Dell S4048T-ON Configuration Manual Download Page 110 | Manualshive

Page: 110 / 1146

background image

Access Control Lists (ACLs)

This chapter describes access control lists (ACLs), prefix lists, and route-maps.
At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This
chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to

An ACL is essentially a filter containing some criteria to match (examine IP, transmission control protocol [TCP], or user datagram protocol
[UDP] packets) and an action to take (permit or deny). ACLs are processed in sequence so that if a packet does not match the criterion in
the first filter, the second filter (if configured) is applied. When a packet matches a filter, the switch drops or forwards the packet based on
the filter’s specified action. If the packet does not match any of the filters in the ACL, the packet is dropped (implicit deny).

The number of ACLs supported on a system depends on your content addressable memory (CAM) size. For more information, refer to

Configurable CAM Allocation

CAM Optimization

. For complete CAM profiling information, refer to

Content Addressable Memory

You can configure ACLs on VRF instances. In addition to the existing qualifying parameters, Layer 3 ACLs also incorporate VRF ID as one of
the parameters. Using this new capability, you can also configure VRF based ACLs on interfaces.

NOTE:

You can apply Layer 3 VRF-aware ACLs only at the ingress level.

You can apply VRF-aware ACLs on:

•

VRF Instances

•

Interfaces

In order to configure VRF-aware ACLs on VRF instances, you must carve out a separate CAM region. You can use the

cam-acl

command

for allocating CAM regions. As part of the enhancements to support VRF-aware ACLs, the

cam-acl

command now includes the following

new parameter that enables you to allocate a CAM region:

vrfv4acl

.

The order of priority for configuring user-defined ACL CAM regions is as follows:

•

V4 ACL CAM

•

VRF V4 ACL CAM

•

L2 ACL CAM

With the inclusion of VRF based ACLs, the order of precedence of Layer 3 ACL rules is as follows:

•

Port/VLAN based PERMIT/DENY Rules

•

Port/VLAN based IMPLICIT DENY Rules

•

VRF based PERMIT/DENY Rules

•

VRF based IMPLICIT DENY Rules

NOTE:

In order for the VRF ACLs to take effect, ACLs configured in the Layer 3 CAM region must have an implicit-permit

option.

You can use the

ip access-group

command to configure VRF-aware ACLs on interfaces. Using the

ip access-group

command, in

addition to a range of VLANs, you can also specify a range of VRFs as input for configuring ACLs on interfaces. The VRF range is from 1 to
63. These ACLs use the existing V4 ACL CAM region to populate the entries in the hardware and do not require you to carve out a separate
CAM region.

NOTE:

You can configure VRF-aware ACLs on interfaces either using a range of VLANs or a range of VRFs but not both.

7

110

Access Control Lists (ACLs)

«
...
108
109
110
111
112
...
»

Summary of Contents for S4048T-ON

Page 1: ...Dell Configuration Guide for the S4048 ON System 9 11 2 1 ...

Page 2: ... to hardware or loss of data and tells you how to avoid the problem WARNING A WARNING indicates a potential for property damage personal injury or death Copyright 2017 Dell Inc or its subsidiaries All rights reserved Dell EMC and other trademarks are trademarks of Dell Inc or its subsidiaries Other trademarks may be trademarks of their respective owners 2017 06 Rev A00 ...

Page 3: ...ommands Using an SSH Connection 48 Executing Local CLI Scripts Using an SSH Connection 48 Default Configuration 49 Configuring a Host Name 49 Accessing the System Remotely 49 Accessing the System Remotely 49 Configure the Management Port IP Address 49 Configure a Management Route 50 Configuring a Username and Password 50 Configuring the Enable Password 50 Configuration File Management 51 Copy File...

Page 4: ...ity Tracking 70 Display Login Statistics 71 Limit Concurrent Login Sessions 72 Restrictions for Limiting the Number of Concurrent Sessions 72 Configuring Concurrent Session Limit 73 Enabling the System to Clear Existing Sessions 73 Enabling Secured CLI Mode 74 Log Messages in the Internal Buffer 74 Configuration Task List for System Log Management 74 Disabling System Logging 74 Sending System Mess...

Page 5: ...on 96 Forcibly Authorizing or Unauthorizing a Port 97 Re Authenticating a Port 98 Configuring Timeouts 99 Configuring Dynamic VLAN Assignment with Port Authentication 100 Guest and Authentication Fail VLANs 101 Configuring a Guest VLAN 101 Configuring an Authentication Fail VLAN 101 6 Access Control List ACL VLAN Groups and Content Addressable Memory CAM 103 Optimizing CAM Utilization During the A...

Page 6: ...127 Configure Egress ACLs 127 Applying Egress Layer 3 ACLs Control Plane 128 IP Prefix Lists 129 Implementation Information 129 Configuration Task List for Prefix Lists 129 ACL Resequencing 133 Resequencing an ACL or Prefix List 133 Route Maps 135 Implementation Information 135 Logging of ACL Processes 135 Guidelines for Configuring ACL Logging 136 Configuring ACL Logging 136 Flow Based Monitoring...

Page 7: ...tocol BGP 185 Implement BGP with Dell Networking OS 186 Additional Path Add Path Support 186 Advertise IGP Cost as MED for Redistributed Routes 186 Ignore Router ID in Best Path Calculation 187 Four Byte AS Numbers 187 AS4 Number Representation 187 AS Number Migration 189 BGP4 Management Information Base MIB 190 Important Points to Remember 190 Configuration Information 191 BGP Configuration 191 E...

Page 8: ...218 Configuring BGP Confederations 218 Enabling Route Flap Dampening 219 Changing BGP Timers 221 Enabling BGP Neighbor Soft Reconfiguration 221 Enabling or disabling BGP neighbors 222 Route Map Continue 224 Enabling MBGP Configurations 224 Configure IPv6 NH Automatically for IPv6 Prefix Advertised over IPv4 Neighbor 225 BGP Regular Expression Optimization 225 Debugging BGP 225 Storing Last and Bad...

Page 9: ...ethod 264 Pause and Resume of Traffic 264 Buffer Sizes for Lossless or PFC Packets 264 Behavior of Tagged Packets 265 Configuration Example for DSCP and PFC Priorities 265 Using PFC to Manage Converged Ethernet Traffic 266 Configure Enhanced Transmission Selection 266 ETS Prerequisites and Restrictions 266 Creating an ETS Priority Group 266 ETS Operation with DCBx 268 Configuring Bandwidth Allocat...

Page 10: ...m to be a DHCP Client 302 Configuring the DHCP Client System 302 DHCP Client on a Management Interface 304 DHCP Client Operation with Other Features 304 Configure the System for User Port Stacking Option 230 305 Configure Secure DHCP 305 Option 82 306 DHCP Snooping 306 Drop DHCP Packets on Snooped VLANs Only 309 Dynamic ARP Inspection 310 Configuring Dynamic ARP Inspection 311 Source Address Valid...

Page 11: ...Flex Hash and Optimized Boot Up 337 Flex Hash Capability Overview 337 Configuring the Flex Hash Mechanism 337 Configuring Fast Boot and LACP Fast Switchover 338 Optimizing the Boot Time 338 Booting Process When Optimized Boot Time Mechanism is Enabled 338 Guidelines for Configuring Optimized Booting Mechanism 339 Interoperation of Applications with Fast Boot and System States 340 LACP and IPv4 Rou...

Page 12: ...guration and Topology 355 FRRP Support on VLT 356 Example Scenario 357 Important Points to Remember 358 19 GARP VLAN Registration Protocol GVRP 359 Important Points to Remember 359 Configure GVRP 360 Related Configuration Tasks 360 Enabling GVRP Globally 361 Enabling GVRP on a Layer 2 Interface 361 Configure GVRP Registration 361 Configure a GARP Timer 362 RPM Redundancy 362 20 High Availability H...

Page 13: ...Group Port Association 381 Disabling Multicast Flooding 381 Specifying a Port as Connected to a Multicast Router 382 Configuring the Switch as Querier 382 Fast Convergence after MSTP Topology Changes 383 Egress Interface Selection EIS for HTTP and IGMP Applications 383 Protocol Separation 383 Enabling and Disabling Management Egress Interface Selection 384 Handling of Management Route Configuratio...

Page 14: ... Channel Definition and Standards 404 Port Channel Benefits 404 Port Channel Implementation 404 Interfaces in Port Channels 405 Configuration Tasks for Port Channel Interfaces 405 Creating a Port Channel 405 Adding a Physical Interface to a Port Channel 406 Reassigning an Interface to a New Port Channel 407 Configuring the Minimum Oper Up Links in a Port Channel 408 Adding or Removing a Port Chann...

Page 15: ...ly 429 Dynamic Counters 430 Clearing Interface Counters 431 23 Internet Protocol Security IPSec 432 Configuring IPSec 432 24 IPv4 Routing 434 IP Addresses 435 Implementation Information 435 Configuration Tasks for IP Addresses 435 Assigning IP Addresses to an Interface 435 Configuring Static Routes 436 Configure Static Routes for the Management Interface 437 IPv4 Path MTU Discovery Overview 438 Us...

Page 16: ...ocol Overview 450 Extended Address Space 451 Stateless Autoconfiguration 451 IPv6 Headers 451 IPv6 Header Fields 452 Extension Header Fields 454 Addressing 455 Implementing IPv6 with Dell Networking OS 456 ICMPv6 457 Path MTU Discovery 458 IPv6 Neighbor Discovery 458 IPv6 Neighbor Discovery of MTU Packets 459 Configuration Task List for IPv6 RDNSS 459 Configuring the IPv6 Recursive DNS Server 459 ...

Page 17: ...ation Values 476 iSCSI Optimization Prerequisites 476 Configuring iSCSI Optimization 476 Displaying iSCSI Optimization Information 478 27 Intermediate System to Intermediate System 480 IS IS Protocol Overview 480 IS IS Addressing 480 Multi Topology IS IS 481 Transition Mode 481 Interface Support 482 Adjacencies 482 Graceful Restart 482 Timers 482 Implementation Information 482 Configuration Inform...

