statistics domain name level vlan id vlan id mpid mpid Display CFM statistics by port EXEC Privilege mode show ethernet cfm port statistics interface Example of Viewing CFM Statistics Dell show ethernet cfm statistics Domain Name Customer Domain Level 7 MA Name My_MA MPID 300 CCMs Transmitted 1503 RcvdSeqErrors 0 LTRs Unexpected Rcvd 0 LBRs Received 0...

Page 92: ...Bad CFM Pkts 0 CFM Pkts Discarded 0 CFM Pkts forwarded 102417 TX Statistics Total CFM Pkts 10303 CCM Pkts 0 LBM Pkts 0 LTM Pkts 3 LBR Pkts 0 LTR Pkts 0 92 802 1ag ...

Page 93: ... device in this case a Dell Networking switch The network access device mediates all communication between the end user device and the authentication server so that the network remains secure The network access device uses EAP over Ethernet EAPOL to communicate with the end user device and EAP over RADIUS to communicate with the server NOTE The Dell Networking Operating System OS supports 802 1X w...

Page 94: ...authorized if the server can authenticate the supplicant In this state network traffic can be forwarded normally NOTE The Dell Networking switches place 802 1X enabled ports in the unauthorized state by default Port Authentication Process The authentication process begins when the authenticator senses that a link status has changed from down to up 1 When the authenticator senses a link state chang...

Page 95: ...s invalid the server sends an Access Reject frame If the port state remains unauthorized the authenticator forwards an EAP Failure frame Figure 9 EAP Port Authentication EAP over RADIUS 802 1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server as defined in RFC 3579 EAP messages are encapsulated in RADIUS packets as a type of attribute in Type Length Value T...

Page 96: ...ng 802 1X Configuring 802 1X on a port is a one step process For more information refer to Enabling 802 1X Related Configuration Tasks Configuring Request Identity Re Transmissions Forcibly Authorizing or Unauthorizing a Port Re Authenticating a Port Configuring Timeouts Configuring a Guest VLAN Configuring an Authentication Fail VLAN Important Points to Remember Dell Networking OS supports 802 1X...

Page 97: ...ce or a range of interfaces INTERFACE mode interface range 3 Enable 802 1X on the supplicant interface only INTERFACE mode dot1x authentication Examples of Verifying that 802 1X is Enabled Globally and on an Interface Verify that 802 1X is enabled globally and at the interface level using the show running config find dot1x command from EXEC Privilege mode 802 1X 97 ...

Page 98: ...0 seconds ReAuth Max 2 Supplicant Timeout 30 seconds Server Timeout 30 seconds Re Auth Interval 3600 seconds Max EAP Req 2 Host Mode SINGLE_HOST Auth PAE State Initialize Backend State Initialize Configuring Request Identity Re Transmissions When the authenticator sends a Request Identity frame and the supplicant does not respond the authenticator waits for 30 seconds and then re transmits the fra...

Page 99: ...smit a Request Identity frame after a failed authentication INTERFACE mode dot1x quiet period seconds The range is from 1 to 65535 The default is 60 seconds Example of Configuring and Verifying Port Authentication The following example shows configuration information for a port for which the authenticator re transmits an EAP Request Identity frame after 90 seconds and a maximum of 10 times for an ...

Page 100: ...a Port in Force Authorized State and Viewing the Configuration The example shows configuration information for a port that has been force authorized The bold line shows the new port control state Dell conf if Te 1 1 dot1x port control force authorized Dell conf if Te 1 1 show dot1x interface TenGigabitEthernet 1 1 802 1x information on Te 1 1 Dot1x Status Enable Port Control FORCE_AUTHORIZED Port ...

Page 101: ...AN id None Tx Period 90 seconds Quiet Period 120 seconds ReAuth Max 10 Supplicant Timeout 30 seconds Server Timeout 30 seconds Re Auth Interval 7200 seconds Max EAP Req 10 Auth Type SINGLE_HOST Auth PAE State Initialize Backend State Initialize Auth PAE State Initialize Backend State Initialize Configuring Timeouts If the supplicant or the authentication server is unresponsive the authenticator te...

Page 102: ...val 7200 seconds Max EAP Req 10 Auth Type SINGLE_HOST Auth PAE State Initialize Backend State Initialize Enter the tasks the user should do after finishing this task optional Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802 1X The basis for VLAN assignment is RADIUS attribute 81 Tunnel Private Group ID Dynamic VLAN assi...

Page 103: ...thenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data NOTE Ports cannot be dynamically assigned to the default VLAN If the supplicant fails authentication the authenticator typically does not enable the port In some cases this behavior is not appropriate External users of an ent...

Page 104: ...l conf if Te 2 1 Configuring an Authentication Fail VLAN If the supplicant fails authentication the authenticator re attempts to authenticate after a specified amount of time NOTE For more information about authenticator re attempts refer to Configuring a Quiet Period after a Failed Authentication You can configure the maximum number of times the authenticator re attempts authentication after a fa...

Page 105: ...Status Enable Port Control FORCE_AUTHORIZED Port Auth Status UNAUTHORIZED Re Authentication Disable Untagged VLAN id None Guest VLAN Disabled Guest VLAN id 200 Auth Fail VLAN Disabled Auth Fail VLAN id 100 Auth Fail Max Attempts 5 Tx Period 90 seconds Quiet Period 120 seconds ReAuth Max 10 Supplicant Timeout 15 seconds Server Timeout 15 seconds Re Auth Interval 7200 seconds Max EAP Req 10 Auth Typ...

Page 106: ...er you enter the acl vlan group command the ACL manager application performs the validation If the command is valid it is processed and sent to the agent if required If a configuration error is found or if the maximum limit has exceeded for the ACL VLAN groups present on the system an error message displays After you enter the acl vlan group command the ACL manager application verifies the followi...

Page 107: ...ability you cannot view the statistical details of ACL rules per VLAN and per interface You can only view the counters per ACL only using the show ip accounting access list command Within a port you can apply Layer 2 ACLs on a VLAN or a set of VLANs In this case CAM optimization is not applied To enable optimization of CAM space for Layer 2 or Layer 3 ACLs that are applied to ports the port number...

Page 108: ... Dell Configuring FP Blocks for VLAN Parameters To allocate the number of FP blocks for the various VLAN processes on the system use the cam acl vlan command To reset the number of FP blocks to the default use the no version of this command By default 0 groups are allocated for the ACL in VLAN contentaware processor VCAP ACL VLAN groups or CAM optimization is not enabled by default You also must a...

Page 109: ...L3 FIB 262141 14 262127 IN L3 SysFlow 2878 45 2833 IN L3 TrcList 1024 0 1024 IN L3 McastFib 9215 0 9215 IN L3 Qos 8192 0 8192 IN L3 PBR 1024 0 1024 IN V6 ACL 0 0 0 IN V6 FIB 0 0 0 IN V6 SysFlow 0 0 0 IN V6 McastFib 0 0 0 OUT L2 ACL 1024 0 1024 OUT L3 ACL 1024 0 1024 OUT V6 ACL 0 0 0 1 1 IN L2 ACL 320 0 320 IN L2 FIB 32768 1136 31632 IN L3 ACL 12288 2 12286 IN L3 FIB 262141 14 262127 IN L3 SysFlow ...

Page 110: ... groups Of the two dynamic groups you can allocate zero one or two FP blocks to iSCSI Counters Open Flow and ACL Optimization You can configure only two of these features at a time To allocate the number of FP blocks for VLAN open flow operations use the cam acl vlan vlanopenflow 0 2 command To allocate the number of FP blocks for VLAN iSCSI counters use the cam acl vlan vlaniscsi 0 2 command To a...

Page 111: ... on your content addressable memory CAM size For more information refer to User Configurable CAM Allocation and CAM Optimization For complete CAM profiling information refer to Content Addressable Memory CAM NOTE You can apply Layer 3 VRF aware ACLs only at the ingress level VRF Instances Interfaces V4 ACL CAM VRF V4 ACL CAM L2 ACL CAM Port VLAN based PERMIT DENY Rules Port VLAN based IMPLICIT DEN...

Page 112: ...cks that cannot be reallocated Enter the ipv6acl allocation as a factor of 2 2 4 6 8 10 All other profile allocations can use either even or odd numbered ranges If you want to configure ACL s on VRF instances you must allocate a CAM region using the vrfv4acl option in the cam acl command Save the new CAM settings to the startup config use write mem or copy run start then reload the system for the ...

Page 113: ...t of CAM space A single ACL rule uses two CAM entries to identify whether the access list is a standard or extended ACL Determine the Order in which ACLs are Used to Classify Traffic When you link class maps to queues using the service queue command Dell Networking OS matches the class maps according to queue priority queue numbers closer to 0 have lower priorities As shown in the following exampl...

Page 114: ... map mandatory Configure route map filters optional Configure a route map for route redistribution optional Configure a route map for route tagging optional Creating a Route Map Route maps ACLs and prefix lists are similar in composition because all three contain filters but route map filters do not contain the permit and deny actions found in ACLs and prefix lists Route map filters match certain ...

Page 115: ...dilling route map dilling permit sequence 10 Match clauses Set clauses route map dilling permit sequence 15 Match clauses interface Loopback 23 Set clauses tag 3444 Dell To delete a route map use the no route map map name command in CONFIGURATION mode Configure Route Map Filters Within ROUTE MAP mode there are match and set commands match commands search for a certain criterion in the routes set c...

Page 116: ...config route map match tag 1000 Dell conf route map force deny 30 Dell config route map match tag 1000 Configuring Match Routes To configure match criterion for a route map use the following commands Match routes with the same AS PATH numbers CONFIG ROUTE MAP mode match as path as path name Match routes with COMMUNITY list attributes in their path CONFIG ROUTE MAP mode match community community li...

Page 117: ... OSPF ISIS level 1 ISIS level 2 or locally generated CONFIG ROUTE MAP mode match route type external type 1 type 2 internal level 1 level 2 local Match routes with a specific tag CONFIG ROUTE MAP mode match tag tag value To create route map instances use these commands There is no limit to the number of match commands per route map but the convention is to keep the number of match filters in a rou...

Page 118: ...ected routes or another routing protocol Different protocols assign different values to redistributed routes to identify either the routes and their origins The metric value is the most common attribute that is changed to properly redistribute other routes into a routing protocol Other attributes that can be changed include the metric type for example external and internal route types in OSPF and ...

Page 119: ...lause at the end of a route map module In this example if a match is found in the route map test module 10 module 30 is processed NOTE If you configure the continue clause without specifying a module the next sequential module is processed Example of Using the continue Clause in a Route Map route map test permit 10 match commu comm list1 set community 1 1 1 2 1 3 set as path prepend 1 2 3 4 5 cont...

Page 120: ... Permit an ACL line with L3 information only and the fragments keyword is present If a packet s L3 information matches the L3 information in the ACL line the packet s FO is checked If a packet s FO 0 the packet is permitted If a packet s FO 0 the next ACL entry is processed Deny ACL line with L3 information only and the fragments keyword is present If a packet s L3 information does match the L3 in...

Page 121: ...s listname 2 Configure a drop or forward filter CONFIG STD NACL mode seq sequence number deny permit source mask any host ip address count byte dscp order fragments NOTE When assigning sequence numbers to filters keep in mind that you might need to insert a new filter To prevent reconfiguring multiple filters assign sequence numbers in multiples of five To view the rules of a particular ACL config...

Page 122: ...umbers The filters were assigned sequence numbers based on the order in which they were configured for example the first filter was given the lowest sequence number The show config command in IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10 Example of Viewing a Filter Sequence for a Specified Standard ACL and for an Interface Dell config route map ip access standard ...

Page 123: ...ents When you use the log keyword the CP logs details about the packets that match Depending on how many packets match the log entry and at what rate the CP may become busy as it has to log these packets details Configure Filters TCP Packets To create a filter for TCP packets with a specified sequence number use the following commands 1 Create an extended IP ACL and assign it a unique name CONFIGU...

Page 124: ...y permit source mask any host ip address count byte order fragments Configure a deny or permit filter to examine TCP packets CONFIG EXT NACL mode deny permit tcp source mask any host ip address count byte order fragments Configure a deny or permit filter to examine UDP packets CONFIG EXT NACL mode deny permit udp source mask any host ip address count byte order fragments When you use the log keywo...

Page 125: ...e L2 ACL filters the packets The L3 ACL applied to such a port does not affect traffic That is existing rules for other features such as trace list policy based routing PBR and QoS are applied to the permitted traffic For information about MAC ACLs refer to Layer 2 Assign an IP ACL to an Interface To pass traffic through a configured IP ACL assign that ACL to a physical interface a port channel in...

Page 126: ... 10 2 1 100 255 255 255 0 ip access group nimule in no shutdown Dell conf if To filter traffic on Telnet sessions use only standard ACLs in the access class command Counting ACL Hits You can view the number of packets matching the ACL by using the count option when creating ACL entries 1 Create an ACL that uses rules with the count option Refer to Configure a Standard IP ACL Filter 2 Apply the ACL...

Page 127: ...esults By localizing target traffic it is a simpler implementation To restrict egress traffic use an egress ACL For example when a denial of service DOS attack traffic is isolated to a specific interface you can apply an egress ACL to block the flow from the exiting the box thus protecting downstream devices To create an egress ACL use the ip access group command in EXEC Privilege mode The example...

Page 128: ... to describe the desired CPU traffic CONFIG NACL mode permit ip source mask any host ip address destination mask any host ip address count FTOS Behavior Virtual router redundancy protocol VRRP hellos and internet group management protocol IGMP packets are not affected when you enable egress ACL filtering for CPU traffic Packets sent by the CPU with the source address as the VRRP virtual IP address...

Page 129: ...portant to know which protocol your system supports prior to implementing prefix lists Configuration Task List for Prefix Lists To configure a prefix list use commands in PREFIX LIST ROUTER RIP ROUTER OSPF and ROUTER BGP modes Create the prefix list in PREFIX LIST mode and assign that list to commands in ROUTER RIP ROUTER OSPF and ROUTER BGP modes The following list includes the configuration task...

Page 130: ...r in which the filters are configured The Dell Networking OS assigns filters in multiples of five Creating a Prefix List Without a Sequence Number To create a filter without a specified sequence number use the following commands 1 Create a prefix list and assign it a unique name CONFIGURATION mode ip prefix list prefix name 2 Create a prefix list filter with a deny or permit action CONFIG NPREFIXL...

Page 131: ...s the show ip prefix list summary command Dell Dell show ip prefix summary Prefix list with the last deletion insertion filter_ospf ip prefix list filter_in count 3 range entries 3 sequences 5 10 ip prefix list filter_ospf count 4 range entries 1 sequences 5 10 Dell Applying a Prefix List for Route Redistribution To pass traffic through a configured prefix list use the prefix list in a route redis...

Page 132: ...st name out connected rip static Example of Viewing Configured Prefix Lists ROUTER OSPF mode To view the configuration use the show config command in ROUTER OSPF mode or the show running config ospf command in EXEC mode Dell conf router_ospf show config router ospf 34 network 10 2 1 1 255 255 255 255 area 0 0 0 1 distribute list prefix awe in Dell conf router_ospf ACL Resequencing ACL resequencing...

Page 133: ...crement IPv4 or IPv6 prefix list EXEC mode resequence prefix list ipv4 ipv6 prefix list name StartingSeqNum Step to Increment Examples of Resequencing ACLs When Remarks and Rules Have the Same Number or Different Numbers Remarks and rules that originally have the same sequence number have the same sequence number after you apply the resequence command The example shows the resequencing of an IPv4 ...

Page 134: ... prefix lists in that they consist of a series of commands that contain a matching criterion and an action route maps can modify parameters in matching packets Implementation Information ACLs and prefix lists can only drop or forward the packet or traffic Route maps process routes for route redistribution For example a route map can be called to filter only specific routes and to add a metric Rout...

Page 135: ...gged attributes For IP Packets the ACL name sequence number ACL action permit or deny source and destination MAC addresses source and destination IP addresses and the transport layer protocol used are the logged attributes For IP packets that contain the transport layer protocol as Transmission Control Protocol TCP or User Datagram Protocol UDP the ACL name sequence number ACL action permit or den...

Page 136: ...pecify the threshold explicitly CONFIG STD NACL mode seq sequence number deny permit source mask any host ip address log threshold in msgs count 2 Specify the interval in minutes at which ACL logs must be generated You can enter an interval in the range of 1 10 minutes The default frequency at which ACL logs are generated is 5 minutes If ACL logging is stopped because the configured threshold has ...

Page 137: ... communication IPC bandwidth utilization will be high The ACL manager might require a large bandwidth when you assign an ACL with many entries to an interface The ACL agent module saves monitoring details in its local database and also in the CAM region to monitor packets that match the specified criterion The ACL agent maintains data on the source port the destination port and the endpoint to whi...

Page 138: ...le 2 Define access list rules that include the keyword monitor Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor CONFIGURATION mode ip access list For more information see Access Control Lists ACLs 3 Apply the ACL to the monitored port INTERFACE mode ip access group access list Example of the flow based enable Command To view an access list that ...

Page 139: ...or reconfigure new CAM allocation settings and enable IPV4 UDF CONFIGURATION mode cam acl default l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number vman qos vman dual qos number ecfmacl number nlbclusteracl number ipv4pbr number openflow number fcoe number ipv4udfenable iscsioptacl number vrfv4acl number Dell conf cam acl l2acl 1 ipv4acl 8 ipv6acl 2...

Page 140: ...th bytes Dell conf udf tcam key innerL3header udf id 6 packetbase innerL3Header offset 0 length 2 6 View the UDF TCAM configuration CONFIGURATION UDF TCAM mode show config Dell conf udf tcam show config udf tcam ipnip seq 1 key innerL3header udf id 6 packetbase innerL3Header offset 0 length 2 Dell conf udf tcam 7 Configure the match criteria for the packet type in which UDF offset bytes are parsed...

Page 141: ... STANDARD ACCESS LIST mode CONFIGURATION EXTENDED ACCESS LIST mode permit ip source mask any host ip address destination mask any host ip address udf pkt format name udf qualifier value name Dell config ext nacl permit ip any any udf pkt format ipinip udf qualifier value ipnip_val1 12 View the UDF TCAM configuration CONFIGURATION UDF TCAM mode show config Dell config ext nacl show config ip access...

Page 142: ...essor Only session state changes are reported to the BFD Manager on the route processor which in turn notifies the routing protocols that are registered with it BFD is an independent and generic protocol which all media topologies and routing protocols can support using any encapsulation Dell Networking has implemented BFD at Layer 3 and with user datagram protocol UDP encapsulation BFD is support...

Page 143: ...bit is set the receiving system must respond as soon as possible without regard to its transmit interval The responding system clears the poll bit and sets the final bit in its response The poll and final bits are used during the handshake and in Demand mode refer to BFD Sessions NOTE Dell Networking OS does not currently support multi point sessions Demand mode authentication or control plane ind...

Page 144: ...erval Detection time Detection time is the amount of time that a system does not receive a control packet after which the system determines that the session has failed Each system has its own detection time In Asynchronous mode Detection time is the remote Detection Multiplier multiplied by greater of the remote Desired TX Interval and the local Required Min RX Interval In Demand mode Detection ti...

Page 145: ...ive system responds These packets are sent at the desired transmit interval of the Active system The Your Discriminator field is set to zero 2 When the passive system receives any of these control packets it changes its session state to Init and sends a response that indicates its state change The response includes its session ID in the My Discriminator field and the session ID of the remote syste...

Page 146: ...Figure 14 BFD Three Way Handshake State Changes 146 Bidirectional Forwarding Detection BFD ...

Page 147: ...nimum transmit and receive intervals with a multiplier of 3 and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4 Enable BFD on both ends of a link Demand mode authentication and the Echo function are not supported BFD is not supported on multi hop and virtual links Protocol Liveness is supported for routing protocols only Dell Networking OS supports only OSPF OSPFv3...

Page 148: ...ysical port is a two step process 1 Enable BFD globally 2 Establish a session with a next hop neighbor Related Configuration Tasks Viewing Physical Port Session Parameters Disabling and Re Enabling BFD Enabling BFD Globally You must enable BFD globally on both routers For more information about enabling BFD globally refer to Establishing a Session on Physical Ports To enable the BFD globally use t...

Page 149: ...ghbors command To verify that the session is established use the show bfd neighbors command The bold line shows the BFD session R1 conf if te 4 24 do show bfd neighbors Active session role Ad Dn Admin Down C CLI I ISIS O OSPF R Static Route RTM LocalAddr RemoteAddr Interface State Rx int Tx int Mult Clients 2 2 2 1 2 2 2 2 Te 4 24 Up 100 100 3 C To view specific information about BFD sessions use ...

Page 150: ...nterval 100 min_rx 100 multiplier 4 role passive R1 conf if te 4 24 do show bfd neighbors detail Session Discriminator 1 Neighbor Discriminator 1 Local Addr 2 2 2 1 Local MAC Addr 00 01 e8 09 c3 e5 Remote Addr 2 2 2 2 Remote MAC Addr 00 01 e8 06 95 a2 Int TenGigabitEthernet 4 24 State Up Configured parameters TX 100ms RX 100ms Multiplier 4 Neighbor parameters TX 100ms RX 100ms Multiplier 3 Actual ...

Page 151: ...tic routes from the routing table as soon as the link state change occurs rather than waiting until packets fail to reach their next hop Configuring BFD for static routes is a three step process 1 Enable BFD globally 2 Configure static routes on both routers on the system either local or remote 3 Configure an IP route to connect BFD on the static routes using the ip route bfd command Related Confi...

Page 152: ...and Change parameters for all static route sessions CONFIGURATION mode ip route bfd interval milliseconds min_rx milliseconds multiplier value role active passive To view session parameters use the show bfd neighbors detail command as shown in the examples in Displaying BFD for BGP Information Disabling BFD for Static Routes If you disable BFD all static route BFD sessions are torn down A final Ad...

Page 153: ... Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface use the following commands Establish sessions with all OSPF neighbors ROUTER OSPF mode bfd all neighbors Establish sessions with OSPF neighbors on a single interface INTERFACE mode ip ospf bfd all neighbors Example of Verifying Sessions with OSPF Neighbors To view the established ses...

Page 154: ...etail command as shown in the example in Displaying BFD for BGP Information Change parameters for all OSPFv3 sessions ROUTER OSPFv3 mode bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive Change parameters for OSPFv3 sessions on a single interface INTERFACE mode ipv6 ospf bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role...

Page 155: ...erface If you change a parameter globally the change affects all OSPF neighbors sessions If you change a parameter at the interface level the change affects all OSPF sessions on that interface To change parameters for all OSPF sessions or for OSPF sessions on a single interface use the following commands Change parameters for OSPF sessions ROUTER OSPF mode bfd all neighbors interval milliseconds m...

Page 156: ...that a link state change occurred Configuring BFD for IS IS is a two step process 1 Enable BFD globally 2 Establish sessions for all or particular IS IS neighbors Related Configuration Tasks Changing IS IS Session Parameters Disabling BFD for IS IS Establishing Sessions with IS IS Neighbors BFD sessions can be established for all IS IS neighbors at once or sessions can be established for all neigh...

Page 157: ...e change affects all IS IS sessions on that interface To change parameters for all IS IS sessions or for IS IS sessions on a single interface use the following commands To view session parameters use the show bfd neighbors detail command as shown in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors Command in Displaying BFD for BGP Information Change parameters for all IS IS s...

Page 158: ...ors to reduce convergence time the neighbor fall over command as described in BGP Fast Fall Over Establishing Sessions with BGP Neighbors Before configuring BFD for BGP you must first configure BGP on the routers that you want to interconnect For more information refer to Border Gateway Protocol IPv4 BGPv4 For example the following illustration shows a sample BFD configuration on Router 1 and Rout...

Page 159: ...whenever BFD detects a failure condition 1 Enable BFD globally CONFIGURATION mode bfd enable 2 Specify the AS number and enter ROUTER BGP configuration mode CONFIGURATION mode router bgp as number 3 Add a BGP neighbor or peer group in a remote AS CONFIG ROUTERBGP mode neighbor ip address peer group name remote as as number 4 Enable the BGP neighbor CONFIG ROUTERBGP mode neighbor ip address peer gr...

Page 160: ...rmation about BGP peer groups refer to Configure Peer Groups If you explicitly enable or disable a BGP neighbor for BFD that belongs to a peer group The neighbor does not inherit the BFD enable disable values configured with the bfd all neighbors command or configured for the peer group to which the neighbor belongs The neighbor inherits only the global timer values that are configured with the bf...

Page 161: ... 2 3 2 2 2 2 Te 6 2 Up 100 100 3 B 3 3 3 3 3 3 3 2 Te 6 3 Up 100 100 3 B The following example shows viewing BFD neighbors with full detail The bold lines show the BFD session parameters TX packet transmission RX packet reception and multiplier maximum number of missed packets R2 show bfd neighbors detail Session Discriminator 9 Neighbor Discriminator 10 Local Addr 1 1 1 3 Local MAC Addr 00 01 e8 ...

Page 162: ...or 1428 Number of packets sent to neighbor 1428 Number of state changes 1 Number of messages from IFA about port state change 0 Number of messages communicated b w Manager and Agent 4 The following example shows viewing configured BFD counters R2 show bfd counters bgp Interface TenGigabitEthernet 6 1 Protocol BGP Messages Registration 5 De registration 4 Init 0 Up 6 Down 0 Admin Down 2 Interface T...

Page 163: ... AS 1 external link BGP version 4 remote router ID 12 0 0 4 BGP state ESTABLISHED in this state for 00 05 33 Last read 00 00 30 last write 00 00 30 Hold time is 180 keepalive interval is 60 seconds Received 8 messages 0 in queue 1 opens 0 notifications 0 updates 7 keepalives 0 route refresh requests Sent 9 messages 0 in queue 2 opens 0 notifications 0 updates 7 keepalives 0 route refresh requests ...

Page 164: ... registers with the BFD manager on the route processor module RPM BFD sessions are established with all neighboring interfaces participating in VRRP If a neighboring interface fails the BFD agent on the line card notifies the BFD manager which in turn notifies the VRRP protocol that a link state change occurred Configuring BFD for VRRP is a three step process 1 Enable BFD globally Refer to Enablin...

Page 165: ... not participate in any VRRP BFD sessions VRRP BFD sessions on the backup router cannot change to the UP state Configure the master router to establish an individual VRRP session the backup router To establish a session with a particular VRRP neighbor use the following command Establish a session with a particular VRRP neighbor INTERFACE mode vrrp bfd neighbor ip address Examples of Viewing VRRP S...

Page 166: ...ns or for a particular VRRP session use the following commands Change parameters for all VRRP sessions INTERFACE mode vrrp bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive Change parameters for a particular VRRP session INTERFACE mode vrrp bfd neighbor ip address interval milliseconds min_rx milliseconds multiplier value role active passive To view s...

Page 167: ... if te 4 24 00 54 38 RPM0 P RP2 BFDMGR 1 BFD_STATE_CHANGE Changed session state to Down for neighbor 2 2 2 2 on interface Te 4 24 diag 0 00 54 38 Sent packet for session with neighbor 2 2 2 2 on Te 4 24 TX packet dump Version 1 Diag code 0 State Down Poll bit 0 Final bit 0 Demand bit 0 myDiscrim 4 yourDiscrim 0 minTx 1000000 minRx 1000000 multiplier 3 minEchoRx 0 00 54 38 Received packet for sessi...

Page 168: ...0 34 14 Received packet for session with neighbor 2 2 2 2 on Te 4 24 RX packet dump 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00 34 14 Sent packet for session with neighbor 2 2 2 2 on Te 4 24 L The output for the debug bfd event command is the same as the log messages that appear on the console by default 168 Bidirectional Forwarding Detection BFD ...

Page 169: ...ou can group autonomous systems into three categories multihomed stub and transit defined by their connections and operation multihomed AS is one that maintains connections to more than one other AS This group allows the AS to remain connected to the Internet in the event of a complete failure of one of their connections However this type of AS does not allow traffic from one AS to pass through on...

Page 170: ... based on path network policies and or rulesets Unlike most protocols BGP uses TCP as its transport protocol Since each BGP router talking to another router is a session a BGP network needs to be in full mesh This is a topology that has every router directly connected to every other router Each BGP router within an AS must have iBGP sessions with all other BGP routers in the AS For example a BGP n...

Page 171: ...change between peers is driven by events and timers The focus in BGP is on the traffic routing policies In order to make decisions in its operations with other BGP peers a BGP process uses a simple finite state machine that consists of six states Idle Connect Active OpenSent OpenConfirm and Established For each peer to peer session a BGP implementation tracks which of these six states the session ...

Page 172: ...allowing groups of routers to share and inherit policies Peer groups also aid in convergence speed When a BGP process needs to send the same information to a large number of peers the BGP process needs to set up a long output queue to get that information to all the proper peers If the peers are members of a peer group however the information can be sent to one place and then passed onto the peers...

Page 173: ...of robust networks This section describes the attributes that BGP uses in the route selection process Weight Local Preference Multi Exit Discriminators MEDs Origin AS Path Next Hop NOTE There are no hard coded limits on the number of attributes that are supported in the BGP Taking into account other constraints such as the Packet Size maximum number of attributes are supported in BGP Communities B...

Page 174: ...as path multipath relax command A system error results if you configure the bgp bestpath as path ignore command and the bgp bestpath as path multipath relax command at the same time Only enable one command at a time The following illustration shows that the decisions BGP goes through to select the best path The list following the illustration details the path selection criteria Figure 25 BGP Best ...

Page 175: ...tor ID is substituted for the router ID 12 If two paths have the same router ID prefer the path with the lowest cluster ID length Paths without a cluster ID length are set to a 0 cluster ID length 13 Prefer the path originated from the neighbor with the lowest address The neighbor address is used in the BGP neighbor configuration and corresponds to the remote peer used in the TCP connection with t...

Page 176: ...e only attribute applied In the following illustration AS100 and AS200 connect in two places Each connection is a BGP session AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50 This sets up a path preference through the OC3 link The MEDs are advertised to AS100 routers so they know which is the preferred path MEDs are non transitive attributes If AS100 sends a...

Page 177: ... gateway protocol An INCOMPLETE origin code generally results from aggregation redistribution or other indirect ways of installing routes into BGP In Dell Networking OS these origin codes appear as shown in the following example The question mark indicates an origin code of INCOMPLETE shown in bold The lower case letter i indicates an origin code of IGP shown in bold Example of Viewing Origin Code...

Page 178: ...own after hold down timer expiry The connection flap can also be obtained immediately with Fallover enabled BGP routes that contain the next hop as the neighbor address are not sent to the neighbor You can enable this feature using the neighbor sender side loopdetect command NOTE For EBGP neighbors the next hop address corresponding to a BGP route is not resolved if the next hop address is not the...

Page 179: ...rwrites the default IGP cost By using the redistribute command with the route map command you can specify whether a peer advertises the standard MED or uses the IGP cost as the MED When configuring this functionality If the redistribute command does not have metric configured and the BGP peer outbound route map does have metric type internal configured BGP advertises the IGP cost as MED If the red...

Page 180: ... four octet support command AS4 Number Representation Dell Networking OS supports multiple representations of 4 byte AS numbers asplain asdot and asdot NOTE The ASDOT and ASDOT representations are supported only with the 4 Byte AS numbers feature If 4 Byte AS numbers are not implemented only ASPLAIN representation is supported ASPLAIN is the default method the system uses With the ASPLAIN notation...

Page 181: ...1 250 local as 65057 output truncated Dell conf router_bgp do show ip bgp BGP table version is 31571 local router ID is 172 30 1 57 output truncated AS PLAIN Dell conf router_bgp bgp asnotation asplain Dell conf router_bgp sho conf router bgp 100 bgp four octet as support neighbor 172 30 1 250 local as 65057 output truncated Dell conf router_bgp do sho ip bgp BGP table version is 34558 local route...

Page 182: ... Router B has Router C as its customer When Router B is migrating to Router A it must maintain the connection with Router C without immediately updating Router C s configuration Local AS allows this behavior to happen by allowing Router B to appear as if it still belongs to Router B s old network AS 200 as far as communicating with Router C is concerned Figure 28 Before and After AS Number Migrati...

Page 183: ... in the peer s Adj Rib Out PA Index f10BgpM2PathAttrIndex field in various tables is used to retrieve specific attributes from the PA table The Next Hop RR Cluster list and Originator ID attributes are not stored in the PA Table and cannot be retrieved using the index passed in command These fields are not populated in f10BgpM2PathAttrEntry f10BgpM2PathAttrClusterEntry and f10BgpM2PathAttrOriginat...

Page 184: ...mation The software supports BGPv4 as well as the following deterministic multi exit discriminator MED default a path with a missing MED is treated as worst path and assigned an MED value of 0xffffffff the community format follows RFC 1998 delayed configuration the software at system boot reads the entire configuration file prior to sending messages to start BGP peer sessions The following are not...

Page 185: ...EBGP multihop feature while internal BGP peers do not need to be directly connected The IP address of an EBGP neighbor is usually the IP address of the interface directly connected to the router First the BGP process determines if all internal BGP peers are reachable then it determines which peers outside the AS are reachable NOTE Sample Configurations for enabling BGP routers are found at the end...

Page 186: ...the clear ip bgp command in EXEC Privilege mode To view the BGP configuration enter show config in CONFIGURATION ROUTER BGP mode To view the BGP status use the show ip bgp summary command in EXEC Privilege mode The first example shows the summary with a 2 byte AS number displayed in bold the second example shows that the summary with a 4 byte AS number using the show ip bgp summary command display...

Page 187: ...TER BGP mode gives the same information as the show running config bgp command The following example displays two neighbors one is an external internal BGP neighbor and the second one is an internal BGP neighbor The first line of the output for each neighbor displays the AS number and states whether the link is an external or internal shown in bold The third line of the show ip bgp neighbors outpu...

Page 188: ...eighbor 192 168 10 1 update source Loopback 0 neighbor 192 168 10 1 no shutdown neighbor 192 168 12 2 remote as 65123 neighbor 192 168 12 2 update source Loopback 0 neighbor 192 168 12 2 no shutdown Dell Configuring AS4 Number Representations Enable one type of AS number representation ASPLAIN ASDOT or ASDOT Term Description ASPLAIN Default method for AS number representation With the ASPLAIN nota...

Page 189: ... asnotation asdot Dell conf router_bgp sho conf router bgp 100 bgp asnotation asdot bgp four octet as support neighbor 172 30 1 250 remote as 18508 neighbor 172 30 1 250 local as 65057 neighbor 172 30 1 250 route map rmap1 in neighbor 172 30 1 250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 172 30 1 250 no shutdown 5332332 9911991 65057 18508 12182 7018 46164 i The followi...

Page 190: ...eer group name 6 Add a neighbor as a remote AS CONFIG ROUTERBGP mode neighbor ip address peer group name remote as as number Formats IP Address A B C D Peer Group Name 16 characters as number the range is from 0 to 65535 2 Byte or 1 to 4294967295 0 1 to 65535 65535 4 Byte or 0 1 to 65535 65535 Dotted format To add an external BGP EBGP neighbor configure the as number parameter with a number differ...

Page 191: ... conf router_bgp To enable a peer group use the neighbor peer group name no shutdown command in CONFIGURATION ROUTER BGP mode shown in bold Dell conf router_bgp neighbor zanzibar no shutdown Dell conf router_bgp show config router bgp 45 bgp fast external fallover bgp log neighbor changes neighbor zanzibar peer group neighbor zanzibar no shutdown neighbor 10 1 1 1 remote as 65535 neighbor 10 1 1 1...

Page 192: ...e session with the peer The BGP fast fall over feature is configured on a per neighbor or peer group basis and is disabled by default To enable the BGP fast fall over feature use the following command To disable fast fall over use the no neighbor neighbor peer group fall over command in CONFIGURATION ROUTER BGP mode Enable BGP Fast fall Over CONFIG ROUTER BGP mode neighbor ip address peer group na...

Page 193: ...dropped 5 Last reset 00 19 37 due to Reset by peer Notification History Connection Reset Sent 5 Recv 0 Local host 200 200 200 200 Local port 65519 Foreign host 100 100 100 100 Foreign port 179 Dell To verify that fast fall over is enabled on a peer group use the show ip bgp peer group command shown in bold Dell sh ip bgp peer group Peer group test fall over enabled BGP version 4 Minimum time betwe...

Page 194: ...ssages sent on this subnet 3 Enable the peer group CONFIG ROUTER BGP mode neighbor peer group name no shutdown 4 Create and specify a remote peer for BGP neighbor CONFIG ROUTER BGP mode neighbor peer group name remote as as number Only after the peer group responds to an OPEN message sent on the subnet does its BGP state change to ESTABLISHED After the peer group is ESTABLISHED the peer group is t...

Page 195: ...onf router_bgp Allowing an AS Number to Appear in its Own AS Path This command allows you to set the number of times a particular AS number can occur in the AS path The allow as feature permits a BGP speaker to allow the ASN to be present for a specified number of times in the update received from the peer even if that ASN matches its own The AS PATH loop is detected if the local ASN is present mo...

Page 196: ...er does not perform a graceful restart Deletes all routes from the peer if forwarding state information is not saved Speeds convergence by advertising a special update packet known as an end of RIB marker This marker indicates the peer has been updated with all routes in the local RIB If you configure your system to do so Dell Networking OS can perform the following actions during a hot failover S...

Page 197: ...s 120 seconds Local router supports graceful restart for this neighbor or peer group as a receiver only CONFIG ROUTER BGP mode neighbor ip address peer group name graceful restart role receiver only Set the maximum time to retain the restarting neighbor s or peer group s stale paths CONFIG ROUTER BGP mode neighbor ip address peer group name graceful restart stale path time time in seconds The defa...

Page 198: ...49 i 0x5e62df4 0 2 18508 701 17302 i 0x3a1814c 0 26 18508 209 22291 i 0x567ea9c 0 75 18508 209 3356 2529 i 0x6cc1294 0 2 18508 209 1239 19265 i 0x6cc18d4 0 1 18508 701 2914 4713 17935 i 0x5982e44 0 162 18508 209 i 0x67d4a14 0 2 18508 701 19878 0x559972c 0 31 18508 209 18756 i 0x59cd3b4 0 2 18508 209 7018 15227 i 0x7128114 0 10 18508 209 3356 13845 i 0x536a914 0 3 18508 209 701 6347 7781 i 0x2ffe88...

Page 199: ...n using the show commands To view the AS PATH ACL configuration use the show config command in CONFIGURATION AS PATH ACL mode and the show ip as path access list command in EXEC Privilege mode For more information about this command and route filtering refer to Filtering BGP Routes The following example applies access list Eagle to routes inbound from BGP peer 10 5 5 2 Access list Eagle uses a reg...

Page 200: ...gure the following parameters level 1 level 1 2 or level 2 Assign all redistributed routes to a level The default is level 2 metric value The value is from 0 to 16777215 The default is 0 map name name of a configured route map Include specific OSPF routes in IS IS ROUTER BGP or CONF ROUTER_BGPv6_ AF mode redistribute ospf process id match external 1 2 match internal metric type external internal r...

Page 201: ...attribute must not be advertised outside a BGP confederation boundary but are sent to CONFED EBGP and IBGP peers Dell Networking OS also supports BGP Extended Communities as described in RFC 4360 BGP Extended Communities Attribute To configure an IP community list use these commands 1 Create a community list and enter COMMUNITY LIST mode CONFIGURATION mode ip community list community list name 2 C...

Page 202: ...in or site of origin Support for matching extended communities against regular expression is also supported Match against a regular expression using the following keyword regexp regular expression Example of the show ip extcommunity lists Command To set or modify an extended community attribute use the set extcommunity rt soo ASN NN IPADDR NN command To view the configuration use the show config c...

Page 203: ... To view a route map configuration use the show route map command in EXEC Privilege mode To view which BGP routes meet an IP community or IP extended community list s criteria use the show ip bgp community list extcommunity list command in EXEC Privilege mode Manipulating the COMMUNITY Attribute In addition to permitting or denying routes based on the values of the COMMUNITY attributes you can man...

Page 204: ...xample of the show ip bgp community Command To view the BGP configuration use the show config command in CONFIGURATION ROUTER BGP mode To view a route map configuration use the show route map command in EXEC Privilege mode To view BGP routes matching a certain community number or a pre defined BGP community use the show ip bgp community command in EXEC Privilege mode Dell show ip bgp community BGP...

Page 205: ...nondefault values use the show config command in CONFIGURATION ROUTER BGP mode Changing the LOCAL_PREFERENCE Attribute In Dell Networking OS you can change the value of the LOCAL_PREFERENCE attribute To change the default values of this attribute for all routes received by the router use the following command Change the LOCAL_PREF value CONFIG ROUTER BGP mode bgp default local preference value val...

Page 206: ...ONFIG ROUTER BGP mode neighbor ip address peer group name next hop self Sets the next hop address CONFIG ROUTE MAP mode set next hop ip address Changing the WEIGHT Attribute To change how the WEIGHT attribute is used enter the first command You can also use route maps to change this and other BGP attributes For example you can include the second command in a route map to specify the next hop addre...

Page 207: ...erence is prefix lists using the neighbor distribute list command AS PATH ACLs using the neighbor filter list command route maps using the neighbor route map command Prior to filtering BGP routes create the prefix list AS PATH ACL or route map For configuration information about prefix lists AS PATH ACLs and route maps refer to Access Control Lists ACLs NOTE When you configure a new set of BGP pol...

Page 208: ... prefix list configuration use the show ip prefix list detail or show ip prefix list summary commands in EXEC Privilege mode Filtering BGP Routes Using Route Maps To filter routes using a route map use these commands 1 Create a route map and assign it a name CONFIGURATION mode route map map name permit deny sequence number 2 Create multiple route map filters with a match or set action CONFIG ROUTE...

Page 209: ... the show config command in CONFIGURATION ROUTER BGP mode and the show ip as path access list command in EXEC Privilege mode To forward all routes not meeting the AS PATH ACL criteria include the permit filter in your AS PATH ACL Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh they reduce the amount of BGP control traffic NOTE Dell Networking recommends...

Page 210: ... aggregate contain an s in the first column Dell show ip bgp BGP table version is 0 local router ID is 10 101 15 13 Status codes s suppressed d damped h history valid best Path source I internal a aggregate c confed external r redistributed n network Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 7 0 0 0 29 10 114 8 33 0 0 18508 7 0 0 0 30 10 114 8 33 0 0 18508 a 9 ...