Page 18: ...ic Entries 518 Configuring a Static MAC Address 519 Displaying the MAC Address Table 519 MAC Learning Limit 519 Setting the MAC Learning Limit 520 mac learning limit Dynamic 520 mac learning limit mac address sticky 520 mac learning limit station move 521 mac learning limit no station move 521 Learning Limit Violation Actions 521 Setting Station Move Violation Actions 522 Recovering from Learning ...

Page 19: ...oft Network Load Balancing 552 NLB Unicast Mode Scenario 552 NLB Multicast Mode Scenario 552 Limitations of the NLB Feature 553 Microsoft Clustering 553 Enable and Disable VLAN Flooding 553 Configuring a Switch for NLB 553 Enabling a Switch for Multicast NLB 554 32 Multicast Source Discovery Protocol MSDP 555 Protocol Overview 555 Anycast RP 556 Implementation Information 557 Configure Multicast S...

Page 20: ...ng Multiple Spanning Tree Instances 581 Influencing MSTP Root Selection 582 Interoperate with Non Dell Bridges 582 Changing the Region Name or Revision 583 Modifying Global Parameters 583 Modifying the Interface Parameters 584 Configuring an EdgePort 585 Flush MAC Addresses after a Topology Change 586 MSTP Sample Configurations 586 Router 1 Running ConfigurationRouter 2 Running ConfigurationRouter...

Page 21: ...SPFv2 IPv4 Only 628 Multi Process OSPFv2 with VRF 628 OSPF ACK Packing 628 Setting OSPF Adjacency with Cisco Routers 628 Configuration Information 629 Configuration Task List for OSPFv2 OSPF for IPv4 629 Configuration Task List for OSPFv3 OSPF for IPv6 643 Configuration Task List for OSPFv3 OSPF for IPv6 656 Enabling IPv6 Unicast Routing 657 Applying cost for OSPFv3 657 Assigning IPv6 Addresses on...

Page 22: ... 686 Overriding Bootstrap Router Updates 686 Configuring a Designated Router 686 Creating Multicast Boundaries and Domains 687 39 PIM Source Specific Mode PIM SSM 688 Implementation Information 688 Important Points to Remember 688 Configure PIM SSM 689 Related Configuration Tasks 689 Enabling PIM SSM 689 Use PIM SSM with IGMP Version 2 Hosts 689 Configuring PIM SSM with IGMPv2 690 Electing an RP u...

Page 23: ...720 Protocol Overview 720 Implementation Information 721 Configure Per VLAN Spanning Tree Plus 721 Related Configuration Tasks 721 Enabling PVST 721 Disabling PVST 722 Influencing PVST Root Selection 722 Modifying Global PVST Parameters 724 Modifying Interface PVST Parameters 725 Configuring an EdgePort 726 PVST in Multi Vendor Networks 726 Enabling PVST Extend System ID 726 PVST Sample Configurat...

Page 24: ... to mark non ecn packets as yellow with single traffic class 756 Applying Layer 2 Match Criteria on a Layer 3 Interface 757 Applying DSCP and VLAN Match Criteria on a Service Queue 758 Classifying Incoming Packets Using ECN and Color Marking 759 Guidelines for Configuring ECN for Classifying and Color Marking Packets 760 Sample configuration to mark non ecn packets as yellow with Multiple traffic ...

Page 25: ... Task List for AAA Authentication 795 Obscuring Passwords and Keys 798 AAA Authorization 798 Privilege Levels Overview 798 Configuration Task List for Privilege Levels 799 RADIUS 803 RADIUS Authentication 803 Configuration Task List for RADIUS 804 TACACS 808 Configuration Task List for TACACS 808 TACACS Remote Authentication 809 Command Authorization 811 Protection from TCP Tiny and Overlapping Fr...

Page 26: ...Trunk Ports 837 Enable VLAN Stacking for a VLAN 838 Configuring the Protocol Type Value for the Outer VLAN Tag 838 Configuring Dell Networking OS Options for Trunk Ports 838 Debugging VLAN Stacking 839 VLAN Stacking in Multi Vendor Networks 840 VLAN Stacking Packet Drop Precedence 844 Enabling Drop Eligibility 844 Honoring the Incoming DEI Value 845 Marking Egress Packets with a DEI Value 845 Dyna...

Page 27: ...es using SNMP 866 Enabling a Subset of SNMP Traps 867 Enabling an SNMP Agent to Notify Syslog Server Failure 869 Copy Configuration Files Using SNMP 870 Copying a Configuration File 872 Copying Configuration Files via SNMP 872 Copying the Startup Config Files to the Running Config 873 Copying the Startup Config Files to the Server via FTP 873 Copying the Startup Config Files to the Server via TFTP...

Page 28: ... 893 Transceiver Monitoring 893 52 Stacking 895 Stacking Overview 895 Stack Management Roles 895 Stack Master Election 896 Virtual IP 898 Failover Roles 898 MAC Addressing on Stacks 898 Stacking LAG 899 Supported Stacking Topologies 899 High Availability on Stacks 900 Management Access on Stacks 901 Enabling Mixed mode Stacking 902 Important Points to Remember 902 Stacking Installation Tasks 902 C...

Page 29: ...Spanning Tree Group 927 Modifying Global Parameters 927 Modifying Interface STP Parameters 928 Enabling PortFast 928 Prevent Network Disruptions with BPDU Guard 929 Selecting STP Root 931 STP Root Guard 931 Root Guard Scenario 931 Configuring Root Guard 932 Enabling SNMP Traps for Root Elections and Topology Changes 933 Configuring Spanning Trees as Hitless 933 STP Loop Guard 933 Configuring Loop ...

Page 30: ...g a Tunnel Interface 956 Configuring Tunnel Allow Remote Decapsulation 957 Configuring the Tunnel Source Anylocal 957 58 Uplink Failure Detection UFD 959 Feature Description 959 How Uplink Failure Detection Works 960 UFD and NIC Teaming 961 Important Points to Remember 961 Configuring Uplink Failure Detection 962 Clearing a UFD Disabled Interface 963 Displaying Uplink Failure Detection 964 Sample ...

Page 31: ...le PVST Configuration 1006 Peer Routing Configuration Example 1007 Dell 1 Switch Configuration 1008 Dell 2 Switch Configuration 1012 R1 Configuration 1015 Access Switch A1 Configurations and Verification 1016 eVLT Configuration Example 1017 eVLT Configuration Step Examples 1017 PIM Sparse Mode Configuration Example 1019 Verifying a VLT Configuration 1020 Additional VLT Sample Configurations 1023 T...

Page 32: ...xy Gateway 1045 LLDP VLT Proxy Gateway in a Square VLT Topology 1047 Configuring a Static VLT Proxy Gateway 1048 Configuring an LLDP VLT Proxy Gateway 1048 VLT Proxy Gateway Sample Topology 1048 VLT Domain Configuration 1049 Dell 1 VLT Configuration 1049 Dell 2 VLT Configuration 1050 Dell 3 VLT Configuration 1051 Dell 4 VLT Configuration 1052 63 Virtual Extensible LAN VXLAN 1053 Overview 1053 Comp...

Page 33: ... Route Leaking 1078 Configuring Route Leaking without Filtering Criteria 1078 Configuring Route Leaking with Filtering 1081 65 Virtual Router Redundancy Protocol VRRP 1084 VRRP Overview 1084 VRRP Benefits 1085 VRRP Implementation 1085 VRRP Configuration 1086 Configuration Task List 1086 Setting VRRP Initialization Delay 1095 Sample Configurations 1096 VRRP for an IPv4 Configuration 1096 VRRP in a ...

Page 34: ...outing Information Protocol RIP 1132 Multicast 1133 Network Management 1133 MIB Location 1137 68 X 509v3 1138 Introduction to X 509v3 certification 1138 X 509v3 certificates 1138 Certificate authority CA 1138 Certificate signing requests CSR 1138 How certificates are requested 1138 Advantages of X 509v3 certificates 1139 X 509v3 support in Dell Networking OS 1139 Information about installing CA ce...

Page 35: ...Configuring OSCP responder preference 1145 Verifying certificates 1145 Verifying Server certificates 1146 Verifying Client Certificates 1146 Event logging 1146 Contents 35 ...

Page 36: ... management information base files MIBs Topics Audience Conventions Related Documents Audience This document is intended for system administrators who are responsible for configuring and maintaining networks and assumes knowledge in Layer 2 L2 and Layer 3 L3 networking technologies Conventions This guide uses the following conventions to describe command syntax Keyword Keywords are in Courier a mo...

Page 37: ...ly differ between the platforms Differences are noted in each CLI description and related documentation Topics Accessing the Command Line CLI Modes The do Command Undoing Commands Obtaining Help Entering and Editing Commands Command History Filtering show Command Outputs Multiple Users in Configuration Mode Accessing the Command Line Access the CLI through a serial console port or a Telnet session...

Page 38: ...e command structure Two sub CONFIGURATION modes are important when configuring the chassis for the first time INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface An interface can be physical Management interface 1 Gigabit Ethernet 10 Gigabit Ethernet 25 Gigabit Ethernet 40 Gigabit Ethernet 50 Gigabit Ethernet or 100 Gigabit Et...

Page 39: ...exit command which moves you up one command mode level NOTE Sub CONFIGURATION modes all have the letters conf in the prompt with more modifiers to identify the mode and slot port subport information Table 1 Dell Networking OS Command Modes CLI Command Mode Prompt Access Command EXEC Dell Access the router through the console or terminal line EXEC Privilege Dell From EXEC mode enter the enable comm...

Page 40: ...INE Modes CONSOLE Dell config line console line LINE Modes VIRTUAL TERMINAL Dell config line vty line LINE Modes STANDARD ACCESS LIST Dell config std macl mac access list standard MAC ACCESS LIST Modes EXTENDED ACCESS LIST Dell config ext macl mac access list extended MAC ACCESS LIST Modes MULTIPLE SPANNING TREE Dell config mstp protocol spanning tree mstp Per VLAN SPANNING TREE Plus Dell config p...

Page 41: ...e console orline vty MONITOR SESSION Dell conf mon sess sessionID monitor session OPENFLOW INSTANCE Dell conf of instance of id openflow of instance PORT CHANNEL FAILOVER GROUP Dell conf po failover grp port channel failover group PRIORITY GROUP Dell conf pg priority group PROTOCOL GVRP Dell config gvrp protocol gvrp QOS POLICY Dell conf qos policy out ets qos policy output SUPPORTASSIST Dell supp...

Page 42: ... 0 Fan Status Unit Bay TrayStatus Fan0 Speed Fan1 Speed 1 1 up up 0 up 0 1 2 up up 0 up 0 1 3 up up 0 up 0 Speed in RPM Undoing Commands When you enter a command the command line is added to the running configuration file running config To disable a command and remove it from the running config enter the no command then the original command For example to delete an IP address configured on an inte...

Page 43: ...for entering commands The CLI is not case sensitive You can enter partial CLI keywords Enter the minimum number of letters to uniquely identify a command For example you cannot enter cl as a partial keyword because both the clock and class map commands begin with the letters cl You can enter clo however as a partial keyword because only one command begins with those three letters The TAB key auto ...

Page 44: ...pt find grep no more save specified_text after the command The variable specified_text is the text for which you are filtering and it IS case sensitive unless you use the ignore case sub option Starting with Dell Networking OS version 7 8 1 0 the grep command accepts an ignore case sub option that forces the search to case insensitive For example the commands show run grep Ethernet returns a searc...

Page 45: ... You can filter a single command output multiple times The save option must be the last option entered For example Dell command grep regular expression except regular expression grep other regular expression find regular expression save Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode A warning message indicate...

Page 46: ...e console monitor displays the EXEC mode prompt For details about using the command line interface CLI refer to the Accessing the Command Line section in the Configuration Fundamentals chapter Topics Console Access Accessing the CLI Interface and Running Scripts Using SSH Default Configuration Configuring a Host Name Accessing the System Remotely Configuring the Enable Password Configuration File ...

Page 47: ... Console Port with a DB 9 Adapter 1 Install an RJ 45 copper cable into the console port Use a rollover crossover cable to connect the S4810 console port to a terminal server 2 Connect the other end of the cable to the DTE terminal server 3 Terminal settings on the console port cannot be changed in the software and are set as follows 115200 baud rate No parity 8 data bits 1 stop bit No flow control...

Page 48: ...ication mechanism Entering CLI commands Using an SSH Connection You can run CLI commands by entering any one of the following syntax to connect to a switch using the preconfigured user credentials using SSH ssh username hostname CLI Command or echo CLI Command ssh admin hostname The SSH server transmits the terminal commands to the CLI shell and the results are displayed on the screen non interact...

Page 49: ...ch is Dell You must configure the system using the CLI Configuring a Host Name The host name appears in the prompt The default host name is Dell Host names must start with a letter and end with a letter or digit Characters within the string can be letters digits and hyphens To create a host name use the hostname name command in Configuration mode hostname command example Dell conf hostname R1 R1 c...

Page 50: ...ly configure a system username and password To configure a system username and password use the following command Configure a username and password to access the system remotely CONFIGURATION mode username username password encryption type password encryption type specifies how you are inputting the password is 0 by default and is not required 0 is for inputting the password in clear text 7 is for...

Page 51: ... copying files is similar to UNIX The copy command uses the format copy source file url destination file url NOTE For a detailed description of the copy command refer to the Dell Networking OS Command Reference To copy a local file to a remote system combine the file origin syntax for a local file location with the file destination syntax for a remote file location To copy a remote file to Dell Ne...

Page 52: ...t nfs directory is the root of all mount points To mount an NFS file system perform the following steps Table 4 Mounting an NFS File System File Operation Syntax To mount an NFS file system mount nfs rhost path mount point username password The foreign file system remains mounted as long as the device is up and does not reboot You can run the file system commands without having to mount or un moun...

Page 53: ...smount Copy to nfs mount file system nfsmount filepath running config remote host Destination file name test c 225 bytes successfully copied Dell Save the Running Configuration The running configuration contains the current system configuration Dell Networking recommends coping your running configuration to the startup configuration The commands in this section follow the same format as those comm...

Page 54: ...es or the contents of a file use the following commands View a list of files on the internal flash EXEC Privilege mode dir flash View the running configuration EXEC Privilege mode show running config View the startup configuration EXEC Privilege mode show startup config Example of the dir Command The output of the dir command also shows the read write privileges size in bytes and date of modificat...

Page 55: ...can create groups of VLANs using the interface group command This command will create nonexistent VLANs specified in a range On successful command execution the CLI switches to the interface group context The configuration commands inside the group context will be the similar to that of the existing range command Two existing exec mode CLIs are enhanced to display and store the running configurati...

Page 56: ...ress 2 1 1 1 16 shutdown interface Vlan 2 no ip address no shutdown interface Vlan 3 snip interface TenGigabitEthernet 1 1 no ip address switchport shutdown Interface group TenGigabitEthernet 1 2 4 TenGigabitEthernet 1 10 no ip address shutdown interface TenGigabitEthernet 1 34 ip address 2 1 1 1 16 shutdown interface group Vlan 2 Vlan 100 no ip address no shutdown interface group Vlan 3 5 tagged ...

Page 57: ...figuration to the startup config file in the compressed mode In stacking scenario it will also take care of syncing it to all the standby and member units The following is the sample output Dell write memory compressed Jul 30 08 50 26 STKUNIT0 M CP FILEMGR 5 FILESAVED Copied running config to startup config in flash by default copy compressed config Copy one file after optimizing and reducing the ...

Page 58: ...ting with Release 9 4 0 0 you can enable or disable specific software features or applications that need to run on a device by using a command attribute in the CLI interface This enables effective streamlined management and administration of applications and utilities that run on a device You can employ this capability to perform an on demand activation or turn off a software component or protocol...

Page 59: ...ue of the downloaded image file on system s flash drive and optionally compares it to a Dell Networking published hash for that file The MD5 or SHA256 hash provides a method of validating that you have downloaded the original software Calculating the hash on the local image file and comparing the result to the hash published for that file on iSupport provides a high level of confidence that the lo...

Page 60: ...use HTTP to copy files or configuration details to a remote server To transfer files to an external server use the copy source file url http host port file path command Enter the following source file url keywords and information To copy a file from the internal FLASH enter flash followed by the filename To copy the running configuration enter the keyword running config To copy the startup configu...

Page 61: ...erface NOTE If the HTTP service is not VRF aware then it uses the global routing table to perform the look up To enable an HTTP client to look up the VRF table corresponding to either management VRF or any nondefault VRF use the ip http vrf command in CONFIGURATION mode Configure an HTTP client with a VRF that is used to connect to the HTTP server CONFIGURATION MODE Dell conf ip http vrf managemen...

Page 62: ... Timeout for EXEC Privilege Mode Using Telnet to get to Another Network Device Lock CONFIGURATION Mode Reloading the system Restoring the Factory Default Settings Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line There are 16 privilege levels of which three are pre defined The default privilege level is 1 Level Description Level 0 Access to th...

Page 63: ...URATION mode A user that enters CONFIGURATION mode remains at his privilege level and has access to only two commands end and exit You must individually specify each CONFIGURATION mode command you want to allow access to using the privilege configure level level command In the command specify the privilege level of the user or terminal line and specify all the keywords in the command to which you ...

Page 64: ... command keyword Allow access to a CONFIGURATION INTERFACE LINE ROUTE MAP and or ROUTER mode command CONFIGURATION mode privilege configure interface line route map router level level command command Example of EXEC Privilege Commands Dell conf do show run priv privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence privilege exec level 3 capture bgp pdu p...

Page 65: ... Dell config line vty Dell conf interface group gigabitethernet GigabitEthernet interface IEEE 802 3z tengigabitethernet TenGigabit Ethernet interface vlan VLAN keyword Dell conf interface group vlan 1 2 tengigabitethernet 1 1 Dell conf if group vl 1 2 te 1 1 no shutdown Dell conf if group vl 1 2 te 1 1 end Applying a Privilege Level to a Username To set the user privilege level use the following ...

Page 66: ...u enable audit and security logs to monitor configuration changes or determine if these changes affect the operation of the system in the network You log audit and security events to a system log server using the logging extended command in CONFIGURATION mode This command is available with or without RBAC enabled For information about RBAC see Role Based Access Control Audit Logs The audit log con...

Page 67: ...splay audit logs use the show logging auditlog command in Exec mode To view these logs you must first enable the logging extended command Only the RBAC system administrator user role can view the audit logs Only the RBAC security administrator and system administrator user role can view the security logs If extended logging is disabled you can only view system events regardless of RBAC user role T...

Page 68: ... peer RPM is up RAM 6 RAM_TASK RPM1 is transitioning to Primary RPM RPM 2 MSG CP1 POLLMGR 2 MMC_STATE External flash disk missing in slot0 CHMGR 5 CARDDETECTED Line card 0 present CHMGR 5 CARDDETECTED Line card 2 present CHMGR 5 CARDDETECTED Line card 4 present CHMGR 5 CARDDETECTED Line card 5 present CHMGR 5 CARDDETECTED Line card 8 present CHMGR 5 CARDDETECTED Line card 10 present CHMGR 5 CARDDE...

Page 69: ...ll conf ip ssh server enable 2 On the syslog server create a reverse SSH tunnel from the syslog server to the Dell OS switch using following syntax ssh R remote port syslog server syslog server listen port user remote_host nNf In the following example the syslog server IP address is 10 156 166 48 and the listening port is 5141 The switch IP address is 10 16 131 141 and the listening port is 5140 s...