Page 211: ...n suppressed routes to active state view statistics on route flapping or change the path selection from the default mode deterministic to non deterministic use the following commands Enable route dampening CONFIG ROUTER BGP mode bgp dampening half life reuse suppress max suppress time route map map name Enter the following optional parameters to configure route dampening parameters half life the r...

Page 212: ... the path selection method to non deterministic that is paths are compared in the order in which they arrived starting with the most recent Furthermore in non deterministic mode the software may not compare MED attributes though the paths are from the same AS Change the best path selection method to non deterministic Change the best path selection method to non deterministic CONFIG ROUTER BGP mode...

Page 213: ...ue or the configured keepalive value is the new keepalive value Configure timer values for a BGP neighbor or peer group CONFIG ROUTER BGP mode neighbors ip address peer group name timers keepalive holdtime keepalive the range is from 1 to 65535 Time interval in seconds between keepalive messages sent to the neighbor routers The default is 60 seconds holdtime the range is from 3 to 65536 Time inter...

Page 214: ...t in out Clears all peers neighbor address Clears the neighbor with this IP address AS Numbers Peers AS numbers to be cleared ipv4 Clears information for the IPv4 address family peer group name Clears all members of the specified peer group Enable soft reconfiguration for the BGP neighbor specified CONFIG ROUTER BGP mode neighbor ip address peer group name soft reconfiguration inbound BGP stores a...

Page 215: ...an enhanced BGP that carries IP multicast routes BGP carries two sets of routes one set for unicast routing and one set for multicast routing The routes associated with multicast routing are used by the protocol independent multicast PIM to build data distribution trees Dell Networking OS MBGP is implemented per RFC 1858 You can enable the MBGP feature per router and or per peer peer group The def...

Page 216: ...ther BGP events EXEC Privilege mode debug ip bgp ip address peer group peer group name events in out View information about BGP KEEPALIVE messages EXEC Privilege mode debug ip bgp ip address peer group peer group name keepalive in out View information about BGP notifications received from or sent to neighbors EXEC Privilege mode debug ip bgp ip address peer group peer group name notifications in o...

Page 217: ...ime between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 Capabilities advertised to neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 For address family IPv4 Unicast BGP table version 1395 neighbor version 1394 Pref...

Page 218: ...uffer size 40958758 26 packet s captured using 680 bytes PDU 1 len 101 captured 00 34 51 ago ffffffff ffffffff ffffffff ffffffff 00650100 00000013 00000000 00000000 419ef06c 00000000 00000000 00000000 00000000 00000000 0181a1e4 0181a25c 41af92c0 00000000 00000000 00000000 00000000 00000001 0181a1e4 0181a25c 41af9400 00000000 PDU 2 len 19 captured 00 34 51 ago ffffffff ffffffff ffffffff ffffffff 00...

Page 219: ...various types of PDUs sent and received from neighbors These are seen in the output of the show ip bgp neighbor command Sample Configurations The following example configurations show how to enable BGP and set up some peer groups These examples are not comprehensive directions They are intended to give you some guidance with typical configurations To support your own IP addresses interfaces names ...

Page 220: ...gp neighbor 192 168 128 3 remote 100 R1 conf router_bgp neighbor 192 168 128 3 no shut R1 conf router_bgp neighbor 192 168 128 3 update source loop 0 R1 conf router_bgp show config router bgp 99 network 192 168 128 0 24 neighbor 192 168 128 2 remote as 99 neighbor 192 168 128 2 update source Loopback 0 neighbor 192 168 128 2 no shutdown neighbor 192 168 128 3 remote as 100 neighbor 192 168 128 3 u...

Page 221: ... 24 no shutdown R3 conf if lo 0 int te 3 21 R3 conf if te 3 21 ip address 10 0 2 3 24 R3 conf if te 3 21 no shutdown R3 conf if te 3 21 show config interface TengigabitEthernet 3 21 ip address 10 0 2 3 24 no shutdown R3 conf if te 3 21 R3 conf if te 3 21 router bgp 100 R3 conf router_bgp show config router bgp 100 R3 conf router_bgp network 192 168 128 0 24 R3 conf router_bgp neighbor 192 168 128 ...

Page 222: ...ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 Update source set to Loopback 0 Peer active in peer group outbound optimization For address family IPv4 Unicast BGP table version 1 neighbor version 1 Prefixes accepted 1 consume 4 bytes withdrawn 0 by peer Prefixes advertised 1 denied 0 withdrawn 0 from peer Connections established 2 dropped 1 Last reset 00 00 57 due to user reset Notification History Conne...

Page 223: ...Ver InQ OutQ Up Down State Pfx 192 168 128 1 99 140 136 2 0 0 00 11 24 1 192 168 128 3 100 138 140 2 0 0 00 18 31 1 Example of Enabling Peer Groups Router 3 R3 conf R3 conf router bgp 100 R3 conf router_bgp neighbor AAA peer group R3 conf router_bgp neighbor AAA no shutdown R3 conf router_bgp neighbor CCC peer group R3 conf router_bgp neighbor CCC no shutdown R3 conf router_bgp neighbor 192 168 12...

Page 224: ...eer Prefixes advertised 1 denied 0 withdrawn 0 from peer Connections established 6 dropped 5 Last reset 00 12 01 due to Closed by neighbor Notification History HOLD error Timer expired Sent 1 Recv 0 Connection Reset Sent 2 Recv 2 Last notification len 21 received 00 12 01 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host 192 168 128 2 Local port 65464 Foreign host 192 168 128 1 ...

Page 225: ...M space is allotted in field processor FP blocks The total space allocated must equal 13 FP blocks The following table lists the default CAM allocation settings NOTE There are 16 FP blocks but the system flow requires three blocks that cannot be reallocated The following table displays the default CAM allocation settings To display the default CAM allocation enter the show cam acl command Table 13...

Page 226: ...umber of blocks in the CLI configuration the other blocks must be in factors of 2 For example a CLI configuration of 5 4 2 1 1 blocks is not supported a configuration of 6 4 2 1 blocks is supported For the new settings to take effect you must save the new CAM settings to the startup config write mem or copy run start then reload the system for the new settings to take effect CAM Allocation for Egr...

Page 227: ...ge command in Privilege mode The Status column in the command output indicates whether or not you can enable the policy Example of the test cam usage Command Dell test cam usage service policy input test cam usage stack unit 2 po 0 Stack Unit Portpipe CAM Partition Available CAM Estimated CAM per Port Status 2 0 IPv4Flow 192 3 Allowed 64 Dell View CAM ACL Settings The show cam acl command shows th...

Page 228: ...lues for the show cam acl command are Dell show cam acl Chassis Cam ACL Current Settings in block sizes 1 block 128 entries L2Acl 6 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 IpMacAcl 0 VmanQos 0 VmanDualQos 0 EcfmAcl 0 FcoeAcl 0 iscsiOptAcl 0 ipv4pbr 0 vrfv4Acl 0 Openflow 0 fedgovacl 0 Stack unit 0 Current Settings in block sizes 1 block 128 entries L2Acl 6 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1...

Page 229: ... the CAM optimization if a Policy Map containing classification rules ACL and or DSCP ip precedence rules is applied to more than one physical interface on the same port pipe only a single copy of the policy is written only one FP entry is used When you disable this command the system behaves as described in this chapter Troubleshoot CAM Profiling The following section describes CAM profiling trou...

Page 230: ...ice policies the default CAM profile allocates a partition within the IPv4Flow region If the QoS CAM space is exceeded a message similar to the following displays EX2YD 12 DIFFSERV 2 DSA_QOS_CAM_INSTALL_FAILED Not enough space in L3 Cam PolicyQos for class 2 Te 1 20 entries on portpipe 1 for linecard 1 EX2YD 12 DIFFSERV 2 DSA_QOS_CAM_INSTALL_FAILED Not enough space in L3 Cam PolicyQos for class 5 ...

Page 231: ...reases security on the system by protecting the routing processor from unnecessary or DoS traffic giving priority to important control plane and management traffic CoPP uses a dedicated control plane configuration through the ACL and QoS command line interfaces CLIs to provide filtering and rate limiting capabilities for the control plane packets The following illustration shows an example of the ...

Page 232: ...kets are rate limited to 100 PPS You can solve this by increasing Q6 bandwidth to 700 PPS to allow both ICMP and BGP packets and then applying per flow CoPP for ICMP and BGP packets The setting of this Q6 bandwidth is dependent on the incoming traffic for the set of protocols sharing the same queue If you are not aware of the incoming protocol traffic rate you cannot set the required queue rate li...

Page 233: ...ticular protocol CONFIGURATION mode ipv6 access list name cpu qos permit bgp icmp vrrp 4 Create a QoS input policy for the router and assign the policing CONFIGURATION mode qos policy input name cpu qos rate police 5 Create a QoS class map to differentiate the control plane traffic and assign to an ACL CONFIGURATION mode class map match any name cpu qos match ip mac ipv6 access group name 6 Create...

Page 234: ...cpuqos exit Dell conf class map match any class_lacp cpu qos Dell conf class map cpuqos match mac access group lacp Dell conf class map cpuqos exit Dell conf class map match any class ipv6 icmp cpu qos Dell conf class map cpuqos match ipv6 access group ipv6 icmp Dell conf class map cpuqos exit The following example shows matching the QoS class map to the QoS policy Dell conf policy map input egres...

Page 235: ...according to those configured CONTROL PLANE mode service policy rate limit cpu queues input policy map Examples of Configuring CoPP for CPU Queues The following example shows creating the QoS policy Dell conf Dell conf qos policy input cpuq_1 Dell conf qos policy in rate police 3000 40 peak 500 40 Dell conf qos policy in exit Dell conf qos policy input cpuq_2 Dell conf qos policy in rate police 50...

Page 236: ...In this case the packets that reach slave unit s CMIC via queues 0 7 will take same queues 0 7 on the back plane ports while traversing across units and finally on the master CMIC they are queued on the same queues 0 7 In this case the queue 4 7 taken by the well known protocol streams are uniform across different queuing points and the queue 0 3 taken by the CPU bound data streams are uniform In ...

Page 237: ...erminated packets CPU bound traffic For CPU bound traffic route entry have CPU action Below are packets are CPU bound traffic Packets destined to chassis Route with Unresolved Arp Unknown traffic in IP Subnet range Unknown traffic hitting the default route entry Multicast NDP packets NDP packets with destination MAC is multicast DST MAC 33 33 XX XX XX XX NDP Packets in VLT peer routing enable VLT ...

Page 238: ...is used for soft forwarding and generating ICMP unreachable messages to the source If this is in place then irrespective of whether it is 64 subnet or 64 subnet it doesn t have any effect as there would always be LPM hit and traffic are sent to CPU Unknown unicast L3 packets are terminated to the CPU CoS queue which is also shared for other types of control plane packets like ARP Request Multicast...

Page 239: ... this command on a port pipe automatically enables the ACL and QoS rules created with the cpu qos keyword CONTROL PLANE mode Dell conf control cpuqos service policy rate limit protocols ospfv3_policy Displaying CoPP Configuration The CLI provides show commands to display the protocol traffic assigned to each control plane queue and the current rate limit applied to each queue Other show commands d...

Page 240: ...pping Protocol Destination Mac EtherType Queue EgPort Rate kbps ARP any 0x0806 Q5 Q6 CP _ FRRP 01 01 e8 00 00 10 11 any Q7 CP _ LACP 01 80 c2 00 00 02 0x8809 Q7 CP _ LLDP any 0x88cc Q7 CP _ GVRP 01 80 c2 00 00 21 any Q7 CP _ STP 01 80 c2 00 00 00 any Q7 CP _ ISIS 01 80 c2 00 00 14 15 any Q7 CP _ 09 00 2b 00 00 04 05 any Q7 CP Dell To view the queue mapping for IPv6 protocols use the show ipv6 prot...

Page 241: ...e called a converged network adapter CNA A CNA is a computer input output device that combines the functionality of a host bus adapter HBA with a network interface controller NIC Multiple adapters on different devices for several traffic types are no longer required Data center bridging satisfies the needs of the following types of data center traffic in a unified fabric Traffic Description LAN tr...

Page 242: ...n a queue for a specified priority it sends a pause frame for the 802 1p priority traffic to the transmitting device In this way PFC ensures that PFC enabled priority traffic is not dropped by the switch PFC enhances the existing 802 3x pause and 802 1p priority capabilities to enable flow control based on 802 1p priorities classes of service Instead of stopping all traffic on a link as performed ...

Page 243: ...ion ETS supports optimized bandwidth allocation between traffic types in multiprotocol Ethernet FCoE SCSI links ETS allows you to divide traffic according to its 802 1p priority into different priority groups traffic classes and configure bandwidth allocation and queue scheduling for each group to ensure that each traffic type is correctly prioritized and receives its required bandwidth For exampl...

Page 244: ... protocol LLDP to provide the path to exchange DCB parameters with peer devices Exchanged parameters are sent in organizationally specific TLVs in LLDP data units The following LLDP TLVs are supported for DCB parameter exchange PFC parameters PFC Configuration TLV and Application Priority Configuration TLV ETS parameters ETS Configuration TLV and ETS Recommendation TLV Data Center Bridging in a Tr...

Page 245: ... bandwidth to each priority To configure user defined PFC and ETS settings you must create a DCB map The following is an overview of the steps involved in configuring DCB Enter global configuration mode to create a DCB map or edit PFC and ETS settings Configure the PFC setting on or off and the ETS bandwidth percentage allocated to traffic in each priority group or whether the priority group traff...

Page 246: ... Dell conf do show qos dot1p queue mapping Dot1p Priority 0 1 2 3 4 5 6 7 Queue 0 0 0 1 2 3 3 3 Dell conf NOTE In Dell Networking OS we support 4 data queues in MXL PFC is not applied on specific dot1p priorities ETS Equal bandwidth is assigned to each port queue and each dot1p priority in a priority group To configure PFC and ETS parameters on an S6000 interface you must specify the PFC mode the ...

Page 247: ...olicy with PFC enabled on an interface DCBx starts exchanging information with PFC enabled peers The IEEE802 1Qbb CEE and CIN versions of PFC Type Length Value TLV are supported DCBx also validates PFC configurations that are received in TLVs from peer devices NOTE You cannot enable PFC and link level flow control at the same time on an interface Configuring Lossless Queues DCB also supports the m...

Page 248: ...upported on a port If the amount of priority traffic that you configure to be paused exceeds the two lossless queues an error message displays Configuring PFC in a DCB Map An S4048 ON switch supports the use of a DCB map in which you configure priority based flow control PFC setting To configure PFC parameters you must apply a DCB map on an S4048 ON interface This functionality is supported on the...

Page 249: ... PFC disabled pfc off you can enable link level flow control on the interface using the flowcontrol rx on tx on command To delete the DCB map first disable link level flow control PFC is then automatically enabled on the interface because an interface is PFC enabled by default To ensure no drop handling of lossless traffic PFC allows you to configure lossless queues on a port see Configuring Lossl...

Page 250: ...s queues pfc no drop queues command dcb map name INTERFACE Configuring PFC without a DCB Map In a network topology that uses the default ETS bandwidth allocation assigns equal bandwidth to each priority you can also enable PFC for specific dot1p priorities on individual interfaces without using a DCB map This type of DCB configuration is useful on interfaces that require PFC for lossless traffic b...

Page 251: ...t1p mapping Dell conf do show qos dot1p queue mapping Dot1p Priority 0 1 2 3 4 5 6 7 On ingress interfaces Port A and C we used the PFC on priority level Queue 0 0 0 1 2 3 3 3 On Egress interface Port B we used no drop queues Lossless traffic egresses out the no drop queues Ingress 802 1p traffic from PFC enabled peers is automatically mapped to the no drop egress queues When configuring lossless ...

Page 252: ...of data packets The sending device requests the recipient to restart the transmission of data traffic when the congestion eases and reduces The time period that is specified in the pause frame defines the duration for which the flow of data packets is halted When the time period elapses the transmission restarts When a device sends a pause frame to another device the time for which the sending of ...

Page 253: ...ets The below is example for enabling PFC for priority 2 for tagged packets Priority Packet Dot1p 2 will be mapped to PG6 on PRIO2PG setting All other Priorities for which PFC is not enabled are mapped to default PG PG7 Classification rules on ingress Ingress FP CAM region matches incoming packet dot1p and assigns an internal priority to select queue as per Table 1 and Table 2 The internal Priorit...

Page 254: ...Selection ETS provides a way to optimize bandwidth allocation to outbound 802 1p classes of converged Ethernet traffic Different traffic types have different service needs Using ETS you can create groups within an 802 1p priority class to configure different treatment for traffic with different bandwidth latency and best effort needs For example storage traffic is sensitive to frame loss interproc...

Page 255: ...pecify a priority range with a dash For example priority list 3 5 7 4 Exit priority group configuration mode PRIORITY GROUP mode exit 5 Repeat Steps 1 to 4 to configure all remaining dot1p priorities in an ETS priority group 6 Specify the dot1p priority to priority group mapping for each priority priority pgid dot1p0_group_num dot1p1_group_num dot1p7_group_num Priority group range is from 0 to 7 A...

Page 256: ...s of strict priority scheduling Group strict priority Use this to increase its bandwidth usage to the bandwidth total of the priority group and allow a single priority flow in a priority group A single flow in a group can use all the bandwidth allocated to the group Link strict priority Use this to increase to the maximum link bandwidth and allow a flow in any priority group CIN supports only the ...

Page 257: ...gned bandwidth allocation and strict priority scheduling apply only to data queues not to control queues Dell Networking OS supports hierarchical scheduling on an interface The control traffic on Dell Networking OS is redirected to control queues as higher priority traffic with strict priority scheduling After the control queues drain out the remaining data traffic is scheduled to queues according...

Page 258: ...e than one data queue You can enable PFC on a maximum of two priority queues on an interface If you configure more than one priority group as strict priority the higher numbered priority queue is given preference when scheduling data traffic Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling For example you can apply ETS output policies with t...

Page 259: ...to ensure consistent operation in a data center network DCBx is a prerequisite for using DCB features such as priority based flow control PFC and enhanced traffic selection ETS to exchange link level configurations in a converged Ethernet environment DCBx is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic In these scenarios all network devices are DCBx enabled...

Page 260: ...ations from a configuration source An auto downstream port that receives an internally propagated configuration overwrites its local configuration with the new parameter values When an auto downstream port receives and overwrites its configuration with internally propagated information one of the following actions is taken If the peer configuration received is compatible with the internally propag...

Page 261: ...col supports the exchange and propagation of configuration information for the enhanced transmission selection ETS and priority based flow control PFC DCB features DCBx uses the following methods to exchange DCB configuration parameters Asymmetric DCB parameters are exchanged between a DCBx enabled port and a peer port without requiring that a peer port and the local port use the same configured v...

Page 262: ...rating in Auto Detection mode the DCBx version auto command a DCBx port automatically detects the DCBx version on a peer port Legacy CIN and CEE versions are supported in addition to the standard IEEE version 2 5 DCBx A DCBx port detects a peer version after receiving a valid frame for that version The local DCBx port reconfigures to operate with the peer version and maintains the peer version on ...

Page 263: ...on NIV Configuring DCBx To configure DCBx follow these steps For DCBx to advertise DCBx TLVs to peers enable LLDP For more information refer to Link Layer Discovery Protocol LLDP Configure DCBx operation at the interface level on a switch or globally on the switch To configure the S4810 system for DCBx operation in a data center network you must 1 Configure ToR and FCF facing interfaces as auto up...

Page 264: ...co pfc ets conf ets reco pfc ets conf ets reco pfc ets conf enables the advertisement of ETS Configuration TLVs ets reco enables the advertisement of ETS Recommend TLVs pfc enables the advertisement of PFC TLVs The default is All PFC and ETS TLVs are advertised NOTE You can configure the transmission of more than one TLV type at a time for example advertise DCBx tlv ets conf ets reco You can enabl...

Page 265: ...e DCBx tlv ets conf ets reco pfc ets conf ets reco pfc ets conf ets reco pfc ets conf enables transmission of ETS Configuration TLVs ets reco enables transmission of ETS Recommend TLVs pfc enables transmission of PFC TLVs NOTE You can configure the transmission of more than one TLV type at a time You can only enable ETS recommend TLVs ets reco if you enable ETS configuration TLVs ets conf To disab...

Page 266: ...FC_PARAMETERS_MISMATCH A local DCBx port received a compatible match or incompatible mismatch PFC configuration from a peer DSM_DCBx_ETS_PARAMETERS_MATCH and DSM_DCBx_ETS_PARAMETERS_MISMATCH A local DCBx port received a compatible match or incompatible mismatch ETS configuration from a peer LLDP_UNRECOGNISED_DCBx_TLV_RECEIVED A local DCBx port received an unrecognized DCBx TLV from a peer Debuggin...

Page 267: ...ce port type slot port ets summary detail Displays the ETS configuration applied to egress traffic on an interface including priority groups with priorities and bandwidth allocation To clear ETS TLV counters enter the clear ets counters interface port type slot port command show interface port type slot port DCBx detail Plays the DCBx configuration on an interface show stack unit 0 11 all stack po...

Page 268: ...sabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Local ISCSI PriorityMap is 0x10 Remote FCOE PriorityMap is 0x8 Remote ISCSI PriorityMap is 0x8 Dell show interfaces tengigabitethernet 1 4 pfc detail Interface TenGigabitEthernet 1 4 Admin mode is on Admin is enabled Remote is enabled Remote Willing Status is enabled Local is enabled Oper status is recommended PFC DCBx Oper statu...

Page 269: ...arameters were received from configuration source PFC DCBx Oper status Operational status for exchange of PFC configuration on local port match up or mismatch down State Machine Type Type of state machine used for DCBx exchanges of PFC parameters Feature for legacy DCBx versions Symmetric for an IEEE version TLV Tx Status Status of PFC TLV advertisements enabled or disabled PFC Link Delay Link del...

Page 270: ...iority Received PFC Frames Transmitted PFC Frames 0 0 0 1 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 The following example shows the show interface ets summary command Dell conf qos policy out ets do sho int te 1 3 ets su Interface TenGigabitEthernet 1 3 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 1 0 1...

Page 271: ...S 1 13 ETS 2 13 ETS 3 13 ETS 4 12 ETS 5 12 ETS 6 12 ETS 7 12 ETS Remote Parameters Remote is disabled Local Parameters Local is enabled TC grp Priority Bandwidth TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 0 ETS 2 0 ETS 3 0 ETS 4 0 ETS 5 0 ETS 6 0 ETS 7 0 ETS Priority Bandwidth TSA 0 13 ETS 1 13 ETS 2 13 ETS 3 13 ETS 4 12 ETS 5 12 ETS 6 12 ETS 7 12 ETS Oper status is init Conf TLV Tx Status is disabled Traffi...

Page 272: ...3 ETS 1 13 ETS 2 13 ETS 3 13 ETS 4 12 ETS 5 12 ETS 6 12 ETS 7 12 ETS Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts 0 Output Conf TLV Pkts 0 Error Conf TLV Pkts 0 Input Traffic Class TLV Pkts 0 Output Traffic Class TLV Pkts 0 Error Traffic Class TLV Pkts The following table describes the show interface ets detail command fields Tabl...

Page 273: ...S configuration on local port match or mismatch State Machine Type Type of state machine used for DCBx exchanges of ETS parameters Feature for legacy DCBx versions Asymmetric for an IEEE version Conf TLV Tx Status Status of ETS Configuration TLV advertisements enabled or disabled ETS TLV Statistic Input Conf TLV pkts Number of ETS Configuration TLVs received ETS TLV Statistic Output Conf TLV pkts ...

Page 274: ...width TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 2 3 4 5 6 7 8 Dell conf show stack unit all stack ports all ets details Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 2 3 4 5 6 7 8 Stack unit 2 stack port all Max Supported TC Groups is 4 Number of Traffic Clas...

Page 275: ...f TLV Pkts 1 Input ETS Reco TLV pkts 1 Output ETS Reco TLV pkts 0 Error ETS Reco TLV Pkts The following example shows the show interface DCBx detail command legacy CEE Dell conf if te 1 17 lldp do sho int te 1 14 dc d E ETS Configuration TLV enabled e ETS Configuration TLV disabled R ETS Recommendation TLV enabled r ETS Recommendation TLV disabled P PFC Configuration TLV enabled p PFC Configuratio...

Page 276: ...change DCB parameters Local DCBx TLVs Transmitted Transmission status enabled or disabled of advertised DCB TLVs see TLV code at the top of the show command output Local DCBx Status DCBx Operational Version DCBx version advertised in Control TLVs Local DCBx Status DCBx Max Version Supported Highest DCBx version supported in Control TLVs Local DCBx Status Sequence Number Sequence number transmitted...

Page 277: ...ynamic dot1p command honor dot1p on all DCB enabled interfaces If you use L2 class maps to map dot1p priority traffic to egress queues take into account the default dot1p queue assignments in the following table and the maximum number of two lossless queues supported on a port refer to Configuring Lossless Queues Although Dell Networking OS allows you to change the default dot1p priority queue ass...

Page 278: ...platforms For each priority you can specify the shared buffer threshold limit the ingress buffer size buffer limit for pausing the acceptance of packets and the buffer offset limit for resuming the acceptance of received packets 4 Configure the profile name for the DCB buffer threshold CONFIGURATION mode dcb buffer threshold dcb buffer threshold 5 DCB BUFFER THRESHOLD mode priority 0 buffer size 5...

Page 279: ...traffic selection bandwidth allocation and scheduling One lossless queue is used Figure 36 PFC and ETS Applied to LAN IPC and SAN Priority Traffic QoS Traffic Classification The service class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table For more information refer to QoS dot1p Traffic Classification and Queue...

Page 280: ...nter traffic 1 Enabling DCB Dell conf dcb enable 2 Configure DCB map and enable PFC and ETS Dell conf service class dynamic dot1p Or Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 service class dynamic dot1p 3 Apply DCB map to relevant interface dcb map test priority group 1 bandwidth 50 pfc on priority group 2 bandwidth 45 pfc off priority group 3 bandwidth 5 pfc on priority pgid ...

Page 281: ...esting configuration parameters from the server Relay Agent This is an intermediary network device that passes DHCP messages between the client and server when the server is not on the same subnet as the host DHCP Packet Format and Options DHCP uses the user datagram protocol UDP as its transport protocol The server listens on port 67 and transmits to port 68 the client listens on port 68 and tran...

Page 282: ... Time Option 58 Specifies the amount of time after the IP address is granted that the client attempts to renew its lease with the original server Rebinding Time Option 59 Specifies the amount of time after the IP address is granted that the client attempts to renew its lease with any server if the original server does not respond Vendor Class Identifer Option 60 Identifiers a user defined string u...

Page 283: ...s IP address to the server in a DHCPRELEASE message There are additional messages that are used in case the DHCP negotiation deviates from the process previously described and shown in the illustration below DHCPDECLINE A client sends this message to the server in response to a DHCPACK if the configuration parameters are unacceptable for example if the offered address is already in use In this cas...

Page 284: ...stem to be a DHCP Server A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request Servers typically serve many clients making host management much more organized and efficient The following table lists the key responsibilities of DHCP servers Table 25 DHCP Server Responsibilities DHCP Server Responsibilities Description Address ...

Page 285: ...s and policy information including IP address ranges lease length specifications and configuration data that DHCP hosts need Configuring the Dell system to be a DHCP server is a three step process 1 Configuring the Server for Automatic Address Allocation 2 Specifying a Default Gateway Related Configuration Tasks Configure a Method of Hostname Resolution Creating Manual Binding Entries Debugging th...

Page 286: ...of four types of NetBIOS nodes broadcast peer to peer mixed or hybrid 1 Specify the NetBIOS WINS name servers in order of preference that are available to Microsoft Dynamic Host Configuration Protocol DHCP clients DHCP POOL mode netbios name server address 2 Specify the NetBIOS node type for a Microsoft DHCP client Dell Networking recommends specifying clients as hybrid DHCP POOL mode netbios node...

Page 287: ...a response to its request and therefore cannot access the network You can configure an interface on the Dell Networking system to relay the DHCP messages to a specific DHCP server using the ip helper address dhcp address command from INTERFACE mode as shown in the following illustration Specify multiple DHCP servers by using the ip helper address dhcp address command multiple times When you config...

Page 288: ... 1 3 TenGigabitEthernet 1 3 is up line protocol is down Internet address is 10 11 0 1 24 Broadcast address is 10 11 0 255 Address determined by user input IP MTU is 1500 bytes Helper address is 192 168 0 1 192 168 0 2 Directed broadcast forwarding is disabled Proxy ARP is enabled Split Horizon is enabled Poison Reverse is disabled ICMP redirects are not sent ICMP unreachables are not sent 288 Dyna...

Page 289: ...e FTOS image and startup configuration file in local flash enter the reload type normal reload command and save it to the startup configuration FTOS reload type normal reload FTOS write memory FTOS reload To re enable Jumpstart mode for the next reload enter the reload type jump start command Configuring the DHCP Client System This section describes how to configure and view an interface as a DHCP...

Page 290: ...me from a DHCP server EXEC Privilege mode renew dhcp interface type slot port subport To display DHCP client information use the following show commands in EXEC Privilege mode To display statistics about DHCP client interfaces use the show ip dhcp client statistics interface type slot port subport command To clear DHCP client statistics on a specified or on all interfaces use the clear ip dhcp cli...

Page 291: ...file with the standby unit When a stack failover occurs the new master requires the same DHCP server assigned IP address on DHCP client interfaces The new master reinitiates a DHCP packet transaction by sending a DHCP discovery packet on nonbound interfaces Virtual Link Trunking VLT A DHCP client is not supported on VLT interfaces VLAN and Port Channels DHCP client configuration and behavior are t...

Page 292: ...formation option is 82 and is comprised of two sub options circuit ID and remote ID Circuit ID This is the interface on which the client originated message is received Remote ID This identifies the host from which the message is received The value of this sub option is the MAC address of the relay agent that adds Option 82 The DHCP relay agent inserts Option 82 before forwarding DHCP packets to th...

Page 293: ...is checkpoint prevents an attacker from acting as an imposter as a DHCP server to facilitate a man in the middle attack Binding table entries are deleted when a lease expires or the relay agent encounters a DHCPRELEASE DHCPNACK or DHCPDECLINE DHCP snooping is supported on Layer 2 and Layer 3 traffic DHCP snooping on Layer 2 interfaces does require a relay agent Binding table entries are deleted wh...

Page 294: ...ping database use the following command Add a static entry in the snooping binding table EXEC Privilege mode ipv6 dhcp snooping binding mac address vlan id vlan id ipv6 ipv6 address interface interface type interface number lease value Clearing the Binding Table To clear the binding table use the following command Delete all of the entries in the binding table EXEC Privilege mode clear ip dhcp sno...

Page 295: ...st of Trust Ports Te 1 4 List of DHCP Snooping Enabled Vlans Vl 10 List of DAI Trust ports Te 1 4 Displaying the Contents of the DHCPv6 Binding Table To display the contents of the DHCP IPv6 binding table use the following command Display the contents of the binding table EXEC Privilege mode show ipv6 dhcp snooping biniding Example of the show ipv6 dhcp snooping binding Command View the DHCP snoop...

Page 296: ...inding table ARP is a stateless protocol that provides no authentication mechanism Network devices accept ARP requests and replies from any device ARP replies are accepted even when no request was sent If a client receives an ARP message for which a relevant entry already exists in its ARP cache it overwrites the existing entry with the new information The lack of authentication in ARP makes it vu...

Page 297: ...ded to its maximum capacity 100 entries before L2SystemFlow can be increased therefore 13 more L2Protocol entries are required L2SystemFlow has 15 entries by default but only nine are for DAI to enable DAI on 16 VLANs seven more entries are required 87 L2Protocol 13 additional L2Protocol 15 L2SystemFlow 7 additional L2SystemFlow equals 122 Configuring Dynamic ARP Inspection To enable dynamic ARP i...

Page 298: ...ts The DHCP binding table associates addresses the DHCP servers assign with the port or the port channel interface on which the requesting client is attached and the VLAN the client belongs to When you enable IP source address validation on a port the system verifies that the source IP address is one that is associated with the incoming port and optionally that the client belongs to the permissibl...

Page 299: ...acl l2acl 2 Save the running config to the startup config EXEC Privilege mode copy running config startup config 3 Reload the system EXEC Privilege reload 4 Do one of the following Enable IP MAC SAV INTERFACE mode ip dhcp source address validation ipmac Enable IP MAC SAV with VLAN option INTERFACE mode ip dhcp source address validation ipmac vlan vlan id Dell Networking OS creates an ACL entry for...

Page 300: ...count 2 deny vlan 10 count 0 packets deny vlan 20 count 0 packets Clearing the Number of SAV Dropped Packets To clear the number of SAV dropped packets use the clear ip dhcp snooping source address validation discard counters command Dell clear ip dhcp snooping source address validation discard counters To clear the number of SAV dropped packets on a particular interface use the clear ip dhcp snoo...

Page 301: ...mple suppose the RTM learns eight ECMPs in the order that the protocols and interfaces came up In this case the forwarding information base FIB and CAM sorts them so that the ECMPs are always arranged This implementation ensures that every chassis having the same prefixes orders the ECMPs the same With eight or less ECMPs the ordering is lexicographic and deterministic With more than eight ECMPs o...

Page 302: ...n within that time causes a syslog to be sent and an alarm event generate When the deviation clears another syslog is sent and a clear alarm event generates For example link bundle monitoring percent threshold STKUNIT0 M CP IFMGR 5 BUNDLE_UNEVEN_DISTRIBUTION Found uneven distribution in LAG bundle 11 Link bundle utilization is calculated as the total bandwidth of all links divided by the total byt...

Page 303: ...up Bundle Within each ECMP group you can specify an interface If you enable monitoring for the ECMP group the utilization calculation is performed when the average utilization of the link bundle as opposed to a single link within the bundle exceeds 60 1 Create a user defined ECMP group bundle CONFIGURATION mode ecmp group ecmp group id The range is from 1 to 64 2 Add interfaces to the ECMP group b...

Page 304: ...alancing is performed by using the RTAG7 hashing which is designed to have the member links used efficiently as the traffic profile gets more diverse Hashing based load balancing is used in the following applications L3 ECMP LAGs HiGig trunking The RTAG7 hash scheme generates a hash that consists of the following two portions The first portion is primarily generated from packet headers to identify...

Page 305: ...XOR1 Upper 8 bits of CRC16 BISYNC and lower 8 bits of xor1 xor2 CRC16_BISYNC_AND_XOR2 Upper 8 bits of CRC16 BISYNC and lower 8 bits of xor2 xor4 CRC16_BISYNC_AND_XOR4 Upper 8 bits of CRC16 BISYNC and lower 8 bits of xor4 xor8 CRC16_BISYNC_AND_XOR8 Upper 8 bits of CRC16 BISYNC and lower 8 bits of xor8 xor16 CR16 16 bit XOR Flow based Hashing for ECMP Flow based hashing is one of RTAG7 hashing techn...

Page 306: ... hash fields use only source ip dest ip and protocol 4 Configuring different hash algorithms at different tiers For example Router A could use crc16 as the hash algorithm while router B can use XOR16 as the hash algorithm Configuration and Benefits The preceding anti polarization techniques require some coordinated configuration of network nodes to solve the problem and these techniques are not sc...

Page 307: ...low based hashing crc16 Dell conf end Dell show hash algorithm Hash Algorithm linecard 0 Port Set 0 Seed 185270328 Hg Seed 185282673 EcmpFlowBasedHashingAlgo crc16 EcmpAlgo crc32MSB LagAlgo crc32LSB HgAlgo crc16 Figure 41 After Polarization Effect Traffic flow after enabling flow based hashing When the flow based hashing is enabled at all the nodes in the multi tier network traffic distribution is...

Page 308: ... robustness and security with FCoE in an Ethernet cloud network FIP establishes virtual point to point links between FCoE end devices server ENodes and target storage devices and FCoE forwarders FCFs over transit FCoE enabled bridges Ethernet bridges commonly provide ACLs that can emulate a point to point link by providing the traffic enforcement required to create a Fibre Channel level of robustn...

Page 309: ...ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF Then using ACLs a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end device and an FCF An Ethernet bridge that provides these functions is called a FIP snooping bridge FSB On a FIP snoop...

Page 310: ...oE and FIP snooping frames The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network The top of rack ToR switch operates as an FCF for FCoE traffic Converged LAN and SAN traffic is transmitted between the ToR switch and an S4048 ON switch The switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode server...

Page 311: ...ividual VLAN 4 Configure FCF mode for a FIP snooping bridge to FCF link For a sample FIP snooping configuration refer to FIP Snooping Configuration Example Statistical information is available for FIP Snooping related information For available commands refer to the FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide FIP Snooping Prerequisites Before you enable FCoE transit ...

Page 312: ...y add the CAM ACL space to the FCoE region as it is not applied by default To support FIP Snooping and set CAM ACL in the Z9500 switch usecam acl l2acl 4 ipv4acl 4 ipv6acl 0 ipv4qos 2 l2qos 1 l2pt 0 ipmacacl 0 vman qos 0 ecfmacl 0 fcoeacl 2 iscsioptacl 0 command CAM ACL Table Chassis Cam ACL Current Settings in block sizes 1 block 128 entries L2Acl 4 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 Ip...

Page 313: ...ssigned to ENodes in incoming FCoE frames If the FC MAP value does not match FCoE frames are dropped A session between an ENode and an FCF is established by the switch bridge only when the FC MAP value on the FCF matches the FC MAP value on the FIP snooping bridge Configure a Port for a Bridge to Bridge Link If a switch port is connected to another FIP snooping bridge configure the FCoE Trusted Po...

Page 314: ...ng The maximum number of FCoE VLANs supported on the switch is eight The maximum number of FIP snooping sessions supported per ENode server is 32 To increase the maximum number of sessions to 64 use the fip snooping max sessions per enodemac command The maximum number of FCFs supported per FIP snooping enabled VLAN is twelve Configuring FIP Snooping You can enable FIP snooping globally on all FCoE...

Page 315: ...CF interface VLAN ID FC MAP value FKA advertisement period and number of ENodes connected clear fip snooping database interface vlan vlan id fcoe mac address enode mac address fcf mac address Clears FIP snooping information on a VLAN for a specified FCoE MAC address ENode MAC address or FCF MAC address and removes the corresponding ACLs generated by FIP snooping show fip snooping statistics interf...

Page 316: ...N VLAN ID number used by the session FCoE MAC MAC address of the FCoE session assigned by the FCF FC ID Fibre Channel ID assigned by the FCF Port WWPN Worldwide port name of the CNA port Port WWNN Worldwide node name of the CNA port The following example shows the show fip snooping config command Dell show fip snooping config FIP Snooping Feature enabled Status Enabled FIP Snooping Global enabled ...

Page 317: ...ooping statistics interface vlan 100 Number of Vlan Requests 0 Number of Vlan Notifications 0 Number of Multicast Discovery Solicits 2 Number of Unicast Discovery Solicits 0 Number of FLOGI 2 Number of FDISC 16 Number of FLOGO 0 Number of Enode Keep Alive 9021 Number of VN Port Keep Alive 3349 Number of Multicast Discovery Advertisement 4437 Number of Unicast Discovery Advertisement 2 Number of FL...

Page 318: ...mber of FLOGO Rejects 0 Number of CVL 0 Number of FCF Discovery Timeouts 0 Number of VN Port Session Timeouts 0 Number of Session failures due to Hardware Config 0 The following table describes the show fip snooping statistics command fields Table 33 show fip snooping statistics Command Descriptions Field Description Number of VLAN Requests Number of FIP snooped VLAN request frames received on the...

Page 319: ...OGO Accepts Number of FIP FLOGO accept frames received on the interface Number of FLOGO Rejects Number of FIP FLOGO reject frames received on the interface Number of CVLs Number of FIP clear virtual link frames received on the interface Number of FCF Discovery Timeouts Number of FCF discovery timeouts that occurred on the interface Number of VN Port Session Timeouts Number of VN port session timeo...

Page 320: ...erver facing port and the DCB PFC configuration on both ports is synchronized For more information about how to configure DCBx and PFC on a port refer to the Data Center Bridging DCB chapter The following example shows how to configure FIP snooping on FCoE VLAN 10 on an FCF facing port 1 5 on an ENode server facing port 1 1 and to configure the FIP snooping ports as tagged members of the FCoE VLAN...

Page 321: ...if te 1 5 switchport Dell conf if te 1 5 fip snooping port mode fcf Dell conf if te 1 5 protocol lldp Dell conf if te 1 5 lldp dcbx port role auto upstream Example of Configuring FIP Snooping Ports as Tagged Members of the FCoE VLAN Dell conf interface vlan 10 Dell conf if vl 10 tagged tengigabitethernet 1 1 Dell conf if vl 10 tagged tengigabitethernet 1 5 Dell conf if te 1 1 no shut Dell conf if ...

Page 322: ...sfers Currently other features using cryptography do not use the embedded FIPS 140 2 validated cryptography module Configuration Tasks To enable FIPS cryptography complete the following configuration tasks Preparing the System Enabling FIPS Mode Generating Host Keys Monitoring FIPS Mode Status Disabling FIPS Mode Preparing the System Before you enable FIPS mode Dell Networking recommends making th...

Page 323: ...de use the following command Enable FIPS mode from a console port CONFIGURATION fips mode enable The following warning message displays WARNING Enabling FIPS mode will close all SSH Telnet connections restart those servers and destroy all configured host keys Proceed y n Generating Host Keys The following describes hot key generation When you enable or disable FIPS mode the system deletes the curr...

Page 324: ...Hardware Rev 1 0 Up Time 4 min 0 sec Dell Networking OS Version 1 0 0 4072 Jumbo Capable yes Boot Flash 3 2 1 0 Boot Selector 3 2 0 0a Memory Size 3203928064 bytes Serial Number NA Part Number xxxxx Rev X00 Vendor Id NA Date Code NA Country Code NA Piece Part ID US 0XXXXX 77951 3AL 0009 PPID Revision X00 Service Tag BNHW6Z1 Expr Svc Code 253 653 832 45 Auto Reboot disabled Last Restart normal powe...

Page 325: ...ytes Serial Number Part Number Rev Vendor Id Date Code Country Code Piece Part ID N A PPID Revision N A Service Tag N A Expr Svc Code N A Auto Reboot disabled Last Restart powered on Burned In MAC 74 86 7a ff 71 8c No Of MACs 3 Linecard 2 Unit Type Linecard Status online Next Boot online Required Type Z9500LC12 12 port TE FG ZC Hardware Rev 1 0 Num Ports 48 Up Time 2 min 7 sec Dell Networking OS V...