Page 70: ...in to the system and whether the current user s permissions have changed since the last login The system stores the number of unsuccessful login attempts that have occurred in the last 30 days by default You can change the default value to any number of days from 1 to 30 By default login activity tracking is disabled You can enable it using the login statistics enable command from the configuratio...

Page 71: ...gin attempt s in last 30 day s 0 Successful login attempt s in last 30 day s 1 Example of the show login statistics all command The show login statistics all command displays the successful and failed login details of all users in the last 30 days or the custom defined time period Dell show login statistics all User admin Last login time 08 54 28 UTC Wed Mar 23 2016 Last login location Line vty0 1...

Page 72: ...ample output of the show login statistics unsuccessful attempts user login id command Dell show login statistics unsuccessful attempts user admin There were 3 unsuccessful login attempt s for user admin in last 12 day s The following is sample output of the show login statistics successful attempts command Dell show login statistics successful attempts There were 4 successful login attempt s for u...

Page 73: ...ell config login concurrent session clear line enable Example of Clearing Existing Sessions When you try to log in the following message appears with all your existing concurrent sessions providing an option to close any one of the existing sessions telnet 10 11 178 14 Trying 10 11 178 14 Connected to 10 11 178 14 Escape character is Login admin Password Current sessions for user admin Line Locati...

Page 74: ... Messages in the Internal Buffer All error messages except those beginning with BOOTUP Message are log in the internal buffer For example BOOTUP RPM0 CP PORTPIPE INIT SUCCESS Portpipe 0 enabled Configuration Task List for System Log Management There are two configuration tasks for system log management Disable System Logging Send System Messages to a Syslog Server Disabling System Logging By defau...

Page 75: ...log Add line on a 5 7 SunOS UNIX system local7 debugging var adm ftos log In the previous lines local7 is the logging facility level and debugging is the severity level Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location The default is to log all messages up to debug level that is all system messages By ...

Page 76: ...el Debugging Buffer logging level Debugging 40 Messages Logged Size 40960 bytes Trap logging level Informational IRC 6 IRC_COMMUP Link to peer RPM is up RAM 6 RAM_TASK RPM1 is transitioning to Primary RPM RPM 2 MSG CP1 POLLMGR 2 MMC_STATE External flash disk missing in slot0 CHMGR 5 CARDDETECTED Line card 0 present CHMGR 5 CARDDETECTED Line card 2 present CHMGR 5 CARDDETECTED Line card 4 present C...

Page 77: ...e local4 for local use local5 for local use local6 for local use local7 for local use lpr for line printer system messages mail for mail system messages news for USENET news messages sys9 system use sys10 system use sys11 system use sys12 system use sys13 system use sys14 system use syslog for syslog messages user for user programs uucp UNIX to UNIX copy protocol Example of the show running config...

Page 78: ...the range is from 0 to 7 The default is 2 Use the all keyword to include all messages limit the range is from 20 to 300 The default is 20 To view the logging synchronous configuration use the show config command in LINE mode Enabling Timestamp on Syslog Messages By default syslog messages do not include a time date stamp stating when the error or message was created To enable timestamp use the fol...

Page 79: ...VRF is configured on that interface For more information about FTP refer to RFC 959 File Transfer Protocol NOTE To transmit large files Dell Networking recommends configuring the switch as an FTP server Configuration Task List for File Transfer Services The configuration tasks for file transfer services are Enable FTP Server mandatory Configure FTP Server Parameters optional Configure FTP Client P...

Page 80: ...et interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 CONFIGURATION mode ip ftp source interface interface Configure a password CONFIGURATION mode ip ft...

Page 81: ...llowing command Apply an ACL to a VTY line LINE mode access class access list name ipv4 ipv6 NOTE If you already have configured generic IP ACL on a terminal line then you cannot further apply IPv4 or IPv6 specific filtering on top of this configuration Similarly if you have configured either IPv4 or IPv6 specific filtering on a terminal line you cannot apply generic IP ACL on top of this configur...

Page 82: ...a TACACS server to authenticate 1 Configure an authentication method list You may use a mnemonic name or use the keyword default The default authentication method for terminal lines is local and the default method list is empty CONFIGURATION mode aaa authentication login method list name default method 1 method 2 method 3 method 4 method 5 method 6 2 Apply the method list from Step 1 to a terminal...

Page 83: ... Device To telnet to another device use the following commands NOTE The device allows 120 Telnet sessions per minute allowing the login and logout of 10 Telnet sessions 12 times in a minute If the system reaches this non practical limit the Telnet service is stopped for 10 minutes You can use console and SSH service to access the system during downtime Telnet to a device with an IPv4 or IPv6 addre...

Page 84: ...a console session the user is returned to EXEC mode Example of Locking CONFIGURATION Mode for Single User Access Dell conf configuration mode exclusive auto BATMAN conf exit 3d23h35m RPM0 P CP SYS 5 CONFIG_I Configured from console by console Dell config Locks configuration mode exclusively Dell conf If another user attempts to enter CONFIGURATION mode while a lock is in place the following appear...

Page 85: ...ample shows how to reload the system into ONIE prompt and enter the install mode directly Dell reload onie install Proceed with reload confirm yes no yes Restoring the Factory Default Settings Restoring the factory default settings deletes the existing NVRAM settings startup configuration and all configured settings such as stacking or fanout To restore the factory default settings use the restore...

Page 86: ...alid images then primary secondary and default boot line values are set to a Null string When you use the Network boot procedure to boot the device the boot loader checks if the primary partition contains a valid image If a valid image exists on the primary partition and the secondary partition does not contain a valid image then the primary boot line is set to A and the secondary and default boot...

Page 87: ...t Ethernet interface uBoot mode setenv ipaddr ip_address For example 10 16 150 105 setenv netmask mask For example 255 255 0 0 5 Assign an IP address as the default gateway for the system uBoot mode setenv gatewayip gateway_ip_address For example 10 16 150 254 6 Save the modified environmental variables uBoot mode saveenv 7 Reload the system uBoot mode reset Management 87 ...

Page 88: ...ing a mandatory intermediary network access device in this case a Dell Networking switch The network access device mediates all communication between the end user device and the authentication server so that the network remains secure The network access device uses EAP over Ethernet EAPOL to communicate with the end user device and EAP over RADIUS to communicate with the server NOTE The Dell Netwo...

Page 89: ...tor The authentication server selects the authentication method verifies the information the supplicant provides and grants it network access privileges Ports can be in one of two states Ports are in an unauthorized state by default In this state non 802 1X traffic cannot be forwarded in or out of the port The authenticator changes the port state to authorized if the server can authenticate the su...

Page 90: ... translated and forwarded to the supplicant by the authenticator 5 The supplicant can negotiate the authentication method but if it is acceptable the supplicant provides the Requested Challenge information in an EAP response which is translated and forwarded to the authentication server as another Access Request frame 6 If the identity information provided by the supplicant is valid the authentica...

Page 91: ...ers Configuring 802 1X Configuring 802 1X on a port is a one step process For more information refer to Enabling 802 1X Related Configuration Tasks Configuring Request Identity Re Transmissions Forcibly Authorizing or Unauthorizing a Port Re Authenticating a Port Configuring Timeouts Configuring a Guest VLAN Configuring an Authentication Fail VLAN Important Points to Remember Dell Networking OS su...

Page 92: ...e or a range of interfaces INTERFACE mode interface range 3 Enable 802 1X on the supplicant interface only INTERFACE mode dot1x authentication Examples of Verifying that 802 1X is Enabled Globally and on an Interface Verify that 802 1X is enabled globally and at the interface level using the show running config find dot1x command from EXEC Privilege mode 92 802 1X ...

Page 93: ... Bypass Only Disable Tx Period 30 seconds Quiet Period 60 seconds ReAuth Max 2 Supplicant Timeout 30 seconds Server Timeout 30 seconds Re Auth Interval 3600 seconds Max EAP Req 2 Host Mode SINGLE_HOST Auth PAE State Initialize Backend State Initialize Configuring dot1x Profile You can configure a dot1x profile for defining a list of trusted supplicant MAC addresses A maximum of 10 dot1x profiles c...

Page 94: ...56 aa 01 10 mac 00 50 56 aa 01 11 Dell conf dot1x profile Dell conf dot1x profile exit Dell conf Configuring the Static MAB and MAB Profile Enable MAB mac auth bypass before using the dot1x static mab command to enable static mab To enable static MAB and configure a static MAB profile use the following commands Configure static MAB and static MAB profile on dot1x interface INTERFACE mode dot1x sta...

Page 95: ...ing server is not reachable use the following command Enable critical VLAN for users or devices INTERFACE mode dot1x critical vlan vlan id Specify a VLAN interface identifier to be configured as a critical VLAN The VLAN ID range is 1 4094 Example of Configuring a Critical VLAN for an Interface Dell conf if Te 2 1 dot1x critical vlan 300 Dell conf if Te 2 1 show config interface TenGigabitEthernet ...

Page 96: ...rom 1 to 65535 1 year The default is 30 Configure the maximum number of times the authenticator re transmits a Request Identity frame INTERFACE mode dot1x max eap req number The range is from 1 to 10 The default is 2 The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for which the authenticator re transmits an EAP Request Identity fra...

Page 97: ...er subjected to the authentication process but is allowed to communicate on the network Placing the port in this state is same as disabling 802 1X on the port ForceUnauthorized an unauthorized state A device connected to a port in this state is never subjected to the authentication process and is not allowed to communicate on the network Placing the port in this state is the same as shutting down ...

Page 98: ...e re authentication time settings use the following commands Configure the authenticator to periodically re authenticate the supplicant INTERFACE mode dot1x reauthentication interval seconds The range is from 1 to 31536000 The default is 3600 Configure the maximum number of times the supplicant can be re authenticated INTERFACE mode dot1x reauth max number The range is from 1 to 10 The default is ...

Page 99: ...f Viewing Configured Server Timeouts The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds The bold lines show the new supplicant and server timeouts Dell conf if Te 1 1 dot1x port control force authorized Dell conf if Te 1 1 do show dot1x interface TenGigabitEthernet 1 1 80...

Page 100: ... assignment using Tunnel Private Group ID The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text and after connecting the device in red text The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802 1X Figure 8 Dynamic VLAN Assignment 1 Configure 8021 x globally refer to Enabling 802 1X...

Page 101: ...on a specified number of times the authenticator places the port in the Authentication fail VLAN If a port is already forwarding on the Guest VLAN when 802 1X is enabled the port is moved out of the Guest VLAN and the authentication process begins Configuring a Guest VLAN If the supplicant does not respond within a determined amount of time reauth max 1 tx period the system assumes that the host d...

Page 102: ...itchport dot1x authentication dot1x guest vlan 200 dot1x auth fail vlan 100 max attempts 5 no shutdown Dell conf if Te 2 1 Example of Viewing Configured Authentication View your configuration using the show config command from INTERFACE mode as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode 802 1x information on Te 2 1 Dot1x Stat...

Page 103: ...ACL agent on the line cards do not contain any information about the group After you enter the acl vlan group command the ACL manager application performs the validation If the command is valid it is processed and sent to the agent if required If a configuration error is found or if the maximum limit has exceeded for the ACL VLAN groups present on the system an error message displays After you ent...

Page 104: ...Port ACL optimization is applicable only for ACLs that are applied without the VLAN range If you enable the ACL VLAN group capability you cannot view the statistical details of ACL rules per VLAN and per interface You can only view the counters per ACL only using the show ip accounting access list command Within a port you can apply Layer 2 ACLs on a VLAN or a set of VLANs In this case CAM optimiz...

Page 105: ...mbers 1 1000 Dell Configuring FP Blocks for VLAN Parameters To allocate the number of FP blocks for the various VLAN processes on the system use the cam acl vlan command To reset the number of FP blocks to the default use the no version of this command By default 0 groups are allocated for the ACL in VLAN contentaware processor VCAP ACL VLAN groups or CAM optimization is not enabled by default You...

Page 106: ...GRP 1024 0 1024 IN L3 FIB 49152 3 49149 IN V6 ACL 0 0 0 IN NLB ACL 0 0 0 IPMAC ACL 0 0 0 OUT L2 ACL 206 9 197 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 2 0 IN L2 ACL 1536 0 1536 IN L3 ACL 1024 1 1023 IN L3 FIB 49152 3 49149 IN V6 ACL 0 0 0 IN NLB ACL 0 0 0 IPMAC ACL 0 0 0 OUT L2 ACL 206 9 197 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 3 0 IN L2 ACL 1536 0 1536 IN L3 ACL 1024 1 1023 IN L3 FIB 49152 ...

Page 107: ...0 IN L3 FIB 49152 3 49149 IN L3 ACL 1024 1 1023 IN V6 ACL 0 0 0 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 3 0 IN L3 FIB 49152 3 49149 IN L3 ACL 1024 1 1023 IN V6 ACL 0 0 0 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 Codes cam usage is above 90 Allocating FP Blocks for VLAN Processes The VLAN contentaware processor VCAP application is a pre ingress CAP that modifies the VLAN settings before packets a...

Page 108: ...UFT mode 4 Table 7 UFT Modes Table Size UFT Mode L2 MAC Table Size L3 Host Table Size L3 LPM Table Size Default 160K 144K 16K Scaled l3 hosts 96K 208K 16K Scaled l3 routes 32K 16K 128K Configuring UFT Modes To configure the Unified Forwarding Table UFT modes follow these steps 1 Select a mode to initialize the maximum scalability size for L2 MAC table or L3 Host table or L3 Route table CONFIGURATI...

Page 109: ...L2 MAC Entries 160K 32K L3 Host Entries 144K 16K L3 Route Entries 16K 128K Dell Access Control List ACL VLAN Groups and Content Addressable Memory CAM 109 ...

Page 110: ... can also configure VRF based ACLs on interfaces NOTE You can apply Layer 3 VRF aware ACLs only at the ingress level You can apply VRF aware ACLs on VRF Instances Interfaces In order to configure VRF aware ACLs on VRF instances you must carve out a separate CAM region You can use the cam acl command for allocating CAM regions As part of the enhancements to support VRF aware ACLs the cam acl comman...

Page 111: ... For more information about ACL options refer to the Dell Networking OS Command Reference Guide For extended ACL TCP and UDP filters you can match criteria on specific or ranges of TCP or UDP ports For extended ACL TCP filters you can also match criteria on established TCP sessions When creating an access list the sequence of the filters is important You have a choice of assigning sequence numbers...

Page 112: ...re than one physical interface on the same port pipe only a single copy of the policy is written only one FP entry is used When you disable this command the system behaves as described in this chapter Test CAM Usage This command applies to both IPv4 and IPv6 CAM profiles but is best used when verifying QoS optimization for IPv6 ACLs To determine whether sufficient ACL CAM space is available to ena...

Page 113: ...tended ACL Determine the Order in which ACLs are Used to Classify Traffic When you link class maps to queues using the service queue command Dell Networking OS matches the class maps according to queue priority queue numbers closer to 0 have lower priorities As shown in the following example class map cmap2 is matched against ingress packets before cmap1 ACLs acl1 and acl2 have overlapping rules b...

Page 114: ... modes The following list includes the configuration tasks for route maps as described in the following sections Create a route map mandatory Configure route map filters optional Configure a route map for route redistribution optional Configure a route map for route tagging optional Creating a Route Map Route maps ACLs and prefix lists are similar in composition because all three contain filters b...

Page 115: ...level stub area Dell The following example shows a route map with multiple instances The show config command displays only the configuration of the current route map instance To view all instances of a specific route map use the show route map command Dell show route map dilling route map dilling permit sequence 10 Match clauses Set clauses route map dilling permit sequence 15 Match clauses interf...

Page 116: ...p for any permit statement If there is a match anywhere the route is permitted However other instances of the route map deny it Example of the match Command to Permit and Deny Routes Dell conf route map force permit 10 Dell config route map match tag 1000 Dell conf route map force deny 20 Dell config route map match tag 1000 Dell conf route map force deny 30 Dell config route map match tag 1000 Co...

Page 117: ... match ipv6 route source access list name prefix list prefix list name Match routes with a specific value CONFIG ROUTE MAP mode match metric metric value Match BGP routes based on the ORIGIN attribute CONFIG ROUTE MAP mode match origin egp igp incomplete Match routes specified as internal or external to OSPF ISIS level 1 ISIS level 2 or locally generated CONFIG ROUTE MAP mode match route type exte...

Page 118: ... CONFIG ROUTE MAP mode set weight value To create route map instances use these commands There is no limit to the number of set commands per route map but the convention is to keep the number of set filters in a route map low Set commands do not require a corresponding match command Configure a Route Map for Route Redistribution Route maps on their own cannot affect traffic and must be included in...

Page 119: ...e enters a different routing domain it is tagged The tag is passed along with the route as it passes through different routing protocols You can use this tag when the route leaves a routing domain to redistribute those routes again In the following example the redistribute ospf command with a route map is used in ROUTER RIP mode to apply a tag of 34 to all internal OSPF routes that are redistribut...

Page 120: ... commands with the fragment keyword to filter fragmented packets Example of Permitting All Packets on an Interface The following configuration permits all packets both fragmented and non fragmented with destination IP 10 1 1 1 The second rule does not get hit at all Dell conf ip access list extended ABC Dell conf ext nacl permit ip any 10 1 1 1 32 Dell conf ext nacl deny ip any 10 1 1 1 32 fragmen...

Page 121: ... any any fragment Dell conf ext nacl deny ip any any log Dell conf ext nacl When configuring ACLs with the fragments keyword be aware of the following When an ACL filters packets it looks at the fragment offset FO to determine whether it is a fragment FO 0 means it is either the first fragment or the packet is a non fragment FO 0 means it is dealing with the fragments of the original packet Config...

Page 122: ...gns filters in multiples of 5 Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured The software assigns filters in multiples of five 1 Configure a standard IP ACL and assign it a unique name CONFIGURATION mode ip access list standard access ...

Page 123: ...and UDP host addresses The traffic passes through the filter in the order of the filter s sequence and hence you can configure the extended IP ACL by first entering IP ACCESS LIST mode and then assigning a sequence number to the filter Configuring Filters with a Sequence Number To configure filters with a sequence number use the following commands 1 Enter IP ACCESS LIST mode by creating an extende...

Page 124: ...red before filter 5 but the show config command displays the filters in the correct order Dell config ext nacl seq 15 deny ip host 112 45 0 0 any log monitor 501 Dell config ext nacl seq 5 permit tcp 12 1 3 45 0 0 255 255 any Dell config ext nacl show config ip access list extended dilling seq 5 permit tcp 12 1 0 0 0 0 255 255 any seq 15 deny ip host 112 45 0 0 any log monitor 501 Dell config ext ...

Page 125: ...st example in Configure a Standard IP ACL Filter Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode If both L2 and L3 ACLs are applied to an interface the following rules apply When Dell Networking OS routes the packets only the L3 ACL governs them because they are not filtered against an L2 ACL When Dell Networking OS switches the pa...

Page 126: ...ace use the following commands 1 Enter the interface number CONFIGURATION mode interface interface slot port 2 Configure an IP address for the interface placing it in Layer 3 mode INTERFACE mode ip address ip address 3 Apply an IP ACL to traffic entering or exiting an interface INTERFACE mode ip access group access list name in implicit permit vlan vlan range vrf vrf range layer3 NOTE The number o...

Page 127: ...rface tengigabitethernet 1 1 Dell conf if te1 1 ip access group abcd in Dell conf if te1 1 show config tengigabitethernet 1 1 no ip address ip access group abcd in no shutdown Dell conf if te1 1 end Dell configure terminal Dell conf ip access list extended abcd Dell config ext nacl permit tcp any any Dell config ext nacl deny icmp any any Dell config ext nacl permit 1 1 1 2 Dell config ext nacl en...