Page 326: ...All open SSH and Telnet sessions as well as all SCP and FTP file transfers close Any existing host keys both RSA and RSA1 are deleted from system memory and NVRAM storage FIPS mode disables The SSH server re enables The Telnet server re enables if it is present in the configuration New 1024 bit RSA and RSA1 host key pairs are created To disable FIPS mode use the following command To disable FIPS m...

Page 327: ...ng to be in a failed state The Master then sends a Topology Change RHF to the Transit Nodes informing them that the ring has changed This causes the Transit Nodes to flush their forwarding tables and re converge to the new network structure One port of the Master node is designated the Primary port P to the ring another port is designated as the Secondary port S to the ring In normal operation the...

Page 328: ...hem to clear their forwarding tables and re learn the topology During the time between the Transit node detecting that its link is restored and the Master node detecting that the ring is restored the Master node s Secondary port is still forwarding traffic This can create a temporary loop in the topology To prevent this the Transit node places all the ring ports transiting the newly restored port ...

Page 329: ...me switch One Master node per ring all other nodes are Transit Each node has two member interfaces primary and secondary There is no limit to the number of nodes on a ring Master node ring port states blocking pre forwarding forwarding and disabled Transit node ring port states blocking pre forwarding forwarding and disabled STP disabled on ring interfaces Master node secondary port is in blocking...

Page 330: ...port transitions through this state during ring bring up All ports transition through this state when a port comes up Disabled State When the port is disabled or down or is not on the VLAN Ring Protocol Timers Hello Interval The interval when ring frames are generated from the Master node s Primary interface default 500 ms The Hello interval is configurable in 50 ms increments from 50 ms to 2000 m...

Page 331: ...des FRRP Configuration These are the tasks to configure FRRP Creating the FRRP Group Configuring the Control VLAN Configure Primary and Secondary ports Configuring and Adding the Member VLANs Configure Primary and Secondary ports Other FRRP related commands are Clearing the FRRP Counters Viewing the FRRP Configuration Viewing the FRRP Information Creating the FRRP Group Create the FRRP group on ea...

Page 332: ...rface enter the keyword fortyGigE then the slot port information Slot Port subport Range Slot and Port ID for the interface Range is entered Slot Port subport Slot Port subport 3 Assign the Primary and Secondary ports and the control VLAN for the ports on the ring CONFIG FRRP mode interface primary interface slot port subport secondary int slot port subport control vlan vlan id Interface For a 10 ...

Page 333: ...nge is entered Slot Port subport Slot Port subport For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information 3 Assign the Primary and Secondary ports and the Control VLAN for the ports on the ring CONFIG FRRP mode interface primary interface slot port...

Page 334: ...ers associated with this Ring ID EXEC PRIVELEGED mode clear frrp ring id Ring ID the range is from 1 to 255 Clear the counters associated with all FRRP groups EXEC PRIVELEGED mode clear frrp Viewing the FRRP Configuration To view the configuration for the FRRP group use the following command Show the configuration for this FRRP group CONFIG FRRP mode show configuration Viewing the FRRP Information...

Page 335: ... Sample Configuration and Topology The following example shows a basic FRRP topology Example of R1 MASTER interface TenGigabitEthernet 1 24 no ip address switchport no shutdown interface TenGigabitEthernet 1 34 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 1 24 34 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 1 24 34 no shu...

Page 336: ...GigabitEthernet 3 14 no ip address switchport no shutdown interface TenGigabitEthernet 3 21 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 3 14 21 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 3 14 21 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 3 21 secondary TenGigabitEthernet 3 14 control vlan 101 me...

Page 337: ...ormation dynamically propagate into the core As such the edge ports must still be statically configured with VLAN membership information and they do not run GVRP It is this information that is propagated to create dynamic VLAN membership in the core of the network Important Points to Remember GVRP propagates VLAN membership throughout a network GVRP allows end stations and switches to issue and re...

Page 338: ... exchanged In the following example GVRP is configured on VLAN trunk ports Figure 46 Global GVRP Configuration Example Basic GVRP configuration is a two step process 1 Enabling GVRP Globally 2 Enabling GVRP on a Layer 2 Interface Related Configuration Tasks Configure GVRP Registration Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally use the following command Enable GVRP for...

Page 339: ...tion and registration of VLANs prevents VLAN deregistration and registers all VLANs known on other ports on the port For example if an interface is statically configured via the CLI to belong to a VLAN it should not be unconfigured when it receives a Leave PDU Therefore the registration mode on that interface is FIXED Forbidden Mode Disables the port to dynamically register VLANs and to propagate ...

Page 340: ... a LeaveAll message so that other GARP devices can re register all relevant attribute information The device then restarts the LeaveAll timer to begin a new cycle The LeaveAll timer must be greater than or equal to 5x of the Leave timer The Dell Networking OS default is 10000ms Example of the garp timer Command Dell conf garp timer leav 1000 Dell conf garp timers leave all 5000 Dell conf garp time...

Page 341: ... Dell Networking systems eliminate single points of failure by providing dedicated or load balanced redundancy for each component Automatic and Manual Stack Unit Failover Stack unit failover is the process of the standby unit becoming a management unit Dell Networking OS fails over to the standby stack unit when 1 Communication is lost between the standby and primary stack unit 2 You request a fai...

Page 342: ...on data operational data state and status and statistics depending on the Dell Networking OS version Forcing an Stack Unit Failover To force an Stack unit failover use the following command Use this feature when you are replacing a stack unit and when you are performing a warm upgrade To trigger a stack unit failover EXEC Privilege mode redundancy force failover stack unit Example of the redundanc...

Page 343: ...fter creating the logical stack unit you can configure the interfaces on the stack unit as if it is present Removing a Provisioned Logical Stack Unit To remove the line card configuration use the following command To remove a logical stack unit configuration use the following command CONFIGURATION mode no stack unit unit_id provision Hitless Behavior Hitless is a protocol based system behavior tha...

Page 344: ...are a number of software components Dell Networking OS performs a periodic health check on each of these components by querying the status of a flag which the corresponding component resets within a specified time If any health checks on the stack unit fail the Dell Networking OS fails over to standby stack unit If any health checks on a line card fail Dell Networking OS resets the card to bring i...

Page 345: ...the contents of the memory in use by the kernel at the time of an exception System Log Event messages provide system administrators diagnostics and auditing information Dell Networking OS sends event messages to the internal buffer all terminal lines the console and optionally to a syslog server For more information about event messages and configurable options refer to Management Hot Lock Behavio...

Page 346: ... Overview IGMP has three versions Version 3 obsoletes and is backwards compatible with version 2 version 2 obsoletes version 1 IGMP Version 2 IGMP version 2 improves on version 1 by specifying IGMP Leave messages which allows hosts to notify routers that they no longer care about traffic for a particular group Leave messages reduce the amount of time that the router takes to stop forwarding traffi...

Page 347: ...have to wait for a general query to join a group It may send an unsolicited IGMP Membership Report also called an IGMP Join message to the querier Leaving a Multicast Group The following describes how a host can leave a multicast group 1 A host sends a membership report of type 0x17 IGMP Leave message to the all routers multicast address 224 0 0 2 when it no longer cares about multicast traffic fo...

Page 348: ...n the second illustration Figure 48 IGMP Version 3 Packet Structure Figure 49 IGMP Version 3 Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports 1 The first unsolicited report from the host indicates that it wants to receive traffic for group 22...

Page 349: ... specific and general queries 1 Host 1 sends a message indicating it is leaving group 224 1 1 1 and that the included filter for 10 11 1 1 and 10 11 1 2 are no longer necessary 2 The querier before making any state changes sends a group and source query to see if any other host is interested in these two sources queries for state changes are retransmitted multiple times If any are they respond wit...

Page 350: ... Enable a multicast routing protocol Related Configuration Tasks Viewing IGMP Enabled Interfaces Selecting an IGMP Version Viewing IGMP Groups Adjusting Timers Preventing a Host from Joining a Group Enabling IGMP Immediate Leave IGMP Snooping Fast Convergence after MSTP Topology Changes Designating a Multicast Router Interface 350 Internet Group Management Protocol IGMP ...

Page 351: ...with version 3 on the same subnet If hosts require IGMP version 3 you can switch to IGMP version 3 To switch to version 3 use the following command Switch to a different IGMP version INTERFACE mode ip igmp version Example of the ip igmp version Command Dell conf if te 1 13 ip igmp version 3 Dell conf if te 1 13 do show ip igmp interface TenGigabitEthernet 1 13 is up line protocol is down Inbound I...

Page 352: ...he timer expires in version 2 if another host responds before the timer expires the timer is nullified and no response is sent The maximum response time is the amount of time that the querier waits for a response to a query before taking further action The querier advertises this value in the query refer to the illustration in IGMP Version 2 Lowering this value decreases leave latency but increase...

Page 353: ...clears the multicast routing table and re learns all groups even those not covered by the rules in the access list because there is an implicit deny all rule at the end of all access lists Therefore configuring an IGMP join request filter in this order might result in data loss If you must enter the ip igmp access group command before creating the access list prevent Dell Networking OS from cleari...

Page 354: ...ting a Host from Joining a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 no shutdown 1 31 Interface TenGigabitEthernet 1 31 ip pim sparse mode ip address 10 11 13 1 24 no shutdown 2 1 Interface TenGigabitEthernet 2 1 ip pim sparse mode 354 Internet Group Management Protocol IGMP ...

Page 355: ...own Receiver 2 Interface VLAN 400 ip pim sparse mode ip address 10 11 4 1 24 untagged TenGigabitEthernet 1 2 ip igmp access group igmpjoinfilR2G2 no shutdown Enabling IGMP Immediate Leave If the querier does not receive a response to a group specific or group and source query it sends another querier robustness value Then after no response it removes the group from the outgoing interface for the s...

Page 356: ...ts to spanning tree protocol STP and multiple spanning tree protocol MSTP topology changes by sending a general query on the interface that transitions to the forwarding state If IGMP snooping is enabled on a PIM enabled VLAN interface data packets using the router as an Layer 2 hop may be dropped To avoid this scenario Dell Networking recommends that users enable IGMP snooping on server facing en...

Page 357: ...lticast flooding Configure the switch to only forward unregistered packets to ports on a VLAN that are connected to mrouter ports CONFIGURATION mode no ip igmp snooping flood Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN use the following commands Statically specify a port in a VLAN as connected to a multicast router INTERFACE VLAN mode ip igmp...

Page 358: ...erier election Egress Interface Selection EIS for HTTP and IGMP Applications You can use the Egress Interface Selection EIS feature to isolate the management and front end port domains for HTTP and IGMP traffic Also EIS enables you to configure the responses to switch destined traffic by using the management port IP address as the source IP address This information is sent out of the switch throug...

Page 359: ...P 162 for SNMP Traps client 161 for SNMP MIB response server Supported NTP 123 Supported DNS 53 Supported FTP 20 21 Supported Supported Syslog 514 Supported Telnet 23 Supported Supported TFTP 69 Supported Radius 1812 1813 Supported Tacacs 49 Supported HTTP 80 for httpd 443 for secure httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application Supported If y...

Page 360: ...only if the management port is UP and management route is available If SSH request is received on the management port destined to the management port IP address the response to the request is sent out of the management port by performing a route lookup in the EIS routing table If the SSH request is received on the front end port destined for the front end IP address the response traffic is sent by...

Page 361: ...s incremented This counter is viewed using the show management application pkt cntr command This counter is cleared using clear management application pkt cntr command If the route lookup in the EIS routing table fails or if management port is down then packets are dropped The application specific count of the dropped packets is incremented and is viewed using the show management application pkt d...

Page 362: ...end users can access Dell Networking OS applications using either ip1 or ip2 Return traffic for such end user originated sessions destined to management port ip1 is handled using the EIS route lookup Handling of Transit Traffic Traffic Separation This is forwarded traffic where destination IP is not an IP address configured in the switch Packets received on the management port with destination on ...

Page 363: ...not originated from the switch and is not transiting the switch The switch accepts all traffic destined to the switch which is received on management or front end data port Response traffic with management port IP address as source IP address is handled in the same manner as switch originated traffic Switch Originated Traffic This phenomenon occurs where traffic is originating from the switch 1 Ma...

Page 364: ...fic is terminated on the switch Traffic has not originated from the switch and is not transiting the switch Switch destined traffic is applicable only for applications which act as server for the TCP session and also for ICMP based applications like ping and traceroute FTP SSH and Telnet are the applications that can function as servers for the TCP session EIS Behavior If source TCP or UDP port ma...

Page 365: ...ort a management default route is installed to the switch If management EIS is enabled this default route is added to the management EIS routing table and the default routing table ARP learn enable When ARP learn enable is enabled the switch learns ARP entries for ARP Request packets even if the packet is not destined to an IP configured in the box The ARP learn enable feature is not applicable to...

Page 366: ...nfiguration Interface Types View Basic Interface Information Enabling a Physical Interface Physical Interfaces Management Interfaces VLAN Interfaces Loopback Interfaces Null Interfaces Port Channel Interfaces Advanced Interface Configuration Bulk Configuration Defining Interface Range Macros Monitoring and Maintaining Interfaces Splitting QSFP Ports to SFP Ports Link Dampening Link Bundle Monitori...

Page 367: ...nel interface this command lists the interfaces configured in the port channel NOTE To end output from the system such as the output from the show interfaces command enter CTRL C and Dell Networking OS returns to the command prompt NOTE The CLI output may be incorrectly displayed as 0 zero for the Rx Tx power values To obtain the correct power information perform a simple network management protoc...

Page 368: ...itEthernet 1 1 unassigned NO Manual administratively down down TenGigabitEthernet 1 2 unassigned NO Manual administratively down down TenGigabitEthernet 1 3 unassigned YES Manual up up TenGigabitEthernet 1 4 unassigned YES Manual up up TenGigabitEthernet 1 5 unassigned YES Manual up up TenGigabitEthernet 1 6 10 10 10 1 YES Manual up up TenGigabitEthernet 1 7 unassigned NO Manual administratively d...

Page 369: ...gabitEthernet 1 5 no ip address shutdown All the applied configurations are removed and the interface is set to the factory default state Enabling a Physical Interface After determining the type of physical interfaces available to enable and configure the interfaces enter INTERFACE mode by using the interface interface command 1 Enter the keyword interface then the type of interface and slot port ...

Page 370: ...lly disabled and traffic does not pass through them The following section includes information about optional configurations for physical interfaces Overview of Layer Modes Configuring Layer 2 Data Link Mode Configuring Layer 2 Interface Mode Management Interfaces Auto Negotiation on Ethernet Interfaces Adjusting the Keepalive Timer Clearing Interface Counters Overview of Layer Modes On all system...

Page 371: ...rk Mode When you assign an IP address to a physical interface you place it in Layer 3 mode To enable Layer 3 mode on an individual interface use the following commands In all interface types except VLANs the shutdown command prevents all traffic from passing through the interface In VLANs the shutdown command prevents Layer 3 traffic from passing through the interface Layer 2 traffic is unaffected...

Page 372: ...own in View Basic Interface Information To view IP information on an interface in Layer 3 mode use the show ip interface command in EXEC Privilege mode Dell show ip int vlan 58 Vlan 58 is up line protocol is up Internet address is 1 1 49 1 24 Broadcast address is 1 1 49 255 Address determined by config file MTU is 1554 bytes Inbound access list is not set Proxy ARP is enabled Split Horizon is enab...

Page 373: ...erform an SNMP walk and check the debugging logs for the source and destination IPs the SNMP agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port You can use either method to connect to the system Configuring...

Page 374: ...Time since last interface status change 00 06 03 If there are two RPMs on the system configure each Management interface with a different IP address Unless you configure the management route command you can only access the Management interface from the local LAN To access the Management interface from another LAN configure the management route command to point to the Management interface Alternati...

Page 375: ...w int TenGigabitEthernet 1 1 TenGigabitEthernet 1 1 is up line protocol is up Description This is the Managment Interface Hardware is Force10Eth address is 00 01 e8 cc cc ce Current address is 00 01 e8 cc cc ce Pluggable media not present Interface index is 46449666 Internet address is 10 11 131 240 23 output omitted Dell show ip route Codes C connected S static R RIP B BGP IN internal BGP EX exte...

Page 376: ... secondary the IP address is the interface s backup IP address You can configure up to eight secondary IP addresses Example of a Configuration for a VLAN Participating in an OSPF Process interface Vlan 10 ip address 1 1 1 2 24 tagged TenGigabitEthernet 2 2 2 13 tagged TenGigabitEthernet 5 1 ip ospf authentication key force10 ip ospf cost 1 ip ospf dead interval 60 ip ospf hello interval 15 no shut...

Page 377: ...terfaces into one logical interface If one physical interface goes down in the port channel another physical interface carries the traffic Port Channel Benefits A port channel interface provides many benefits including easy management link redundancy and sharing Port channels are transparent to network configurations and can be modified and managed as one interface For example you configure one IP...

Page 378: ...aces must share a common speed When interfaces have a configured speed different from the port channel speed the software disables those interfaces The common speed is determined when the port channel is first enabled At that time the software checks the first interface listed in the port channel configuration If you enabled that interface its speed configuration becomes the common speed of the po...

Page 379: ...l Flow control can only be present on the physical interfaces if they are part of a port channel NOTE The system supports jumbo frames by default the default maximum transmission unit MTU is 1554 bytes To configure the MTU use the mtu command from INTERFACE mode To view the interface s configuration enter INTERFACE mode for that interface and use the show config command or from EXEC Privilege mode...

Page 380: ...he primary port replies to flooding and sends protocol data units PDUs An asterisk in the show interfaces port channel brief command indicates the primary port As soon as a physical interface is added to a port channel the properties of the port channel determine the properties of the physical interface The configuration and status of the port channel are also applied to the physical interfaces wi...

Page 381: ... be in oper up status to consider the port channel to be in oper up status To set the oper up status of your links use the following command Enter the number of links in a LAG that must be in oper up status INTERFACE mode minimum links number The default is 1 Example of Configuring the Minimum Oper Up Links in a Port Channel Dell config t Dell conf int po 1 Dell conf if po 1 minimum links 5 Dell c...

Page 382: ...3 Verify the manually configured VLAN membership show interfaces switchport interface command EXEC mode Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 switchport Dell conf if te 1 1 vlan tagged 2 5 100 4010 Dell show interfaces switchport te 1 1 Codes U Untagged T Tagged x Dot1x untagged X Dot1x tagged G GVRP tagged M Trunk H VSN tagged i Internal untagged I Internal tagged v VLT u...

Page 383: ...n Dell Networking OS allows you to modify the hashing algorithms used for flows and for fragments The load balance and hash algorithm commands are available for modifying the distribution algorithms Changing the Hash Algorithm The load balance command selects the hash criteria applied to port channels If you do not obtain even distribution with the load balance command you can use the hash algorit...

Page 384: ...terfaces appear in the order they were entered and are not sorted The show range command is available under Interface Range mode This command allows you to display all interfaces that have been validated under the interface range context The show configuration command is also available under Interface Range mode This command allows you to display the running configuration only for interfaces that ...

Page 385: ... Interface Range Prompt for Overlapping Port Ranges Dell conf interface range tengigabitethernet 2 1 2 11 gi 2 1 2 23 Dell conf if range te 2 1 23 Commas The following is an example of how to use commas to add different interface types to the range enabling TenGigabitEthernet interfaces in the range 5 1 to 5 23 and both Ten Gigabit Ethernet interfaces 1 1 and 1 2 Example of Adding Interface Ranges...

Page 386: ...rfaces Monitor interface statistics with the monitor interface command This command displays an ongoing list of the interface status up down number of packets traffic statistics and so on To view the interface s statistics use the following command View the interface s statistics EXEC Privilege mode Enter the type of interface and slot port subport information For a 10 Gigabit Ethernet interface e...

Page 387: ...of the signal that returns By examining the reflection TDR is able to indicate whether there is a cable fault when the cable is broken becomes unterminated or if a transceiver is unplugged TDR is useful for troubleshooting an interface that is not establishing a link that is when the link is flapping or not coming up TDR is not intended to be used on an interface that is passing traffic When a TDR...

Page 388: ...rt such as fo 1 4 into four 10G ports the 40G interface configuration is still available in the startup configuration when you save the running configuration by using the write memory command When a reload of the system occurs the 40G interface configuration is not applicable because the 40G ports are split into four 10G ports after the reload operation While the reload is in progress you might se...

Page 389: ...the QSA This constraint does not apply for QSFP to SFP conversions using the QSA Important Points to Remember Before using the QSA to convert a 40 Gigabit Ethernet port to a 10 Gigabit SFP or SFP port enable 40 G to 4 10 fan out mode on the device When you insert a QSA into a 40 Gigabit port you can use only the first 10 Gigabit port in the fan out mode to plug in SFP or SFP cables The remaining t...

Page 390: ...SFP 1 Serial ID Base Fields SFP 1 Id 0x0d SFP 1 Ext Id 0x00 SFP 1 Connector 0x23 Dell show interfaces tengigabitethernet 1 3 transceiver SFP 1 Serial ID Base Fields SFP 1 Id 0x0d SFP 1 Ext Id 0x00 SFP 1 Connector 0x23 Dell show interfaces tengigabitethernet 1 4 transceiver SFP 1 Serial ID Base Fields SFP 1 Id 0x0d SFP 1 Ext Id 0x00 SFP 1 Connector 0x23 SFP 1 Transceiver Code 0x08 0x00 0x00 0x00 0x...

Page 391: ...es You can configure link dampening on individual interfaces in a LAG Enabling Link Dampening To enable link dampening use the following command Enable link dampening INTERFACE mode dampening Examples of the show interfaces dampening Commands To view the link dampening configuration on an interface use the show config command R1 conf if te 1 1 show config interface TenGigabitEthernet 1 1 ip addres...

Page 392: ...MTU differently check their documentation when planning MTU sizes across a network The following table lists the range for each transmission media Transmission Media MTU Range in bytes Ethernet 594 12000 link MTU 576 9234 IP MTU Link Bundle Monitoring Monitoring linked LAG bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time A threshold of...

Page 393: ...s 802 3x pause frames on Ethernet interfaces The default is rx off tx off INTERFACE mode flowcontrol rx off on tx off on Where rx on Processes the received flow control frames on this port rx off Ignores the received flow control frames on this port tx on Sends control frames from this port to the connected device when a higher rate of traffic is received tx off Flow control frames are not sent fr...

Page 394: ...header For example for VLAN packets if the IP MTU is 1400 the Link MTU must be no less than 1422 1400 byte IP MTU 22 byte VLAN Tag 1422 byte link MTU The following table lists the various Layer 2 overheads found in Dell Networking OS and the number of bytes The following table lists the various Layer 2 overheads found in the Dell Networking OS and the number of bytes Table 42 Layer 2 Overhead Laye...

Page 395: ...must have the same setting and auto negotiation is the easiest way to accomplish that as long as the remote interface is capable of auto negotiation NOTE As a best practice Dell Networking recommends keeping auto negotiation enabled Only disable auto negotiation on switch ports that attach to devices not capable of supporting negotiation or where connectivity issues arise from interoperability iss...

Page 396: ...Auto Te 1 12 Down Auto Auto output omitted In the previous example several ports display Auto in the Speed field In the following example the speed of port 1 1 is set to 100Mb and then its auto negotiation is disabled Dell configure Dell config interface tengig 1 1 Dell conf if te 1 1 speed 100 Dell conf if te 1 1 duplex full Dell conf if te 1 1 no negotiation auto Dell conf if te 1 1 show config ...

Page 397: ... the configured keyword only interfaces that have non default configurations are displayed Dummy stack unit interfaces created with the stack unit command are treated like any other physical interface Examples of the show Commands The following example lists the possible show commands that have the configured keyword available Dell show interfaces configured Dell show interfaces stack unit 1 confi...

Page 398: ...Hardware is Force10Eth address is 00 01 e8 01 9e d9 Internet address is not set MTU 1554 bytes IP MTU 1500 bytes LineSpeed 10000 Mbit ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 1d23h44m Queueing strategy fifo 0 packets input 0 bytes Input 0 IP Packets 0 Vlans 0 MPLS 0 64 byte pkts 0 over 64 byte pkts 0 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 ...

Page 399: ...ter dependent applications are supported by Dell Networking OS Egress VLAN Ingress VLAN Next Hop 2 Next Hop 1 Egress ACLs ILM IP FLOW IP ACL IP FIB L2 ACL L2 FIB Clearing Interface Counters The counters in the show interfaces command are reset by the clear counters command This command does not clear the counters any SNMP program captures To clear the counters use the following the command Clear t...

Page 400: ...a number from 1 to 255 as the vrid OPTIONAL To clear unknown source address SA drop counters when you configure the MAC learning limit on the interface enter the keywords learning limit Example of the clear counters Command When you enter this command confirm that you want Dell Networking OS to clear the interface counters for that interface Dell clear counters te 1 1 Clear counters on TenGigabitE...

Page 401: ...rocessor you cannot enable IPSec on all packets in a communication session IPSec uses the following protocols Authentication Headers AH Disconnected integrity and origin authentication for IP packets Encapsulating Security Payload ESP Confidentiality authentication and data integrity for IP packets Security Associations SA Necessary algorithmic parameters for AH and ESP functionality IPSec support...

Page 402: ...28 0 a 2 128 23 match 1 tcp a 1 128 23 a 2 128 0 match 2 tcp a 1 128 0 a 2 128 21 match 3 tcp a 1 128 21 a 2 128 0 match 4 tcp 1 1 1 1 32 0 1 1 1 2 32 23 match 5 tcp 1 1 1 1 32 23 1 1 1 2 32 0 match 6 tcp 1 1 1 1 32 0 1 1 1 2 32 21 match 7 tcp 1 1 1 1 32 21 1 1 1 2 32 0 3 Apply the crypto policy to management traffic CONFIGURATION mode management crypto policy myCryptoPolicy 402 Internet Protocol ...

Page 403: ...ed as 10 214 87 131 For more information about IP addressing refer to RFC 791 Internet Protocol Implementation Information You can configure any IP address as a static route except IP addresses already assigned to interfaces NOTE Dell Networking OS supports 31 bit subnet masks 31 or 255 255 255 254 as defined by RFC 3021 This feature allows you to save two more IP addresses on point to point links...

Page 404: ...to 4094 2 Enable the interface INTERFACE mode no shutdown 3 Configure a primary IP address and mask on the interface INTERFACE mode ip address ip address mask secondary ip address mask the IP address must be in dotted decimal format A B C D The mask must be in slash prefix length format 24 secondary add the keyword secondary if the IP address is the interface s backup IP address You can configure ...

Page 405: ... 0 00 02 30 S 6 1 2 10 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 11 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 12 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 13 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 14 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 15 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 16 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 17 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 11 1 1 0 2...

Page 406: ...smitted packet is lower or equal to the MTU of the receiving device for it to obtain the packet without fragmentation If the ICMP message from the receiving device which is sent to the originating device contains the next hop MTU then the sending device lowers the packet size accordingly and resends the packet Otherwise the iterative method is followed until the packet can traverse without being f...

Page 407: ...a SYN flood attack that occurs on the device You can set the wait time to be 10 seconds or lower If the device does not contain any BGP connections with the BGP neighbors across WAN links you must set this interval to a higher value depending on the complexity of your network and the configuration attributes To configure the duration for which the device waits for the ACK packet to be sent from th...

Page 408: ...m OK IP 2 2 2 2 patch1 perm OK IP 192 68 69 2 tomm 3 perm OK IP 192 68 99 2 gxr perm OK IP 192 71 18 2 f00 3 perm OK IP 192 71 23 1 Dell To view the current configuration use the show running config resolve command Specifying the Local System Domain and a List of Domains If you enter a partial domain Dell Networking OS can search different domains to finish or fully qualify that partial domain A f...

Page 409: ...raceroute www force10networks com Translating www force10networks com domain server 10 11 0 1 OK Type Ctrl C to abort Tracing the route to www force10networks com 10 11 84 18 30 hops max 40 byte packets TTL Hostname Probe1 Probe2 Probe3 1 10 11 199 190 001 000 ms 001 000 ms 002 000 ms 2 gwegress sjc 02 force10networks com 10 11 30 126 005 000 ms 001 000 ms 001 000 ms 3 fw sjc 01 force10networks co...

Page 410: ...apping for an interface CONFIGURATION mode arp vrf vrf name ip address mac address interface vrf vrf name use the VRF option to configure a static ARP on that particular VRF ip address IP address in dotted decimal format A B C D mac address MAC address in nnnn nnnn nnnn format interface enter the interface type slot port information For 10G interfaces enter the slot port information Example of the...

Page 411: ... be forwarded during the period when deleted ARP entries are resolved again and re installed in CAM Use this option with extreme caution ARP Learning via Gratuitous ARP Gratuitous ARP can mean an ARP request or reply In the context of ARP learning via gratuitous ARP on Dell Networking OS the gratuitous ARP is a request A gratuitous ARP request is an ARP request that is not needed according to the ...

Page 412: ... of the request Configuring ARP Retries You can configure the number of ARP retries The default backoff interval remains at 20 seconds On the device the time between ARP resend is configurable This timer is an exponential backoff timer Over the specified period the time between ARP requests increases This time increase reduces the potential for the system to slow down while waiting for a multitude...

Page 413: ... To disable and re enable ICMP unreachable messages use the following commands To disable ICMP unreachable messages INTERFACE mode no ip unreachable Set Dell Networking OS to create and send ICMP unreachable messages on the interface INTERFACE mode ip unreachable To view if ICMP unreachable messages are sent on the interface use the show config command in INTERFACE mode If it is not listed in the ...

Page 414: ...interfaces and ports on which you enabled UDP helper use the show ip udp helper command from EXEC Privilege mode Dell show ip udp helper Port UDP port list te 1 1 1000 Configuring a Broadcast Address To configure a broadcast address use the following command Configure a broadcast address on an interface ip udp broadcast address Examples of Configuring and Viewing a Broadcast Address Dell conf if v...

Page 415: ...ot configure UDP helper address 2 If you enable UDP helper using the ip udp helper udp port command and the UDP destination port of the packet matches the UDP port configured the system changes the destination address to the configured broadcast 1 1 255 255 and routes the packet to VLANs 100 and 101 If you do not configure an IP broadcast address using the ip udp broadcast address command on VLANs...

Page 416: ...rding process is Layer 2 Figure 56 UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces In the following illustration Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 an...

Page 417: ... Te 5 3 Vlan 3 01 44 54 Pkt rcvd on Te 7 1 is handed over for DHCP processing When using the IP helper and UDP helper on the same interface use the debug ip dhcp command Example Output from the debug ip dhcp Command Packet 0 0 0 0 68 255 255 255 255 67 TTL 128 2005 11 05 11 59 35 RELAY I PACKET BOOTP REQUEST Unicast received at interface 172 21 50 193 BOOTP Request XID 0x9265f901 secs 0 hwaddr 00 ...

Page 418: ...e address format is extended from 32 bits to 128 bits This not only provides room for all anticipated needs it allows for the use of a hierarchical address space structure to optimize global addressing Stateless Autoconfiguration When a booting device comes up in IPv6 and asks for its network prefix the device can get the prefix or prefixes from an IPv6 router on its link It can then autoconfigure...

Page 419: ...essages NDP uses ICMPv6 redirect messages Type 137 to inform nodes that a better router exists on the link IPv6 Headers The IPv6 header has a fixed length of 40 bytes This fixed length provides 16 bytes each for source and destination information and 8 bytes for general header information The IPv6 header includes the following fields Version 4 bits Traffic Class 8 bits Flow Label 20 bits Payload L...

Page 420: ...lowing the IPv6 header IPv6 Payload Length only includes the data following the header not the header itself The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB However the Jumbogram option type Extension header supports larger packet sizes when required Next Header 8 bits The Next Header field identifies the next header s type If an Extension header is used this ...

Page 421: ...t group However if the Destination Address is a Hop by Hop options header the Extension header is examined by every forwarding router along the packet s route The Hop by Hop options header must immediately follow the IPv6 header and is noted by the value 0 zero in the Next Header field Extension headers are processed in the order in which they appear in the packet header Hop by Hop Options Header ...

Page 422: ...he size of which must be a power of two the initial bits of addresses which are identical for all hosts in the network are called the network s prefix A network is denoted by the first address in the network and the size in bits of the prefix in decimal separated with a slash Because a single host is seen as a network with a 128 bit prefix host addresses may be written with a following 128 For exa...

Page 423: ...asic Addressing IPv6 address types Unicast 9 7 0 1 Extended Address Space IPv6 neighbor discovery 9 7 0 1 IPv6 Neighbor Discovery IPv6 stateless autoconfiguration 9 7 0 1 Stateless Autoconfiguration IPv6 MTU path discovery 9 7 0 1 Path MTU Discovery IPv6 ICMPv6 9 7 0 1 ICMPv6 IPv6 ping 9 7 0 1 ICMPv6 IPv6 traceroute 9 7 0 1 ICMPv6 IPv6 SNMP 9 7 0 1 IPv6 Routing Static routing 9 7 0 1 Assigning a S...

Page 424: ...6 inbound Telnet 9 7 0 1 Configuring Telnet with IPv6 Control and Monitoring in the Dell Networking OS Command Line Reference Guide Secure Shell SSH client support over IPv6 outbound SSH Layer 3 only 9 7 0 1 Secure Shell SSH Over an IPv6 Transport Secure Shell SSH server support over IPv6 inbound SSH Layer 3 only 9 7 0 1 Secure Shell SSH Over an IPv6 Transport IPv6 Access Control Lists 9 7 0 1 IPv...

Page 425: ... Path MTU Discovery Process IPv6 Neighbor Discovery The IPv6 neighbor discovery protocol NDP is a top level protocol for neighbor discovery on an IPv6 network In place of address resolution protocol ARP NDP uses Neighbor Solicitation and Neighbor Advertisement ICMPv6 messages for determining relationships between neighboring nodes Using these messages an IPv6 device learns the link layer addresses...

Page 426: ...nt to the Host Displaying IPv6 RDNSS Information Configuring the IPv6 Recursive DNS Server You can configure up to four Recursive DNS Server RDNSS addresses to be distributed via IPv6 router advertisements to an IPv6 device using the ipv6 nd dns server ipv6 RDNSS address lifetime infinite command in INTERFACE CONFIG mode The lifetime parameter configures the amount of time the IPv6 host can use th...

Page 427: ...ing RA on Te 1 1 current hop limit 64 flags M O router lifetime 1800 sec reachable time 0 ms retransmit time 0 ms SLLA 00 01 e8 8b 75 70 prefix 1212 64 on link autoconfig valid lifetime 2592000 sec preferred lifetime 604800 sec dns server 1000 0001 lifetime 1 sec dns server 3000 0001 lifetime 1 sec dns server 2000 0001 lifetime 0 sec The last 3 lines indicate that the IPv6 RDNSS information was co...

Page 428: ... dns server 3000 1 1 ipv6 nd dns server 2000 1 0 no shutdown Secure Shell SSH Over an IPv6 Transport Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface For SSH configuration details refer to the Security chapter in the Dell Networking OS C...

Page 429: ... an Interface Essentially IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces You can use IPv6 and IPv4 together on a system but be sure to differentiate that usage carefully To assign an IPv6 address to an interface use the ipv6 address command You can configure up to two IPv6 addresses on management interfaces allowing required default router ...

Page 430: ...l interface enter the keyword null then the Null interface number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections You can establish a Telnet session directly to the router using an IPv6 Telnet client or you can initiate an IPv6 Telnet connection from the router NOTE Te...

Page 431: ...ter the keyword interface then the type of interface and slot port information For all brief summary of IPv6 status and configuration enter the keyword brief For all IPv6 configured interfaces enter the keyword configured For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE th...

Page 432: ...ll connected IPv6 routes enter connected To display information about brief summary of all IPv6 routes enter summary To display information about Border Gateway Protocol BGP routes enter bgp To display information about ISO IS IS routes enter isis To display information about Open Shortest Path First OSPF routes enter ospf To display information about Routing Information Protocol RIP enter rip To ...

Page 433: ...configuration for the specified interface EXEC mode show running config interface type slot port Enter the keyword interface then the type of interface and slot port information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For the Managem...

Page 434: ...ort POLICY LIST CONFIGURATION mode device role host router Use the keyword host to set the device role as host Use the keyword router to set the device role as router 5 Set the hop count limit POLICY LIST CONFIGURATION mode hop limit maximum minimum limit The hop limit range is from 0 to 254 6 Set the managed address configuration flag POLICY LIST CONFIGURATION mode managed config flag on off 7 En...

Page 435: ...value The retransmission time range is from 100 to 4 294 967 295 milliseconds 15 Display the configurations applied on the RA guard policy mode POLICY LIST CONFIGURATION mode show config Example of the show config Command Dell conf ra_guard_policy_list show config ipv6 nd ra guard policy test device role router hop limit maximum 251 mtu 1350 other config flag on reachable time 540 retrans timer 10...

Page 436: ...ra guard policy test ipv6 nd ra guard policy test device role router hop limit maximum 1 match ra ipv6 access list access other config flag on router preference maximum medium trusted port Interfaces Te 1 1 Dell Monitoring IPv6 RA Guard To debug IPv6 RA guard use the following command EXEC Privilege mode debug ipv6 nd ra guard interface slot port subport count value The count range is from 1 to 65...

Page 437: ...gh stacked and or non stacked Ethernet switches iSCSI session monitoring over virtual link trunking VLT synchronizes the iSCSI session information between the VLT peers allowing session information to be available in both the VLT peers You can enable or disable iSCSI when you configure VLT iSCSI optimization functions as follows Auto detection of EqualLogic storage arrays the switch detects any ac...

Page 438: ...n by default the switch identifies IP packets to or from these ports as iSCSI traffic You can configure the switch to monitor traffic for additional port numbers or a combination of port number and target IP address and you can remove the well known port numbers from monitoring Application of Quality of Service to iSCSI Traffic Flows You can configure iSCSI CoS mode This mode controls whether CoS ...

Page 439: ...S_EXCEEDED New iSCSI Session Ignored ISID 400001370000 InitiatorName iqn 1991 05 com microsoft dt brcd cna 2 TargetName iqn 2001 05 com equallogic 4 52aed6 b90d9446c 162466364804fa49 wj v1 TSIH 0 NOTE If you are using EqualLogic or Compellent storage arrays more than 256 simultaneous iSCSI sessions are possible However iSCSI session monitoring is not capable of monitoring more than 256 simultaneou...

Page 440: ...ion changes that are automatically performed STKUNIT0 M CP IFMGR 5 IFM_ISCSI_AUTO_CONFIG This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow control on all ports no storm control and spanning tree port fast to be enabled on the port of detection After you execute the iscsi profile com...

Page 441: ...detection You can reconfigure any of the auto provisioned configuration settings that result when you enable iSCSI on a switch When you disable the iSCSI feature iSCSI resources are released and the detection of EqualLogic arrays using LLDP is disabled Disabling iSCSI does not remove the MTU flow control portfast or storm control configuration applied as a result of enabling iSCSI NOTE By default ...

Page 442: ...n monitoring is disabled and this information the show iscsi command displays this information 2 For a non DCB environment Enable iSCSI CONFIGURATION mode iscsi enable 3 For a DCB environment Configure iSCSI Optimization EXEC Privilege mode iSCSI configuration copy CONFIG_TEMPLATE iSCSI_DCB_Config running config The configuration files are stored in the flash memory in the CONFIG_TEMPLATE file NOT...

Page 443: ...packet The default is iSCSI packets are handled with dotp1 priority 4 without remark disable disables the application of preferential QoS treatment to iSCSI frames dot1p vlan priority value specifies the virtual local area network VLAN priority tag assigned to incoming packets in an iSCSI session The range is from 0 to 7 The default is the dot1p value in ingress iSCSI frames is not changed and the...

Page 444: ...ing example shows the show iscsi command Dell show iscsi iSCSI is enabled iSCSI session monitoring is disabled iSCSI COS dot1p is 4 no remark Session aging time 10 Maximum number of connections is 256 iSCSI Targets and TCP Ports TCP Port Target IP Address 3260 860 The following example shows the show iscsi session command VLT PEER1 Dell show iscsi session Session 0 Target iqn 2001 05 com equallogi...

Page 445: ... 44 33345 10 10 0 101 3260 0 VLT PEER2 Session 0 Target iqn 2010 11 com ixia ixload iscsi TG1 Initiator iqn 2010 11 com ixia ixload initiator iscsi 2c Up Time 00 00 01 28 DD HH MM SS Time for aging out 00 00 09 34 DD HH MM SS ISID 806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10 10 0 53 33432 10 10 0 101 3260 0 iSCSI Optimization 445 ...

Page 446: ...advertise Level 2 routes to a Level 1 router To establish adjacencies each IS IS router sends different protocol data units PDU For IP traffic the IP addressing information is included in the IS IS hello PDUs and the link state PDUs LSPs This brief overview is not intended to provide a complete understanding of IS IS for that consult the documents listed in Multi Topology IS IS IS IS Addressing IS...

Page 447: ... All routers in the area or domain must use the same type of IPv6 support either single topology or multi topology A router operating in multi topology mode does not recognize the ability of the single topology mode router to support IPv6 traffic which leads to holes in the IPv6 topology While in Transition mode both types of TLVs single topology and multi topology are sent in LSPs for all configu...

Page 448: ... requests are generated This is the interval before the system sends a Restart Request an IIH with the RR bit set in Restart TLV until the complete sequence number PDU CSNP is received from the helping router You can set the duration to a specific amount of time seconds or a number of attempts The T2 timer is the maximum time that the system waits for LSP database synchronization This timer applie...

Page 449: ... Configuration Information To use IS IS you must configure and enable IS IS in two or three modes CONFIGURATION ROUTER ISIS CONFIGURATION INTERFACE and when configuring for IPv6 ADDRESS FAMILY mode Commands in ROUTER ISIS mode configure IS IS globally while commands executed in INTERFACE mode enable and configure IS IS features on that interface only Commands in the ADDRESS FAMILY mode are specifi...

Page 450: ...entity title NET for a routing process ROUTER ISIS mode net network entity title Specify the area address and system ID for an IS IS routing process The last byte must be 00 For more information about configuring a NET refer to IS IS Addressing 3 Enter the interface configuration mode CONFIGURATION mode interface interface Enter the keyword interface then the type of interface and slot port inform...

Page 451: ...EEE IS Type level 1 2 Manual area address es 47 0004 004d 0001 Routing for area address es 21 2223 2425 2627 2829 3031 3233 47 0004 004d 0001 Interfaces supported by IS IS Vlan 2 TenGigabitEthernet 4 22 Loopback 0 Redistributing Distance 115 Generate narrow metrics level 1 2 Accept narrow metrics level 1 2 Generate wide metrics none Accept wide metrics none Dell To view IS IS protocol statistics u...

Page 452: ... When you do not enable transition mode you do not have IPv6 connectivity between routers operating in single topology mode and routers operating in multi topology mode 2 Exclude this router from other router s SPF calculations ROUTER ISIS AF IPV6 mode set overload bit 3 Set the minimum interval between SPF calculations ROUTER ISIS AF IPV6 mode spf interval level l level 2 interval initial_wait_in...

Page 453: ...abase to synchronize ROUTER ISIS mode graceful restart t2 level 1 level 2 seconds level 1 level 2 identifies the database instance type to which the wait interval applies The range is from 5 to 120 seconds The default is 30 seconds Configure graceful restart timer T3 to set the time used by the restarting router as an overall maximum time to wait for database synchronization to complete ROUTER ISI...

Page 454: ... up line protocol is up MTU 1497 Encapsulation SAP Routing Protocol IS IS Circuit Type Level 1 2 Interface Index 0x62cc03a Local circuit ID 1 Level 1 Metric 10 Priority 64 Circuit ID 0000 0000 000B 01 Hello Interval 10 Hello Multiplier 3 CSNP Interval 10 Number of active level 1 adjacencies 1 Level 2 Metric 10 Priority 64 Circuit ID 0000 0000 000B 01 Hello Interval 10 Hello Multiplier 3 CSNP Inter...

Page 455: ...figuring the IS IS Metric Style All IS IS links or interfaces are associated with a cost that is used in the shortest path first SPF calculations The possible cost varies depending on the metric style supported If you configure narrow transition or narrow transition metric style the cost can be a number between 0 and 63 If you configure wide or wide transition metric style the cost can be a number...

Page 456: ...se the show isis protocol command in EXEC Privilege mode The IS IS matrixes settings are in bold Example of Viewing IS IS Metric Types Dell show isis protocol IS IS Router Null Tag System Id EEEE EEEE EEEE IS Type level 1 2 Manual area address es 47 0004 004d 0001 Routing for area address es 21 2223 2425 2627 2829 3031 3233 47 0004 004d 0001 Interfaces supported by IS IS Vlan 2 TenGigabitEthernet ...

Page 457: ...77215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 To view the interface s current metric use the show config command in INTERFACE mode or the show isis interface command in EXEC Privilege mode Configuring the Distance of a Route To configure the distance for a route use the following command Configure the distance for a route ROUTER ISIS mode distance ...

Page 458: ...S IS routing information ROUTER ISIS mode passive interface interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For a port channel interface enter the ke...

Page 459: ... IPv6 routes use the following commands NOTE These commands apply to IPv6 IS IS only To apply prefix lists to IPv4 routes use ROUTER ISIS mode previously shown Apply a configured prefix list to all incoming IPv6 IS IS routes ROUTER ISIS AF IPV6 mode distribute list prefix list name in interface Enter the type of interface and slot port subport information For a 10 Gigabit Ethernet interface enter ...

Page 460: ...l 1 2 or level 2 assign all redistributed routes to a level The default is level 2 metric value the range is from 0 to 16777215 The default is 0 metric type choose either external or internal The default is internal map name enter the name of a configured route map Include specific OSPF routes in IS IS ROUTER ISIS mode redistribute ospf process id level 1 level 1 2 level 2 metric value match exter...

Page 461: ...e the show running config isis command in EXEC Privilege mode To view the current IPv4 IS IS configuration use the show config command in ROUTER ISIS mode To view the current IPv6 IS IS configuration use the show config command in ROUTER ISIS ADDRESS FAMILY IPV6 mode Configuring Authentication Passwords You can assign an authentication password for routers in Level 1 and for routers in Level 2 Bec...

Page 462: ...ow isis database IS IS Level 1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL B233 00 00 0x00000003 0x07BF 1074 0 0 0 eljefe 00 00 0x0000000A 0xF963 1196 0 0 1 eljefe 01 00 0x00000001 0x68DF 1108 0 0 0 eljefe 02 00 0x00000001 0x2E7F 1099 0 0 0 Force10 00 00 0x00000002 0xD1A7 1088 0 0 0 IS IS Level 2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL ...

Page 463: ...w debugging command in EXEC Privilege mode To disable a specific debug command enter the keyword no then the debug command For example to disable debugging of IS IS updates use the no debug isis updates packets command To disable all IS IS debugging use the no debug isis command To disable all debugging use the undebug all command IS IS Metric Styles The following sections provide additional infor...

Page 464: ...ing Metric Style Final Metric Style Resulting IS IS Metric Value wide narrow default value 10 if the original value is greater than 63 A message is sent to the console wide transition truncated value the truncated value appears in the LSP only The original isis metric value is displayed in the show config and show running config commands and is used if you change back to transition metric style NO...

Page 465: ...rent results Table 48 Metric Value when the Metric Style Changes Multiple Times Beginning Metric Style Next Metric Style Resulting Metric Value Next Metric Style Final Metric Value wide transition truncated value wide original value is recovered wide transition transition truncated value wide transition original value is recovered wide transition truncated value narrow default value 10 A message i...

Page 466: ...make the necessary changes NOTE Whenever you make IS IS configuration changes clear the IS IS process re started using the clear isis command The clear isis command must include the tag for the ISIS process The following example shows the response from the router Dell clear isis ISIS not enabled Dell clear isis 9999 You can configure IPv6 IS IS routes in one of the following three different method...

Page 467: ... ipv6 address 24 3 1 76 ip router isis ipv6 router isis no shutdown Dell conf if te 3 17 Dell conf router_isis show config router isis metric style wide level 1 metric style wide level 2 net 34 0000 0000 AAAA 00 Dell conf router_isis Dell conf if te 3 17 show config interface TenGigabitEthernet 3 17 ipv6 address 24 3 1 76 ipv6 router isis no shutdown Dell conf if te 3 17 Dell conf router_isis show...

Page 468: ...hernet 3 17 ipv6 address 24 3 1 76 ipv6 router isis no shutdown Dell conf if te 3 17 Dell conf router_isis show config router isis net 34 0000 0000 AAAA 00 address family ipv6 unicast multi topology transition exit address family Dell conf router_isis 468 Intermediate System to Intermediate System ...

Page 469: ...ications LACP functions by constantly exchanging custom MAC protocol data units PDUs across local area network LAN Ethernet links The protocol packets are only exchanged between ports that are configured as LACP capable Important Points to Remember LACP allows you to add members to a port channel LAG as long as it has no static members Conversely if the LAG already contains a statically defined me...

Page 470: ...annel LAG with another port in Active state A port in Active state can set up a LAG with another port in Passive state A port in Passive state cannot set up a LAG with another port in Passive state Configuring LACP Commands If you configure aggregated ports with compatible LACP modes Off Active Passive LACP can automatically link them as defined in IEEE 802 3 Section 43 To configure LACP use the f...

Page 471: ...10 Dell conf if vl 10 tagged port channel 32 Configuring the LAG Interfaces as Dynamic After creating a LAG configure the dynamic LAG interfaces To configure the dynamic LAG interfaces use the following command Configure the dynamic LAG interfaces CONFIGURATION mode port channel protocol lacp Example of the port channel protocol lacp Command Dell conf interface TenGigabitethernet 3 15 Dell conf if...

Page 472: ...seconds CONFIG INT PO mode lacp long timeout Example of the lacp long timeout and show lacp Commands Dell conf interface port channel 32 Dell conf if po 32 no shutdown Dell conf if po 32 switchport Dell conf if po 32 lacp long timeout Dell conf if po 32 end Dell show lacp 32 Port channel 32 admin up oper up mode lacp Actor System ID Priority 32768 Address 0001 e800 a12b Partner System ID Priority ...

Page 473: ...king To achieve this functionality you must group LAG 1 and LAG 2 into a single entity called a failover group Configuring Shared LAG State Tracking To configure shared LAG state tracking you configure a failover group NOTE If a LAG interface is part of a redundant pair you cannot use it as a member of a failover group created for shared LAG state tracking 1 Enter port channel failover group mode ...

Page 474: ...ort channel is part of failover group 1 Internet address is not set MTU 1554 bytes IP MTU 1500 bytes LineSpeed 10000 Mbit Members in this channel Te 1 17 U ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 01 28 Queueing strategy fifo NOTE The set of console messages shown above appear only if you configure shared LAG state tracking on that router you can configure the...

Page 475: ...The following example inspects a LAG port configuration on ALPHA Alpha sh int TenGigabitEthernet 2 31 TenGigabitEthernet 2 31 is up line protocol is up Port is part of Port channel 10 Hardware is Force10Eth address is 00 01 e8 06 95 c0 Current address is 00 01 e8 06 95 c0 Interface Index is 109101113 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes IP MTU...

Page 476: ... byte pkts 0 over 1023 byte pkts 136 Multicasts 0 Broadcasts 0 Unicasts 0 Vlans 0 throttles 0 discarded 0 collisions 0 wreddrops Rate info interval 299 seconds Input 00 00 Mbits sec 0 packets sec 0 00 of line rate Output 00 00 Mbits sec 0 packets sec 0 00 of line rate Time since last interface status change 00 02 14 Figure 67 Inspecting the LAG Configuration 476 Link Aggregation Control Protocol L...

Page 477: ...Figure 68 Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol LACP 477 ...

Page 478: ...ha conf if te 2 31 port channel protocol lacp Alpha conf if te 2 31 lacp port channel 10 mode active Alpha conf if te 2 31 lacp no shut Alpha conf if te 2 31 show config interface GigabitEthernet 2 31 no ip address port channel protocol LACP port channel 10 mode active no shutdown Alpha conf if te 2 31 interface Port channel 10 no ip address switchport no shutdown interface TenGigabitEthernet 2 31...

Page 479: ...Bravo conf no ip address Bravo conf no switchport Bravo conf shutdown Bravo conf if te 3 21 port channel protocol lacp Bravo conf if te 3 21 lacp port channel 10 mode active Bravo conf if te 3 21 lacp no shut Bravo conf if te 3 21 end interface TenGigabitEthernet 3 21 no ip address port channel protocol LACP port channel 10 mode active no shutdown Bravo conf if te 3 21 end int port channel 10 no i...

Page 480: ...Figure 70 Inspecting a LAG Port on BRAVO Using the show interface Command 480 Link Aggregation Control Protocol LACP ...

Page 481: ...Figure 71 Inspecting LAG 10 Using the show interfaces port channel Command Link Aggregation Control Protocol LACP 481 ...

Page 482: ...ed on both synchronous and asynchronous lines and can operate in Half Duplex or Full Duplex mode It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection As its name implies it is for point to point connections between exactly two devices and assumes that frames are sent and received in the same order 482 Link Aggregatio...

Page 483: ...ied interface vlan deletes all entries for the specified VLAN Setting the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries which means that they are subject to aging For any dynamic entry if no packet arrives on the switch with the MAC address as the source or destination address within the timer period the address is removed from the table The defau...

Page 484: ...m a device with an unlearned MAC address This section describes the following Setting the MAC Learning Limit mac learning limit Dynamic mac learning limit mac address sticky mac learning limit station move Learning Limit Violation Actions Setting Station Move Violation Actions Recovering from Learning Limit and Station Move Violations Dell Networking OS Behavior When configuring the MAC learning l...

Page 485: ...n mac learning limit mac address sticky Using sticky MAC addresses allows you to associate a specific port with MAC addresses from trusted devices If you enable sticky MAC the specified port retains any dynamically learned addresses and prevents them from being transferred or learned on other ports If you configure mac learning limit and you enabled sticky MAC all dynamically learned addresses are...

Page 486: ...igabitEthernet 1 1 no ip address switchport mac learning limit 1 dynamic no station move mac learning limit station move violation log no shutdown Learning Limit Violation Actions To configure the system to take an action when the MAC learning limit is reached on an interface and a new address is received using one the following options with the mac learning limit command use the following command...

Page 487: ...using the shutdown command and then re enabling it using the no shutdown command Reset interfaces in the ERR_Disabled state caused by a learning limit violation or station move violation EXEC Privilege mode mac learning limit reset Reset interfaces in the ERR_Disabled state caused by a learning limit violation EXEC Privilege mode mac learning limit reset learn limit violation interface all Reset i...

Page 488: ... one port and reassociated with another port in the ARP table the no mac address table station move refresh arp command should not be configured on the Dell Networking switch at the time that NIC teaming is being configured on the server NOTE If you have configured the no mac address table station move refresh arp command traffic continues to be forwarded to the failed NIC until the ARP entry on t...

Page 489: ... pair by assigning a backup interface to a primary interface with the switchport backup interface command Initially the primary interface is active and transmits traffic and the backup interface remains down If the primary fails for any reason the backup transitions to an active Up state If the primary interface fails and later comes back up it remains as the backup interface for the redundant pai...

Page 490: ..._STBY Changed interface state to standby te 3 42 Example of Configuring Redundant Layer 2 Pairs Dell conf if range te 3 41 42 switchport backup interface TenGigabitEthernet 3 42 Dell conf if range te 3 41 42 show config interface TenGigabitEthernet 3 41 no ip address switchport switchport backup interface TenGigabitEthernet 3 42 no shutdown interface TenGigabitEthernet 3 42 no ip address switchpor...

Page 491: ...hannel 2 Standby Port channel 1 Active Dell Dell conf if po 1 switchport backup interface tengigabitethernet 1 2 Apr 9 00 16 29 STKUNIT0 M CP IFMGR 5 L2BKUP_WARN Do not run any Layer2 protocols on Po 1 and Te 1 2 Dell conf if po 1 Far End Failure Detection Far end failure detection FEFD is a protocol that senses remote data link errors in a network FEFD responds by sending a unidirectional report ...

Page 492: ... echoes are not received after three intervals the state changes to Err disabled You must manually reset all interfaces in the Err disabled state using the fefd reset interface command in EXEC privilege mode it can be done globally or one interface at a time before the FEFD enabled system can become operational again Table 50 State Change When Configuring FEFD Local Event Mode Local State Remote S...

Page 493: ... globally ON interval is 3 seconds mode is Normal INTERFACE MODE INTERVAL STATE second Te 1 1 Normal 3 Bi directional Te 1 2 Normal 3 Admin Shutdown Te 1 3 Normal 3 Admin Shutdown Te 1 4 Normal 3 Admin Shutdown Dell show run fefd fefd global mode normal fefd global interval 3 Enabling FEFD on an Interface To enable change or disable FEFD on an interface use the following commands Enable FEFD on a ...

Page 494: ...t transmission over the FEFD enabled connection EXEC Privilege mode debug fefd packets Examples of the debug fefd Commands Dell debug fefd events Dell config Dell conf int te 1 1 Dell conf if te 1 1 shutdown 2w1d22h RPM0 P CP IFMGR 5 ASTATE_DN Changed interface Admin state to down Te 1 1 Dell conf if te 1 1 2w1d22h FEFD state on Te 1 1 changed from ANY to Unknown 2w1d22h RPM0 P CP IFMGR 5 OSTATE_D...

Page 495: ...ational again 02 05 2009 12 40 38 Local7 Debug 10 16 151 12 Feb 5 07 06 09 RPM1 S CP RAM 6 FAILOVER_REQ RPM failover request from active peer User request 02 05 2009 12 40 38 Local7 Debug 10 16 151 12 Feb 5 07 06 19 RPM1 P CP IFMGR 5 OSTATE_UP Changed interface state to up Te 1 45 02 05 2009 12 40 38 Local7 Debug 10 16 151 12 Feb 5 07 06 19 RPM1 P CP FEFD 5 FEFD BIDIRECTION LINK DETECTED Interface...

Page 496: ...r the Length field Value The configuration information that the agent is advertising The chassis ID TLV is shown in the following illustration Figure 77 Type Length Value TLV Segment TLVs are encapsulated in a frame called an LLDP data unit LLDPDU shown in the following table which is transmitted from one LLDP enabled device to its LLDP enabled neighbors LLDP is a one way protocol LLDP enabled dev...

Page 497: ...gure 78 LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs management TLVs IEEE 802 1 and 802 3 organizationally specific TLVs and TIA 1057 organizationally specific TLVs Management TLVs A management TLV is an optional TLVs sub type This kind of TLV contains essential management information about the sender Organizationally Specific TLVs A professional organization or a...

Page 498: ...rrently support this TLV IEEE 802 1 Organizationally Specific TLVs 127 Port VLAN ID On Dell Networking systems indicates the untagged VLAN to which a port belongs 127 Port and Protocol VLAN ID On Dell Networking systems indicates the tagged VLAN to which a port belongs and the untagged VLAN to which a port belongs if the port is in Hybrid mode 127 Protocol Identity Indicates the protocols that the...

Page 499: ...int device and supports IEEE 802 1AB LLDP and TIA 1057 LLDP MED The Dell Networking system is an LLDP MED network connectivity device Regarding connected endpoint devices LLDP MED provides network connectivity devices with the ability to manage inventory manage Power over Ethernet PoE identify physical location identify network policy LLDP MED is designed for but not limited to VoIP endpoints TIA ...

Page 500: ...he device serial number of the LLDP MED device 127 9 Inventory Manufacturer Name Indicates the manufacturer of the LLDP MED device 127 10 Inventory Model Name Indicates the model of the LLDP MED device 127 11 Inventory Asset ID Indicates a user specified device number to manage inventory 127 12 255 Reserved LLDP MED Capabilities TLV The LLDP MED capabilities TLV communicates the types of TLVs that...

Page 501: ...ns LLDP MED network policies TLV include VLAN ID VLAN tagged or untagged status Layer 2 priority DSCP value An integer represents the application type the Type integer shown in the following table which indicates a device function for which a unique network policy is defined An individual LLDP MED network policy TLV is generated for each application type that you specify with the Dell Networking O...

Page 502: ...d power via MDI TLV enables advanced PoE management between LLDP MED endpoints and network connectivity devices Advertise the extended power via MDI on all ports that are connected to an 802 3af powered LLDP MED endpoint device Power Type there are two possible power types power source entity PSE or power device PD The Dell Networking system is a PSE which corresponds to a value of 0 based on the ...

Page 503: ...itless LLDP Compatibility Spanning tree and force10 ring protocol blocked ports allow LLDPDUs 802 1X controlled ports do not allow LLDPDUs until the connected device is authenticated CONFIGURATION versus INTERFACE Configurations All LLDP configuration commands are available in PROTOCOL LLDP mode which is a sub mode of the CONFIGURATION mode and INTERFACE mode Configurations made at the CONFIGURATI...

Page 504: ...d by default Enable and disable LLDP globally or per interface If you enable LLDP globally all UP interfaces send periodic LLDPDUs To enable LLDP use the following command 1 Enter Protocol LLDP mode CONFIGURATION or INTERFACE mode protocol lldp 2 Enable LLDP PROTOCOL LLDP mode no disable Disabling and Undoing LLDP To disable or undo LLDP use the following command Disable LLDP globally or for an in...

Page 505: ...gure an interface only the interface sends LLDPDUs with the specified TLVs If you configure LLDP both globally and at interface level the interface level configuration overrides the global configuration To advertise TLVs use the following commands 1 Enter LLDP mode CONFIGURATION or INTERFACE mode protocol lldp 2 Advertise one or more TLVs PROTOCOL LLDP mode advertise dcbx appln tlv dcbx tlv dot3 t...

Page 506: ... shows viewing an LLDP global configuration Dell conf protocol lldp Dell conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description hello 10 no disable Dell conf lldp Dell conf lldp exit Dell conf interface tengigabitethernet 1 31 Dell conf if te 1 31 show config interfa...

Page 507: ...Total Frames Out 6547 Total Frames In 4136 Total Neighbor information Age outs 0 Total Frames Discarded 0 Total In Error Frames 0 Total Unrecognized TLVs 0 Total TLVs Discarded 0 Next packet will be sent after 7 seconds The neighbors are given below Remote Chassis ID Subtype Mac address 4 Remote Chassis ID 00 01 e8 06 95 3e Remote Port Subtype Interface name 5 Remote Port ID TeGigabitEthernet 2 11...

Page 508: ...otocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description mode tx no disable R1 conf lldp no mode R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Configuring Transmi...

Page 509: ...ved from a neighbor expires after a specific amount of time measured in seconds called a time to live TTL The TTL is the product of the LLDPDU transmit interval hello and an integer called a multiplier The default multiplier is 4 which results in a default TTL of 120 seconds Adjust the TTL value CONFIGURATION mode or INTERFACE mode multiplier Return to the default multiplier value CONFIGURATION mo...

Page 510: ... is sending and receiving To view the TLVs use the following commands View a readable version of the TLVs debug lldp brief View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU debug lldp detail Figure 84 The debug lldp detail Command LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802 1AB MIB objects The following tables list...

Page 511: ...l Total number of times that a neighbor s information is deleted on the local system due to an rxInfoTTL timer expiration statsFramesDiscardedTotal lldpStatsRxPortFramesDiscardedTo tal Total number of LLDP frames received then discarded statsFramesInErrorsTotal lldpStatsRxPortFramesErrors Total number of LLDP frames received on a port with errors statsFramesInTotal lldpStatsRxPortFramesTotal Total...

Page 512: ...LocManAddrLen Remote lldpRemManAddrLen management address subtype Local lldpLocManAddrSubtype Remote lldpRemManAddrSubtype management address Local lldpLocManAddr Remote lldpRemManAddr interface numbering subtype Local lldpLocManAddrIfSubtype Remote lldpRemManAddrIfSubtyp e interface number Local lldpLocManAddrIfId Remote lldpRemManAddrIfId OID Local lldpLocManAddrOID Remote lldpRemManAddrOID Tabl...

Page 513: ...Type TLV Name TLV Variable System LLDP MED MIB Object 1 LLDP MED Capabilities LLDP MED Capabilities Local lldpXMedPortCapSupport ed lldpXMedPortConfigTLVsT x Enable Remote lldpXMedRemCapSupport ed lldpXMedRemConfigTLVs TxEnable LLDP MED Class Type Local lldpXMedLocDeviceClass Remote lldpXMedRemDeviceClass 2 Network Policy Application Type Local lldpXMedLocMediaPolicyA ppType Remote lldpXMedRemMedi...

Page 514: ...ta Local lldpXMedLocLocationInfo Remote lldpXMedRemLocationInfo 4 Extended Power via MDI Power Device Type Local lldpXMedLocXPoEDevice Type Remote lldpXMedRemXPoEDevice Type Power Source Local lldpXMedLocXPoEPSEPo werSource lldpXMedLocXPoEPDPow erSource Remote lldpXMedRemXPoEPSEP owerSource lldpXMedRemXPoEPDPo werSource Power Priority Local lldpXMedLocXPoEPDPow erPriority lldpXMedLocXPoEPSEPor tPD...

Page 515: ...TLV Sub Type TLV Name TLV Variable System LLDP MED MIB Object Remote lldpXMedRemXPoEPSEP owerAv lldpXMedRemXPoEPDPo werReq Link Layer Discovery Protocol LLDP 515 ...

Page 516: ...tatic ARP command After the NLB entry is learned the traffic forwards to all the servers in the VLAN corresponding to the cluster virtual IP address NLB Unicast Mode Scenario Consider a sample topology in which you configure four servers S1 through S4 as a cluster or a farm This set of servers connects to a Layer 3 switch which connects to the end clients The servers contain a single IP address IP...

Page 517: ...switch registers only the last received ARP reply and the switch learns one server s actual MAC address the virtual MAC address is never learned Because the virtual MAC address is never learned traffic is forwarded to only one server rather than the entire cluster and failover and balancing are not preserved To preserve failover and balancing the switch forwards the traffic destined for the server...

Page 518: ...r those packets that use these ARP entries Enabling a Switch for Multicast NLB To enable a switch for Multicast NLB mode perform the following steps 1 Add a static ARP entry by entering the arp ip address multicast mac address command in Global configuration mode to associate an IP address with a multicast MAC address in the switch INTERFACE mode arp ip address multicast mac address interface This...

Page 519: ...PIM register message from a source it sends a source active SA message to MSDP peers as shown in the following illustration 2 Each MSDP peer receives and forwards the message to its peers away from the originating RP 3 When an MSDP peer receives an SA message it determines if there are any group members within the domain interested in any of the advertised sources If there are the receiving RP sen...

Page 520: ... RP all the RPs are configured to be MSDP peers of each other When a source registers with one RP an SA message is sent to the other RPs informing them that there is an active source for a particular multicast group The result is that each RP is aware of the active sources in the area of the other RPs If any of the RPs fail IP routing converges and one of the RPs becomes the active RP in more than...

Page 521: ... Accept Source Active Messages that Fail the RFP Check Specifying Source Active Messages Limiting the Source Active Cache Preventing MSDP from Caching a Local Source Preventing MSDP from Caching a Remote Source Preventing MSDP from Advertising a Local Source Terminating a Peership Clearing Peer Statistics Debugging MSDP MSDP with Anycast RP MSDP Sample Configurations Multicast Source Discovery Pro...

Page 522: ...Figure 87 Configuring Interfaces for MSDP 522 Multicast Source Discovery Protocol MSDP ...

Page 523: ...Figure 88 Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol MSDP 523 ...

Page 524: ...Figure 89 Configuring PIM in Multiple Routing Domains 524 Multicast Source Discovery Protocol MSDP ...

Page 525: ...N mode ip multicast msdp 2 Peer PIM systems in different administrative domains CONFIGURATION mode ip msdp peer connect source Examples of Configuring and Viewing MSDP R3 conf ip multicast msdp R3 conf ip msdp peer 192 168 0 1 connect source Loopback 0 R3 conf do show ip msdp summary Multicast Source Discovery Protocol MSDP 525 ...

Page 526: ...g multiple copies of the same source information Viewing the Source Active Cache To view the source active cache use the following command View the SA cache EXEC Privilege mode show ip msdp sa cache Example of the show ip msdp sa cache Command R3 show ip msdp sa cache MSDP Source Active Cache 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239 0 0 1 10 11 4 2 192 168 0 1 192 168 0 ...

Page 527: ... which active sources are accepted even though they fail the RFP check Referring to the following illustrations In Scenario 1 all MSPD peers are up In Scenario 2 the peership between RP1 and RP2 is down but the link and routing protocols between them is still up In this case RP1 learns all active sources from RP3 but the sources from RP2 and RP4 are rejected because the reverse path to these route...

Page 528: ...Figure 91 MSDP Default Peer Scenario 1 528 Multicast Source Discovery Protocol MSDP ...

Page 529: ...Figure 92 MSDP Default Peer Scenario 2 Multicast Source Discovery Protocol MSDP 529 ...

Page 530: ...Figure 93 MSDP Default Peer Scenario 3 530 Multicast Source Discovery Protocol MSDP ...

Page 531: ...e peer accepts all sources that peer advertises All sources from RPs that the ACL denies are subject to the normal RPF check Example of the ip msdp default peer Command and Viewing Denied Sources Dell conf ip msdp peer 10 0 50 2 connect source Vlan 50 Dell conf ip msdp default peer 10 0 50 2 list fifty Dell conf ip access list standard fifty Dell conf seq 5 permit host 200 0 0 50 Dell ip msdp sa c...

Page 532: ...ation first clear the SA cache Preventing MSDP from Caching a Local Source You can prevent MSDP from caching an active source based on source and or group Because the source is not cached it is not advertised to remote RPs 1 OPTIONAL Cache sources that are denied by the redistribute list in the rejected SA cache CONFIGURATION mode ip msdp cache rejected sa 2 Prevent the system from caching local S...

Page 533: ... stored in the rejected SA cache Router 3 R3 conf do show run msdp ip multicast msdp ip msdp peer 192 168 0 1 connect source Loopback 0 ip msdp sa filter in 192 168 0 1 list myremotefilter R3 conf do show run acl ip access list extended myremotefilter seq 5 deny ip host 239 0 0 1 host 10 11 4 2 R3 conf do show ip msdp sa cache MSDP Source Active Cache 1 entries GroupAddr SourceAddr RPAddr LearnedF...

Page 534: ...f To display the configured SA filters for a peer use the show ip msdp peer command from EXEC Privilege mode Logging Changes in Peership States To log changes in peership states use the following command Log peership state changes CONFIGURATION mode ip msdp log adjacency changes Terminating a Peership MSDP uses TCP as its transport protocol In a peering relationship the peer with the lower IP addr...

Page 535: ...t 5 0 SAs learned from this peer 0 SA Filtering Input S G filter myremotefilter Output S G filter none R3 conf do clear ip msdp peer 192 168 0 1 R3 conf do show ip msdp peer Peer Addr 192 168 0 1 Local Addr 0 0 0 0 0 Connect Source Lo 0 State Inactive Up Down Time 00 00 04 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 0 0 SAs learned from this peer 0 SA Filtering Input ...

Page 536: ... because preemptive load balancing requires prior knowledge of traffic distributions lack of scalable register decasulation With only a single RP per group all joins are sent to that RP regardless of the topological distance between the RP sources and receivers and data is transmitted to the RP until the SPT switch threshold is reached slow convergence when an active RP fails When you configure mu...

Page 537: ...NFIGURATION mode interface loopback 2 Make this address the RP for the group CONFIGURATION mode ip pim rp address 3 In each routing domain that has multiple RPs serving a group create another Loopback interface on each RP serving the group with a unique IP address CONFIGURATION mode interface loopback 4 Peer each RP with every other RP using MSDP specifying the unique Loopback address as the conne...

Page 538: ... Address Used in SA Messages The default originator id is the address of the RP that created the message In the case of Anycast RP there are multiple RPs all with the same address To use the unique address of another interface as the originator id use the following command Use the address of another interface as the originator id instead of the RP address CONFIGURATION mode ip msdp originator id E...

Page 539: ...nterface Loopback 0 ip pim sparse mode ip address 192 168 0 1 32 no shutdown interface Loopback 1 ip address 192 168 0 22 32 no shutdown router ospf 1 network 10 11 1 0 24 area 0 network 10 11 4 0 24 area 0 network 192 168 0 22 32 area 0 redistribute static redistribute connected redistribute bgp 100 router bgp 100 redistribute ospf 1 neighbor 192 168 0 3 remote as 200 neighbor 192 168 0 3 ebgp mu...

Page 540: ...68 0 22 connect source Loopback 0 ip msdp sa filter out 192 168 0 22 ip route 192 168 0 1 32 10 11 0 23 ip route 192 168 0 22 32 10 11 0 23 ip pim rp address 192 168 0 3 group address 224 0 0 0 4 ip multicast routing interface GigabitEthernet 3 21 ip pim sparse mode ip address 10 11 0 32 24 no shutdown interface GigabitEthernet 3 41 ip pim sparse mode ip address 10 11 6 34 24 no shutdown interface...

Page 541: ... interface TenGigabitEthernet 1 1 ip pim sparse mode ip address 10 11 3 1 24 no shutdown interface TenGigabitEthernet 1 2 ip address 10 11 2 1 24 no shutdown interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 1 12 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 1 32 no shutdown router ospf 1 network 10 11 2 0 24 area 0 network 10 11 1 0 24 area 0 netw...

Page 542: ...address 10 11 0 32 24 no shutdown interface TenGigabitEthernet 3 41 ip pim sparse mode ip address 10 11 6 34 24 no shutdown interface ManagementEthernet 1 1 ip address 10 11 80 3 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 3 32 no shutdown router ospf 1 network 10 11 6 0 24 area 0 network 192 168 0 3 32 area 0 redistribute static redistribute connected redistribute ...

Page 543: ...Ethernet 4 31 ip pim sparse mode ip address 10 11 6 43 24 no shutdown interface Loopback 0 ip address 192 168 0 4 32 no shutdown router ospf 1 network 10 11 5 0 24 area 0 network 10 11 6 0 24 area 0 network 192 168 0 4 32 area 0 ip pim rp address 192 168 0 3 group address 224 0 0 0 4 Multicast Source Discovery Protocol MSDP 543 ...

Page 544: ...spanning tree plus PVST MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances In contrast PVST allows a spanning tree instance for each VLAN This 1 1 approach is not suitable if you have many VLANs because each spanning tree instance costs bandwidth and processing resources In the following illus...

Page 545: ...re 64 MSTIs including the default instance 0 CIST Configure Multiple Spanning Tree Protocol Configuring multiple spanning tree is a four step process 1 Configure interfaces for Layer 2 2 Place the interfaces in VLANs 3 Enable the multiple spanning tree protocol 4 Create multiple spanning tree instances and map VLANs to them Related Configuration Tasks The following are the related configuration ta...

Page 546: ...ing Interfaces To add and remove interfaces use the following commands To add an interface to the MSTP topology configure it for Layer 2 and add it to a VLAN If you previously disabled MSTP on the interface using the no spanning tree 0 command to enable MSTP use the following command spanning tree 0 To remove an interface from the MSTP topology use the no spanning tree 0 command Creating Multiple ...

Page 547: ...g Port path cost 20000 Port priority 128 Port Identifier 128 374 Designated root has priority 32768 address 0001 e806 953e Designated bridge has priority 32768 address 0001 e806 953e Designated port id is 128 374 designated path cost 20000 Number of transitions to forwarding state 1 BPDU MRecords sent 93671 received 46843 The port is not in the Edge port mode Port 384 TenGigabitEthernet 1 31 is al...

Page 548: ...l Revision is a 2 byte number The default revision number OS is 0 VLAN to instance mapping is the placement of a VLAN in an MSTI For a bridge to be in the same MSTP region as another all three of these qualities must match exactly The default values for the name and revision number must match on all Dell Networking OS devices If there are non Dell devices that participate in MSTP ensure these valu...

Page 549: ...at only experienced network administrators change MSTP parameters Poorly planned modification of MSTP parameters can negatively affect network performance To change the MSTP parameters use the following commands on the root bridge 1 Change the forward delay parameter PROTOCOL MSTP mode forward delay seconds The range is from 4 to 30 The default is 15 seconds 2 Change the hello time parameter PROTO...

Page 550: ... is selected to be a forwarding port in case that several ports have the same port cost The following lists the default values for port cost by interface Table 62 Default Values for Port Costs by Interface Port Cost Default Value 100 Mb s Ethernet interfaces 200000 1 Gigabit Ethernet interfaces 20000 10 Gigabit Ethernet interfaces 2000 Port Channel with 100 Mb s Ethernet interfaces 180000 Port Cha...

Page 551: ...e the new member port is also disabled in the hardware When you remove a physical port from a port channel in the Error Disable state the error disabled state is cleared on this physical port the physical port is enabled in the hardware The reset linecard command does not clear the Error Disabled state of the port or the Hardware Disabled state The interface continues to be disabled in the hardwar...

Page 552: ...he following steps 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs 2 Assign Layer 2 interfaces to the MSTP topology 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs Step 1 protocol spanning tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 Step 2 interface TenGigabitEthernet 1 21 no ip address switchport...

Page 553: ...enGigabitEthernet 2 11 no ip address switchport no shutdown interface TenGigabitEthernet 2 31 no ip address switchport no shutdown Step 3 interface Vlan 100 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown Router 3 Running Configur...

Page 554: ...t the region name and revision map MSTP instances to the VLANs 2 Assign Layer 2 interfaces to the MSTP topology 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs Step 1 spanning tree spanning tree configuration name Tahiti spanning tree configuration revision 123 spanning tree MSTi instance 1 spanning tree MSTi vlan 1 100 spanning tree MSTi instance 2 spanning tree MSTi vlan 2 20...

Page 555: ...ey items to look for in the debug report include MSTP flags indicate communication received from the same region As shown in the following the MSTP routers are located in the same region Does the debug log indicate that packets are coming from a Different Region If so one of the key parameters is not matching MSTP Region Name and Revision The configured name and revisions must be identical among a...

Page 556: ... Len 96 Name Tahiti Rev 123 MSTP region name and revision Int Root Path Cost 0 Rem Hops 19 Bridge Id 32768 0001 e8d5 cbbd 4w0d4h INST 1 MSTP Instance Flags 0x78 Reg Root 32768 0001 e806 953e Int Root Cost 0 Brg Port Prio 32768 128 Rem Hops 19 INST 2 MSTP Instance Flags 0x78 Reg Root 32768 0001 e806 953e Int Root Cost 0 Brg Port Prio 32768 128 Rem Hops 19 Indicates MSTP routers are in the single re...

Page 557: ...ta traffic with certain MAC addresses to the CPU in addition to control traffic As the upper 5 bits of an IP Multicast address are dropped in the translation 32 different multicast group IDs all map to the same Ethernet address For example 224 0 0 5 is a known IP address for open shortest path first OSPF that maps to the multicast MAC address 01 00 5e 00 00 05 However 225 0 0 5 226 0 0 5 and so on...

Page 558: ...pted In this case increase the limit by at least 10 for IGMP and MLD to resume If the limit is decreased after it is reached Dell Networking OS does not clear the existing sessions Entries are cleared after a timeout you may also clear entries using the clear ip mroute command NOTE Dell Networking OS waits at least 30 seconds between stopping and starting IGMP join processing You may experience th...

Page 559: ...orking OS clears the multicast routing table and re learns all groups even those not covered by the rules in the access list because there is an implicit deny all rule at the end of all access lists Therefore configuring an IGMP join request filter in this order might result in data loss If you must enter the ip igmp access group command before creating the access list prevent Dell Networking OS f...

Page 560: ...e 63 Preventing a Host from Joining a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 no shutdown 1 31 Interface TenGigabitEthernet 1 31 ip pim sparse mode ip address 10 11 13 1 24 no shutdown 2 1 Interface TenGigabitEthernet 2 1 ip pim sparse mode 560 Multicast Features ...

Page 561: ...21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode ip address 10 11 3 1 24 untagged TenGigabitEthernet 1 1 no shutdown Receiver 2 Interface VLAN 400 ip pim sparse mode ip address 10 11 4 1 24 untagged TenGigabitEthernet 1 2 ip igmp access group igmpjoinfilR2G2 no shutdown Preventing a PIM Router from Forming...

Page 562: ...the following example Source 1 and Source 2 are both transmitting packets for groups 239 0 0 1 and 239 0 0 2 R3 has a PIM register filter that only permits packets destined for group 239 0 0 2 An entry is created for group 239 0 0 1 in the routing table but no outgoing interfaces are listed R2 has no filter so it is allowed to forward both groups As a result Receiver 1 receives only one transmissi...

Page 563: ... 11 12 2 24 no shutdown 2 31 Interface TenGigabitEthernet 2 31 ip pim sparse mode ip address 10 11 23 1 24 no shutdown 3 1 Interface TenGigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown...

Page 564: ...d PIM DR of the source Excessive traffic is generated when the join process from the RP back to the source is blocked due to a new source group being permitted in the join filter This results in the new source becoming stuck in registering on the DR and the continuous generation of UDP encapsulated registration messages between the DR and RP routers which are being sent to the CPU Prevent the PIM ...

Page 565: ...ou can configure client applications such as VRRP to receive a notification when the state of a tracked object changes The following example shows how object tracking is performed Router A and Router B are both connected to the internet via interfaces running OSPF Both routers belong to a VRRP group with a virtual router at 10 0 0 1 on the local area network LAN side Neither Router A nor Router B ...

Page 566: ... as port channels or virtual local area networks VLANs the link protocol status is considered to be UP if any physical interface under the logical interface is UP Track Layer 3 Interfaces You can create an object that tracks the Layer 3 state IPv4 or IPv6 routing status of an interface The Layer 3 status of an interface is UP only if the Layer 2 status of the interface is UP and the interface has ...

Page 567: ... threshold or the route is not entered in the routing table the state of a route is DOWN The UP and DOWN thresholds are user configurable for each tracked route The default UP threshold is 254 the default DOWN threshold is 255 The notification of a change in the state of a tracked object is sent when a metric value crosses a configured threshold The tracking process uses a protocol specific resolu...

Page 568: ... Guide Tracking a Layer 2 Interface You can create an object that tracks the line protocol state of a Layer 2 interface and monitors its operational status UP or DOWN You can track the status of any of the following Layer 2 interfaces 1 Gigabit Ethernet Enter gigabitethernet slot port in the track interface interface command see Step 1 10 Gigabit Ethernet Enter tengigabitethernet slot port Port ch...

Page 569: ...rface ip routing command The status of an IPv4 interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address The Layer 3 status of an IPv4 interface goes DOWN when its Layer 2 status goes down for a Layer 3 VLAN all VLAN ports must be down or the IP address is removed from the routing table For an IPv6 interface a routing object only tracks the UP DOWN ...

Page 570: ...e reachability or metric of an IPv4 or IPv6 route You specify the route to be tracked by its address and prefix length values Optionally for an IPv4 route you can enter a VRF instance name if the route is part of a VPN routing and forwarding VRF table The next hop address is not part of the definition of a tracked IPv4 IPv6 route In order for an route s reachability or metric to be tracked the rou...

Page 571: ...range from 0 to 255 The resolution value is user configurable and calculates the scaled metric by dividing a route s cost by the resolution value set for the route type For ISIS you can set the resolution in the range from 1 to 1000 where the default is 10 For OSPF you can set the resolution in the range from 1 to 1592 where the default is 1 The resolution value used to map static routes is not co...

Page 572: ...e configures object tracking on the reachability of an IPv6 route Dell conf track 105 ipv6 route 1234 64 reachability Dell conf track 105 delay down 5 Dell conf track 105 description Headquarters Dell conf track 105 end Dell show track 105 Track 105 IPv6 route 1234 64 reachability Description Headquarters Reachability is Down route not in route table 2 changes last change 00 03 03 Tracking a Metri...

Page 573: ...wn number The default UP threshold is 254 The routing state is UP if the scaled route metric is less than or equal to the UP threshold The defult DOWN threshold is 255 The routing state is DOWN if the scaled route metric is greater than or equal to the DOWN threshold 6 Optional Display the tracking configuration EXEC Privilege mode show track object id 7 Example of IPv4 and IPv6 Tracking Metric Th...

Page 574: ...figured on the router show running config track object id Examples of Viewing Tracked Objects Dell show track Track 1 IP route 23 0 0 0 8 reachability Reachability is Down route not in route table 2 changes last change 00 16 08 Tracked by Track 2 IPv6 route 2040 64 metric threshold Metric threshold is Up STATIC 0 0 5 changes last change 00 02 16 Metric threshold down 255 up 254 First hop interface...