Page 128: ...t 0 0 seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1 1 1 2 Dell configure terminal Dell conf interface te 1 2 Dell conf if te 1 2 ip vrf forwarding blue Dell conf if te 1 2 show config interface TenGigabitEthernet 1 2 ip vrf forwarding blue no ip address shutdown Dell conf if te 1 2 Dell conf if te 1 2 Dell conf if te 1 2 end Dell Applying Egress Layer 3 ACLs Control Plane By de...

Page 129: ...cimal address For example in 112 24 0 0 16 the first 16 bits of the address 112 24 0 0 match all addresses between 112 24 0 0 to 112 24 255 255 The following examples show permit or deny filters for specific routes using the le and ge parameters where x x x x x represents a route prefix To deny only 8 prefixes enter deny x x x x x ge 8 le 8 To permit routes with the mask greater than 8 but less th...

Page 130: ...g example shows how the seq command orders the filters according to the sequence number assigned In the example filter 20 was configured before filter 15 and 12 but the show config command displays the filters in the correct order Dell conf nprefixl seq 20 permit 0 0 0 0 0 le 32 Dell conf nprefixl seq 12 deny 134 23 0 0 16 Dell conf nprefixl seq 15 deny 120 23 14 0 8 le 16 Dell conf nprefixl show ...

Page 131: ...and in PREFIX LIST mode and locate the sequence number of the filter you want to delete then use the no seq sequence number command in PREFIX LIST mode Viewing Prefix Lists To view all configured prefix lists use the following commands Show detailed information about configured prefix lists EXEC Privilege mode show ip prefix list detail prefix name Show a table of summarized information about conf...

Page 132: ...ix list to outgoing routes You can specify an interface or type of route If you enter the name of a non existent prefix list all routes are forwarded CONFIG ROUTER RIP mode distribute list prefix list name out interface connected static ospf Example of Viewing Configured Prefix Lists ROUTER RIP mode To view the configuration use the show config command in ROUTER RIP mode or the show running config...

Page 133: ...g to create numbering space as shown in the second table In the same example apply resequencing if more than two rules must be placed between rules 7 and 10 You can resequence IPv4 and IPv6 ACLs prefixes and MAC ACLs No CAM writes happen as a result of resequencing so there is no packet loss the behavior is similar Hot lock ACLs NOTE ACL resequencing does not affect the rules remarks or order in w...

Page 134: ...e remark 8 this remark corresponds to permit ip any host 1 1 1 2 seq 8 permit ip any host 1 1 1 2 seq 10 permit ip any host 1 1 1 3 seq 12 permit ip any host 1 1 1 4 Remarks that do not have a corresponding rule are incremented as a rule These two mechanisms allow remarks to retain their original position in the list The following example shows remark 10 corresponding to rule 10 and as such they h...

Page 135: ...he system performance and efficiency To avoid an overload of ACL logs from being recorded you can configure the rate limiting functionality Specify the interval or frequency at which ACL logs must be triggered and also the threshold or limit for the maximum number of logs to be generated If you do not specify the frequency at which ACL logs must be generated a default interval of 5 minutes is used...

Page 136: ...leted that was previously enabled for ACL logging the match rule number used by it is released back to the pool or available set of match indices so that it can be reused for subsequent allocations If you enabled the count of packets for the ACL entry for which you configured logging and if the logging is deactivated in a specific interval owing to the threshold having exceeded the count of packet...

Page 137: ...t port If the mirroring action is set in the flow processor entry the destination port details to which the mirrored information must be sent are sent to the destination port When a stack unit is reset or a stack unit undergoes a failure the ACL agent registers with the port mirroring application The port mirroring utility downloads the monitoring configuration to the ACL agent The interface manag...

Page 138: ...n 1 SessID Source Destination Dir Mode Source IP Dest IP DSCP TTL Drop Rate Gre Protocol FcMonitor 1 Te 1 2 remote ip rx Port 0 0 0 0 0 0 0 0 0 0 No N A N A yes Dell The show config command has been modified to display monitoring configuration in a particular session Example Output of the show Command conf mon sess 11 show config monitor session 11 flow based enable source TenGigabitEthernet 1 1 d...

Page 139: ...deny tcp any any count bytes Dell config ext nacl exit Dell conf interface TenGigabitEthernet 1 1 Dell conf if te 1 1 ip access group testflow in Dell conf if te 1 1 show config interface TenGigabitEthernet 1 1 ip address 10 11 1 254 24 ip access group testflow in shutdown Dell conf if te 1 1 exit Dell conf do show ip accounting access list testflow Extended Ingress IP access list testflow on TenG...

Page 140: ...y configured CAM allocation EXEC mode EXEC Privilege mode show cam acl Dell show cam acl Chassis Cam ACL Current Settings in block sizes Next Boot in block sizes 1 block 256 entries L2Acl 2 1 Ipv4Acl 2 8 UdfEnabled Ipv6Acl 0 2 Ipv4Qos 2 0 L2Qos 1 2 L2PT 0 0 IpMacAcl 0 0 VmanQos 0 0 EcfmAcl 2 0 FcoeAcl 4 0 iscsiOptAcl 0 0 ipv4pbr 0 0 vrfv4Acl 0 0 Openflow 0 0 fedgovacl 0 0 nlbclusteracl 0 0 stack u...

Page 141: ...conf udf tcam match l2ethertype ipv4 ipprotocol 4 vlantag any 8 View the UDF TCAM configuration CONFIGURATION UDF TCAM mode show config Dell conf udf tcam show config udf tcam ipnip seq 1 match l2ethertype ipv4 ipprotocol 4 vlantag any Dell conf udf tcam 9 Create a UDF qualifier to assign values to UDF IDs CONFIGURATION UDF TCAM mode udf qualifier value name Dell conf udf tcam udf qualifier value ...

Page 142: ...pe rpm erpm set ip dscp dscp_value set ip ttl ttl_value drop Dell conf monitor session 65535 type erpm 3 Create an IP access list CONFIGURATION mode ip access list standard extended access list name Dell conf ip access list standard test 4 Configure a filter to permit the IP packets CONFIGURATION STANDARD ACCESS LIST mode CONFIGURATION EXTENDED ACCESS LIST mode permit source mask any host ip addre...

Page 143: ...d test Dell config ext nacl permit ip any any count monitor 65535 Dell config ext nacl end Dell conf interface TenGigabitEthernet 1 5 Dell conf if te 1 5 ip mirror access group test acl3 Dell conf if te 1 5 end Example of viewing IP mirror access group applied to an Interface Dell conf if te 1 5 show config interface TenGigabitEthernet 1 5 no ip address ip mirror access group acl3 in shutdown Dell...

Page 144: ...re reported to the BFD Manager on the route processor which in turn notifies the routing protocols that are registered with it BFD is an independent and generic protocol which all media topologies and routing protocols can support using any encapsulation Dell Networking has implemented BFD at Layer 3 and with user datagram protocol UDP encapsulation BFD is supported on static routing protocols and...

Page 145: ...to BFD Sessions Flag A bit that indicates packet function If the poll bit is set the receiving system must respond as soon as possible without regard to its transmit interval The responding system clears the poll bit and sets the final bit in its response The poll and final bits are used during the handshake and in Demand mode refer to BFD Sessions NOTE Dell Networking OS does not currently suppor...

Page 146: ...ol packet Transmit Interval Transmit interval is the agreed upon rate at which a system sends control packets Each system has its own transmit interval which is the greater of the last received remote Desired TX Interval and the local Required Min RX Interval Detection time Detection time is the amount of time that a system does not receive a control packet after which the system determines that t...

Page 147: ...d on this link The default session state on both ports is Down 1 The active system sends a steady stream of control packets that indicates that its session state is Down until the passive system responds These packets are sent at the desired transmit interval of the Active system The Your Discriminator field is set to zero 2 When the passive system receives any of these control packets it changes ...

Page 148: ...Figure 10 BFD Three Way Handshake State Changes 148 Bidirectional Forwarding Detection BFD ...

Page 149: ...sions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3 and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4 Enable BFD on both ends of a link Demand mode authentication and the Echo function are not supported BFD is not supported on multi hop and virtual links Protocol Liveness is supported for routing protocols only Dell Networkin...

Page 150: ...ablish a session with a next hop neighbor Related Configuration Tasks Viewing Physical Port Session Parameters Disabling and Re Enabling BFD Enabling BFD Globally You must enable BFD globally on both routers To enable the BFD globally use the following command Enable BFD globally CONFIGURATION mode bfd enable Example of Verifying BFD is Enabled To verify that BFD is enabled globally use the show r...

Page 151: ... disable BFD all of the sessions on that interface are placed in an Administratively Down state the first message example and the remote systems are notified of the session state change the second message example To disable and re enable BFD on an interface use the following commands Disable BFD on an interface INTERFACE mode no bfd enable Enable BFD on an interface INTERFACE mode bfd enable If yo...

Page 152: ...stablish a BFD session use the following command Establish BFD sessions for all neighbors that are the next hop of a static route CONFIGURATION mode ip route bfd prefix list prefix list name interval interval min_rx min_rx multiplier value role active passive Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes use the show b...

Page 153: ...enabled on all the eligible next hop neighbors You can use only valid IPv4 unicast address prefixes in the BFD prefix list An erroneous IP prefix in a prefix list causes the entire prefix list to be rejected A BFD session is enabled for the directly connected next hop neighbor specified in the configured destination prefix list If you attach an empty prefix list all the existing established BFD se...

Page 154: ...utes use the following command Disable BFD for static routes CONFIGURATION mode no ip route bfd prefix list prefix list name interval interval min_rx min_rx multiplier value role active passive Configure BFD for OSPF When you use BFD with OSPF the OSPF protocol registers with the BFD manager BFD sessions are established with all neighboring interfaces participating in OSPF If a neighboring interfa...