Page 575: ... interface is TenGigabitEthernet 1 4 Example of Viewing Object Tracking Configuration Dell show running config track track 1 ip route 23 0 0 0 8 reachability track 2 ipv6 route 2040 64 metric threshold delay down 3 delay up 5 threshold metric up 200 track 3 ipv6 route 2050 64 reachability track 4 interface TenGigabitEthernet 1 4 ip routing track 5 ip route 192 168 0 0 24 reachability vrf red Objec...

Page 576: ... router within the AS areas establish adjacencies If two routers on the same subnet agree to become neighbors through the HELLO process they begin to exchange network topology information in the form of LSAs In OSPFv2 neighbors on broadcast and NBMA links are identified by their interface addresses while neighbors on other types of links are identified by RID Autonomous System AS Areas OSPF operat...

Page 577: ...The backbone is the only area with a default area number All other areas can have their Area ID assigned in the configuration In the previous example Routers A B C G H and I are the Backbone A stub area SA does not receive external route information except for the default route These areas do receive information from inter area IA routes NOTE Configure all routers within an assigned stub area as s...

Page 578: ...pes are attributes of the OSPF process A given physical router may be a part of one or more OSPF processes For example a router connected to more than one area receiving routing from a border gateway protocol BGP process connected to another AS acts as both an area border router and an autonomous system router Each router has a unique ID written in decimal format A B C D You do not have to associa...

Page 579: ...Within an AS an area border router ABR connects one or more areas to the backbone The ABR keeps a copy of the link state database for every area it connects to so it may keep multiple copies of the link state database An ABR takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to An ABR can connect to many areas in ...

Page 580: ...ment LSA communicates the router s local routing topology to all other local routers in the same area The LSA types supported by Dell Networking are defined as follows Type 1 Router LSA The router lists links to other routers or networks in the same area Type 1 LSAs are flooded across their own area only The link state ID of the Type 1 LSA is the originating router ID Type 2 Network LSA The DR in ...

Page 581: ...ed the system the system continues to transmit at the max interval until twice the max interval time has passed At that point the system reverts to the start interval timer and the cycle begins again When you configure the LSA throttle timers syslog messages appear indicating the interval times as shown below for the transmit timer 45000ms and arrival timer 1000ms Mar 15 09 46 00 STKUNIT0 M CP OSP...

Page 582: ...on 9 7 0 0 and later support OSPFv3 in VRF Also on OSPFv3 Dell Networking OS supports only one OSPFv3 process per VRF OSPFv2 and OSPFv3 can co exist but you must configure them individually Dell Networking OS supports stub areas totally stub no summary and not so stubby areas NSSAs and supports the following LSAs as described earlier Router type 1 Network type 2 Network Summary type 3 AS Boundary ...

Page 583: ...s notifying its neighbors that the restart is complete This notification happens before the grace period expires Dell Networking routers support the following OSPF graceful restart functionality Restarting role in which an enabled router performs its own graceful restart Helper role in which the router s graceful restart function is to help a restarting neighbor router in its graceful restarts Hel...

Page 584: ...g SNMP Traps Only the process in default vrf can process the SNMP requests and send SNMP traps NOTE SNMP gets request corresponding to the OspfNbrOption field in the OspfNbrTable returns a value of 66 OSPF ACK Packing The OSPF ACK packing feature bundles multiple LS acknowledgements in a single packet significantly reducing the number of ACK packets transmitted when the number of LSAs increases Th...

Page 585: ... are not installed in the Route Table Manager RTM as non active routes OSPF features and functions are assigned to each router using the CONFIG INTERFACE commands for each interface NOTE By default OSPF is disabled Configuration Task List for OSPFv2 OSPF for IPv4 You can perform the following tasks to configure Open Shortest Path First version 2 OSPF for IPv4 on the switch Two of the tasks are man...

Page 586: ...e ip address ip address mask The format is A B C D M If you are using a Loopback interface refer to Loopback Interfaces 2 Enable the interface CONFIG INTERFACE mode no shutdown 3 Return to CONFIGURATION mode to enable the OSPFv2 process globally CONFIGURATION mode router ospf process id vrf vrf name vrf name enter the keyword VRF and the instance name to tie the OSPF instance to the VRF All networ...

Page 587: ...rea 0 This is the backbone area If your OSPF network contains more than one area configure a backbone area Area ID 0 0 0 0 Any area besides Area 0 can have any number ID assigned to it The OSPFv2 process evaluates the network commands in the order they are configured Assign the network address that is most explicit first to include all subnets of that address For example if you assign the network ...

Page 588: ... a network on which OSPF is enabled To view currently active interfaces and the areas assigned to them use the show ip ospf interface command Example of Viewing Active Interfaces and Assigned Areas Dell show ip ospf 1 interface TenGigabitEthernet 1 17 is up line protocol is up Internet Address 10 2 2 1 24 Area 0 0 0 0 Process ID 1 Router ID 11 1 2 1 Network Type BROADCAST Cost 1 Transmit Delay is ...

Page 589: ...tached Stub area routers use the default route to reach external destinations To ensure connectivity in your OSPFv2 network never configure the backbone area as a stub area To configure a stub area use the following commands 1 Review all areas after they were configured to determine which areas are NOT receiving type 5 LSAs EXEC Privilege mode show ip ospf process id vrf database database summary ...

Page 590: ... passive interface vlan 2222 The keyword default sets all interfaces on this OSPF process as passive To remove the passive interface from select interfaces use the no passive interface interface command while passive interface default is configured To enable both receiving and sending routing updates use the no passive interface interface command Example of Viewing Passive Interfaces When you conf...

Page 591: ...ort Examples of the fast converge Command In the following examples Convergence Level shows the fast converge parameter setting and Min LSA origination shows the LSA parameters shown in bold Dell conf router_ospf 1 fast converge 2 Dell conf router_ospf 1 ex Dell conf ex Dell show ip ospf 1 Routing Process ospf 1 with ID 192 168 67 2 Supports only single TOS TOS0 routes SPF schedule delay 5 secs Ho...

Page 592: ...ead of the key CONFIG INTERFACE mode ip ospf message digest key keyid md5 key keyid the range is from 1 to 255 Key a character string NOTE Be sure to write down or otherwise record the key You cannot learn the key after it is configured You must be careful when changing this key NOTE You can configure a maximum of six digest keys on an interface Of the available six digest keys the switches select...

Page 593: ... Neighbor Count is 0 Adjacent neighbor count is 0 Dell Enabling OSPFv2 Authentication To enable or change various OSPF authentication parameters use the following commands Set a clear text authentication scheme on the interface CONFIG INTERFACE mode ip ospf authentication key key Configure a key that is a text string no longer than eight characters All neighboring routers must share password to ex...

Page 594: ...ed restart OSPF sends out a Grace LSA before the system switches over to the secondary RPM OSPF also is notified that a planned restart is happening Unplanned only the OSPFv2 router supports graceful restart for only unplanned restarts During an unplanned restart OSPF sends out a Grace LSA after the secondary RPM comes online By default OSPFv2 supports both planned and unplanned restarts Selecting...

Page 595: ...on CONFIG PREFIX LIST mode seq sequence number deny permit ip prefix ge min prefix length le max prefix length The optional parameters are ge min prefix length is the minimum prefix length to match from 0 to 32 le max prefix length is the maximum prefix length to match from 0 to 32 For configuration information about prefix lists refer to Access Control Lists ACLs Applying Prefix Lists To apply pr...

Page 596: ...ibute list dilling in Dell conf router_ospf Troubleshooting OSPFv2 Use the information in this section to troubleshoot OSPFv2 operation on the switch Be sure to check the following as these questions represent typical issues that interrupt an OSPFv2 process NOTE The following tasks are not a comprehensive they provide some examples of typical troubleshooting checks Have you enabled OSPF globally I...

Page 597: ...ent view OSPF event messages packet view OSPF packet information spf view SPF information database timers rate limit view the LSAs currently in the queue Example of Viewing OSPF Configuration Dell show run ospf router ospf 4 router id 4 4 4 4 network 4 4 4 0 28 area 1 ipv6 router ospf 999 default information originate always router id 10 10 10 10 Dell Sample Configurations for OSPFv2 The following...

Page 598: ...168 100 100 24 no shutdown OSPF Area 0 Te 3 1 and 3 2 router ospf 33333 network 192 168 100 0 24 area 0 network 10 0 13 0 24 area 0 network 10 0 23 0 24 area 0 interface Loopback 30 ip address 192 168 100 100 24 no shutdown interface TenGigabitEthernet 3 1 ip address 10 1 13 3 24 no shutdown interface TenGigabitEthernet 3 2 ip address 10 2 13 3 24 no shutdown OSPF Area 0 Te 2 1 and 2 2 router ospf...

Page 599: ...the network area command to enable OSPF on an interface NOTE The OSPFv2 network area command enables OSPF on multiple interfaces with the single command Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3 All IPv6 addresses on an interface are included in the OSPFv3 process that is created on the interface Enable OSPFv3 for IPv6 by specifying an OSPF process ID and an area in ...

Page 600: ...n the network area command to enable OSPFv2 on an interface NOTE The OSPFv2 network area command enables OSPFv2 on multiple interfaces with the single command Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3 Assign the OSPFv3 process and an OSPFv3 area to this interface CONF INT type slot port mode ipv6 ospf process id area area id process id the process ID number assigned ...

Page 601: ...areas use the following command Configure the area as a stub area CONF IPV6 ROUTER OSPF mode area area id stub no summary no summary use these keywords to prevent transmission in to the area of summary ASBR LSAs Area ID a number or IP address assigned when creating the area You can represent the area ID as a number from 0 to 65536 if you assign a dotted decimal format rather than an IP address Con...

Page 602: ...ute map map name enter a name of a configured route map tag tag value The range is from 0 to 4294967295 Configuring a Default Route To generate a default external route into the OSPFv3 routing domain configure the following parameters To specify the information for the default route use the following command Specify the information for the default route CONF IPV6 ROUTER OSPF mode default informati...

Page 603: ...r planned restarts A planned restart is when you manually enter a redundancy force failover rpm command to force the primary RPM over to the secondary RPM During a planned restart OSPFv3 sends out a Grace LSA before the system switches over to the secondary RPM OSPFv3 is notified that a planned restart is happening Unplanned only the OSPFv3 router supports graceful restart only for unplanned resta...

Page 604: ...S Bdr Rtr Status 1 AS Scope LSA Count 0 AS Scope LSA Cksum sum 0 Originate New LSAS 73 Rx New LSAS 114085 Ext LSA Count 0 Rte Max Eq Cost Paths 5 GR grace period 180 GR mode planned and unplanned Area 0 database summary Type Count Status Brd Rtr Count 2 AS Bdr Rtr Count 2 LSA count 12010 Summary LSAs 1 Rtr LSA Count 4 Net LSA Count 3 Inter Area Pfx LSA Count 12000 Inter Area Rtr LSA Count 0 Group ...

Page 605: ...lated IP header in Tunnel mode However Tunnel mode is not supported in Dell Networking OS For detailed information about the IP ESP protocol refer to RFC 4303 In OSPFv3 communication IPsec provides security services between a pair of communicating hosts or security gateways using either AH or ESP In an authentication policy on an interface or in an OSPF area AH and ESP are used alone in an encrypt...

Page 606: ... an OSPFv3 interface first enable IPv6 unicast routing globally configure an IPv6 address and enable OSPFv3 on the interface and assign it to an area refer to Configuration Task List for OSPFv3 OSPF for IPv6 The SPI value must be unique to one IPsec security policy authentication or encryption on the router Configure the same authentication policy the same SPI and key on each OSPFv3 interface in a...

Page 607: ... The valid values are 0 key is not encrypted or 7 key is encrypted authentication algorithm specifies the encryption authentication algorithm to use The valid values are MD5 or SHA1 key specifies the text string used in authentication All neighboring OSPFv3 routers must share key to exchange information For MD5 authentication the key must be 32 hex digits non encrypted or 64 hex digits encrypted F...

Page 608: ...ng the area encryption command you enable both IPsec encryption and authentication However when you enable authentication on an area using the area authentication command you do not enable encryption at the same time If you have enabled IPsec authentication in an OSPFv3 area using the area authentication command you cannot use the area encryption command in the area at the same time The configurat...

Page 609: ...where interface is one of the following values For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 409...

Page 610: ...to ipsec sa ipv6 Interface TenGigabitEthernet 1 1 Link Local address fe80 201 e8ff fe40 4d10 IPSecv6 policy name OSPFv3 1 500 inbound ah sas spi 500 0x1f4 transform ah md5 hmac in use settings Transport replay detection support N STATUS ACTIVE outbound ah sas spi 500 0x1f4 transform ah md5 hmac in use settings Transport replay detection support N STATUS ACTIVE inbound esp sas outbound esp sas Inte...

Page 611: ...show ipv6 neighbors show virtual links show ipv6 routes Viewing Summary Information To get general route configuration links status and debug information use the following commands View the summary information of the IPv6 routes EXEC Privilege mode show ipv6 route summary View the summary information for the OSPFv3 database EXEC Privilege mode show ipv6 ospf database View the configuration of OSPF...

Page 612: ...mmand on each interface that runs OSPFv3 All IPv6 addresses on an interface are included in the OSPFv3 process that is created on the interface Enable OSPFv3 for IPv6 by specifying an OSPF process ID and an area in INTERFACE mode If you have not created an OSPFv3 process it is created automatically All IPv6 addresses configured on the interface are included in the specified OSPF process NOTE IPv6 ...

Page 613: ...erface To assign the OSPFv3 process to an interface use the following command The ipv6 ospf area command enables OSPFv3 on an interface and places the interface in the specified area Additionally the command creates the OSPFv3 process with ID on the router OSPFv2 requires two commands to accomplish the same tasks the router ospf command to create the OSPF process then the network area command to e...

Page 614: ...de ipv6 router ospf process ID The process ID range is from 0 to 65535 Assign the router ID for this OSPFv3 process CONF IPV6 ROUTER OSPF mode router id number number the IPv4 address The format is A B C D NOTE Enter the router id for an OSPFv3 router as an IPv4 IP address Disable OSPF CONFIGURATION mode no ipv6 router ospf process id Reset the OSPFv3 process EXEC Privilege mode clear ipv6 ospf pr...

Page 615: ...istributing Routes You can add routes from other routing instances or protocols to the OSPFv3 process With the redistribute command you can include RIP static or directly connected routes in the OSPF process Route redistribution is also supported between OSPF Routing process IDs To add redistributing routes use the following command Specify which routes are redistributed into the OSPF process CONF...

Page 616: ...in the graceful restart of a neighbor NOTE Enter the ipv6 ospf graceful restart helper reject command in Interface configuration mode Enable OSPFv3 graceful restart globally by setting the grace period in seconds CONF IPV6 ROUTER OSPF mode graceful restart grace period seconds The valid values are from 40 to 1800 seconds Configure an OSPFv3 interface to not act on the Grace LSAs that it receives f...

Page 617: ...v6 router ospf 1 log adjacency changes graceful restart grace period 180 The following example shows the show ipv6 ospf database database summary command Dell show ipv6 ospf database database summary OSPFv3 Router with ID 200 1 1 1 Process ID 1 Process 1 database summary Type Count Status Oper Status 1 Admin Status 1 Area Bdr Rtr Status 0 AS Bdr Rtr Status 1 AS Scope LSA Count 0 AS Scope LSA Cksum...

Page 618: ...protocol refer to RFC 4302 ESP encapsulating security payload encapsulates data enabling the protection of data that follows in the datagram ESP provides authentication and confidentiality of every packet The ESP extension header is designed to provide a combination of security services for both IPv4 and IPv6 Insert the ESP header after the IP header and before the next layer protocol header in Tr...

Page 619: ...ecurity policy at an interface or area level specify 7 for key encryption type when you enter the ipv6 ospf authentication ipsec or ipv6 ospf encryption ipsec command To configure an IPsec security policy for authenticating or encrypting OSPFv3 packets on a physical port channel or VLAN interface or OSPFv3 area perform any of the following tasks Configuring IPsec Authentication on an Interface Con...

Page 620: ...n null ipsec spi number esp encryption algorithm key encryption type key authentication algorithm key authentication type key null causes an encryption policy configured for the area to not be inherited on the interface ipsec spi number is the security policy index SPI value The range is from 256 to 4294967295 esp encryption algorithm specifies the encryption algorithm used with ESP The valid valu...

Page 621: ...formation For MD5 authentication the key must be 32 hex digits non encrypted or 64 hex digits encrypted For SHA 1 authentication the key must be 40 hex digits non encrypted or 80 hex digits encrypted Remove an IPSec authentication policy from an OSPFv3 area no area area id authentication ipsec spi number Display the configuration of IPSec authentication policies on the router show crypto ipsec pol...

Page 622: ... area no area area id encryption ipsec spi number Display the configuration of IPsec encryption policies on the router show crypto ipsec policy Displaying OSPFv3 IPsec Security Policies To display the configuration of IPsec authentication and encryption policies use the following commands Display the AH and ESP parameters configured in IPsec security policies including the SPI number key and algor...

Page 623: ...5fb5 Outbound ESP Auth Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97eb7c0c30808825fb5 Inbound ESP Cipher Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Outbound ESP Cipher Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set esp 128 aes esp sha1 hmac The following example shows the show crypto ipsec sa ipv6 command Dell show...

Page 624: ...tabase Did you include the OSPF routes in the routing table not just the OSPF database Some useful troubleshooting commands are show ipv6 interfaces show ipv6 protocols debug ipv6 ospf events and or packets show ipv6 neighbors show virtual links show ipv6 routes Viewing Summary Information To get general route configuration links status and debug information use the following commands View the sum...

Page 625: ...he keyword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Open Shortest Path First OSPFv2 and OSPFv3 625 ...

Page 626: ...n packets using ICMP In these situations you can a configure switch route packet according to a policy applied to interfaces When the packet comes from this source and wants to go to that destination then route it to this next hop or onto that specific interface This permits routing over different links or towards different networks even while the destination is the same but depending on where the...

Page 627: ...ers which have multiple devices as the next hop primarily indirect next hops and or Tunnel Interfaces in this case It allows you to backup Indirect Next hop with another choose the specific Indirect Next hop and or Tunnel Interface which is available by sending ICMP pings to verify reach ability and or check the Tunnel Interface UP or DOWN status and then route traffic out to that next hop and or ...

Page 628: ...er sequence number as shown below ip redirect list rcl0 seq 10 permit ip host 3 3 3 3 any seq 15 redirect 2 2 2 2 ip any any Create a Redirect List To create a redirect list use the following commands Create a redirect list by entering the list name CONFIGURATION mode ip redirect list redirect list name redirect list name 16 characters To delete the redirect list use the no ip redirect list comman...

Page 629: ...Dell conf redirect list redirect 3 3 3 3 0 255 An IP protocol number icmp Internet Control Message Protocol ip Any Internet Protocol tcp Transmission Control Protocol udp User Datagram Protocol Dell conf redirect list redirect 3 3 3 3 ip A B C D Source address any Any source host host A single source host Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 Mask A B C D or nn Mask in dotted decim...

Page 630: ... command in the list with a different route is used Apply a Redirect list to an Interface using a Redirect group IP redirect lists are supported on physical interfaces as well as virtual local area network VLAN and port channel interfaces NOTE When you apply a redirect list on a port channel when traffic is redirected to the next hop and the destination port channel is shut down the traffic is dro...

Page 631: ... format x x x x The contiguous mask displays in x format Dell show ip redirect list explicit_tunnel IP redirect list explicit_tunnel Defined as seq 5 redirect tunnel 1 track 1 tcp 155 55 2 0 24 222 22 2 0 24 Track 1 up Next hop reachable via Te 1 32 seq 10 redirect tunnel 1 track 1 tcp any any Track 1 up Next hop reachable via Te 1 32 seq 15 redirect tunnel 2 udp 155 55 0 0 16 host 144 144 144 144...

Page 632: ...IP 0x0 0 0 200 200 200 200 200 200 200 200 199 199 199 199 199 199 199 199 N A NA 06081 0 N A TCP 0x10 0 40 234 234 234 234 255 234 234 234 222 222 222 222 24 00 00 00 00 00 09 8 1 Sample Configuration The following configuration is an example for setting up a PBR These are not comprehensive directions They are intended to give you a some guidance with typical configurations You can copy and paste...

Page 633: ...Policy based Routing PBR 633 ...

Page 634: ...ezvous point RP to the receivers After a receiver receives traffic from the RP PM SM switches to SPT to forward multicast traffic Every multicast group has an RP and a unidirectional shared tree group specific shared tree Requesting Multicast Traffic A host requesting multicast traffic for a particular group sends an Internet group management protocol IGMP Join message to its gateway router The ga...

Page 635: ...ssage was received as an outgoing interface thus recreating a SPT to the source 3 After the RP starts receiving multicast traffic via the S G it unicasts a Register Stop message to the first hop DR so that multicast packets are no longer encapsulated in PIM Register packets and unicast After receiving the first multicast packet from a particular source the last hop DR sends a PIM Join message to t...

Page 636: ...S 1 30 1 165 87 31 201 NOTE You can influence the selection of the Rendezvous Point by enabling PIM Sparse mode on a Loopback interface and assigning a low IP address To display PIM neighbors for each interface use the show ip pim neighbor command EXEC Privilege mode Dell show ip pim neighbor Neighbor Interface Uptime Expires Ver DR Address Prio Mode 127 87 5 5 Te 1 11 01 44 59 00 01 16 v2 1 S 127...

Page 637: ...for a specific S G entry as shown in the following example CONFIGURATION mode ip pim sparse mode sg expiry timer seconds sg list access list name The range is from 211 to 86 400 seconds The default is 210 Example Configuring an S G Expiry Time NOTE The expiry time configuration is nullified and the default global expiry time is used if an ACL is specified in the ip pim sparse mode sg expiry timer ...

Page 638: ...the Rendezvous Point Multicast Group Information To display the assigned RP for a group use the show ip pim rp command from EXEC privilege mode Dell show ip pim rp Group RP 225 0 1 40 165 87 50 5 226 1 1 1 165 87 50 5 To display the assigned RP for a group range group to RP mapping use the show ip pim rp mapping command in EXEC privilege mode Dell show ip pim rp mapping PIM Group to RP Mappings Gr...

Page 639: ...ary defined by PIM multicast border routers PMBRs PMBRs connect each PIM domain to the rest of the Internet Create multicast boundaries and domains by filtering inbound and outbound bootstrap router BSR messages per interface The following command is applied to the subsequent inbound and outbound updates Timeout removes existing BSR advertisements Create multicast boundaries and domains by filteri...

Page 640: ... multiple applications use the same address receivers receive unwanted traffic However global multicast address space is limited Currently GLOP EGLOP is used to statically assign Internet routable multicast addresses but each autonomous system number yields only 255 multicast addresses For short term applications an address could be leased but no global dynamic multicast address allocation scheme ...

Page 641: ...s for a group it continues to create G entries because there is an implicit deny for unspecified groups in the ACL When you remove the mapping configuration Dell Networking OS removes the corresponding S G states that it created and re establishes the original G states You may enter multiple ssm map commands for different access lists You may also enter multiple ssm map commands for the same acces...

Page 642: ...Interface TenGigabitEthernet 0 10 Group 225 1 1 1 Uptime 00 03 01 Expires 00 02 09 Router mode INCLUDE Last reporter 165 87 34 100 Group source list Source address Expires 165 87 32 21 Never R1 conf do show run pim ip pim rp address 10 11 12 2 group address 224 0 0 0 4 ip pim ssm range ssm R1 conf do show run acl ip access list standard map seq 5 permit host 239 0 0 2 ip access list standard ssm s...

Page 643: ...reporter mode IGMPv2 Last report received Join Group source list Source address Uptime Expires 10 11 5 2 00 00 01 Never Interface Vlan 400 Group 239 0 0 1 Uptime 00 00 05 Expires Never Router mode INCLUDE Last reporter 10 11 4 2 Last reporter mode INCLUDE Last report received ALLOW Group source list Source address Uptime Expires 10 11 5 2 00 00 05 00 02 04 Member Ports Te 1 2 PIM Source Specific M...

Page 644: ...e on the same switch In general a monitoring port should have no ip address and no shutdown as the only configuration Dell Networking OS permits a limited set of commands for monitoring ports You can display these commands using the command A monitoring port also may not be a member of a VLAN There may only be one destination port MG in a monitoring session Source port MD can be monitored by more ...

Page 645: ...30 Te 1 16 Te 2 7 rx interface Port based 300 Te 1 17 Te 1 1 tx interface Port based Dell conf mon sess 300 Example of Configuring Another Monitoring Session with a Previously Used Destination Port Dell conf mon ses 300 Dell conf mon sess 300 source TenGig 1 17 destination TenGig 1 4 direction tx Error Exceeding max MG ports for this MD port pipe Dell conf mon sess 300 Dell conf mon sess 300 sourc...

Page 646: ...even after an MD participating in spanning tree protocol STP transitions from the forwarding to blocking Configuring Port Monitoring To configure port monitoring use the following commands 1 Verify that the intended monitoring port has no configuration other than no shutdown as shown in the following example EXEC Privilege mode show interface 2 Create a monitoring session using the command monitor...

Page 647: ... Te 1 1 Te 1 2 rx Port N A N A 0 Po 10 Te 1 2 rx Port N A N A 1 Vl 40 Te 1 3 rx Flow N A N A NOTE Source as VLAN is achieved via Flow based mirroring Please refer section Enabling Flow Based Monitoring In the following example the host and server are exchanging traffic which passes through the uplink interface 1 1 Port 1 1 is the monitored port and port 1 42 is the destination port which is config...

Page 648: ...p access list Refer to Access Control Lists ACLs 3 Apply the ACL to the monitored port INTERFACE mode ip access group access list Example of the flow based enable Command To view an access list that you applied to an interface use the show ip accounting access list command from EXEC Privilege mode Dell conf monitor session 0 Dell conf mon sess 0 flow based enable Dell conf ip access list ext testf...

Page 649: ...d switched on a user defined non routable L2 VLAN The VLAN is reserved in the network to carry only mirrored traffic which is forwarded on all egress ports of the VLAN Each intermediate switch that participates in the transport of mirrored traffic must be configured with the reserved L2 VLAN Remote port monitoring supports mirroring sessions in which multiple source and destination ports are distr...

Page 650: ... to use remote port mirroring A remote port mirroring session mirrors monitored traffic by prefixing the reserved VLAN tag to monitored packets so that they are copied to the reserve VLAN Mirrored traffic is transported across the network using 802 1Q in 802 1Q tunneling The source address destination address and original VLAN ID of the mirrored packet are preserved with the tagged VLAN header Unt...

Page 651: ...ximum number of destination sessions supported on a switch 64 Maximum number ports supported in a destination session 64 You can configure any port as a destination port You can configure additional destination ports in an active session You can tunnel the mirrored traffic from multiple remote port source sessions to the same destination port By default destination port sends the mirror traffic to...

Page 652: ...le Remote Port Mirroring Remote port mirroring requires a source session monitored ports on different source switches a reserved tagged VLAN for transporting mirrored traffic configured on source intermediate and destination switches and a destination session destination ports connected to analyzers on destination switches Table 65 Configuration Steps for RPM Step Command Purpose 1 configure termi...

Page 653: ...onf if vl 100 exit Dell conf inte te 1 30 Dell conf if te 1 30 no shutdown Dell conf if te 1 30 switchport Dell conf if te 1 30 exit Dell conf interface vlan 30 Dell conf if vl 30 mode remote port mirroring Dell conf if vl 30 tagged te 1 30 Dell conf if vl 30 exit Dell conf interface port channel 10 Dell conf if po 10 channel member te 1 28 29 Dell conf if po 10 no shutdown Dell conf if po 10 exit...

Page 654: ... 2 exit Dell conf monitor session 3 type rpm Dell conf mon sess 3 source remote vlan 30 destination te 1 6 Dell conf mon sess 3 tagged destination te 1 6 Dell conf mon sess 3 end Dell Dell show monitor session SessID Source Destination Dir Mode Source IP Dest IP 1 remote vlan 10 Te 1 4 N A N A N A N A 2 remote vlan 20 Te 1 5 N A N A N A N A 3 remote vlan 30 Te 1 6 N A N A N A N A Dell Configuring ...

Page 655: ...system encapsulates the complete ingress or egress data under GRE header IP header and outer MAC header and sends it out at the next hop interface as pointed by the routing table The keyword flow based enable should have been specified in case of source as vlan or where monitoring on a per flow basis is desired The keyword monitor should have been specified in the access list rules for which we ne...

Page 656: ...Dell conf mon sess 0 source tengigabitethernet 1 9 direction rx Dell conf mon sess 0 source port channel 1 direction tx Dell conf mon sess 0 erpm source ip 1 1 1 1 dest ip 7 1 1 2 Dell conf mon sess 0 no disable Dell conf monitor session 1 type erpm Dell conf mon sess 1 source vlan 11 direction rx Dell conf mon sess 1 erpm source ip 5 1 1 1 dest ip 3 1 1 2 Dell conf mon sess 1 flow based enable De...

Page 657: ...sulation of ERPM packets at the Destination IP Analyzer In order to achieve the decapsulation of the original payload from the ERPM header The below two methods are suggested a Using Network Analyzer Install any well known Network Packet Analyzer tool which is open source and free to download Start capture of ERPM packets on the Sniffer and save it to the trace file for example erpmwithheader pcap...

Page 658: ...s available for download at the following location http en community dell com techcenter networking m force10_networking_scripts 20438882 aspx Unzip the erpm zip and copy the erpm py file to the Linux server Run the python script using the following command python erpm py i ingress interface o egress interface erpm py This is the script downloaded from the script store Ingress interface Specify th...

Page 659: ...ictly separated in customer specific groups A set of servers owned by a customer could comprise a community VLAN so that those servers could communicate with each other and would be isolated from other customers Another customer might have another set of servers in another community VLAN Another customer might want an isolated VLAN which has one or more ports that are also isolated from each other...

Page 660: ...LAN Each of the port types can be any type of physical Ethernet port including port channels LAGs For more information about port channels refer to Port Channel Interfaces in the Interfaces chapter For an introduction to VLANs refer to Layer 2 Using the Private VLAN Commands To use the PVLAN feature use the following commands Enable disable Layer 3 communication between secondary VLANs INTERFACE V...

Page 661: ...ry VLAN Creating a Community VLAN Creating an Isolated VLAN Creating PVLAN ports PVLAN ports are ports that will be assigned to the PVLAN 1 Access INTERFACE mode for the port that you want to assign to a PVLAN CONFIGURATION mode interface interface 2 Enable the port INTERFACE mode no shutdown 3 Set the port in Layer 2 mode INTERFACE mode switchport 4 Select the PVLAN mode INTERFACE mode switchport...

Page 662: ...AN mode for the VLAN to which you want to assign the PVLAN interfaces CONFIGURATION mode interface vlan vlan id 2 Enable the VLAN INTERFACE VLAN mode no shutdown 3 Set the PVLAN mode of the selected VLAN to primary INTERFACE VLAN mode private vlan mode primary 4 Map secondary VLANs to the selected primary VLAN INTERFACE VLAN mode private vlan mapping secondary vlan vlan list The list of secondary ...

Page 663: ...e of the selected VLAN to community INTERFACE VLAN mode private vlan mode community 4 Add one or more host ports to the VLAN INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format either comma delimited slot port port port or hyphenated slot port port You can only add host isolated ports to the VLAN Creating an Isolated VLAN An isolated VL...

Page 664: ...d in VLAN INTERFACE mode to configure the PVLAN member VLANs primary community and isolated VLANs Dell conf Dell conf interface vlan 10 Dell conf vlan 10 private vlan mode primary Dell conf vlan 10 private vlan mapping secondary vlan 100 101 Dell conf vlan 10 untagged Te 2 1 Dell conf vlan 10 tagged Te 2 3 Dell conf interface vlan 101 Dell conf vlan 101 private vlan mode community Dell conf vlan 1...

Page 665: ...ity VLAN 4002 The result is that The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000 All the ports in the secondary VLANs both community and isol...

Page 666: ...s of the running config from the S50V switch in the topology diagram previously shown Display the type and status of the configured PVLAN interfaces show interfaces private vlan interface interface This command is specific to the PVLAN feature For more information refer to the Security chapter in the Dell Networking OS Command Line Reference Guide Display the configured PVLANs or interfaces that a...

Page 667: ... T Te 1 21 The following example shows viewing a private VLAN configuration interface TenGigabitEthernet 1 3 no ip address switchport switchport mode private vlan promiscuous no shutdown interface TenGigabitEthernet 1 4 no ip address switchport switchport mode private vlan host no shutdown interface TenGigabitEthernet 1 5 no ip address switchport switchport mode private vlan host no shutdown inter...

Page 668: ...u to configure a separate spanning tree instance for each virtual local area network VLAN For more information about spanning tree refer to the Spanning Tree Protocol STP chapter Figure 110 Per VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree as shown in the following table Table 67 Spanning Tree Variations Dell Networking OS Supports Dell Networking Term ...

Page 669: ...ess 1 Configure interfaces for Layer 2 2 Place the interfaces in VLANs 3 Enable PVST 4 Optionally for load balancing select a nondefault bridge priority for a VLAN Related Configuration Tasks Modifying Global PVST Parameters Modifying Interface PVST Parameters Configuring an EdgePort Flush MAC Addresses after a Topology Change Prevent Network Disruptions with BPDU Guard Enabling SNMP Traps for Roo...

Page 670: ...ble vlan 100 bridge priority 4096 Influencing PVST Root Selection As shown in the previous per VLAN spanning tree illustration all VLANs use the same forwarding topology because R2 is elected the root and all TenGigabitEthernet ports have the same cost The following per VLAN spanning tree illustration changes the bridge priority of each bridge so that a different forwarding topology is generated f...

Page 671: ...h cost 20000 Port priority 128 Port Identifier 128 375 Designated root has priority 4096 address 0001 e80d b6 d6 Designated bridge has priority 4096 address 0001 e80d b6 d6 Designated port id is 128 375 designated path cost 0 Number of transitions to forwarding state 2 BPDU sent 1159 received 632 The port is not in the Edge port mode Port 385 TenGigabitEthernet 1 32 is designated Forwarding Port p...

Page 672: ...luences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost The following tables lists the default values for port cost by interface Table 68 Default Values for Port Cost Port Cost Default Value 100 Mb s Ethernet interfaces 200000 1 Gigabit Ethernet interfaces 20000 10 Gigabit Ethernet interfaces 2000 Port Channel with 100 Mb s Ethernet...

Page 673: ...terface is given in the output of the show spanning tree pvst command as previously shown Dell Networking OS Behavior Regarding the bpduguard shutdown on violation command behavior If the interface to be shut down is a port channel all the member ports are disabled in the hardware When you add a physical port to a port channel already in an Error Disable state the new member port is also disabled ...

Page 674: ...n a Forwarding state use extend system ID Extend system ID augments the bridge ID with a VLAN ID to differentiate BPDUs on each VLAN so that PVST does not detect a loop and both ports can remain in a Forwarding state Figure 112 PVST with Extend System ID Augment the bridge ID with the VLAN ID PROTOCOL PVST mode extend system id Example of Viewing the Extend System ID in a PVST Configuration Dell c...

Page 675: ...le of PVST Configuration R2 interface TenGigabitEthernet 2 12 no ip address switchport no shutdown interface TenGigabitEthernet 2 32 no ip address switchport no shutdown interface Vlan 100 no ip address tagged TenGigabitEthernet 2 12 32 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 2 12 32 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 2 12 32 no sh...

Page 676: ...22 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3 12 22 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 3 12 22 no shutdown protocol spanning tree pvst no disable vlan 300 bridge priority 4096 676 Per VLAN Spanning Tree Plus PVST ...

Page 677: ... Rate Policing Ingress Configure Port based Rate Shaping Egress Policy Based QoS Configurations Ingress Egress Classify Traffic Ingress Create a Layer 3 Class Map Ingress Set DSCP Values for Egress Packets Based on Flow Ingress Create a Layer 2 Class Map Ingress Create a QoS Policy Ingress Egress Create an Input QoS Policy Ingress Configure Policy Based Rate Policing Ingress Set a DSCP Value for E...

Page 678: ...utput Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict Priority Queueing Weighted Random Early Detection Egress Create WRED Profiles Egress Figure 113 Dell Networking QoS Architecture Implementation Information The Dell Networking QoS implementation complies with IEEE 802 1p User Priority Bits for QoS Indication It also implements these Internet Engineering Task Force IETF documents...

Page 679: ...members are configured with the same value You cannot assign a dot1p value to an individual interface in a port channel Table 70 dot1p priority Values and Queue Numbers dot1p Queue Number 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 Change the priority of incoming traffic on the interface dot1p priority Example of Configuring a dot1p Priority on an Interface Dell configure terminal Dell conf interface tengigab...

Page 680: ...frames are treated as tagged Internally the ASIC adds a 4 bytes tag to received untagged frames Though these 4 bytes are not part of the untagged frame received on the wire they are included in the rate metering calculation resulting in metering inaccuracy Configuring Port Based Rate Policing If the interface is a member of a VLAN you may specify the VLAN for which ingress packets are policed Rate...

Page 681: ... bandwidth on a continuous basis it can consume all of the buffer space that is allocated to the port Apply rate shaping to outgoing traffic on a port INTERFACE mode rate shape Apply rate shaping to a queue QoS Policy mode rate shape Example of rate shape Command Dell configure terminal Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 rate shape 500 50 Dell conf if te 1 1 end Policy ...

Page 682: ...ap match all 3 Specify your match criteria CLASS MAP mode match ip ipv6 ip any After you create a class map Dell Networking OS places you in CLASS MAP mode Match any class maps allow up to five ACLs Match all class maps allow only one ACL 4 Link the class map to a queue POLICY MAP mode service queue Example of Creating a Layer 3 Class Map Dell conf ip access list standard acl1 Dell config std nacl...

Page 683: ...N ID 4 Link the class map to a queue POLICY MAP mode service queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class maps to queues using the service queue command Dell Networking OS matches the class maps according to queue priority queue numbers closer to 0 have lower priorities For example as described in the previous example class map cmap2 is matched against...

Page 684: ...ip dscp 14 class map match all ClassAF2 match ip access group AF2 match ip dscp 18 Dell show running config ACL ip access list extended AF1 FB1 seq 5 permit ip host 23 64 0 2 any seq 10 deny ip any any ip access list extended AF1 FB2 seq 5 permit ip host 23 64 0 3 any seq 10 deny ip any any ip access list extended AF2 seq 5 permit ip host 23 64 0 5 any seq 10 deny ip any any Dell show cam layer3 q...

Page 685: ...hanisms for output QoS policies are bandwidth percentage scheduler strict rate shaping and WRED NOTE When changing a service queue configuration in a QoS policy map all QoS rules are deleted and re added automatically to ensure that the order of the rules is maintained As a result the Matched Packets value shown in the show qos statistics command is reset NOTE To avoid issues misconfiguration caus...

Page 686: ...licy based rate shaping use the following command Configure rate shape egress traffic QOS POLICY OUT mode rate shape Allocating Bandwidth to Queue The switch schedules packets for egress based on Deficit Round Robin DRR This strategy offers a guaranteed data rate Allocate bandwidth to queues only in terms of percentage in 4 queue and 8 queue systems The following table shows the default bandwidth ...

Page 687: ...licy maps Layer 3 and Layer 2 1 Create a Layer 3 input policy map CONFIGURATION mode policy map input Create a Layer 2 input policy map by specifying the keyword layer2 with the policy map input command 2 After you create an input policy map do one or more of the following Applying a Class Map or Input QoS Policy to a Queue Applying an Input QoS Policy to an Input Policy Map Honoring DSCP Values o...

Page 688: ... 3 48 63 110XXX Internetwork Control 3 48 63 101XXX EF Expedited Forwarding CRITIC ECP 2 32 47 100XXX AF4 Assured Forwarding Flash Override 2 32 47 011XXX AF3 Flash 1 16 31 010XXX AF2 Immediate 1 16 31 001XXX AF1 Priority 0 0 15 000XXX BE Best Effort Best Effort 0 0 15 Enable the trust DSCP feature POLICY MAP IN mode trust diffserv Honoring dot1p Values on Ingress Packets Dell Networking OS honors...

Page 689: ...same way as the bandwidth percentage command in an output QoS policy refer to Allocating Bandwidth to Queue The bandwidth percentage command in QOS POLICY OUT mode supersedes the service class bandwidth percentage command Guarantee a minimum bandwidth to queues globally CONFIGURATION mode service class bandwidth percentage Applying an Input Policy Map to an Interface To apply an input policy map t...

Page 690: ... To apply an output policy map to an interface use the following command Apply an input policy map to an interface INTERFACE mode service policy output You can apply the same policy map to multiple interfaces and you can modify a policy map after you apply it DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configuration This section...

Page 691: ... an interface that interface uses an all green color policy To create a DSCP color map 1 Create the color aware map QoS DSCP color map CONFIGURATION mode qos dscp color map color map name 2 Create the color aware map profile DSCP COLOR MAP dscp yellow red list dscp values 3 Apply the map profile to the interface CONFIG INTERFACE mode qos dscp color policy color map name Example Create a DSCP Color...

Page 692: ...licy for a specific interface Dell show qos dscp color policy summary tengigabitethernet 1 10 Interface dscp color map TE 1 10 mapONE Display detailed information about a color policy for a specific interface Dell show qos dscp color policy detail tengigabitethernet 1 10 Interface TenGigabitEthernet 1 10 Dscp color map mapONE yellow 4 7 red 20 30 Enabling QoS Rate Adjustment By default while rate ...

Page 693: ...strict priority The range is from 1 to 3 Weighted Random Early Detection Weighted random early detection WRED is a congestion avoidance mechanism that drops packets to prevent buffering resources from being consumed The WRED congestion avoidance mechanism drops packets to prevent buffering resources from being consumed Traffic is a mixture of various kinds of packets The rate at which some types o...

Page 694: ...reate a WRED profile CONFIGURATION mode wred profile 2 Specify the minimum and maximum threshold values WRED mode threshold Applying a WRED Profile to Traffic After you create a WRED profile you must specify to which traffic Dell Networking OS should apply the profile Dell Networking OS assigns a color also called drop precedence red yellow or green to each packet based on it DSCP value before que...

Page 695: ...d_drop 0 0 100 wred_teng_y 467 4671 100 wred_teng_g 467 4671 50 wred_fortyg_y 467 4671 50 wred_fortyg_g 467 4671 25 Displaying WRED Drop Statistics To display WRED drop statistics use the following command Display the number of packets Dell Networking OS the WRED profile drops EXEC Privilege mode show qos statistics wred profile Example of the show qos statistics wred profile Command Dell show qos...

Page 696: ...rt pipe to which the policy map can be applied Specifically Available CAM the available number of CAM entries in the specified CAM partition for the specified line card or stack unit port pipe Estimated CAM the estimated number of CAM entries that the policy will consume when it is applied to an interface Status indicates whether the specified policy map can be completely applied to an interface i...

Page 697: ...s based on the previous time sampling performed You can specify the weight parameter for front end and backplane ports separately in the range of 0 through 15 You can enable WRED and ECN capabilities per queue for granularity You can disable these functionality per queue and you can also specify the minimum and maximum buffer thresholds for each color coding of the packets You can configure maximu...

Page 698: ... on the Z9000 platform WRED drops packets when the average queue length exceeds the configured threshold value to signify congestion Explicit Congestion Notification ECN is a capability that enhances WRED by marking the packets instead of causing WRED to drop them when the threshold value is exceeded If you configure ECN for WRED devices employ this functionality of ECN to mark the packets and red...

Page 699: ... and this feature concurrently If single rate two color policer is configured along with this feature then by default all packets less than PIR would be considered as Green But Green packets matching the specific match criteria for which color marking is configured will be over written and marked as Yellow If two rate three color policer is configured along with this feature then x CIR will be mar...

Page 700: ...Dell Networking OS support different types of match qualifiers to classify the incoming traffic Match qualifiers can be directly configured in the class map command or it can be specified through one or more ACL which in turn specifies the combination of match qualifiers Until Release 9 3 0 0 support is available for classifying traffic based on the 6 bit DSCP field of the IPv4 packet As a part of...

Page 701: ...owing combination of marking actions to be specified match sequence of the class map command set a new DSCP for the packet set the packet color as yellow set the packet color as yellow and set a new DSCP for the packet This marking action to set the color of the packet is allowed only on the match any logical operator of the class map This marking action can be configured for all of the below L3 m...

Page 702: ... standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class map match any class_dscp_40 match ip access group dscp_40_non_ecn set color yellow match ip access group dscp_40_ecn class map match any class_dscp_50 match ip access group dscp_50_non_ecn set color yellow match ip access group dscp_50_ecn policy map input pmap_dscp_40_50 service queue 2 class map class_dscp_40 service queue 3 class ma...

Page 703: ...iteria in a class map according to queue priority queue numbers closer to 0 have a lower priority To configure IP VLAN and DSCP match criteria in a Layer 3 class map and apply the class and policy maps to a service queue 1 Create a match any or a match all Layer 3 class map depending on whether you want the packets to meet all or any of the match criteria By default a Layer 3 class map is created ...

Page 704: ...rentiated actions for different traffic class 3 Attach the policy map to the interface Dell Networking OS support different types of match qualifiers to classify the incoming traffic Match qualifiers can be directly configured in the class map command or it can be specified through one or more ACL which in turn specifies the combination of match qualifiers Until Release 9 3 0 0 support is availabl...

Page 705: ...s are considered as green without the rate policer and trust diffserve configuration and hence support would be provided to mark the packets as yellow alone will be provided By default Dell Networking OS drops all the RED or violate packets The following combination of marking actions to be specified match sequence of the class map command set a new DSCP for the packet set the packet color as yell...

Page 706: ...ample where there are no different traffic classes that is all the packets are egressing on the default queue0 Dell Networking OS can be configured as below to mark the non ecn packets as yellow packets ip access list standard ecn_0 seq 5 permit any ecn 0 class map match any ecn_0_cmap match ip access group ecn_0 set color yellow policy map input ecn_0_pmap service queue 0 class map ecn_0_cmap App...

Page 707: ...p access list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ip access list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class map match any class_dscp_40 match ip access group dscp_40_non_ecn set color yellow match ip access group dscp_40_ecn class map match any class_dscp_50 match ip access group dscp_50_non_ecn set color yellow match ip access group dscp_50_ecn policy map in...

Page 708: ...n the egress and ingress direction of traffic use show hardware stack unit id buffer stats snapshot unit id resource x EXEC EXEC Privilege mode Dell show hardware stack unit 1 buffer stats snapshot unit 3 resource interface all queue mcast 3 Unit 1 unit 3 port 1 interface Fo 1 144 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 5 interface Fo 1 148 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 ...

Page 709: ...t id all all to view buffer statistics tracking resource information for a specific interface EXEC EXEC Privilege mode Dell show hardware buffer stats snapshot resource interface fortyGigE 0 0 queue all Unit 0 unit 0 port 1 interface Fo 0 0 Q TYPE Q TOTAL BUFFERED CELLS UCAST 0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0...

Page 710: ...e time requests or periodic responses every 30 seconds RIP transports its responses or requests by means of user datagram protocol UDP over port 520 RIP must receive regular routing updates to maintain a correct routing table Response messages containing a router s full routing table are transmitted every 30 seconds If a router does not send an update within a certain amount of time the hop count ...

Page 711: ...hey are to participate in the RIP Configuration Task List The following is the configuration task list for RIP Enabling RIP Globally mandatory Configure RIP on Interfaces optional Controlling RIP Routing Updates optional Setting Send and Receive Version optional Generating a Default Route optional Controlling Route Metrics optional Summarize Routes optional Controlling Route Metrics Debugging RIP ...

Page 712: ...a 1 49 4 0 0 0 8 auto summary 8 0 0 0 8 120 1 via 29 10 10 12 00 00 26 Fa 1 49 8 0 0 0 8 auto summary 12 0 0 0 8 120 1 via 29 10 10 12 00 00 26 Fa 1 49 12 0 0 0 8 auto summary 20 0 0 0 8 120 1 via 29 10 10 12 00 00 26 Fa 1 49 20 0 0 0 8 auto summary 29 10 10 0 24 directly connected Fa 1 49 29 0 0 0 8 auto summary 31 0 0 0 8 120 1 via 29 10 10 12 00 00 26 Fa 1 49 31 0 0 0 8 auto summary 192 162 2 0...

Page 713: ...e Prefix lists are globally applied on all interfaces running RIP Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process For configuration information about prefix lists refer to Access Control Lists ACLs To apply prefix lists to incoming or outgoing RIP routes use the following commands Assign a configured prefix list to all incoming RIP routes ROUTER RIP mode dist...

Page 714: ...affic on the interfaces participating in RIP unless the interface was specifically configured for a specific RIP version Set the RIP version sent and received on the system ROUTER RIP mode version 1 2 Set the RIP versions received on that interface INTERFACE mode ip rip receive version 1 2 Set the RIP versions sent out on that interface INTERFACE mode ip rip send version 1 2 Examples of the RIP Pr...

Page 715: ...r all interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control receive version 2 send version 2 Interface Recv Send TenGigabitEthernet 1 1 2 1 2 Routing for Networks 10 0 0 0 Routing Information Sources Gateway Distance Last Update Distance default is 120 Dell Generating a Default Route Traffic is forwarded to the default route when the traffic...

Page 716: ...ng RIP advertisements before sending out those advertisements The distance command also allows you to manipulate route metrics To assign different weights to routes so that the ones with the lower weight or administrative distance assigned are preferred use the distance command To set route matrixes use the following commands Apply a weight to all routes or a specific route and ACL ROUTER RIP mode...

Page 717: ...es The examples are divided into the following groups of command sequences Configuring RIPv2 on Core 2 Core 2 RIP Output RIP Configuration on Core 3 Core 3 RIP Output RIP Configuration Summary Figure 116 RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2 Example of Configuring RIPv2 on Core 2 Core2 conf if te 2 3 Core2 conf if t...

Page 718: ...the show ip route command to show the RIP setup on Core 2 Core2 show ip route Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active route ...

Page 719: ... 0 network 192 168 1 0 network 192 168 2 0 version 2 Core3 conf router_rip Core 3 RIP Output The examples in this section show the core 2 RIP output To display Core 3 RIP database use the show ip rip database command To display Core 3 RIP setup use the show ip route command To display Core 3 RIP activity use the show ip protocols command Examples of the show ip Commands to View Learned RIP Routes ...

Page 720: ... 26 Core3 The following example shows the show ip protocols command to show the RIP configuration activity on Core 3 Core3 show ip protocols Routing Protocol is RIP Sending updates every 30 seconds next due in 6 Invalid after 180 seconds hold down 180 flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in effect Outgoing filter for all interfaces is Inc...

Page 721: ...e following example shows viewing the RIP configuration on Core 3 interface TenGigabitEthernet 3 1 ip address 10 11 30 1 24 no shutdown interface TenGigabitEthernet 3 2 ip address 10 11 20 1 24 no shutdown interface TenGigabitEthernet 3 4 ip address 192 168 1 1 24 no shutdown interface TenGigabitEthernet 3 5 ip address 192 168 2 1 24 no shutdown router rip version 2 network 10 11 20 0 network 10 1...

Page 722: ...C 2819 RFC 3273 RFC 3434 RFC 4502 Fault Recovery RMON provides the following fault recovery functions Interface Down When an RMON enabled interface goes down monitoring continues However all data values are registered as 0xFFFFFFFF 32 bits or ixFFFFFFFFFFFFFFFF 64 bits When the interface comes back up RMON monitoring processes resumes NOTE A network management system NMS should be ready to interpr...

Page 723: ... threshold event the value should be zero falling threshold value value at which the falling threshold alarm is triggered or reset For the rmon alarm command this setting is a 32 bits value for the rmon hc alarm command this setting is a 64 bits value event number event number to trigger when the falling threshold exceeds its limit This value is identical to the alarmFallingEventIndex in the alarm...

Page 724: ... Dell conf rmon event 1 log trap eventtrap description High ifOutErrors owner nms1 Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface use the RMON collection statistics command in INTERFACE CONFIGURATION mode Enable RMON MIB statistics collection CONFIGURATION INTERFACE config if mode no rmon collection statistics controlEntry integer owner ownername co...

Page 725: ... of statistics The value is limited to from 1 to 1000 The default is 50 as defined in RFC 2819 interval Optional specifies the number of seconds in each polling cycle seconds Optional the number of seconds in each polling cycle The value is ranged from 5 to 3 600 Seconds The default is 1 800 as defined in RFC 2819 Example of the rmon collection history Command To remove a specified RMON history gr...

Page 726: ...P 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Configuring Rapid Spanning Tree Configuring RSTP is a two step process 1 Configure interfaces for Layer 2 2 Enable the rapid spanning tree protocol Related Configuration Tasks Adding and Removing Interfaces Modifying Global Parameters Modifying Interface Parame...

Page 727: ...s the root bridge and the secondary VLT peer node has the second best bridge ID in the network If the primary VLT peer node fails the secondary VLT peer node becomes the root bridge avoiding problems with spanning tree port state changes that occur when a VLT node fails or recovers Even with this configuration if the node has non VLT ports using RSTP that are not configured as edge ports and are c...

Page 728: ...onfig command from PROTOCOL SPANNING TREE RSTP mode The bold line indicates that RSTP is enabled Dell conf rstp show config protocol spanning tree rstp no disable Dell conf rstp Figure 117 Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP use the show spanning tree rstp command from EXEC privilege mode If a physical interface is part of a port channel only the port ...

Page 729: ...ransitions to forwarding state 1 BPDU sent 121 received 5 The port is not in the Edge port mode Port 380 TenGigabitEthernet 2 4 is designated Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 380 Designated root has priority 32768 address 0001 e801 cbb4 Designated bridge has priority 32768 address 0001 e801 cbb4 Designated port id is 128 380 designated path cost 0 Number of tra...

Page 730: ... bridge maintains configuration information before it refreshes that information by recomputing the RST topology NOTE Dell Networking recommends that only experienced network administrators change the Rapid Spanning Tree group parameters Poorly planned modification of the RSTP parameters can negatively affect network performance The following table displays the default values for RSTP Table 79 RST...

Page 731: ...Layer 2 mode you can set the port cost and port priority values Port cost a value that is based on the interface type The previous table lists the default values The greater the port cost the less likely the port is selected to be a forwarding port Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost To change th...

Page 732: ...efault until it receives a BPDU that indicates that it should behave otherwise it does not go through the Learning and Listening states The bpduguard shutdown on violation option causes the interface hardware to be shut down when it receives a BPDU When only bpduguard is implemented although the interface is placed in an Error Disabled state when receiving the BPDU the physical interface remains u...

Page 733: ...he same low link state detection speed To achieve sub second link down detection so that convergence is triggered faster use RSTP fast hellos The standard RSTP link state detection mechanism does not offer the same low link state detection speed RSTP fast hellos decrease the hello interval to the order of milliseconds and all timers derived from the hello timer are adjusted accordingly This featur...

Page 734: ...47 Software Defined Networking SDN Dell Networking operating software supports Software Defined Networking SDN For more information refer to the SDN Deployment Guide 734 Software Defined Networking SDN ...

Page 735: ...at list to various virtual terminal line VTY lines Configuration Task List for AAA Accounting The following sections present the AAA accounting configuration tasks Enabling AAA Accounting mandatory Suppressing AAA Accounting for Null Username Sessions optional Configuring Accounting of EXEC and Privilege Level Command Usage optional Configuring AAA Accounting for Terminal Lines optional Monitoring...

Page 736: ... Usage The network access server monitors the accounting functions defined in the TACACS attribute value AV pairs Configure AAA accounting to monitor accounting functions defined in TACACS CONFIGURATION mode aaa accounting system default start stop tacacs aaa accounting command 15 default start stop tacacs System accounting can use only the default method list Example of Configuring AAA Accounting...

Page 737: ...list or use the default method list User defined method lists take precedence over the default method list NOTE If a console user logs in with RADIUS authentication the privilege level is applied from the RADIUS server if the privilege level is configured for that user in RADIUS whether you configure RADIUS authorization NOTE RADIUS and TACACS servers support VRF awareness functionality You can cr...

Page 738: ...t name default To view the configuration use the show config command in LINE mode or the show running config in EXEC Privilege mode NOTE Dell Networking recommends using the none method only as a backup This method does not authenticate users The none and enable methods do not work with secure shell SSH You can create multiple method lists and assign them to different terminal lines Enabling AAA A...

Page 739: ...type SVC_ENABLE and then sends a second packet with just the password The TACACS server must have an entry for username enable RADIUS When using RADIUS authentication FTOS sends an authentication packet with the following Username enab15 Password password entered by user Therefore the RADIUS server must have an entry for this username Obscuring Passwords and Keys By default the service password en...

Page 740: ...er a specific privilege level Privilege level 0 contains only the end enable and disable commands Privilege level 15 the default level for the enable command is the highest level In this level you can access any command in Dell Networking OS Privilege levels 2 through 14 are not configured and you can customize them for different users and access After you configure other privilege levels enter th...

Page 741: ...ell Networking OS use the enable command to enter EXEC Privilege level 15 After entering the command Dell Networking OS requests that you enter a password Privilege levels are not assigned to passwords rather passwords are assigned to a privilege level You can always change a password for any privilege level To change to a different privilege level enter the enable command then the privilege level...

Page 742: ...er 0 for plain text or 7 for encrypted text password Enter a string Specify the password for the user Secret Specify the secret for the user 2 Configure a password for privilege level CONFIGURATION mode enable password level level encryption mode password Configure the optional and required parameters level level specify a level from 0 to 15 Level 15 includes all levels encryption type enter 0 for...

Page 743: ...john The show privilege command output confirms that john is in privilege level 8 In EXEC Privilege mode john can access only the commands listed In CONFIGURATION mode john can access only the snmp server commands apollo telnet 172 31 1 53 Trying 172 31 1 53 Connected to 172 31 1 53 Escape character is Login john Password Dell show priv Current privilege level is 8 Dell configure Configuring from ...

Page 744: ...vel number level number The level number you wish to set If you enter disable without a level number your security level is 1 RADIUS Remote authentication dial in user service RADIUS is a distributed client server protocol This protocol transmits authentication authorization and configuration information between a central RADIUS server and a RADIUS client the Dell Networking system The system send...

Page 745: ...g a session before timeout When a user logs in the lower of the two idle time values configured or default is used The idle time value is updated if both of the following happens The administrator changes the idle time of the line on which the user has logged in The idle time is lower than the RADIUS returned idle time ACL Configuration Information The RADIUS server can specify an ACL If an ACL is...

Page 746: ...LINE mode or the show running config command in EXEC Privilege mode Defining a AAA Method List to be Used for RADIUS To configure RADIUS to authenticate or authorize users on the system create a AAA method list Default method lists do not need to be explicitly applied to the line so they are not mandatory To create a method list use the following commands Enter a text string up to 16 characters lo...

Page 747: ...which they were configured When Dell Networking OS attempts to authenticate a user the software connects with the RADIUS server hosts one at a time until a RADIUS server host responds with an accept or reject response If you want to change an optional parameter setting for a specific host use the radius server host command To change the global communication settings to all RADIUS server hosts refe...

Page 748: ...ol system TACACS client including support for login authentication Configuration Task List for TACACS The following list includes the configuration task for TACACS functions Choosing TACACS as the Authentication Method Monitoring TACACS TACACS Remote Authentication Specifying a TACACS Server Host For a complete listing of all commands related to TACACS refer to the Security chapter in the Dell Net...

Page 749: ...ly changed to incorrect value Second bold line User authenticated using the secondary method Dell conf Dell conf do show run aaa aaa authentication enable default tacacs enable aaa authentication enable LOCAL enable tacacs aaa authentication login default tacacs local aaa authentication login LOCAL local tacacs aaa authorization exec default tacacs none aaa authorization commands 1 default tacacs ...

Page 750: ...password Example of Specifying a TACACS Server Host Dell conf Dell conf aaa authentication login tacacsmethod tacacs Dell conf aaa authentication exec tacacsauthorization tacacs Dell conf tacacs server host 25 1 1 2 key Force Dell conf Dell conf line vty 0 9 Dell config line vty login authentication tacacsmethod Dell config line vty end Specifying a TACACS Server Host To specify a TACACS server ho...

Page 751: ...by the ACL RFC 1858 and 3128 proposes a countermeasure to the problem This countermeasure is configured into the line cards and enabled by default Enabling SCP and SSH Secure shell SSH is a protocol for secure remote login and other secure network services over an insecure network Dell Networking OS is compatible with SSH versions 1 5 and 2 in both the client and server modes SSH sessions are encr...

Page 752: ...switch to another use the following commands 1 On Switch 1 set the SSH port number port 22 by default CONFIGURATION MODE ip ssh server port number 2 On Switch 1 enable SSH CONFIGURATION MODE copy ssh server enable 3 On Switch 2 invoke SCP CONFIGURATION MODE copy scp flash 4 On Switch 2 in response to prompts enter the path to the desired file and enter the port number specified in Step 1 EXEC Priv...

Page 753: ... is enabled there is no RSA 1 key pair Any memory currently holding these keys is zeroized written over with zeroes and the NVRAM location where the keys are stored for persistence across reboots is also zeroized To remove the generated RSA host keys and zeroize the key storage location use the crypto key zeroize rsa command in CONFIGURATION mode Dell conf crypto key zeroize rsa Configuring When t...

Page 754: ... enabled the default is diffie hellman group14 sha1 Example of Configuring a Key Exchange Algorithm The following example shows you how to configure a key exchange algorithm Dell conf ip ssh server kex diffie hellman group exchange sha1 diffie hellman group14 sha1 Configuring the HMAC Algorithm for the SSH Server To configure the HMAC algorithm for the SSH server use the ip ssh server mac hmac alg...

Page 755: ...configure a cipher list Dell conf ip ssh server cipher 3des cbc aes128 cbc aes128 ctr Secure Shell Authentication Secure Shell SSH is enabled by default using the SSH Password Authentication method Enabling SSH Authentication by Password Authenticate an SSH client by prompting for a password when attempting to connect to the Dell Networking system This setup is the simplest method of authenticatio...

Page 756: ... RSA Keys admin Unix_client ssh keygen t rsa Generating public private rsa key pair Enter file in which to save the key home admin ssh id_rsa home admin ssh id_rsa already exists Overwrite y n y Enter passphrase empty for no passphrase Enter same passphrase again Your identification has been saved in home admin ssh id_rsa Your public key has been saved in home admin ssh id_rsa pub Configuring Host...

Page 757: ...0 16 127 201 ssh rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8K7jLZRVfjgHJzUOmXxuIbZx AyW hVgJDQh39k8v3e8eQvLnHBIsqIL8jVy1QHhUeb7GaDlJVEDAMz30myqQbJgXBBRTWgBpLWwL doyUXFufjiL9YmoVTkbKcFmxJEMkE3JyHanEi7hg34LChjk9hL1by8cYZP2kYS2lnSyQWk The following example shows creating rhosts admin Unix_client ls id_rsa id_rsa pub rhosts shosts admin Unix_client cat rhosts 10 16 127 201 admin Using Client Based SSH Authentic...

Page 758: ...mon use the no ip telnet server enable command The Telnet server or client is VRF aware You can enable a Telnet server or client to listen to a specific VRF by using the vrf vrf instance name parameter in the telnet command This capability enables a Telent server or client to look up the correct routing table and establish a connection Example of Using Telnet for Remote Login Dell conf ip telnet s...

Page 759: ...e vty end VTY Line Remote Authentication and Authorization Dell Networking OS retrieves the access class from the VTY line The Dell Networking OS takes the access class from the VTY line and applies it to ALL users Dell Networking OS does not need to know the identity of the incoming user and can immediately apply the access class If the authentication method is RADIUS TACACS or line and you have ...

Page 760: ...tch Display Role Permissions Assigned to a Command Overview of RBAC With Role Based Access Control RBAC access and authorization is controlled based on a user s role Users are granted permissions based on their user roles not on their individual user ID User roles are created for job functions and through those roles they acquire the permissions to perform their associated job function Each user c...

Page 761: ...fine a system administrator user role This will give you access to login with full permissions even if network connectivity to remote authentication servers is not available 2 Configure login authentication on the console This ensures that all users are properly identified through authentication no matter the access point If you do not configure login the authentication on the console the system d...

Page 762: ...trator secadmin This user role can control the security policy across the systems that are within a domain or network topology The security administrator commands include FIPS mode enablement password policies inactivity timeouts banner establishment and cryptographic key operations for secure access paths System Administrator sysadmin This role has full access to all the commands in the system ex...

Page 763: ...le has inherited the security administrator permissions Dell conf do show userroles EXEC Privilege mode 3 After you create a user role configure permissions for the new user role See Modifying Command Permissions for Roles Example of Creating a User Role The configuration in the following example creates a new user role myrole which inherits the security administrator secadmin permissions Create a...

Page 764: ...le mode exec show users Role access secadmin sysadmin Example Allow Security Administrator to Configure Spanning Tree The following example allows the security administrator secadmin to configure the spanning tree protocol Note command is protocol spanning tree Dell conf role configure addrole secadmin protocol spanning tree Example Allow Security Administrator to Access Interface Mode The followi...

Page 765: ...l conf role configure addrole secadmin protocol Dell conf role configure deleterole secadmin protocol Example Resets Only the Security Administrator role to its original setting The following example resets only the secadmin role to its original setting Dell conf no role configure addrole secadmin protocol Example Reset System Defined Roles and Roles that Inherit Permissions In the following examp...

Page 766: ...les To configure AAA authentication use the aaa authentication command in CONFIGURATION mode aaa authentication login method list name default method method4 Configure AAA Authorization for Roles Authorization services determine if the user has permission to use a command in the CLI Users with only privilege levels can use commands in privilege or role mode the default provided their privilege lev...

Page 767: ...ation ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 4 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 5 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 6 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa li...

Page 768: ...you create an AV pair for a user defined role You must also define a role using the userrole myrole inherit command on the switch to associate it with this AV pair Force10 avpair shell role myrole The string myrole is associated with a TACACS user group The user IDs are associated with the user group Role Accounting This section describes how to configure role accounting and how to display active ...

Page 769: ...tch Displaying Active Accounting Sessions for Roles Displaying User Roles To display user roles using the show userrole command in EXEC Privilege mode use the show userroles and show users commands in EXEC privilege mode Examples of Displaying User Roles Dell show userroles Role Inheritance Modes netoperator Exec netadmin Exec Config Interface Line Router IP Routemap Protocol MAC secadmin Exec Con...

Page 770: ...ers command in EXEC Privilege mode The output displays privilege level and or user role The mode is displayed at the start of the output and both the privilege and roles for all users is also displayed If the role is not defined the system displays unassigned Example of Displaying Information About Users Logged into the Switch Dell show users Authorization Mode role or privilege Line User Role Pri...

Page 771: ...nditions customers and the provider would still share the 4094 available VLANs Instead 802 1ad allows service providers to add their own VLAN tag to frames traversing the provider network The provider can then differentiate customers even if they use the same VLAN ID and providers can map multiple customers to a single VLAN to overcome the 4094 VLAN limitation Forwarding decisions in the provider ...

Page 772: ...he same MAC address on different customer VLANs on the same VLAN Stack VLAN You cannot ping across the trunk port link if one or both of the systems is an S4048 ON This limitation becomes relevant if you enable the port as a multi purpose port carrying single tagged and double tagged traffic Configure VLAN Stacking Configuring VLAN Stacking is a three step process 1 Creating Access and Trunk Ports...

Page 773: ...ected to a customer INTERFACE mode vlan stack access 2 Assign the role of trunk port to a Layer 2 port on a provider bridge that is connected to another provider bridge INTERFACE mode vlan stack trunk 3 Assign all access ports and trunk ports to service provider VLANs INTERFACE VLAN mode member Example of Displaying the VLAN Stack Configuration for a Switchport To display the VLAN Stacking configu...

Page 774: ... tagged members of a VLAN so that it can carry single and double tagged traffic You can enable trunk ports to carry untagged single tagged and double tagged VLAN traffic by making the trunk port a hybrid port To configure trunk ports use the following commands 1 Configure a trunk port to carry untagged single tagged and double tagged traffic by making it a hybrid port INTERFACE mode portmode hybri...

Page 775: ...U Te 3 25 MT Te 3 26 MT Te 3 27 MU Dell debug member port tengigabitethernet 2 4 vlan id 603 MT 100 T 101 NU Dell VLAN Stacking in Multi Vendor Networks The first field in the VLAN tag is the tag protocol identifier TPID which is 2 bytes In a VLAN stacking network after the frame is double tagged the outer tag TPID must match the TPID of the next hop system While 802 1Q requires that the inner tag...

Page 776: ...ing the vlan stack protocol type command The TPID is global Ingress frames that do not match the system TPID are treated as untagged This rule applies for both the outer tag TPID of a double tagged frame and the TPID of a single tagged frame For example if you configure TPID 0x9100 the system treats 0x8100 and untagged traffic the same and maps both types to the default VLAN as shown by the frame ...

Page 777: ...Figure 119 Single and Double Tag TPID Match Service Provider Bridging 777 ...

Page 778: ...Figure 120 Single and Double Tag First byte TPID Match 778 Service Provider Bridging ...

Page 779: ...TPID Match Type Pre Version 8 2 1 0 Version 8 2 1 0 Ingress Access Point untagged 0xUVWX switch to default VLAN switch to default VLAN single tag 0x8100 0xUVWX single tag mismatch switch to default VLAN switch to default VLAN 0x8100 single tag match switch to VLAN switch to VLAN 0x81XY single tag first byte match switch to VLAN switch to default VLAN Core untagged 0xUVWX switch to default VLAN swi...

Page 780: ...en congested Enabling Drop Eligibility Enable drop eligibility globally before you can honor or mark the DEI value When you enable drop eligibility DEI mapping or marking takes place according to the defaults In this case the CFI is affected according to the following table Table 82 Drop Eligibility Behavior Ingress Egress DEI Disabled DEI Enabled Normal Port Normal Port Retain CFI Set CFI to 0 Tr...

Page 781: ...e according to a different mapping than ingress For ingress information refer to Honoring the Incoming DEI Value To mark egress packets use the following command Set the DEI value on egress according to the color currently assigned to the packet INTERFACE mode dei mark green yellow 0 1 Example of Viewing DEI Marking Configuration To display the DEI marking configuration use the show interface dei ...

Page 782: ...an stack dot1p mapping and a QoS configuration the queue selected by Dynamic Mode CoS takes precedence However rate policing for the queue is determined by QoS configuration For example the following access port configuration maps all traffic to Queue 0 vlan stack dot1p mapping c tag dot1p 0 7 sp tag dot1p 1 However if the following QoS configuration also exists on the interface traffic is queued ...

Page 783: ... vman qos dual fp 2 The new CAM configuration is stored in NVRAM and takes effect only after a save and reload EXEC Privilege mode copy running config startup config 3 Reload the system reload 4 Map C Tag dot1p values to a S Tag dot1p value INTERFACE mode vlan stack dot1p mapping c tag dot1p values sp tag dot1p value Separate C Tag values by commas Dashed ranges are permitted Dynamic Mode CoS over...

Page 784: ...k region shown in the following illustration Dell Networking OS Behavior In Dell Networking OS versions prior to 8 2 1 0 the MAC address that Dell Networking systems use to overwrite the Bridge Group Address on ingress was non configurable The value of the L2PT MAC address was the Dell Networking unique MAC address 01 01 e8 00 00 00 As such with these Dell Networking OS versions Dell Networking sy...

Page 785: ... requires the default CAM profile Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling use the following command 1 Verify that the system is running the default CAM profile Use this CAM profile for L2PT EXEC Privilege mode show cam profile 2 Enable protocol tunneling globally on the system CONFIGURATION mode protocol tunnel enable Service Provider Bridging 785 ...

Page 786: ...igurable FP blocks The default number of blocks for L2PT is 0 you must allocate at least one to enable BPDU rate limiting To set the rate lime BPDUs use the following commands 1 Create at least one FP group for L2PT CONFIGURATION mode cam acl l2acl For details about this command refer to CAM Allocation 2 Save the running config to the startup config EXEC Privilege mode copy running config startup ...

Page 787: ...fies that provider bridges participating in GVRP use a reserved destination MAC address called the Provider Bridge GVRP Address 01 80 C2 00 00 0D to exchange GARP PDUs instead of the GVRP Address 01 80 C2 00 00 21 specified in 802 1Q Only bridges in the service provider network use this destination MAC address so these bridges treat GARP PDUs originating from the customer network as normal data fr...

Page 788: ...n that port pipe If you do not enable sFlow on any port specifically the global sampling rate is downloaded to that port and is to calculate the port pipe s lowest sampling rate This design supports the possibility that sFlow might be configured on that port in the future Back off is triggered based on the port pipe s hardware sampling rate For example if port 1 in the port pipe has sFlow configur...

Page 789: ...g on the type of sampled packet The S Series and Z9100 ON platforms support extended switch information processing only Extended sFlow packs additional information in the sFlow datagram depending on the type of sampled packet You can enable the following options extended switch 802 1Q VLAN ID and 802 1p priority information extended router Next hop and source and destination mask length extended g...

Page 790: ...r size of a packet is 128 bytes When sflow max header size extended is enabled 256 bytes are copied These bytes are useful for VxLAN NvGRE IPv4 and IPv6 tunneled packets NOTE Interface mode configuration takes priority To reset the maximum header size of a packet use the following command no sflow max header size extended View the maximum header size of a packet show running config sflow Example o...

Page 791: ... on a Line Card Displaying Show sFlow Global To view sFlow statistics use the following command Display sFlow configuration information and statistics EXEC mode show sflow Example of Viewing sFlow Configuration Global The first bold line indicates sFlow is globally enabled The second bold lines indicate sFlow is enabled on Te 1 16 and Te 1 17 Dell show sflow sFlow services are enabled Global defau...

Page 792: ... no ip address mtu 9252 ip mtu 9234 switchport sflow ingress enable sflow sample rate 8192 no shutdown Displaying Show sFlow on a Stack unit To view sFlow statistics on a specified Stack unit use the following command Display sFlow configuration information and statistics on the specified interface EXEC mode show sflow stack unit slot number Example of Viewing sFlow Configuration Line Card Dell sh...

Page 793: ...r all interfaces The backoff mechanism continues to double the sampling rate until the CPU condition is cleared This is as per sFlow version 5 draft After the back off changes the sample rate you must manually change the sampling rate to the desired value As a result of back off the actual sampling rate of an interface may differ from its configured sampling rate You can view the actual sampling r...

Page 794: ...ling rate 32768 Global default counter polling interval 20 Global extended information enabled none 0 collectors configured 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected 0 sFlow samples dropped due to sub sampling Important Points to Remember To export extended gateway data BGP must learn the IP destination address If the IP destination address is not learned via BGP the D...

Page 795: ...S version 7 8 1 0 extended gateway data is not exported because IP DA is not learned via BGP Version 7 8 1 0 allows extended gateway information in cases where the source and destination IP addresses are learned by different routing protocols and for cases where is source is reachable over ECMP BGP BGP Exported Exported Extended gateway data is packed sFlow 795 ...

Page 796: ...on via SNMP sets SNMP traps for the spanning tree protocol STP and multiple spanning tree protocol MSTP state changes are based on BRIDGE MIB RFC 1483 for STP and IEEE 802 1 draft ruzin mstp mib 02 for MSTP SNMPv3 Compliance With FIPS SNMPv3 is compliant with the Federal information processing standard FIPS cryptography standard The Advanced Encryption Standard AES Cipher Feedback CFB 128 bit encr...

Page 797: ... not previously set up If previously configured users exist on the system you must delete the existing users before you change the FIPS mode Keep the following points in mind when you configure the AES128 CFB algorithm for SNMPv3 1 SNMPv3 authentication provides only the sha option when the FIPS mode is enabled 2 SNMPv3 privacy provides only the aes128 privacy option when the FIPS mode is enabled ...

Page 798: ...hey are in different groups Creating a Community For SNMPv1 and SNMPv2 create a community to enable the community based security in Dell Networking OS The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager A network element that processes SNMP requests is called an SNMP agent An SNMP community is a group of SNMP agents ...

Page 799: ...server group group name 3 noauth auth read name write name Configure an SNMPv3 view CONFIGURATION mode snmp server view view name oid tree included excluded NOTE To give a user read and write view privileges repeat this step for each privilege type Configure the user with an authorization password password privileges only CONFIGURATION mode snmp server user name group name 3 noauth auth md5 auth p...

Page 800: ...e IP address for IPv4 For an IPv6 IP address a value of 16 displays snmpget v 2c c mycommunity 10 11 131 161 sysUpTime 0 DISMAN EVENT MIB sysUpTimeInstance Timeticks 32852616 3 days 19 15 26 16 snmpget v 2c c mycommunity 10 11 131 161 1 3 6 1 2 1 1 3 0 The following example shows reading the value of the next managed object snmpgetnext v 2c c mycommunity 10 11 131 161 1 3 6 1 2 1 1 3 0 SNMPv2 MIB ...

Page 801: ...efault is None From a management station Identify the system manager along with this person s contact information for example an email address or phone number CONFIGURATION mode snmpset v version c community agent ip sysContact 0 s contact info You may use up to 55 characters The default is None From a management station Identify the physical location of the system for example San Jose 350 Holger ...

Page 802: ...de snmp server trap source Example of RFC Defined SNMP Traps and Related Enable Commands The following example lists the RFC defined SNMP traps and the command used to enable each The coldStart and warmStart traps are enabled using a single command snmp authentication SNMP_AUTH_FAIL SNMP Authentication failed Request with invalid community string snmp coldstart SNMP_COLD_START Agent Initialized SN...

Page 803: ... chassis temperature MINOR_TEMP_CLR Minor alarm cleared chassis temperature normal s d temperature is within threshold of dC MAJOR_TEMP Major alarm chassis temperature high s temperature reaches or exceeds threshold of dC MAJOR_TEMP_CLR Major alarm cleared chassis temperature lower s d temperature is within threshold of dC envmon fan FAN_TRAY_BAD Major alarm fantray d is missing or down FAN_TRAY_O...

Page 804: ...ver Failure You can configure a network device to send an SNMP trap if an audit processing failure occurs due to loss of connectivity with the syslog server If a connectivity failure occurs on a syslog server that is configured for reliable transmission an SNMP trap is sent and a message is displayed on the console The SNMP trap is sent only when a syslog connection fails and the time interval bet...

Page 805: ...ng use SNMP from a remote client copy the running config file to the startup config file copy configuration files from the Dell Networking system to a server copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses The examples in this section use IPv4 addresses however you can substitute IPv6 addresses for the IPv4 addres...

Page 806: ...rd copyDestFileName 1 3 6 1 4 1 6027 3 5 1 1 1 1 7 Path if the file is not in the default directory and filename Specifies the name of destination file copyServerAddress 1 3 6 1 4 1 6027 3 5 1 1 1 1 8 IP Address of the server The IP address of the server If you specify copyServerAddress you must also specify copyUserName and copyUserPassword copyUserName 1 3 6 1 4 1 6027 3 5 1 1 1 1 9 Username for...

Page 807: ...ersion either 1 2 2d or 3 The following examples show the snmpset command to copy a configuration These examples assume that the server OS is UNIX you are using SNMP version 2c the community name is public the file f10 copy config mib is in the current directory or in the snmpset tool path Copying Configuration Files via SNMP To copy the running config to the startup config from the UNIX machine u...

Page 808: ...DestFileLocation index i 4 copyServerAddress index a server ip address copyUserName index s server login id copyUserPassword index s server login password precede server ip address by the keyword a precede the values for copyUsername and copyUserPassword by the keyword s Example of Copying Configuration Files via FTP From a UNIX Machine snmpset v 2c c private m f10 copy config mib 10 10 10 10 copy...

Page 809: ...guration via FTP snmpset v 2c c private m f10 copy config mib 10 10 10 10 copySrcFileType 10 i 1 copySrcFileLocation 10 i 4 copyDestFileType 10 i 3 copySrcFileName 10 s home myfilename copyServerAddress 10 a 172 16 1 56 copyUserName 10 s mylogin copyUserPassword 10 s mypass Additional MIB Objects to View Copy Statistics Dell Networking provides more MIB objects to view copy statistics as shown in ...

Page 810: ...nd the same command using the object OIDs In both cases the same index number used in the snmpset command follows the object The following command shows how to get a MIB object value using the object name snmpget v 2c c private m f10 copy config mib 10 11 131 140 copyTimeCompleted 110 FTOS COPY CONFIG MIB copyTimeCompleted 110 Timeticks 1179831 3 16 38 31 The following command shows how to get a M...

Page 811: ...ore file names and the file paths chSysCoresTimeCreated 1 3 6 1 4 1 6027 3 10 1 2 10 1 3 Contains the time at which core files are created chSysCoresStackUnitNumber 1 3 6 1 4 1 6027 3 10 1 2 10 1 4 Contains information that includes which stack unit or processor the core file was originated from chSysCoresProcess 1 3 6 1 4 1 6027 3 10 1 2 10 1 5 Contains information that includes the process names...

Page 812: ...0 i 4 SNMPv2 SMI mib 2 17 7 1 4 3 1 5 10 INTEGER 4 Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN Example of Assigning a VLAN Alias using SNMP Unix system output snmpset v2c c mycommunity 10 11 131 185 1 3 6 1 2 1 17 7 1 4 3 1 1 1107787786 s My VLAN SNMPv2 SMI mib 2 17 7 1 4 3 1 1 1107787786 STRING My VLAN Dell system output Dell show i...

Page 813: ...the VLAN a 1 indicates VLAN membership All hex pairs are 00 indicating that no ports are assigned to VLAN 10 In the following example Port 0 2 is added to VLAN 10 as untagged the first hex pair changes from 00 to 04 The following example shows viewing VLAN ports using SNMP with ports assigned Dell Networking OS system output R5 conf do show vlan id 10 Codes Default VLAN G GVRP VLANs Q U Untagged T...

Page 814: ... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1 3 6 1 2 1 17 7 1 4 3 1 4 1107787786 x 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNMPv2 SMI mib 2 17 7 1 4 3 1 2 110...

Page 815: ...q table for all other VLANs NOTE The 802 1q Q BRIDGE MIB defines VLANs regarding 802 1d as 802 1d itself does not define them As a switchport must belong a VLAN the default VLAN or a configured VLAN all MAC address learned on a switchport are associated with a VLAN For this reason the Q Bridge MIB is used for MAC address query Moreover specific to MAC address query the MAC address indexes dot1dTpF...

Page 816: ...mber concatenated with the decimal conversion of the MAC address MAC Addresses on Force10 System Dell show mac address table VlanId Mac Address Type Interface State 1000 00 01 e8 06 95 ac Dynamic Te 1 21 Active Query from Management Station snmpwalk v 2c c techpubs 10 11 131 162 1 3 6 1 2 1 17 7 1 2 2 1 Example of Fetching MAC Addresses Learned on a Port Channel Using SNMP Use dot3aCurAggFdbTable ...

Page 817: ...mber EXEC Privilege mode show interface Example of Deriving the Interface Index Number To view the system image on Flash Partition A use the chSysSwInPartitionAImgVers object or to view the system image on Flash Partition B use the chSysSwInPartitionBImgVers object Table 91 MIB Objects for Viewing the System Image on Flash Partitions MIB Object OID Description MIB chSysSwInPartitionAImgVers 1 3 6 ...

Page 818: ...atus inactive Example of Viewing Changed Interface State for Monitored Ports Layer 3 LAG does not include this support SNMP trap works for the Layer 2 Layer 3 default mode LAG SNMPv2 MIB sysUpTime 0 Timeticks 8500842 23 36 48 42 SNMPv2 MIB snmpTrapOID 0 OID IF MIB linkDown IF MIB ifIndex 33865785 INTEGER 33865785 SNMPv2 SMI enterprises 6027 3 1 1 4 1 2 STRING OSTATE_DN Changed interface state to d...

Page 819: ...GER 2 Following is the sample audit log message that other syslog servers that are reachable receive Oct 21 00 46 13 dv fedgov s4810 6 EVL 6 NOT_REACHABLE Syslog server 10 11 226 121 port 9140 is not reachable Following example shows the SNMP trap that is sent when connectivity to the syslog server is resumed DISMAN EVENT MIB sysUpTimeInstance Timeticks 10230 0 01 42 30 SNMPv2 MIB snmpTrapOID 0 OI...

Page 820: ...Pkts object in the ICMP table by using the snmpwalk command the echo response output may not be displayed To correctly display ICMP statistics such as echo response use the show ip traffic command 820 Simple Network Management Protocol SNMP ...

Page 821: ...embers The system supports up to six stack units The master holds the control plane and the other units maintain a local copy of the forwarding databases From the stack master you can configure System level features that apply to all stack members Interface level features for each stack member The master synchronizes the following information with the standby unit Stack unit topology Stack running...