Page 155: ...n the OSPF adjacency is in the Full state Figure 13 Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface use the following commands Enable BFD globally CONFIGURATION mode bfd enable Establish sessions with all OSPF neighbors ROUTER OSPF mode bfd all neighbors Establish sessions with OSPF neighbors on a single interface Bidi...

Page 156: ...OSPF neighbors in a specific VRF ROUTER OSPF mode bfd all neighbors Establish sessions with OSPF neighbors on a single interface in a specific VRF INTERFACE mode ip ospf bfd all neighbors to disable BFD on a specific OSPF enabled interface use the ip ospf bfd all neighbors disable command You can also use the no bfd enable command to disable BFD on a specific interface The following example shows ...

Page 157: ...0 3 255 O 7 1 1 1 7 1 1 2 Te 1 1 Up 200 200 3 255 O The following example shows the show bfd vrf neighbors detail command output showing the nondefault VRF called VRF_blue show bfd vrf VRF_blue neighbors detail Session Discriminator 5 Neighbor Discriminator 3 Local Addr 5 1 1 1 Local MAC Addr 00 a0 c9 00 00 02 Remote Addr 5 1 1 2 Remote MAC Addr 34 17 98 34 00 12 Int Port channel 30 State Up Confi...

Page 158: ...MAC Addr 00 a0 c9 00 00 02 Remote Addr 7 1 1 2 Remote MAC Addr 34 17 98 34 00 12 Int TenGigabitEthernet 1 21 State Up Configured parameters TX 200ms RX 200ms Multiplier 3 Neighbor parameters TX 200ms RX 200ms Multiplier 3 Actual parameters TX 200ms RX 200ms Multiplier 3 Role Active Delete session on Down True VRF VRF_blue Client Registered OSPF Uptime 00 00 14 Statistics Number of packets received...

Page 159: ...ers for OSPF sessions ROUTER OSPF mode bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive Change parameters for all OSPF sessions on an interface INTERFACE mode ip ospf bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive To view session parameters use the show bfd neighbors detail command Disabling BFD for O...

Page 160: ...ace INTERFACE mode ipv6 ospf bfd all neighbors To view the established sessions use the show bfd neighbors command The following example shows the show bfd vrf neighbors command output for default VRF Dell show bfd neighbors Active session role Ad Dn Admin Down B BGP C CLI I ISIS O OSPF O3 OSPFv3 R Static Route RTM M MPLS V VRRP VT Vxlan Tunnel LocalAddr RemoteAddr Interface State Rx int Tx int Mu...

Page 161: ...establish sessions with all OSPFv3 neighbors on a single interface in a specific VRF interface vlan 102 ip vrf forwarding vrf vrf1 ipv6 ospf bfd all neighbors The following example shows the show bfd vrf neighbors command output for nondefault VRF Dell show bfd vrf vrf1 neighbors Active session role Ad Dn Admin Down B BGP C CLI I ISIS O OSPF O3 OSPFv3 R Static Route RTM M MPLS V VRRP VT Vxlan Tunn...

Page 162: ...value role active passive Disabling BFD for OSPFv3 If you disable BFD globally all sessions are torn down and sessions on the remote system are placed in a Down state If you disable BFD on an interface sessions on the interface are torn down and sessions on the remote system are placed in a Down state Disabling BFD does not trigger a change in BFD clients a final Admin Down packet is sent before t...

Page 163: ...hing Sessions with IS IS Neighbors To establish BFD with all IS IS neighbors or with IS IS neighbors on a single interface use the following commands Establish sessions with all IS IS neighbors ROUTER ISIS mode bfd all neighbors Establish sessions with IS IS neighbors on a single interface INTERFACE mode isis bfd all neighbors Example of Verifying Sessions with IS IS Neighbors To view the establis...

Page 164: ...show bfd neighbors detail command as shown in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors Command in Displaying BFD for BGP Information Change parameters for all IS IS sessions ROUTER ISIS mode bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive Change parameters for IS IS sessions on a single interface INTERFACE mode isis bfd...

Page 165: ...reduce convergence time the neighbor fall over command as described in BGP Fast Fall Over Establishing Sessions with BGP Neighbors Before configuring BFD for BGP you must first configure BGP on the routers that you want to interconnect For more information refer to Border Gateway Protocol IPv4 BGPv4 For example the following illustration shows a sample BFD configuration on Router 1 and Router 2 th...

Page 166: ...d neighboring router A log message is generated whenever BFD detects a failure condition 1 Enable BFD globally CONFIGURATION mode bfd enable 2 Specify the AS number and enter ROUTER BGP configuration mode CONFIGURATION mode router bgp as number 3 Add a BGP neighbor or peer group in a remote AS CONFIG ROUTERBGP mode neighbor ip address peer group name remote as as number 4 Enable the BGP neighbor C...

Page 167: ...ding to the current BFD configuration of the peer group For information about BGP peer groups refer to Configure Peer Groups If you explicitly enable or disable a BGP neighbor for BFD that belongs to a peer group The neighbor does not inherit the BFD enable disable values configured with the bfd all neighbors command or configured for the peer group to which the neighbor belongs The neighbor inher...

Page 168: ...n Down B BGP C CLI I ISIS O OSPF R Static Route RTM M MPLS V VRRP LocalAddr RemoteAddr Interface State Rx int Tx int Mult Clients 1 1 1 3 1 1 1 2 Te 6 1 Up 100 100 3 B 2 2 2 3 2 2 2 2 Te 6 2 Up 100 100 3 B 3 3 3 3 3 3 3 2 Te 6 3 Up 100 100 3 B The following example shows viewing BFD neighbors with full detail The bold lines show the BFD session parameters TX packet transmission RX packet reception...

Page 169: ... 100ms Multiplier 3 Role Active Delete session on Down True Client Registered BGP Uptime 00 02 22 Statistics Number of packets received from neighbor 1428 Number of packets sent to neighbor 1428 Number of state changes 1 Number of messages from IFA about port state change 0 Number of messages communicated b w Manager and Agent 4 The following example shows viewing configured BFD counters R2 show b...

Page 170: ...d a BFD session using the neighbor peer group name bfd command R2 show ip bgp neighbors 2 2 2 2 BGP neighbor is 2 2 2 2 remote AS 1 external link BGP version 4 remote router ID 12 0 0 4 BGP state ESTABLISHED in this state for 00 05 33 Last read 00 00 30 last write 00 00 30 Hold time is 180 keepalive interval is 60 seconds Received 8 messages 0 in queue 1 opens 0 notifications 0 updates 7 keepalive...

Page 171: ...utbound optimization Configure BFD for VRRP When using BFD with VRRP the VRRP protocol registers with the BFD manager on the route processor module RPM BFD sessions are established with all neighboring interfaces participating in VRRP If a neighboring interface fails the BFD agent on the line card notifies the BFD manager which in turn notifies the VRRP protocol that a link state change occurred C...

Page 172: ...RP Neighbors The master router does not care about the state of the backup router so it does not participate in any VRRP BFD sessions VRRP BFD sessions on the backup router cannot change to the UP state Configure the master router to establish an individual VRRP session the backup router To establish a session with a particular VRRP neighbor use the following command Establish a session with a par...

Page 173: ... parameters that you can configure are Desired TX Interval Required Min RX Interval Detection Multiplier and system role You can change parameters for all VRRP sessions or for a particular neighbor To change parameters for all VRRP sessions or for a particular VRRP session use the following commands Change parameters for all VRRP sessions INTERFACE mode vrrp bfd all neighbors interval milliseconds...

Page 174: ...llowing commands and examples To control packet field values or to examine the control packets in hexadecimal format use the following command Examine control packet field values CONFIGURATION mode debug bfd detail Examine the control packets in hexadecimal format CONFIGURATION debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three way handshake using t...

Page 175: ...et for session with neighbor 2 2 2 2 on Te 4 24 RX packet dump 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00 34 14 Sent packet for session with neighbor 2 2 2 2 on Te 4 24 TX packet dump 20 c0 03 18 00 00 00 04 00 00 00 05 00 01 86 a0 00 01 86 a0 00 00 00 00 00 34 14 Received packet for session with neighbor 2 2 2 2 on Te 4 24 RX packet dump 20 c0 03 18 00 00 00 05 00 ...

Page 176: ... uniquely identifies each network on the internet The Internet Assigned Numbers Authority IANA has reserved AS numbers 64512 through 65534 to be used for private purposes IANA reserves ASNs 0 and 65535 and must not be used in a live environment You can group autonomous systems into three categories multihomed stub and transit defined by their connections and operation multihomed AS is one that mai...

Page 177: ...nd discarded BGP does not use a traditional interior gateway protocol IGP matrix but makes routing decisions based on path network policies and or rulesets Unlike most protocols BGP uses TCP as its transport protocol Since each BGP router talking to another router is a session a BGP network needs to be in full mesh This is a topology that has every router directly connected to every other router E...

Page 178: ...change between peers is driven by events and timers The focus in BGP is on the traffic routing policies In order to make decisions in its operations with other BGP peers a BGP process uses a simple finite state machine that consists of six states Idle Connect Active OpenSent OpenConfirm and Established For each peer to peer session a BGP implementation tracks which of these six states the session ...

Page 179: ...allowing groups of routers to share and inherit policies Peer groups also aid in convergence speed When a BGP process needs to send the same information to a large number of peers the BGP process needs to set up a long output queue to get that information to all the proper peers If the peers are members of a peer group however the information can be sent to one place and then passed onto the peers...

Page 180: ... the route selection process Weight Local Preference Multi Exit Discriminators MEDs Origin AS Path Next Hop NOTE There are no hard coded limits on the number of attributes that are supported in the BGP Taking into account other constraints such as the Packet Size maximum number of attributes are supported in BGP Communities BGP communities are sets of routes with one or more common attributes Comm...

Page 181: ...efer the path with the largest WEIGHT attribute 2 Prefer the path with the largest LOCAL_PREF attribute 3 Prefer the path that was locally Originated via a network command redistribute command or aggregate address command a Routes originated with the Originated via a network or redistribute commands are preferred over routes originated with the aggregate address command 4 Prefer the path with the ...