Page 822: ...g Stack and Remove Units or Front End Ports from a Stack It is possible to reset individual units to force them to give up the management role or reload the whole stack from the CLI to ensure a fully synchronized bootup Example of Viewing Stack Members Virtual IP You can manage the stack using a single IP known as a virtual IP that is retained in the stack even after a failover The virtual IP addr...

Page 823: ...p Version Ports 0 Standby online S4048 ON 1 Management online S4048 ON 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present output omitted Stack show system stack unit 1 grep priority Master priority 0 Stack show system stack unit 2 grep priority Master priority 0 Example of Adding a Standalone with a Lower MAC Address and Eq...

Page 824: ...o provide aggregated throughput and redundancy The stacking LAG is established automatically and transparently by Dell Networking OS without user configuration after peering is detected and behaves as follows The stacking LAG dynamically aggregates it can lose link members or gain new links Shortest path selection inside the stack If multiple paths exist between two units in the stack the shortest...

Page 825: ...er Auto reboot Stack unit Disabled Auto failover limit 3 times in 60 minutes Stack unit Failover Record Failover Count 0 Last failover timestamp None Last failover Reason None Last failover type None Last Data Block Sync Record stack unit Config succeeded Nov 25 2014 15 29 58 Start up Config succeeded Nov 25 2014 15 29 58 Runtime Event Log succeeded Nov 25 2014 15 29 58 Running Config succeeded No...

Page 826: ...e failure Removal of only one of the cables does not trigger a reset Important Points to Remember You can stack up to six systems You cannot stack one system with other system types You cannot enable stacking and virtual link trunking VLT simultaneously on the device To convert a stacked unit to VLT refer to Reconfiguring Stacked Switches as VLT All the ports in a stack group are placed in stackin...

Page 827: ...g OS version 8 3 10 x it is upgraded to use the same Dell Networking OS version as the stack rebooted and joined the stack If the new unit is running an Dell Networking OS version prior to 8 3 10 x the unit is put into a card problem state Dell Networking OS is not upgraded and a syslog message is raised The unit must be upgraded to Dell Networking OS version 8 3 12 0 before you can proceed Syslog...

Page 828: ...w unit synchronizes its running and startup configurations with the stack 4 After the units are reloaded the system reboots The units come up in a stack after the reboot completes To view the port assignments use the show system stack unit command Creating a New Stack Prior to creating a stack know which unit will be the management unit and which will be the standby unit Enable the front ports of ...

Page 829: ... stack unit 2is the standby unit The cables are connected to each unit Configure the stack groups on the units in the following order Configure the first stack group on unit 1 stack unit 1 stack group 13 Configure the stack groups on unit 2 stack unit 2 stack group 14 and stack unit 2 stack group 15 Configure the stack groups on unit 3 stack unit 3 stack group 12 and stack unit 3 stack group 13 Co...

Page 830: ...4 6 Member not present Power Supplies Unit Bay Status Type FanStatus 1 1 absent absent 1 2 up AC up 2 1 down UNKNOWN down 2 2 up AC up 3 1 absent absent 3 2 up AC up 4 1 absent absent 4 2 up AC up Fan Status Unit Bay TrayStatus Fan0 Speed Fan1 Speed 1 1 up up 9360 up 9360 1 2 up up 9360 up 9360 2 1 up up 7680 up 7680 2 2 up up 7920 up 7680 3 1 up up 9360 up 9360 3 2 up up 9360 up 9360 4 1 up up 91...

Page 831: ...o an Existing Stack To manually assign a new unit a position in an existing stack use the following steps 1 On the stack determine the next available stack unit number and the management priority of the management unit EXEC Privilege mode show system brief or show system stack unit 2 On the new unit number it the next available stack unit number EXEC Privilege mode stack unit stack unit number ren...

Page 832: ...d stack unit the configuration of the new unit takes precedence 1 Add the configured unit to the top or bottom of the stack 2 Power on the switch 3 Attach cables to connect ports on the added switch to one or more existing switches in the stack 4 Log on to the CLI and enter global configuration mode Login username Password Dell enable Dell configure 5 Configure the ports on the added switch for st...

Page 833: ...chronize the configuration on the new stack members Split a Stack To split a stack unplug the desired stacking cables You may do this at any time whether the stack is powered or unpowered and the units are online or offline Each portion of the split stack retains the startup and running configuration of the original stack For a parent stack that is split into two child stacks A and B each with mul...

Page 834: ...atus and hardware information on every unit in a stack EXEC Privilege mode show system Refer to the following example Display most of the information in show system but in a more convenient tabular form EXEC Privilege mode show system brief Refer to the following example Display the same information in show system but only for the specified unit EXEC Privilege mode show system stack unit Refer to ...

Page 835: ...Type Member Unit Status not present Unit 3 Unit Type Standby Unit Status online Next Boot online Required Type S4810 52 port GE TE FG SE Current Type S4810 52 port GE TE FG SE Master priority 0 Hardware Rev 3 0 Num Ports 64 Up Time 57 min 3 sec Dell Networking OS Version 8 3 7 13 Jumbo Capable yes POE Capable no Burned In MAC 00 01 e8 8a df bf No Of MACs 3 output truncated The following is an exam...

Page 836: ... the stack topology At that time the standby unit detects the communication loss and switches from the standby unit role to the management unit role in the stack From the remaining units in the stack the system selects a new standby unit based on the unit priority using the same algorithm used when the stack was initially created When the failed unit recovers it takes the next available role usual...

Page 837: ...us indicator on the front panel of the stack identifies the unit s role in the stack Off indicates the unit is a stack member The master LED is in OFF state for the standby unit Solid green indicates the unit is the stack master management unit Displaying the Status of Stacking Ports To display the status of the stacking ports including the topology use the following command Display the stacking p...

Page 838: ...Country Code Piece Part ID N A PPID Revision N A Service Tag N A Expr Svc Code N A Auto Reboot disabled Burned In MAC 00 01 e8 8c 53 32 No Of MACs 3 Power Supplies Unit Bay Status Type FanStatus Unit Bay Status Type FanStatus 1 0 absent absent 1 1 up AC up Fan Status Unit Bay TrayStatus Fan0 Speed Fan1 Speed 1 0 up up 7200 up 7200 1 1 up up 7200 up 7440 Speed in RP The following example shows thre...

Page 839: ...nd each forms a new stack according to the stacking algorithm described throughout this chapter Examples of Removing a Stack Member Before and After The following examples shows removing a stack member before Dell show system brief Stack MAC 00 01 e8 8a df e6 Reload Type normal reload Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S4810 S4810 8 3 7 13 64 1 Member o...

Page 840: ...T messages if the flapping port belongs to either of these units In the following example a stack port on the master flaps The remote member Member 2 displays a console message and the master and standby display KERN 2 INT messages To re enable the downed stack port power cycle the offending unit Example of Console Messages About Flapping Link MANAGMENT UNIT Error Stack Port 50 has flapped 5 times...

Page 841: ... normal reload Next boot normal reload Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Standby card problem S4810 unknown 64 1 Management online S4810 S4810 8 3 10 223 64 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not present 9 Member not present 10 Member not present 11 Member not present Pow...

Page 842: ...ticast unknown unicast pfc llfc interface command EXEC Privilege Example Dell show storm control multicast Tengigabitethernet 1 1 Multicast storm control configuration Interface Direction Packets Second Te 1 1 Ingress 5 Dell To display the storm control unknown unicast configuration use the show storm control unknown unicast interface command EXEC Privilege Configure Storm Control Storm control is...

Page 843: ...Control from CONFIGURATION Mode To configure storm control from CONFIGURATION mode use the following command From CONFIGURATION mode you can configure storm control for ingress and egress traffic Do not apply per virtual local area network VLAN quality of service QoS on an interface that has storm control enabled either on an interface or globally Configure storm control CONFIGURATION mode Configu...

Page 844: ... Networking Term IEEE Specification Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Configure Spanning Tree Configuring spanning tree is a two step process Configuring Interfaces for Layer 2 Mode Enabling Spanning Tree Protocol Globally Related Configuration Tasks Adding an Interface...

Page 845: ...port ID and 8 bits for priority The 8 bits for port ID provide port IDs for 256 ports Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled Figure 128 Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2 use the following command 1 If the interface has been assign...

Page 846: ... spanning tree protocol globally it is not enabled by default When you enable STP all physical VLAN and port channel interfaces that are enabled and in Layer 2 mode are automatically part of the Spanning Tree topology Only one path from any bridge to any other bridge participating in STP is enabled Bridges block a redundant path by disabling one of the link ports Figure 129 Spanning Tree Enabled G...

Page 847: ...old 1 topology change 35 hello 2 max age 20 forward delay 15 Times hello 0 topology change 0 notification 0 aging Normal Port 289 TenGigabitEthernet 2 1 is Forwarding Port path cost 4 Port priority 8 Port Identifier 8 289 Designated root has priority 32768 address 0001 e80d 2462 Designated bridge has priority 32768 address 0001 e80d 2462 Designated port id is 8 496 designated path cost 0 Timers me...

Page 848: ...nning tree parameters Poorly planned modification of the spanning tree parameters can negatively affect network performance The following table displays the default values for STP Table 94 STP Default Values STP Parameters Default Value Forward Delay 15 seconds Hello Time 2 seconds Max Age 20 seconds Port Cost 100 Mb s Ethernet interfaces 1 Gigabit Ethernet interfaces 10 Gigabit Ethernet interface...

Page 849: ...e same port cost The default values are listed in Modifying Global Parameters To change the port cost or priority of an interface use the following commands Change the port cost of an interface INTERFACE mode spanning tree 0 cost cost The range is from 0 to 65535 The default values are listed in Modifying Global Parameters Change the port priority of an interface INTERFACE mode spanning tree 0 pri...

Page 850: ...Tree BPDU on BPDU guard port Disable TenGigabitEthernet 3 4 Enable BPDU Guard using the bpduguard option when enabling PortFast or EdgePort The bpduguard shutdown on violation option causes the interface hardware to be shut down when it receives a BPDU Otherwise although the interface is placed in an Error Disabled state when receiving the BPDU the physical interface remains up and spanning tree w...

Page 851: ...es a BPDU drops the BPDU after it reaches the RP and generates a console message BPDU filtering disables spanning tree on an interface drops all BPDUs at the line card without generating a console message Example of Blocked BPDUs Dell conf if te 1 7 do show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768 Address 0001 e805 fb07 Root Bridge hello time...

Page 852: ... feature in a Layer 2 network to avoid bridging loops In STP the switch in the network with the lowest priority as determined by STP or set with the bridge priority command is selected as the root bridge If two switches have the same priority the switch with the lower MAC address is selected as the root All other switches in the network use the root bridge as the reference used to calculate the sh...

Page 853: ...hen used as a stacking port Root guard is supported on a port in any Spanning Tree mode Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Per VLAN Spanning Tree Plus PVST When enabled on a port root guard applies to all VLANs configured on the port You cannot enable root guard and loop guard at the same time on an STP port For example if you configur...

Page 854: ...for all spanning tree types use the following commands Configure LACP to be hitless CONFIGURATION mode redundancy protocol lacp Configure all spanning tree types to be hitless CONFIGURATION mode redundancy protocol xstp Example of Configuring all Spanning Tree Types to be Hitless Dell conf redundancy protocol xstp Dell show running config redundancy redundancy protocol xstp Dell STP Loop Guard The...

Page 855: ...a Loop Inconsistent state instead of to a Forwarding state Loop guard blocks the STP port so that no traffic is transmitted and no loop is created As soon as a BPDU is received on an STP port in a Loop Inconsistent state the port returns to a blocking state If you disable STP loop guard on a port in a Loop Inconsistent state the port transitions to an STP blocking state and restarts the max age ti...

Page 856: ...el interface use the following command Enable loop guard on a port or port channel interface INTERFACE mode or INTERFACE PORT CHANNEL mode spanning tree 0 mstp rstp pvst loopguard 0 enables loop guard on an STP enabled port assigned to instance 0 mstp enables loop guard on an MSTP enabled port rstp enables loop guard on an RSTP enabled port pvst enables loop guard on a PVST enabled port To disable...

Page 857: ...or later to be installed on the Dell Networking device Figure 133 SupportAssist Configuring SupportAssist Using a Configuration Wizard You are guided through a series of queries to configure SupportAssist The generated commands are added to the running configuration including the DNS resolve commands if configured This command starts the configuration wizard for the SupportAssist At any time you c...

Page 858: ...ding SupportAssist and agreeing to be bound by these terms and the Dell end user license agreement available at www dell com aeula you agree to allow Dell to provide remote monitoring services of your IT environment and you give Dell the right to collect the Collected Data in accordance with Dells Privacy Policy available at www dell com privacypolicycountryspecific in order to enable the performa...

Page 859: ...rver server name Dell conf support assist Dell conf supportassist server default Dell conf supportassist serv default You can configure a maximum of two servers default server custom user configured server 6 Enable all activities and servers for the SupportAssist service SUPPORTASSIST mode enable all Dell conf support assist Dell conf supportassist enable all 7 Trigger an activity event immediatel...

Page 860: ...show mac address table mac address table_records show trace trace_records show command history command_history_records show logging system_logging_records show tech support tech support_records 3 Configure the action manifest to use for a specific activity SUPPORTASSIST ACTIVITY mode no action manifest install default local file name Dell conf supportassist act full transfer action manifest instal...

Page 861: ...ry Dell conf supportassist cmpy test 3 Configure the street address information for the company SUPPORTASSIST COMPANY mode no street address address1 address2 address8 Dell conf supportassist cmpy test street address 123 Main Street Dell conf supportassist cmpy test 4 Configure the territory and set the coverage for the company site SUPPORTASSIST COMPANY mode no territory company territory Dell co...

Page 862: ...er mode allows you to configure server name and the means of reaching the server By default a SupportAssist server URL has been configured on the device Configuring a URL to reach the SupportAssist remote server should be done only under the direction of Dell SupportChange To configure SupportAssist server use the following commands 1 Configure the name of the remote SupportAssist Server and move ...

Page 863: ...Yes URL http 10 16 148 19 Activity State Last Start Last Success full transfer Success Aug 10 2015 11 15 26 PST Aug 10 2015 11 15 28 PST 2 Display the current configuration and changes from the default values EXEC Privilege mode show running config support assist Dell show running config support assist support assist activity full transfer enable activity manifest install testing contact company n...

Page 864: ...monitoring services of your IT environment and you give Dell the right to collect the Collected Data in accordance with Dells Privacy Policy available at www dell com privacypolicycountryspecific in order to enable the performance of all of the various functions of SupportAssist during your entitlement to receive related repair services from Dell You further agree to allow Dell to transmit and sto...

Page 865: ...bring it into correspondence with the reference clock Roundtrip delay provides the capability to launch a message to arrive at the reference clock at a specified time Dispersion represents the maximum error of the local clock relative to the reference clock Because most host time servers synchronize via another peer time server there are two components in each of these three products those determi...

Page 866: ...ssage allows each client server peer to determine the timekeeping characteristics of its other peers including the expected accuracies of their clocks Using this information each peer is able to select the best time from possibly several other clocks update the local clock and estimate its accuracy Figure 134 NTP Fields Implementation Information Dell Networking systems can only be an NTP client C...

Page 867: ...ou can receive broadcasts of time information You can set interfaces within the system to receive NTP information through broadcast To configure an interface to receive NTP broadcasts use the following commands Set the interface to receive NTP packets INTERFACE mode ntp broadcast client Example of Configuring NTP Broadcasts 2w1d11h NTP Maximum Slew 0 000470 Remainder 0 496884 Disabling NTP on an I...

Page 868: ... sent to an NTP time source Dell Networking OS Behavior Dell Networking OS uses an encryption algorithm to store the authentication key that is different from previous Dell Networking OS versions Dell Networking OS uses data encryption standard DES encryption to store the key in the startup config when you enter the ntp authentication key command Therefore if your system boots with a startup confi...

Page 869: ...les of Configuring and Viewing an NTP Configuration The following example shows configuring an NTP server R6_E300 conf 1w6d23h NTP xmit packet to 192 168 1 1 leap 0 mode 3 version 3 stratum 2 ppoll 1024 rtdel 0219 8 193970 rtdsp AF928 10973 266602 refid C0A80101 192 168 1 1 ref CD7F4F63 6BE8F000 14 51 15 421 UTC Thu Apr 2 2009 org CD7F4F63 68000000 14 51 15 406 UTC Thu Apr 2 2009 rec CD7F4F63 6BE8...

Page 870: ...es greater than zero are possible Reference Clock Identifier sys refid peer refid pkt refid This is a 32 bit code identifying the particular reference clock In the case of stratum 0 unspecified or stratum 1 primary reference source this is a four octet left justified zero padded ASCII string for example in the case of stratum 2 and greater secondary reference this is the four octet internet addres...

Page 871: ... 2035 Example of the clock set Command Dell clock set 16 20 00 19 september 2009 Dell Setting the Timezone Universal time coordinated UTC is the time standard based on the International Atomic Time standard commonly known as Greenwich Mean time When determining system time include the differentiator between UTC and your local timezone For example San Jose CA is the Pacific Timezone with a UTC offs...

Page 872: ...e the 24 hour format example 17 15 is 5 15 pm offset OPTIONAL enter the number of minutes to add during the summer time period The range is from 1 to1440 The default is 60 minutes Example of the clock summer time Command Dell conf clock summer time pacific date Mar 14 2009 00 00 Nov 7 2009 00 00 Dell conf 02 02 13 RPM0 P CP CLOCK 6 TIME CHANGE Summertime configuration changed from none to Summer t...

Page 873: ... 15 is 5 15 pm offset OPTIONAL Enter the number of minutes to add during the summer time period The range is from 1 to1440 The default is 60 minutes Examples of the clock summer time recurring Command The following example shows the clock summer time recurring command Dell conf clock summer time pacific recurring Mar 14 2009 00 00 Nov 7 2009 00 00 Dell conf 02 02 13 RPM0 P CP CLOCK 6 TIME CHANGE S...

Page 874: ...Pv4 traffic Dell conf interface tunnel 1 Dell conf if tu 1 tunnel source 30 1 1 1 Dell conf if tu 1 tunnel destination 50 1 1 1 Dell conf if tu 1 tunnel mode ipip Dell conf if tu 1 ip address 1 1 1 1 24 Dell conf if tu 1 ipv6 address 1 1 64 Dell conf if tu 1 no shutdown Dell conf if tu 1 show config interface Tunnel 1 ip address 1 1 1 1 24 ipv6 address 1 1 64 tunnel destination 50 1 1 1 tunnel sou...

Page 875: ...1 1 1 24 Dell conf if tu 1 tunnel source 40 1 1 1 Dell conf if tu 1 tunnel destination 40 1 1 2 Dell conf if tu 1 tunnel mode ipip Dell conf if tu 1 no shutdown Dell conf if tu 1 tunnel keepalive 1 1 1 2 attempts 4 interval 6 Dell conf if tu 1 show config interface Tunnel 1 ip address 1 1 1 1 24 ipv6 address 1abd 1 64 tunnel destination 40 1 1 2 tunnel source 40 1 1 1 tunnel keepalive 1 1 1 2 atte...

Page 876: ...ulate any Dell conf if tu 1 tunnel allow remote 40 1 1 2 Dell conf if tu 1 no shutdown Dell conf if tu 1 show config interface Tunnel 1 ip address 1 1 1 1 24 ipv6 address 1abd 1 64 tunnel source 40 1 1 1 tunnel allow remote 40 1 1 2 tunnel mode ipip decapsulate any no shutdown Configuring the Tunnel Source Anylocal You can use the anylocal argument in place of the ip address or interface but only ...

Page 877: ... downstream links Failures on the downstream links allow downstream devices to recognize the loss of upstream connectivity For example as shown in the following illustration Switches S1 and S2 both have upstream connectivity to Router R1 and downstream connectivity to the server UFD operation is shown in Steps A through C In Step A the server configuration uses the connection to S1 as the primary ...

Page 878: ...nterface or a port channel LAG aggregation of physical interfaces An enabled uplink state group tracks the state of all assigned upstream interfaces Failure on an upstream interface results in the automatic disabling of downstream interfaces in the uplink state group As a result downstream devices can execute the protection or recovery procedures they have in place to establish alternate connectiv...

Page 879: ...e associated downstream link port to the server To continue to transmit traffic upstream the server with NIC teaming detects the disabled link and automatically switches over to the backup link in order Important Points to Remember When you configure UFD the following conditions apply You can configure up to 16 uplink state groups By default no uplink state groups are created An uplink state group...

Page 880: ...n uplink state group and enable the tracking of upstream links on the switch router CONFIGURATION mode uplink state group group id group id values are from 1 to 16 To delete an uplink state group use the no uplink state group group id command 2 Assign a port or port channel to the uplink state group as an upstream or downstream interface UPLINK STATE GROUP mode upstream downstream interface For in...

Page 881: ...ually bring up a downstream interface in an uplink state group that UFD disabled and is in a UFD Disabled Error state To re enable one or more disabled downstream interfaces and clear the UFD Disabled Error state use the following command Re enable a downstream interface on the switch router that is in a UFD Disabled Error State so that it can send and receive traffic EXEC mode clear ufd disable i...

Page 882: ...R 5 OSTATE_DN Changed interface state to down Fo 3 52 02 38 31 UFD Group 3 UplinkState UP 02 38 31 RPM0 P CP IFMGR 5 OSTATE_UP Changed uplink state group state to up Group 3 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Downstream interface cleared from UFD error disabled Fo 3 49 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Downstream interface cleared from UFD error disabled Fo 3 50 02 38 53 RPM0 P CP IFMGR 5 OST...

Page 883: ...Up Interface up Dwn Interface down Dis Interface disabled Uplink State Group 1 Status Enabled Up Upstream Interfaces Downstream Interfaces Uplink State Group 3 Status Enabled Up Upstream Interfaces Te 1 6 Up Te 1 7 Up Downstream Interfaces Te 3 1 Up Te 3 3 Up Te 3 5 Up Te 3 6 Up Uplink State Group 5 Status Enabled Down Upstream Interfaces Te 1 1 Dwn Te 1 3 Dwn Te 1 5 Dwn Downstream Interfaces Te 3...

Page 884: ...m TenGigabitEthernet 1 1 3 5 7 10 upstream TengigabitEthernet 1 16 20 Dell conf uplink state group 16 show configuration uplink state group 16 no enable description test downstream disable links all downstream TenGigabitEthernet 1 21 upstream TenGigabitEthernet 1 22 upstream Port channel 8 Sample Configuration Uplink Failure Detection The following example shows a sample configuration of UFD on a ...

Page 885: ...3 06 STKUNIT0 M CP SYS 5 CONFIG_I Configured from console by console Dell show running config uplink state group uplink state group 3 description Testing UFD feature downstream disable links 2 downstream TenGigabitEthernet 1 1 2 5 9 11 12 upstream TenGigabitEthernet 1 3 4 Dell show uplink state group 3 Uplink State Group 3 Status Enabled Up Dell show uplink state group detail Up Interface up Dwn I...

Page 886: ...r system type follow the procedures in the Dell Networking OS Release Notes Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center You can reach Technical Support On the web http www dell com support By email Dell Force10_Technical_Support Dell com By phone US and Canada 866 965 5800 International 408 965 5800 88...

Page 887: ...orking OS Command Reference Guide chapters Interfaces 802 1X GARP VLAN Registration Protocol GVRP Service Provider Bridging Per VLAN Spanning Tree Plus PVST The following table lists the defaults for VLANs in Dell Networking OS Feature Default Spanning Tree group ID All VLANs are part of Spanning Tree group 0 Mode Layer 2 no IP address is assigned Default VLAN ID VLAN 1 Default VLAN When you confi...

Page 888: ...d VLANs Port based VLANs are a broadcast domain defined by different ports or interfaces In Dell Networking OS a port based VLAN can contain interfaces from different line cards within the chassis Dell Networking OS supports 4094 port based VLANs Port based VLANs offer increased security for traffic conserve bandwidth and allow switch segmentation Interfaces in different VLANs do not communicate w...

Page 889: ...part of the system startup configuration and does not require configuration A VLAN is active only if the VLAN contains interfaces and those interfaces are operationally up As shown in the following example VLAN 1 is inactive because it does not contain any interfaces The other VLANs contain enabled interfaces and are active NOTE In a VLAN the shutdown command stops Layer 3 routed traffic only Laye...

Page 890: ...cess INTERFACE VLAN mode of the VLAN to which you want to assign the interface CONFIGURATION mode interface vlan vlan id 2 Enable an interface to include the IEEE 802 1Q tag header INTERFACE mode tagged interface Add an Interface to Another VLAN To view just the interfaces that are in Layer 2 mode use the show interfaces switchport command in EXEC Privilege mode or EXEC mode The following example ...

Page 891: ... a port based VLAN and places the interface in the Default VLAN You cannot use the no untagged interface command in the Default VLAN The following example shows the steps and commands to move an untagged interface from the Default VLAN to another VLAN To determine interface status use the show vlan command Interface 1 2 is untagged and in the Default VLAN vlan 1 In a port based VLAN vlan 4 use the...

Page 892: ...gged for membership to one VLAN or tagged for membership to multiple VLANs You must connect an untagged port to a VLAN unaware station one that does not understand VLAN tags and you must connect a tagged port to a VLAN aware station one that generates and understands VLAN tags Native VLAN support breaks this barrier so that you can connect a port to both VLAN aware and VLAN unaware stations Such p...

Page 893: ...initially placed in the native VLAN VLAN 1 and for that period customers are able to access each other s networks Dell Networking OS has a Null VLAN to eliminate this vulnerability When you enable the Null VLAN all ports are placed into it by default so even if you activate the physical ports of multiple customers no traffic is allowed to traverse the links until each port is place in another VLAN...

Page 894: ... without downtime For example consider a square VLT connecting two data centers If a VM VM1 on Server Rack 1 has C as its default gateway and VM1 performs a virtual movement to Server Rack 2 with no change in default gateway In this case L3 packets destined for C can be routed either by C1 or D1 locally To do this install the local system mac address of C and D in both C1 and D1 so the packets for...

Page 895: ...format For more information refer to the eVLT Configuration Example The trace route across the DCs can show extra hops To ensure no traffic drops you must maintain route symmetry across the VLT domains When the routing table across DCs is not symmetrical there is a possibility of a routing miss by a DC that does not have the route for L3 traffic Because routing protocols are enabled and both DCs a...

Page 896: ...ing and transmitting private TLV packets After defining these organizational TLV settings LLDP encodes the local system mac addresses as organizational TLVs for transmitting to the peer If you specify the no proxy gateway LLDP interface command LLDP stops transmitting and receiving proxy gateway TLV packets on the specified interfaces However other TLVs are not affected From the interfaces on whic...

Page 897: ...e port to a unit of the remote VLT domain the connection must be completed by the time you enable the proxy gateway LLDP You cannot have other conflicting configurations for example you cannot have a static proxy gateway configuration Proxy Gateway LLDP configuration might not operate properly if one of the following conditions is true Any proxy gateway configuration or LLDP configuration is not w...

Page 898: ...on Assume you used the exclude vlan option called VLAN 10 in C and D and in C1 and D1 If packets for VLAN 10 with C s MAC address C is in VLT domain 1 gets an L3 hit at C1 in VLT domain 2 they are switched to both D1 via ICL and C via inter DC link This may lead to packet duplication Therefore if C s MAC address is learned at C1 the packet does not flood to D1 and only switches to C and avoids pac...

Page 899: ...guration on C switch or C1 switch Switch_C conf Switch_C conf vlt domain 1 Switch_C conf vlt domain1 proxy gateway static Switch_C conf vlt domain1 pxy gw static remote mac address xx xx xx xx xx xx VLT Proxy Gateway 899 ...

Page 900: ...ll available uplink bandwidth Provides fast convergence if either the link or a device fails Optimized forwarding with virtual router redundancy protocol VRRP Provides link level resiliency Assures high availability CAUTION Dell Networking does not recommend enabling Stacking and VLT simultaneously If you enable both features at the same time unexpected behavior occurs As shown in the following ex...

Page 901: ...routing layer For better resiliency in the aggregation Dell Networking recommends running the internal gateway protocol IGP on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system Enhanced VLT An enhanced VLT eVLT configuration creates a port channel between two VLT domains by allowing two different VLT domains using different VLT domain ID numbers connected by a ...

Page 902: ...th the special port channel known as the VLT interconnect VLTi VLT peer switches have independent management planes A VLT interconnect between the VLT chassis maintains synchronization of L2 L3 control planes across the two VLT peer switches A separate backup link maintains heartbeat messages across an out of band OOB management network The backup link ensures that node failure conditions are corr...

Page 903: ...his scenario Dell Networking recommends configuring both the source and the receiver on a spanned VLT VLAN Bulk Sync happens only for Global IPv6 Neighbors Link local neighbor entries are not synced If all of the following conditions are true MAC addresses may not be synced correctly VLT peers use VLT interconnect VLTi Sticky MAC is enabled on an orphan port in the primary or secondary peer MACs a...

Page 904: ...s in the VLT core VLT interconnect VLTi The VLT interconnect must consist of either 10G or 40G ports A maximum of eight 10G or four 40G ports is supported A combination of 10G and 40G ports is not supported A VLT interconnect over 1G ports is not supported The port channel must be in Default mode not Switchport mode to have VLTi recognize it The system automatically includes the required VLANs in ...

Page 905: ...each port channel between the VLT domain and an access device The discovery protocol running between VLT peers automatically generates the ID number of the port channel that connects an access device and a VLT switch The discovery protocol uses LACP properties to identify connectivity to a common client device and automatically generates a VLT number for port channels on VLT peers that connects to...

Page 906: ...er to Setting VRRP Group Virtual Router Priority To verify that a VLT peer is consistently configured for either the master or backup role in all VRRP groups use the show vrrp command on each peer Configure the same L3 routing static and dynamic on each peer so that the L3 reachability and routing tables are identical on both VLT peers Both the VRRP master and backup peers must be able to locally ...

Page 907: ...ng the following specifications The following recommendations help you avoid these issues and the associated traffic loss caused by using RSTP when you enable VLT on both VLT peers Configure any ports at the edge of the spanning tree s operating domain as edge ports which are directly connected to end stations or server racks Disable RSTP on ports connected directly to Layer 3 only routers not run...

Page 908: ...mediately enabled To ensure MAC and ARP entries from the VLT per node are downloaded to the newly enabled VLT node the system allows time for the VLT ports on the new node to be enabled and begin receiving traffic The delay restore feature waits for all saved configurations to be applied then starts a configurable timer After the timer expires the VLT ports are enabled one by one in a controlled m...

Page 909: ... a Spanned Layer 3 L3 VLAN interface this must be the only PIM enabled interface to reach that neighbor A Spanned L3 VLAN is any L3 VLAN configured on both peers in a VLT domain This does not apply to server side L2 VLT ports because they do not connect to any PIM routers These VLT ports can be members of multiple PIM enabled L3 VLANs for compatibility with IGMP To route traffic to and from the mu...

Page 910: ... connected to at least one VLT node on a Spanned VLAN subnet is directly reachable from both VLT peer nodes at the routing level VLT Unicast Routing VLT unicast routing locally routes packets destined for the L3 endpoint of the VLT peer This method avoids sub optimal routing Peer routing syncs the MAC addresses of both VLT peers and requires two local DA entries in TCAM In case a VLT node is down ...

Page 911: ...ast traffic is sent on the VLTi for routing or forwarding to any orphan ports rather than forwarding all the routed copies Important Points to Remember You can only use one spanned VLAN from a PIM enabled VLT node to an external neighboring PIM router If you connect multiple spanned VLANs to a PIM neighbor or if both spanned and non spanned VLANs can access the PIM neighbor ECMP can cause the PIM ...

Page 912: ... automatically selected on the peer switches when you create the domain refer to Enabling VLT and Creating a VLT Domain Configure both ends of the VLT interconnect trunk with identical RSTP configurations When you enable VLT the show spanning tree rstp brief command output displays VLT information refer to Verifying a VLT Configuration Preventing Forwarding Loops in a VLT Domain During the bootup ...

Page 913: ... physically connected and treated as a single port channel by access devices configure the following settings on each VLT peer device 1 Configure the VLT interconnect for the VLT domain The primary and secondary switch roles in the VLT domain are automatically assigned after you configure both sides of the VLTi NOTE If you use a third party ToR unit to avoid potential problems if you reboot the VL...

Page 914: ...ure the IP address of the management interface on the remote VLT peer to be used as the endpoint of the VLT backup link for sending out of band hello messages VLT DOMAIN CONFIGURATION mode back up destination ipv4 address ipv6 address interval seconds You can optionally specify the time interval used to send hello messages The range is from 1 to 5 seconds 3 Configure the port channel to be used as...

Page 915: ...ss mask This is the IP address to be configured on the VLT peer with the back up destination command 3 Ensure that the interface is active MANAGEMENT INTERFACE mode no shutdown 4 Configure a VLT backup link using the IPv4 or IPv6 address of the VLT peer s management interface MANAGEMENT INTERFACE mode back up destination ip address ipv4 address mask ipv6 address ipv6 address mask 5 Repeat Steps 1 ...

Page 916: ... use the system mac command The format is aaaa bbbb cccc Also reconfigure the same MAC address on the VLT peer switch Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots 4 Optional When you create a VLT domain on a switch Dell Networking OS automatically assigns a unique unit I...

Page 917: ...port channels to it configure a port channel For an example of how to verify the port channel configuration refer to VLT Sample Configuration To configure the VLAN where a VLT peer forwards received packets over the VLTi from an adjacent VLT peer that is down use the peer down vlan parameter When a VLT peer with BMP reboots untagged DHCP discover packets are sent to the peer over the VLTi Using th...

Page 918: ...the port channel number that acts as the interconnect trunk VLT DOMAIN CONFIGURATION mode peer link port channel id number The range is from 1 to 128 5 Configure the IP address of the management interface on the remote VLT peer to be used as the endpoint of the VLT backup link for sending out of band hello messages VLT DOMAIN CONFIGURATION mode back up destination ip address interval seconds You c...

Page 919: ... to the corresponding port channel in the VLT peer for the VLT connection to an attached device INTERFACE PORT CHANNEL mode vlt peer lag port channel id number Valid port channel ID numbers are from 1 to 128 11 Ensure that the port channel is active INTERFACE PORT CHANNEL mode no shutdown 12 Add links to the eVLT port Configure a range of interfaces to bulk configure CONFIGURATION mode interface r...

Page 920: ...ege mode show running config vlt 7 Configure the peer 1 management ip interface ip for which connectivity is present in VLT peer 1 EXEC mode or EXEC Privilege mode show interfaces interface 8 Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit shown in the following example 9 Configure the static LAG LACP between ports connected from VLT peer 1 and VLT peer 2 to the t...

Page 921: ... 10 11 206 58 Dell 2 show interfaces managementethernet 1 1 Internet address is 10 11 206 43 16 Dell 4 show running config vlt vlt domain 5 peer link port channel 1 back up destination 10 11 206 43 Dell 4 Dell 4 show running config interface managementethernet 1 1 ip address 10 11 206 58 16 no shutdown Configure the VLT links between VLT peer 1 and VLT peer 2 to the Top of Rack unit In the followi...

Page 922: ...face port channel 100 interface Port channel 100 no ip address switchport no shutdown s60 1 show interfaces port channel 100 brief Codes L LACP Port channel LAG Mode Status Uptime Ports L 100 L2 up 03 33 48 Te 1 8 Up Te 1 30 Up Verify VLT is up Verify that the VLTi ICL link backup link connectivity heartbeat status and VLT peer link peer chassis are all up Dell show vlt br VLT Domain Brief Domain ...

Page 923: ... PVST Instances and configuring the secondary VLT peer as the secondary root device for all the configured PVST Instances Sample PVST Configuration The following examples show the PVST configuration that you must perform on each peer switch to prevent forwarding loops Configure PVST on VLT Peers to Prevent Forwarding Loops VLT Peer 1 Dell_VLTpeer1 conf protocol spanning tree pvst Dell_VLTpeer1 con...

Page 924: ...in 2 The interface used in this example is TenGigabitEthernet Figure 143 eVLT Configuration Example eVLT Configuration Step Examples In Domain 1 configure the VLT domain and VLTi on Peer 1 Domain_1_Peer1 configure Domain_1_Peer1 conf interface port channel 1 Domain_1_Peer1 conf if po 1 channel member TenGigabitEthernet 1 8 1 9 Domain_1_Peer1 conf vlt domain 1000 Domain_1_Peer1 conf vlt domain peer...

Page 925: ... mode active Domain_1_Peer2 conf if range te 1 28 29 no shutdown In Domain 2 configure the VLT domain and VLTi on Peer 3 Domain_2_Peer3 configure Domain_2_Peer3 conf interface port channel 1 Domain_2_Peer3 conf if po 1 channel member TenGigabitEthernet 1 8 1 9 Domain_1_Peer3 no shutdown Domain_2_Peer3 conf vlt domain 200 Domain_2_Peer3 conf vlt domain peer link port channel 1 Domain_2_Peer3 conf v...

Page 926: ...e PIM multicast routing on the VLT node globally VLT_Peer1 conf ip multicast routing The following example shows how to enable PIM on the VLT port VLANs VLT_Peer1 conf interface vlan 4001 VLT_Peer1 conf if vl 4001 ip address 140 0 0 1 24 VLT_Peer1 conf if vl 4001 ip pim sparse mode VLT_Peer1 conf if vl 4001 tagged port channel 101 VLT_Peer1 conf if vl 4001 tagged port channel 102 VLT_Peer1 conf if...

Page 927: ...ns or a specified group on the switch EXEC mode show running config vlt Display statistics on VLT operation EXEC mode show vlt statistics Display the RSTP configuration on a VLT peer switch including the status of port channels used in the VLT interconnect trunk and to connect to access devices EXEC mode show spanning tree rstp Display the current status of a port or port channel interface used in...

Page 928: ...em MAC address 00 01 e8 8a e9 76 Remote system version 6 3 Delay Restore timer 90 seconds Delay Restore Abort Threshold 60 seconds Peer Routing Disabled Peer Routing Timeout timer 0 seconds Multicast peer routing timeout 150 seconds Dell The following example shows the show vlt detail command Dell_VLTpeer1 show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active VLANs 100 100 UP UP...

Page 929: ...show spanning tree rstp command The bold section displays the RSTP state of port channels in the VLT domain Port channel 100 is used in the VLT interconnect trunk VLTi to connect to VLT peer2 Port channels 110 111 and 120 are used to connect to access switches or servers vlt Dell_VLTpeer1 show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0 Address 0001...

Page 930: ... domain with a backup link and interconnect trunk VLTi Dell_VLTpeer1 conf vlt domain 999 Dell_VLTpeer1 conf vlt domain peer link port channel 100 Dell_VLTpeer1 conf vlt domain back up destination 10 11 206 35 Dell_VLTpeer1 conf vlt domain exit Configure the backup link Dell_VLTpeer1 conf interface ManagementEthernet 1 1 Dell_VLTpeer1 conf if ma 1 1 ip address 10 11 206 23 Dell_VLTpeer1 conf if ma ...

Page 931: ... if po 100 exit Configure the port channel to an attached device Dell_VLTpeer2 conf interface port channel 110 Dell_VLTpeer2 conf if po 110 no ip address Dell_VLTpeer2 conf if po 110 switchport Dell_VLTpeer2 conf if po 110 channel member fortyGigE 1 53 Dell_VLTpeer2 conf if po 110 no shutdown Dell_VLTpeer2 conf if po 110 vlt peer lag port channel 110 Dell_VLTpeer2 conf if po 110 end Verify that th...

Page 932: ...how vlt brief commands to view the VLT port channel status information Spanning tree mismatch at global level All VLT port channels go down on both VLT peers A syslog error message is generated No traffic is passed on the port channels A one time informational syslog message is generated During run time a loop may occur as long as the mismatch lasts To resolve enable RSTP on both VLT peers Spannin...

Page 933: ... are terminated on two different nodes PVLAN configuration of VLT VLANs and VLT LAGs are symmetrical and identical on both the VLT peers PVLANs provide Layer 2 isolation between ports within the same VLAN A PVLAN partitions a traditional VLAN into sub domains identified by a primary and secondary VLAN pair With VLT being a Layer 2 redundancy mechanism support for configuration of VLT nodes in a PV...

Page 934: ...d to cause the VLTi to be a member of that VLAN Whenever a change in the VLAN mode on one of the peers occurs the information is synchronized with the other peer and VLTi is either added or removed from the VLAN based on the validation of the VLAN parity For VLT VLANs the association between primary VLAN and secondary VLANs is examined on both the peers Only if the association is identical on both...

Page 935: ...ARP Requests When an ARP request is received and the following conditions are applicable the IP stack performs certain operations The VLAN on which the ARP request is received is a secondary VLAN community or isolated VLAN Layer 3 communication between secondary VLANs in a private VLAN is enabled by using the ip local proxy arp command in INTERFACE VLAN configuration mode The ARP request is not re...

Page 936: ...ated Secondary Isolated No No Primary VLAN X Primary VLAN Y No No Access Access Secondary Community Secondary Community No No Primary VLAN Y Primary VLAN X No No Promiscuous Access Primary Secondary No No Trunk Access Primary Normal Secondary No No Configuring a VLT VLAN or LAG in a PVLAN You can configure the VLT peers or nodes in a private VLAN PVLAN Because the VLT LAG interfaces are terminated...

Page 937: ...net Enter tengigabitethernet slot port 4 Ensure that the port channel is active INTERFACE PORT CHANNEL mode no shutdown 5 To configure the VLT interconnect repeat Steps 1 4 on the VLT peer switch 6 Enter VLT domain configuration mode for a specified VLT domain CONFIGURATION mode vlt domain domain id The range of domain IDs is from 1 to 1000 7 Enter the port channel number that acts as the intercon...

Page 938: ...VLAN ID Specified with this command even before they have been created Amended by specifying the new secondary VLAN to be added to the list Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes A proxy ARP enabled device answers the ARP requests that are destined for another host or router The local host forwards the traffic to the proxy ARP enabled devi...

Page 939: ...h unicast and broadcast ARP requests Control packets other than ARP requests destined for the VLT peers that reach the undesired and incorrect VLT node are dropped if the ICL link is down Further processing is not done on these control packets The VLT node does not perform any action if it receives gratuitous ARP requests for the VLT peer IP address Proxy ARP is also supported on secondary VLANs W...

Page 940: ...N configure better metrics for the VLT VLANs Otherwise it is possible that one VLT node chooses a non VLT VLAN if the path through the VLT VLAN was not available when the route was learned and another VLT node selects a VLT VLAN Such a scenario can cause duplication of packets ECMP is not supported when you configure VLT nodes as RPs Backup RP is not supported if the VLT peer that functions as the...

Page 941: ...00 00 00 11 11 11 unit id 0 Dell Configure VLT LAG as VLAN Stack Access or Trunk Port Dell conf interface port channel 10 Dell conf if po 10 switchport Dell conf if po 10 vlt peer lag port channel 10 Dell conf if po 10 vlan stack access Dell conf if po 10 no shutdown Dell show running config interface port channel 10 interface Port channel 10 no ip address switchport vlan stack access vlt peer lag...

Page 942: ...M Status Description Q Ports 50 Active M Po10 Te 1 8 M Po20 Te 1 12 V Po1 Te 1 30 32 Dell Sample Configuration of VLAN Stack Over VLT Peer 2 Configure VLT domain Dell conf vlt domain 1 Dell conf vlt domain peer link port channel 1 Dell conf vlt domain back up destination 10 16 151 115 Dell conf vlt domain system mac mac address 00 00 00 11 11 11 Dell conf vlt domain unit id 1 Dell conf vlt domain ...

Page 943: ...N Stack VLAN Dell show vlan id 50 Codes Default VLAN G GVRP VLANs R Remote Port Mirroring VLANs P Primary C Community I Isolated O Openflow Q U Untagged T Tagged x Dot1x untagged X Dot1x tagged o OpenFlow untagged O OpenFlow tagged G GVRP tagged M Vlan stack i Internal untagged I Internal tagged v VLT untagged V VLT tagged NUM Status Description Q Ports 50 Active M Po10 Te 1 8 M Po20 Te 1 20 V Po1...

Page 944: ...of the VLT node2 This section contains the following topics that describe the operations and benefits of IPv6 peer routing in VLT domains Synchronization of IPv6 ND Entries in a VLT Domain Because the VLT nodes appear as a single unit the ND entries learned via the VLT interface are expected to be the same on both the VLT nodes VLT V6 VLAN and neighbor discovery protocol monitor NDPM entries synch...

Page 945: ...s solicited NA need to be tunneled when they reach the wrong peer Consider a sample scenario in which two VLT nodes Unit1 and Unit2 are connected in a VLT domain using an ICL or VLTi link To the south of the VLT domain Unit1 and Unit2 are connected to a ToR switch named Node B Also Unit1 is connected to another node Node A and Unit2 is linked to a node Node C When an NS traverses from Unit2 to Nod...

Page 946: ... on VLT interface which is destined to VLT node1 node 2 will lift the NA packet to CPU using an ACL entry then it adds a tunnel header to the received NA and forwards the packet to VLT node1 over ICL When VLT node1 receives NA over ICL with tunnel header it learns the Host MAC address on VLT port channel interface This learned neighbor entry is synchronized to VLT node2 as it is learned on VLT int...

Page 947: ...t for peers LLA VLT host to North Bound traffic flow One of the VLT peer is configured as default gateway router on VLT hosts If VLT node receives L3 traffic intended for the other VLT peer it routes the traffic to next hop instead of forwarding the traffic to the VLT peer If neighbor entry is not present VLT node will resolve the next hop There may be traffic loss during neighbor resolution perio...

Page 948: ...router advertisement on VLT interface non VLT interface it consumes the packets VLT node will drop the RA message if it is received over ICL interface Upgrading from Releases That Do Not Support IPv6 Peer Routing During an upgrade to Release 9 4 0 0 from earlier releases VLT peers might contain different versions of FTOS You must upgrade both the VLT peers to Release 9 4 0 0 to leverage the benefi...

Page 949: ...nsparently transported over an existing legacy network Figure 146 VXLAN Gateway Components of VXLAN network VXLAN provides a mechanism to extend an L2 network over an L3 network In short VXLAN is an L2 overlay scheme over an L3 network and this overlay is termed as a VXLAN segment Components of VXLAN network The VXLAN network consists of the following components Network Virtualization Platform NVP...

Page 950: ... Creates logical networks based on messages from the NVP Creates tunnels to VTEPs based on messages from the NVP Binds the Port and VLAN to logical networks based on messages from the NVP Binds MACs to the VTEP and logical network based on messages from the NVP Advertises MACs learnt on south facing VXLAN capable ports to the NVP client VXLAN Hypervisor It is the VTEP that connects the Virtual Mac...

Page 951: ...d points of a tunnel located within the hypervisor on the server that hosts VMs The VXLAN frame format is shown in the following figure Figure 147 VXLAN Frame Format Components of VXLAN Frame Format Some of the important fields of the VXLAN frame format are described below Outer Ethernet Header The Outer Ethernet Header consists of the following components Destination Address Generally it is a fir...

Page 952: ... VNI The 24 bit field that is the VXLAN Network Identifier Reserved A set of fields 24 bits and 8 bits that are reserved and set to zero Frame Check Sequence FCS Note that the original Ethernet frame s FCS is not included but new FCS is generated on the outer Ethernet frame Configuring and Controlling VXLAN from the NVP Controller GUI To configure and control VXLAN from the NVP controller GUI foll...

Page 953: ...e is responsible for broadcast unknown unicast multicast traffic replication The following is the snapshot of the user interface for the creation of service node Figure 151 Create Service Node 3 Create VXLAN Gateway To create a VXLAN L2 Gateway the IP address of the Gateway is mandatory The following is the snapshot of the user interface in creating a VXLAN Gateway Virtual Extensible LAN VXLAN 953...

Page 954: ...and a L2 gateway connection to an external network It binds the virtual access ports in the GW to logical network VXLAN and VLAN Figure 154 Create Logical Switch Port NOTE For more details about NVP controller configuration refer to the NVP user guide from VMWare Configuring VxLAN Gateway To configure the VxLAN gateway on the switch follow these steps 1 Connecting to NVP controller 2 Advertising V...

Page 955: ...ault value is 30000 milliseconds 6 fail mode Optional VxLAN INSTANCE mode fail mode secure If the local VTEP loses connectivity with the controller it will delete all its database and hardware flows resources 7 no shut VxLAN INSTANCE mode Advertising VXLAN Access Ports to Controller To advertise the access ports to the controller use the following command In INTERFACE mode vxlan instance command c...

Page 956: ...stance physical locator command Dell show vxlan vxlan instance 1 physical locator Instance 1 Tunnel count 1 36 1 1 1 vxlan_over_ipv4 up The following example shows the show vxlan vxlan instance unicast mac local command Dell show vxlan vxlan instance 1 unicast mac local Total Local Mac Count 5 VNI MAC PORT VLAN 4656 00 00 02 00 03 00 Te 1 17 0 4656 00 00 02 00 03 01 Te 1 17 0 4656 00 00 02 00 03 0...

Page 957: ...52 Name 2a8d5d19 8845 4365 ad04 243f0b6df252 Description Tunnel Key 2 VFI 28674 Unknown Multicast MAC Tunnels 192 168 122 133 vxlan_over_ipv4 up Port Vlan Bindings Te 0 80 VLAN 0 0x80000001 Fo 0 124 VLAN 0 0x80000004 The following example shows the show vxlan vxlan instance statistics interface command Dell show vxlan vxlan instance 1 statistics interface fortyGigE 0 124 100 Port Fo 0 124 Vlan 100...

Page 958: ... is down in that service node the gateway switches to the alternate service node for Broadcast unknown Unicast and Multicast Traffic BUM Examples of the show bfd neighbors command To verify that the session is established use the show bfd neighbors command Dell_GW1 show bfd neighbors Active session role Ad Dn Admin Down B BGP C CLI I ISIS O OSPF O3 OSPFv3 R Static Route RTM M MPLS V VRRP VT Vxlan ...

Page 959: ...ks VPNs for customers VRF is also referred to as VPN routing and forwarding VRF acts like a logical router while a physical router may include many routing tables a VRF instance uses only a single routing table VRF uses a forwarding table that designates the next hop for each data packet a list of devices that may be called upon to forward the packet and a set of rules and routing protocols that g...

Page 960: ...nterface Physical Ethernet interfaces Port channel interfaces static dynamic using LACP VLAN interfaces Loopback interfaces VRF supports route redistribution between routing protocols including static routes only when the routes are within the same VRF Dell Networking OS uses both the VRF name and VRF ID to manage VRF instances The VRF name and VRF ID number are assigned using the ip vrf command T...

Page 961: ...a Layer 3 port Yes Yes Port monitoring Yes No BFD on physical and logical interfaces Yes No PVST MSTP RSTP and 802 1D STP for VLANs Yes No FRRP if applicable for VLANs Yes No Multicast protocols PIM SM MSDP Yes Yes PIM DM No No Layer 3 IPv4 IPv6 ACLs TraceLists PBR QoS on VLANs Yes Yes NOTE ACLs supported on all VRF VLAN ports IPv4 ACLs are supported on non default VRFs also IPv6 ACLs are supporte...

Page 962: ...e VRF instance VRF Configuration The VRF configuration tasks are 1 Enabling VRF in Configuration Mode 2 Creating a Non Default VRF 3 Assign an Interface to a VRF You can also View VRF Instance Information Connect an OSPF Process to a VRF Instance Configure VRRP on a VRF Load VRF CAM VRF is enabled by default on the switch To load the VRF CAM profile enter the feature vrf command in global configur...

Page 963: ...FACE Assigning a Front end Port to a Management VRF Starting in 9 7 0 0 release you can assign a front end port to a management VRF and make the port to act as a host interface NOTE You cannot assign loop back and port channel interfaces to a management port To assign a front end port to a management VRF perform the following steps Table 101 Assigning a Front end Port to a Management VRF Task Comm...

Page 964: ...ocess id vrf vrf name CONFIGURATION Once the OSPF process and the VRF are tied together the OSPF Process ID cannot be used again in the system Configuring VRRP on a VRF Instance You can configure the VRRP feature on interfaces that belong to a VRF instance In a virtualized network that consists of multiple VRFs various overlay networks can exist on a shared physical infrastructure Nodes hosts and ...

Page 965: ...tised in RA and used in IPv6 data packets originated by the router ipv6 nd managed config flag Hosts should use DHCP for address config ipv6 nd max ra interval Set IPv6 Max Router Advertisement Interval ipv6 nd mtu Configure MTU advertisements in RA packets ipv6 nd other config flag Hosts should use DHCP for non address config ipv6 nd prefix Configure IPv6 Routing Prefix Advertisement ipv6 nd ra g...

Page 966: ... management VRF For example management route 2 64 te 0 0 CONFIGURATION To configure a static entry in the IPv6 neighbor discovery perform the following steps Table 107 Configuring a Static Entry in the IPv6 Neighbor Discovery Task Command Syntax Command Mode Configure a static neighbor ipv6 neighbor vrf management 1 1 tengigabitethernet 1 1 xx xx xx xx xx xx CONFIGURATION Sample VRF Configuration ...

Page 967: ...ange 2 ip vrf green 3 interface TenGigabitEthernet 3 1 no ip address switchport no shutdown interface TenGigabitEthernet 1 1 ip vrf forwarding blue ip address 10 0 0 1 24 no shutdown interface TenGigabitEthernet 1 2 ip vrf forwarding orange ip address 20 0 0 1 24 no shutdown interface TenGigabitEthernet 1 3 Virtual Routing and Forwarding VRF 967 ...

Page 968: ... 0 0 24 area 0 network 10 0 0 0 24 area 0 router ospf 2 vrf orange router id 2 0 0 1 network 2 0 0 0 24 area 0 network 20 0 0 0 24 area 0 ip route vrf green 31 0 0 0 24 3 0 0 2 Router 2 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface TenGigabitEthernet 3 1 no ip address switchport no shutdown interface TenGigabitEthernet 2 1 ip vrf forwarding blue ip address 11 0 0 1 24 no shutdown interfac...

Page 969: ... 0 0 0 24 3 0 0 1 The following shows the output of the show commands on Router 1 Router 1 Dell show ip vrf VRF Name VRF ID Interfaces default vrf 0 Te 3 1 3 3 Te 1 3 1 47 Te 2 1 2 47 Ma 1 1 Ma 2 1 Nu 0 Vl 1 blue 1 Te 1 1 Vl 128 orange 2 Te 1 2 Vl 192 green 3 Te 1 3 Vl 256 Dell show ip ospf 1 neighbor Neighbor ID Pri State Dead Time Address Interface Area 1 0 0 2 1 FULL DR 00 00 32 1 0 0 2 Vl 128 ...

Page 970: ...e C 2 0 0 0 24 Direct Vl 192 0 0 00 20 55 C 20 0 0 0 24 Direct Te 1 2 0 0 00 10 05 O 21 0 0 0 24 via 2 0 0 2 Vl 192 110 2 00 10 41 Dell show ip route vrf green Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS I...

Page 971: ...l BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active route summary route Gateway of last resort is not set Destination Gateway Dist Metric Last Change C 2 0 0 0 24 Direct Vl 192 0 0 00 2...

Page 972: ... RTM As a result it is mandatory to use route maps to filter out leaked routes while sharing global routes with VRFs Configuring Route Leaking without Filtering Criteria You can use the ip route export tag command to export all the IPv4 routes corresponding to a source VRF For leaking IPv6 routes use the ipv6 route export tag command This action exposes source VRF s routes IPv4 or IPv6 depending o...

Page 973: ...ort subport ip vrf forwarding vrf shared ip address ip address mask A non default VRF named VRF Shared is created and the interface 1 4 is assigned to this VRF 2 Configure the export target in the source VRF ip route export 1 1 3 Configure VRF red ip vrf vrf red interface type slot port subport ip vrf forwarding VRF red ip address ip address mask A non default VRF named VRF red is created and the ...

Page 974: ...g configured Dell show ip route vrf VRF Red O 11 1 1 1 32 via 111 1 1 1 110 0 00 00 10 C 111 1 1 0 24 Direct Te 1 11 0 0 22 39 59 Dell show ip route vrf VRF Blue O 22 2 2 2 32 via 122 2 2 2 110 0 00 00 11 C 122 2 2 0 24 Direct Te 1 12 0 0 22 39 61 Dell show ip route vrf VRF Green O 33 3 3 3 32 via 133 3 3 3 110 0 00 00 11 C 133 3 3 0 24 Direct Te 1 13 0 0 22 39 61 Dell show ip route vrf VRF Shared...

Page 975: ...ns to the next hop of the leaked route in the destination VRF IPv6 link local routes will never be leaked from one VRF to another Configuring Route Leaking with Filtering When you initalize route leaking from one VRF to another all the routes are exposed to the target VRF If the size of the source VRF s RTM is considerablly large an import operation results in the duplication of the target VRF s R...

Page 976: ...tocol bgp This action specifies that the route map contains OSPF and BGP as the matching criteria for exporting routes from vrf red 4 Configure the export target in the source VRF with route map export_ospfbgp_protocol ip route export 1 1 export_ospfbgp_protocol 5 Configure VRF blue ip vrf vrf blue interface type slot port subport ip vrf forwarding VRF blue ip address ip address mask A non default...

Page 977: ...wo routes from BGP and OSPF in which the BGP route is not active In this scenario the OSPF route takes precedence over BGP Even though the Target VRF B has specified filtering options to match BGP the BGP route is not leaked as that route is not active in the Source VRF The export target and import target support only the match protocol and match prefix list options Other options that are configur...

Page 978: ...r and allows for up to 255 VRRP routers on a network The following example shows a typical network configuration using VRRP Instead of configuring the hosts on the network 10 10 10 0 with the IP address of either Router A or Router B as their default router their default router is the IP address configured on the virtual router When any host on the LAN segment wants to access the Internet it sends...

Page 979: ...mber of maximum VRRP groups per interface The supports a total of 2000 VRRP groups on a switch and 512 VRRP groups per interface The following recommendations shown may vary depending on various factors like address resolution protocol ARP broadcasts IP broadcasts or spanning tree protocol STP before changing the advertisement interval When the number of packets processed by RP2 CP FP processor in...

Page 980: ...uter Priority optional Configuring VRRP Authentication optional Disabling Preempt optional Changing the Advertisement Interval optional Track an Interface or Object Setting VRRP Initialization Delay For a complete listing of all commands related to VRRP refer to Dell Networking OS Command Line Reference Guide Creating a Virtual Router To enable VRRP create a virtual router In Dell Networking Opera...

Page 981: ...tocol version 3 Dell conf if te 1 1 vrrp group 100 Dell conf if te 1 1 vrid 100 version 2 VRRPv2 3 VRRPv3 both Interoperable send VRRPv3 receive both Dell conf if te 1 1 vrid 100 version 3 You can use the version both command in INTERFACE mode to migrate from VRRPv2 to VRRPv3 When you set the VRRP version to both the switch sends only VRRPv3 advertisements but can receive VRRPv2 or VRRPv3 packets ...

Page 982: ...ny one VRRP group For example an interface on which you enable VRRP contains a primary IP address of 50 1 1 1 24 and a secondary IP address of 60 1 1 1 24 The VRRP group VRID 1 must contain virtual addresses belonging to either subnet 50 1 1 0 24 or subnet 60 1 1 0 24 but not from both subnets though Dell Networking OS allows the same If the virtual IP address and the interface s primary secondary...

Page 983: ...eempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 27 Gratuitous ARP sent 2 Virtual MAC address 00 00 5e 00 01 6f Virtual IP address 10 10 2 2 10 10 2 3 Authentication When the VRRP process completes its initialization the State field contains either Master or Backup Setting VRRP Group Virtual Router Priority Setting a virtual router priority to 255 ensures that router is the owner virtua...

Page 984: ...cation Dell Networking OS includes the password in its VRRP transmission The receiving router uses that password to verify the transmission NOTE You must configure all virtual routers in the VRRP group the same you must enable authentication with the same password or authentication is disabled NOTE Authentication for VRRPv3 is not supported To configure simple authentication use the following comm...

Page 985: ...0 3 virtual address 10 10 10 10 Changing the Advertisement Interval By default the MASTER router transmits a VRRP advertisement to all members of the VRRP group every one second indicating it is operational and is the MASTER router If the VRRP group misses three consecutive advertisements the election process begins and the BACKUP virtual router with the highest priority transitions to MASTER NOTE...

Page 986: ... 20 additional objects which may affect the priority of the VRRP group If the tracked interface goes down the VRRP group s priority decreases by a default value of 10 also known as cost If the tracked interface s state goes up the VRRP group s priority increases by 10 The lowered priority of the VRRP group may trigger an election As the Master Backup VRRP routers are selected based on the VRRP gro...

Page 987: ...e is from 1 to 254 The default is 10 Optional Display the configuration and the UP or DOWN state of tracked objects including the client VRRP group that is tracking an object s state EXEC mode or EXEC Privilege mode show track Optional Display the configuration and the UP or DOWN state of tracked interfaces and objects in VRRP groups including the time since the last change in an object s state EX...

Page 988: ...rity cost 30 00 02 11 The following example shows verifying the VRRP configuration on an interface Dell show running config interface tengigabitethernet 1 8 interface TenGigabitEthernet 1 8 no ip address ipv6 address 2007 30 64 vrrp ipv6 group 1 track 2 priority cost 20 track 3 priority cost 30 virtual address 2007 1 virtual address fe80 1 no shutdown Setting VRRP Initialization Delay When configu...

Page 989: ...conds range is from 0 to 900 The default is 0 Set the delay time for VRRP initialization on all the interfaces in the system configured for VRRP INTERFACE mode vrrp delay reload seconds This time is the gap between system boot up completion and VRRP enabling The seconds range is from 0 to 900 The default is 0 Sample Configurations Before you set up VRRP review the following sample configurations V...

Page 990: ... ip address 10 1 1 1 24 R2 conf if te 2 31 vrrp group 99 R2 conf if te 2 31 vrid 99 priority 200 R2 conf if te 2 31 vrid 99 virtual 10 1 1 3 R2 conf if te 2 31 vrid 99 no shut R2 conf if te 2 31 show conf interface TenGigabitEthernet 2 31 ip address 10 1 1 1 24 vrrp group 99 priority 200 virtual address 10 1 1 3 no shutdown R2 conf if te 2 31 end R2 show vrrp 990 Virtual Router Redundancy Protocol...

Page 991: ...e 3 21 vrrp group 99 R3 conf if te 3 21 vrid 99 virtual 10 1 1 3 R3 conf if te 3 21 vrid 99 no shut R3 conf if te 3 21 show conf interface TenGigabitEthernet 3 21 ip address 10 1 1 1 24 vrrp group 99 virtual address 10 1 1 3 no shutdown R3 conf if te 3 21 end R3 show vrrp TenGigabitEthernet 3 21 VRID 99 Net 10 1 1 2 State Backup Priority 100 Master 10 1 1 1 Hold Down 0 sec Preempt TRUE AdvInt 1 se...

Page 992: ...RPv3 group becomes active as soon as you configure the link local address Afterward you can configure the group s virtual IPv6 address The virtual IPv6 address you configure must be the same as the IPv6 subnet to which the interface belongs Although R2 and R3 have the same default priority 100 R2 is elected master in the VRRPv3 group because the TenGigabitethernet 1 1 interface has a higher IPv6 a...

Page 993: ...nf if te 1 2 vrrp group 10 R2 conf if te 1 2 vrid 10 virtual address fe80 10 R2 conf if te 1 2 vrid 10 virtual address 1 10 R3 conf if te 1 2 vrid 10 no shutdown R3 conf if te 1 2 show config interface TenGigabitEthernet 1 2 ipv6 address 1 2 64 vrrp group 10 priority 100 virtual address fe80 10 virtual address 1 10 no shutdown R3 conf if te 1 2 end R3 show vrrp TenGigabitEthernet 1 2 IPv6 VRID 10 ...

Page 994: ...MASTER and one backup router for each VRF In VRF 1 and VRF 2 Switch 2 serves as owner master of the VRRP group and Switch 1 serves as the backup On VRF 3 Switch 1 is the owner master and Switch 2 is the backup In VRF 1 and VRF 2 on Switch 2 the virtual IP and node IP address subnet and VRRP group are the same On Switch 1 the virtual IP address subnet and VRRP group are the same in VRF 1 and VRF 2 ...

Page 995: ...8 TenGigabitEthernet 2 8 IPv4 VRID 1 Version 2 Net 10 1 1 1 VRF 0 default State Master Priority 100 Master 10 1 1 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 119 Gratuitous ARP sent 1 Virtual MAC address 00 00 5e 00 01 01 Virtual IP address 10 1 1 100 Authentication none Example of Configuring VRRP in a VRF on Switch 2 Non VLAN Configuration Switch 2 S2 co...

Page 996: ... vrf VRF 3 3 S1 conf interface TenGigabitEthernet 1 1 S1 conf if te 1 1 no ip address S1 conf if te 1 1 switchport S1 conf if te 1 1 no shutdown S1 conf if te 1 1 interface vlan 100 S1 conf if vl 100 ip vrf forwarding VRF 1 S1 conf if vl 100 ip address 10 10 1 5 24 S1 conf if vl 100 tagged TenGigabitethernet 1 1 S1 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will ...

Page 997: ...gged TenGigabitethernet 1 1 S2 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if vl 100 vrid 101 priority 255 S2 conf if vl 100 vrid 101 virtual address 10 10 1 2 S2 conf if vl 100 no shutdown S2 conf if te 1 1 interface vlan 200 S2 conf if vl 200 ip vrf forwarding VRF 2 S2 conf if vl 200 ip address 10 10 1 2 24 S2 conf if vl 200 tagged TenGigabit...

Page 998: ...C address 00 00 5e 00 01 0a Virtual IP address 20 1 1 100 Authentication none Dell show vrrp vrf vrf2 port channel 1 Port channel 1 IPv4 VRID 1 Version 2 Net 10 1 1 1 VRF 2 vrf2 State Master Priority 100 Master 10 1 1 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 419 Gratuitous ARP sent 1 Virtual MAC address 00 00 5e 00 01 01 Virtual IP address 10 1 1 100 Au...

Page 999: ... has MASTER status the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address Router 2 R2 conf interface tengigabitethernet 1 1 R2 conf if te 1 1 no ip address R2 conf if te 1 1 ipv6 address 1 1 64 R2 conf if te 1 1 vrrp group 10 NOTE You must configure a virtual link local fe80 address for each VRRPv3 group created for an interface The VRRPv3 g...

Page 1000: ...bitethernet 1 2 R3 conf if te 1 2 no ipv6 address R3 conf if te 1 2 ipv6 address 1 2 64 R3 conf if te 1 2 vrrp group 10 R2 conf if te 1 2 vrid 10 virtual address fe80 10 R2 conf if te 1 2 vrid 10 virtual address 1 10 R3 conf if te 1 2 vrid 10 no shutdown R3 conf if te 1 2 show config interface TenGigabitEthernet 1 2 ipv6 address 1 2 64 vrrp group 10 priority 100 virtual address fe80 10 virtual add...

Page 1001: ...f1 State Backup Priority 90 Master fe80 201 e8ff fe8a e9ed Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 399 Bad pkts rcvd 0 Adv sent 0 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 10 1 1 255 fe80 255 Dell show vrrp vrf vrf2 port channel 1 Port channel 1 IPv6 VRID 255 Version 3 Net fe80 201 e8ff fe8a e9ed VRF 2 vrf2 State Ma...

Page 1002: ...fline standalone unit or offline member unit of a stack of three or more You cannot perform diagnostics on the management or standby unit in a stack of two or more if you do a message similar to this displays Running Diagnostics on master standby unit is not allowed on stack Perform offline diagnostics on one stack member at a time Diagnostics only test connectivity not the entire data path Diagno...

Page 1003: ...d Dell show system brief Stack MAC 00 01 e8 8b 5d 8c Reload Type normal reload Next boot normal reload Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S4810 S4810 9 4 0 89 64 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not present 9 Member not present 10 M...

Page 1004: ...est results are stored on file flash TestReport SU 2 txt Diags completed Rebooting the system now The following example shows the show file flash command standalone member Dell show file flash TestReport SU 0 txt S Series Diagnostics Board S4810 Dell Inc Stack Unit Board Serial Number HADL112220111 CPU Version MPC8536E Version 1 1 CPLD REVISION 0x7 CPLD BOARD TYPE 0x1 Diag image based on build 9 4...

Page 1005: ...r standby units is stored in the flash TRACE_LOG_DIR directory This directory contains files that save trace information when there has been a task crash or timeout On a MASTER unit you can reach the TRACE_LOG_DIR files by FTP or by using the show file command from the flash TRACE_LOG_DIR directory On a Standby unit you can reach the TRACE_LOG_DIR files only by using the show file command from the...

Page 1006: ... total buffer View the modular packet buffers details per unit and the mode of allocation EXEC Privilege mode show hardware stack unit 0 11 buffer unit 0 1 total buffer View the forwarding plane statistics containing the packet buffer usage per port per stack unit EXEC Privilege mode show hardware stack unit 0 11 buffer unit 0 1 port 1 64 all buffer info View the forwarding plane statistics contai...

Page 1007: ...Monitoring The device components use environmental monitoring hardware to detect transmit power readings receive power readings and temperature updates To receive periodic power updates you must enable the following command Enable environmental monitoring enable optic info update interval Example of the show interfaces transceiver Command Dell show interfaces transceiver RPM Environment Status Slo...

Page 1008: ... Exercise care when removing a card if it has exceeded the major or shutdown thresholds the card could be hot to the touch Recognize an Under Voltage Condition If the system detects an under voltage condition it sends an alarm To recognize this condition look for the following system message CHMGR 1 CARD_SHUTDOWN Major alarm stack unit 2 down auto shutdown due to under voltage This message indicat...

Page 1009: ...ookup and forwarding decisions 1G and 10G interfaces use different FPs The following table describes the type and number of ASICs per platform Table 111 ASICs by Platform Hardware FP CSF S50N S50V 2 0 S25V S25P S25N 1 0 As shown in the following example you can tune buffers at three locations 1 CSF Output queues going from the CSF 2 FP Uplink Output queues going from the FP to the CSF IDP links 3 ...

Page 1010: ...e FP dynamic buffer allocation is 10 times oversubscribed For the 48 port 1G card Dynamic Pool Total Available Pool 16384 cells Total Dedicated Pool 5904 cells Oversubscription ratio 10 Dynamic Cell Limit Per port 59040 29 2036 cells Figure 163 Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non default buffer settings as tuning can ...

Page 1011: ...an exceed the actual amount of available memory this allocation is called oversubscription If you choose to oversubscribe the dynamic allocation a burst of traffic on one interface might prevent other interfaces from receiving the configured dynamic allocation which causes packet loss You cannot allocate more than the available memory for the dedicated buffers If the system determines that the sum...

Page 1012: ... mtu 9252 switchport no shutdown buffer policy myfsbufferprofile The following example shows viewing the default buffer profile on an interface Dell show buffer profile detail interface tengigabitethernet 1 10 Interface Te 1 10 Buffer profile fsqueue fp Dynamic buffer 1256 00 Kilobytes Queue Dedicated Buffer Buffer Packets Kilobytes 0 3 00 256 1 3 00 256 2 3 00 256 3 3 00 256 4 3 00 256 5 3 00 256...

Page 1013: ...not apply a buffer profile on any single interface A message similar to the following displays Error Global pre defined buffer profile already applied Failed to apply user defined buffer profile on interface Te 1 1 Please remove global pre defined buffer profile To apply a predefined buffer profile use the following command Apply one of the pre defined buffer profiles for all port pipes in the sys...

Page 1014: ...t resource interface interface priority group id all queue ucast id all mcast id all all show hardware drops interface interface clear hardware stack unit stack unit number counters clear hardware stack unit stack unit number unit 0 1 counters clear hardware stack unit stack unit number cpu data plane statistics clear hardware stack unit stack unit number cpu party bus statistics clear hardware st...

Page 1015: ...2MC Drops 0 PKT Drops of ANY Conditions 0 Hg MacUnderflow 0 TX Err PKT Counter 0 Error counters Internal Mac Transmit Errors 0 Unknown Opcodes 0 Internal Mac Receive Errors 0 Dell show hardware drops interface tengigabitethernet 2 1 1 Drops in Interface Te 2 1 1 Ingress Drops Ingress Drops 0 IBP CBP Full Drops 0 PortSTPnotFwd Drops 0 IPv4 L3 Discards 0 Policy Discards 0 Packets dropped by FP 0 L2 ...

Page 1016: ...ops 0 PortSTPnotFwd Drops 0 IPv4 L3 Discards 0 Policy Discards 0 Packets dropped by FP 0 L2 L3 Drops 0 Port bitmap zero Drops 0 Rx VLAN Drops 0 Ingress MAC counters Ingress FCSDrops 0 Ingress MTUExceeds 0 MMU Drops Ingress MMU Drops 0 HOL DROPS TOTAL 0 HOL DROPS on COS0 0 HOL DROPS on COS1 0 HOL DROPS on COS2 0 HOL DROPS on COS3 0 HOL DROPS on COS4 0 HOL DROPS on COS5 0 HOL DROPS on COS6 0 HOL DRO...

Page 1017: ... Dell show hardware stack unit 1 drops unit 0 UserPort PortNumber Ingress Drops IngMac Drops Total Mmu Drops EgMac Drops Egress Drops 1 1 0 0 0 0 0 2 2 0 0 0 0 0 3 3 0 0 0 0 0 4 4 0 0 0 0 0 5 5 0 0 0 0 0 6 6 0 0 0 0 0 7 7 0 0 0 0 0 8 8 0 0 0 0 0 9 9 0 0 0 0 0 10 10 0 0 0 0 0 11 11 0 0 0 0 0 12 12 0 0 0 0 0 13 13 0 0 0 0 0 14 14 0 0 0 0 0 15 15 0 0 0 0 0 16 16 0 0 0 0 0 17 17 2144854 0 124904297 0 ...

Page 1018: ...0 0 0 0 37 37 0 0 0 0 0 38 38 0 0 0 0 0 39 39 0 0 0 0 0 40 40 0 0 0 0 0 41 41 0 0 0 0 0 42 42 0 0 0 0 0 43 43 0 0 0 0 0 44 44 0 0 0 0 0 45 45 0 0 0 0 0 46 46 0 0 0 0 0 47 47 0 0 0 0 0 48 48 0 0 0 0 0 49 49 0 0 0 0 0 49 50 0 0 0 0 0 49 51 0 0 0 0 0 49 52 0 0 0 0 0 52 61 0 0 0 0 0 52 62 0 0 0 0 0 52 63 0 0 0 0 0 52 64 0 0 0 0 0 53 65 0 0 0 0 0 53 66 0 0 0 0 0 1018 Debugging and Diagnostics ...

Page 1019: ...e basis The objective is to see whether CPU bound traffic is internal so called party bus or IPC traffic or network control traffic which the CPU must process Example of Viewing Dataplane Statistics Dell show hardware stack unit 2 cpu data plane statistics bc pci driver statistics for device rxHandle 0 noMhdr 0 noMbuf 0 noClus 0 recvd 0 dropped 0 recvToNet 0 rxError 0 rxDatapathErr 0 rxPkt COS0 0 ...

Page 1020: ...casts 1649714 Unicasts 0 throttles 0 discarded 0 collisions Rate info interval 45 seconds Input 00 00 Mbits sec 2 packets sec 0 00 of line rate Output 00 06 Mbits sec 8 packets sec 0 00 of line rate Dell Display Stack Member Counters The show hardware stack unit stack unit number counters details port stats detail register command displays internal receive and transmit statistics based on the sele...

Page 1021: ... counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 46 TX 64 to 127 Byte Frame Counter 0 TX 128 to 255 Byte Frame Counter 0 TX 256 to 511 Byte Frame Counter 0 TX 512 to 1023 Byte Frame Counter 0 TX 1024 to 1518 Byte Frame Counter 0 TX 1519 to 1522 Byte Good VLAN Frame Counter 0 TX 1519 to 2047 Byte Frame Counter 0 TX 2048 to 4095 Byte Frame Co...

Page 1022: ...128 to 255 Byte Frame Counter 0 TX 256 to 511 Byte Frame Counter 0 TX 512 to 1023 Byte Frame Counter 0 TX 1024 to 1518 Byte Frame Counter 0 TX 1519 to 1522 Byte Good VLAN Frame Counter 0 TX 1519 to 2047 Byte Frame Counter 0 TX 2048 to 4095 Byte Frame Counter 0 TX 4096 to 9216 Byte Frame Counter 0 TX Good Packet Counter 0 TX Packet frame Counter 0 TX Unicast Packet Counter 0 TX Multicast Packet Cou...

Page 1023: ...er 0 TX 4096 to 9216 Byte Frame Counter 0 TX Good Packet Counter 46 TX Packet frame Counter 46 TX Unicast Packet Counter 0 TX Multicast Packet Counter 46 TX Broadcast Frame Counter 0 TX Byte Counter 2944 TX Control frame counter 0 TX Pause control frame counter 0 TX Over size packet counter 0 TX Jabber counter 0 TX VLAN tag frame counter 0 TX Double VLAN tag frame counter 0 TX RUNT frame counter 0...

Page 1024: ... core dumps are disabled by default A core dump file can be very large Due to memory requirements the file can only be sent directly to an FTP server it is not stored on the local flash To enable full application core dumps use the following command Enable RPM core dumps and specify the Shutdown mode CONFIGURATION mode logging coredump server To undo this command use the no logging coredump server...

Page 1025: ...144 0024e2b0 db_fncall 0x134 0024dee8 db_command 0x258 0024d9c4 db_command_loop 0xc4 002522b0 db_trap 0x158 0026a8d0 mi_switch 0x1b0 0026a00c bpendtsleep STACK TRACE END FREE MEMORY uvmexp free 0x2312 Enabling TCP Dumps A TCP dump captures CPU bound control plane traffic to improve troubleshooting and system manageability When you enable TCP dump it captures all the packets on the local CPU as spe...

Page 1026: ...following command Enable a TCP dump for CPU bound traffic CONFIGURATION mode tcpdump cp capture duration time filter expression max file count value packet count value snap length value write to path 1026 Debugging and Diagnostics ...

Page 1027: ...of IEEE compliance 802 1AB LLDP 802 1D Bridging STP 802 1p L2 Prioritization 802 1Q VLAN Tagging Double VLAN Tagging GVRP 802 1s MSTP 802 1w RSTP 802 1X Network Access Control Port Authentication 802 3ab Gigabit Ethernet 1000BASE T 802 3ac Frame Extensions for VLAN Tagging 802 3ad Link Aggregation with LACP 802 3ae 10 Gigabit Ethernet 10GBASE W 10GBASE X 802 3af Power over Ethernet 802 3ak 10 Giga...

Page 1028: ...ntrol Protocol 7 6 1 854 Telnet Protocol Specification 7 6 1 959 File Transfer Protocol FTP 7 6 1 1321 The MD5 Message Digest Algorithm 7 6 1 1350 The TFTP Protocol Revision 2 7 6 1 1661 The Point to Point Protocol PPP 1989 PPP Link Quality Monitoring 1990 The PPP Multilink Protocol MP 1994 PPP Challenge Handshake Authentication Protocol CHAP 2460 Internationalization of the File Transfer Protocol...

Page 1029: ... Transparent Subnet Gateways 7 6 1 10 3 5 DOMAIN NAMES IMPLEMENTATION AND SPECIFICATION client 7 6 1 10 4 2 A Standard for the Transmission of IP Datagrams over IEEE 802 Networks 7 6 1 11 91 Path MTU Discovery 7 6 1 13 0 5 Network Time Protocol Version 3 Specification Implementation and Analysis 7 6 1 15 19 Classless Inter Domain Routing CIDR an Address Assignment and Aggregation Strategy 7 6 1 15...

Page 1030: ... 7 8 1 31 2 8 Protection Against a Variant of the Tiny Fragment Attack 7 6 1 General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols Table 114 General IPv6 Protocols RF C Full Name Z Series S Series 188 6 DNS Extensions to support IP version 6 7 8 1 1981 Pa rtial Path MTU Discovery for IP version 6 7 8 1 246 0 Internet Protocol Versio...

Page 1031: ...Address Format 7 8 1 400 7 IPv6 Scoped Address Architecture 8 3 12 0 429 1 Internet Protocol Version 6 IPv6 Addressing Architecture 7 8 1 444 3 Internet Control Message Protocol ICMPv6 for the IPv6 Specification 7 8 1 486 1 Neighbor Discovery for IPv6 8 3 12 0 486 2 IPv6 Stateless Address Autoconfigurat ion 8 3 12 0 517 5 IPv6 Router Advertisement Flags Option 8 3 12 0 Standards Compliance 1031 ...

Page 1032: ...onfederations for BGP 7 8 1 4360 BGP Extended Communities Attribute 7 8 1 4893 BGP Support for Four octet AS Number Space 7 8 1 5396 Textual Representation of Autonomous System AS Numbers 8 1 2 draft ietf idrbgp4 20 A Border Gateway Protocol 4 BGP 4 7 8 1 draft ietf idrrestart 06 Graceful Restart Mechanism for BGP 7 8 1 Open Shortest Path First OSPF The following table lists the Dell Networking OS...

Page 1033: ...784 Intermediate System to Intermediate System IS IS Extensions in Support of Generalized Multi Protocol Label Switching GMPLS 5120 MT ISIS Multi Topology MT Routing in Intermediate System to Intermediate Systems IS ISs 5306 Restart Signaling for IS IS 5308 Routing IPv6 with IS IS 8 3 10 0 draft ietf isis igpp2p over lan 06 Point to point operation over LAN in link state routing protocols draft ka...

Page 1034: ...SM Protocol Specification Revised 7 8 1 PIM SM for IPv4 Network Management The following table lists the Dell Networking OS support per platform for network management protocol Table 120 Network Management RFC Full Name S4810 S4820T Z Series 1155 Structure and Identification of Management Information for TCP IP based Internets 7 6 1 1156 Management Information Base for Network Management of TCP IP...

Page 1035: ...ng Table MIB 7 6 1 2558 Definitions of Managed Objects for the Synchronous Optical Network Synchronous Digital Hierarchy SONET SDH Interface Type 2570 Introduction and Applicability Statements for Internet Standard Management Framework 7 6 1 2571 An Architecture for Describing Simple Network Management Protocol SNMP Management Frameworks 7 6 1 2572 Message Processing and Dispatching for the Simple...

Page 1036: ...Interface Types 7 6 1 2674 Definitions of Managed Objects for Bridges with Traffic Classes Multicast Filtering and Virtual LAN Extensions 7 6 1 2787 Definitions of Managed Objects for the Virtual Router Redundancy Protocol 7 6 1 2819 Remote Network Monitoring Management Information Base Ethernet Statistics Table Ethernet History Control Table Ethernet History Table Alarm Table Event Table Log Tabl...

Page 1037: ...e MIB 9 5 0 0 9 5 0 0 9 5 0 0 4750 OSPF Version 2 Management Information Base 9 5 0 0 9 5 0 0 9 5 0 0 4502 RMON v2 MIB 9 5 0 0 9 5 0 0 9 5 0 0 5060 Protocol Independent Multicast MIB 7 8 1 ANSI TIA 1057 The LLDP Management Information Base extension module for TIA TR41 4 Media Endpoint Discovery information 7 7 1 draft grant tacacs 02 The TACACS Protocol 7 6 1 draft ietf idr bgp4 mib 06 Definition...

Page 1038: ...7 1 ruzin mstp mib 0 2 Traps Definitions of Managed Objects for Bridges with Multiple Spanning Tree Protocol 7 6 1 sFlow org sFlow Version 5 7 7 1 sFlow org sFlow Version 5 MIB 7 7 1 FORCE10 BGP4 V2 MIB Force10 BGP MIB draft ietf idr bgp4 mibv2 05 7 8 1 f10 bmp mib Force10 Bare Metal Provisioning MIB 9 2 0 0 9 2 0 0 9 2 0 0 FORCE10 FIB MIB Force10 CIDR Multipath Routes MIB The IP Forwarding Table ...

Page 1039: ...10 System Component MIB enables the user to view CAM usage information 7 6 1 FORCE10 TC MIB Force10 Textual Convention 7 6 1 FORCE10 TRAP ALARM MIB Force10 Trap Alarm MIB 7 6 1 MIB Location You can find Force10 MIBs under the Force10 MIBs subhead on the Documentation page of iSupport https www force10networks com CSPortal20 KnowledgeBase Documentation aspx You also can obtain a list of selected MI...

Search results

Summary of Contents for S4048-ON

Reviews:

Brands by name

Popular brands

Dell S4048-ON, Configuration Manual

Search results

Summary of Contents for S4048-ON

Reviews:

Brands by name

Popular brands