Page 182: ... the TCP connection with the local router After a number of best paths is determined this selection criteria is applied to group s best to determine the ultimate best path In non deterministic mode the bgp non deterministic med command is applied paths are compared in the order in which they arrive This method can lead to Dell Networking OS choosing different best paths from a set of paths dependi...

Page 183: ...e only attribute applied In the following illustration AS100 and AS200 connect in two places Each connection is a BGP session AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50 This sets up a path preference through the OC3 link The MEDs are advertised to AS100 routers so they know which is the preferred path MEDs are non transitive attributes If AS100 sends a...

Page 184: ...ator means that the route was derived inside the originating AS EGP generally means that a route was learned from an external gateway protocol An INCOMPLETE origin code generally results from aggregation redistribution or other indirect ways of installing routes into BGP In Dell Networking OS these origin codes appear as shown in the following example The question mark indicates an origin code of ...

Page 185: ...arried into the local AS A next hop attribute is set when a BGP speaker advertises itself to another BGP speaker outside its local AS and when advertising routes within an AS The next hop attribute also serves as a way to direct traffic to another BGP speaker rather than waiting for a speaker to advertise When a next hop BGP neighbor is unreachable then the connection to that BGP neighbor goes dow...

Page 186: ...nternal IGP cost as the MED while setting others to a constant pre defined metric as MED value Use the set metric type internal command in a route map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes The configured set metric value overwrites the default IGP cost By using the redistribute command with the route map command you can specify whether a peer advert...

Page 187: ...ions all the routers in a Confederation must be either 4 Byte or 2 Byte identified routers You cannot mix them Configure 4 byte AS numbers with the four octet support command AS4 Number Representation Dell Networking OS supports multiple representations of 4 byte AS numbers asplain asdot and asdot NOTE The ASDOT and ASDOT representations are supported only with the 4 Byte AS numbers feature If 4 B...

Page 188: ...gp BGP table version is 24901 local router ID is 172 30 1 57 output truncated ASDOT Dell conf router_bgp bgp asnotation asdot Dell conf router_bgp show conf router bgp 100 bgp asnotation asdot bgp four octet as support neighbor 172 30 1 250 local as 65057 output truncated Dell conf router_bgp do show ip bgp BGP table version is 31571 local router ID is 172 30 1 57 output truncated AS PLAIN Dell co...

Page 189: ...its customer When Router B is migrating to Router A it must maintain the connection with Router C without immediately updating Router C s configuration Local AS allows this behavior to happen by allowing Router B to appear as if it still belongs to Router B s old network AS 200 as far as communicating with Router C is concerned Figure 23 Before and After AS Number Migration with Local AS Enabled W...

Page 190: ...ibutes are not stored in the PA Table and cannot be retrieved using the index passed in command These fields are not populated in f10BgpM2PathAttrEntry f10BgpM2PathAttrClusterEntry and f10BgpM2PathAttrOriginatorIdEntry F10BgpM2PathAttrUnknownEntry contains the optional transitive attribute details Query for f10BgpM2LinkLocalNextHopEntry returns the default value for Link local Next hop RFC 2545 an...

Page 191: ...ftware supports BGPv4 as well as the following deterministic multi exit discriminator MED default a path with a missing MED is treated as worst path and assigned an MED value of 0xffffffff the community format follows RFC 1998 delayed configuration the software at system boot reads the entire configuration file prior to sending messages to start BGP peer sessions The following are not yet supporte...

Page 192: ...physically to one another unless you enable the EBGP multihop feature while internal BGP peers do not need to be directly connected The IP address of an EBGP neighbor is usually the IP address of the interface directly connected to the router First the BGP process determines if all internal BGP peers are reachable then it determines which peers outside the AS are reachable NOTE Sample Configuratio...

Page 193: ...ou change the configuration of a BGP neighbor always reset it by entering the clear ip bgp command in EXEC Privilege mode To view the BGP configuration enter show config in CONFIGURATION ROUTER BGP mode To view the BGP status use the show ip bgp summary command in EXEC Privilege mode The first example shows the summary with a 2 byte AS number displayed in bold the second example shows that the sum...

Page 194: ...he same information as the show running config bgp command The following example displays two neighbors one is an external internal BGP neighbor and the second one is an internal BGP neighbor The first line of the output for each neighbor displays the AS number and states whether the link is an external or internal shown in bold The third line of the show ip bgp neighbors output contains the BGP S...

Page 195: ...te as 65123 neighbor 192 168 10 1 update source Loopback 0 neighbor 192 168 10 1 no shutdown neighbor 192 168 12 2 remote as 65123 neighbor 192 168 12 2 update source Loopback 0 neighbor 192 168 12 2 no shutdown Dell Configuring AS4 Number Representations Enable one type of AS number representation ASPLAIN ASDOT or ASDOT Term Description ASPLAIN Default method for AS number representation With the...

Page 196: ...1 250 no shutdown 5332332 9911991 65057 18508 12182 7018 46164 i The following example shows the bgp asnotation asdot command output Dell conf router_bgp bgp asnotation asdot Dell conf router_bgp sho conf router bgp 100 bgp asnotation asdot bgp four octet as support neighbor 172 30 1 250 remote as 18508 neighbor 172 30 1 250 local as 65057 neighbor 172 30 1 250 route map rmap1 in neighbor 172 30 1...

Page 197: ...GP neighbor CONFIG ROUTERBGP mode neighbor ip address remote as as number 4 Enable the neighbor CONFIG ROUTERBGP mode neighbor ip address no shutdown 5 Add an enabled neighbor to the peer group CONFIG ROUTERBGP mode neighbor ip address peer group peer group name 6 Add a neighbor as a remote AS CONFIG ROUTERBGP mode neighbor ip address peer group name remote as as number Formats IP Address A B C D ...

Page 198: ...external fallover bgp log neighbor changes neighbor zanzibar peer group neighbor zanzibar shutdown neighbor 10 1 1 1 remote as 65535 neighbor 10 1 1 1 shutdown neighbor 10 14 8 60 remote as 18505 neighbor 10 14 8 60 no shutdown Dell conf router_bgp To enable a peer group use the neighbor peer group name no shutdown command in CONFIGURATION ROUTER BGP mode shown in bold Dell conf router_bgp neighbo...

Page 199: ...ly connected external peer fails When you enable fall over BGP tracks IP reachability to the peer remote address and the peer local address Whenever either address becomes unreachable for example no active route exists in the routing table for peer IPv6 destinations local address BGP brings down the session with the peer The BGP fast fall over feature is configured on a per neighbor or peer group ...

Page 200: ...in peer group outbound optimization For address family IPv4 Unicast BGP table version 52 neighbor version 52 4 accepted prefixes consume 16 bytes Prefix advertised 0 denied 0 withdrawn 0 Connections established 6 dropped 5 Last reset 00 19 37 due to Reset by peer Notification History Connection Reset Sent 5 Recv 0 Local host 200 200 200 200 Local port 65519 Foreign host 100 100 100 100 Foreign por...

Page 201: ...gn a subnet to the peer group CONFIG ROUTER BGP mode neighbor peer group name subnet subnet number mask The peer group responds to OPEN messages sent on this subnet 3 Enable the peer group CONFIG ROUTER BGP mode neighbor peer group name no shutdown 4 Create and specify a remote peer for BGP neighbor CONFIG ROUTER BGP mode neighbor peer group name remote as as number Only after the peer group respo...

Page 202: ...or 192 168 10 1 update source Loopback 0 neighbor 192 168 10 1 no shutdown neighbor 192 168 12 2 remote as 65123 neighbor 192 168 12 2 update source Loopback 0 neighbor 192 168 12 2 no shutdown R2 conf router_bgp Allowing an AS Number to Appear in its Own AS Path This command allows you to set the number of times a particular AS number can occur in the AS path The allow as feature permits a BGP sp...

Page 203: ...vertised it had graceful restart capability Continues forwarding traffic to the peer Flags routes from the peer as Stale and sets a timer to delete them if the peer does not perform a graceful restart Deletes all routes from the peer if forwarding state information is not saved Speeds convergence by advertising a special update packet known as an end of RIB marker This marker indicates the peer ha...

Page 204: ... neighbor ip address peer group name graceful restart Set the maximum restart time for the neighbor or peer group CONFIG ROUTER BGP mode neighbor ip address peer group name graceful restart restart time time in seconds The default is 120 seconds Local router supports graceful restart for this neighbor or peer group as a receiver only CONFIG ROUTER BGP mode neighbor ip address peer group name grace...

Page 205: ... the software allows all routes Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database use the show ip bgp paths command in EXEC Privilege mode Dell show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path 0x4014154 0 3 18508 701 3549 19421 i 0x4013914 0 3 18508 701 7018 14990 i 0x5166d6c 0 3 18508 209 4637 1221 9249 9249 i 0x5e62df4 0 2 18508 701...

Page 206: ...or community numbers _ underscore Matches a a a comma a space or a or a Placed on either side of a string to specify a literal and disallow substring matching You can precede or follow numerals enclosed by underscores by any of the characters listed pipe Matches characters on either side of the metacharacter logical OR As seen in the following example the expressions are displayed when using the s...

Page 207: ...tly connected or user configured static routes in BGP ROUTER BGP or CONF ROUTER_BGPv6_ AF mode redistribute connected static route map map name Configure the map name parameter to specify the name of a configured route map Include specific ISIS routes in BGP ROUTER BGP or CONF ROUTER_BGPv6_ AF mode redistribute isis level 1 level 1 2 level 2 metric value route map map name Configure the following ...

Page 208: ...n the IP community list IETF RFC 1997 defines the COMMUNITY attribute and the predefined communities of INTERNET NO_EXPORT_SUBCONFED NO_ADVERTISE and NO_EXPORT All BGP routes belong to the INTERNET community In the RFC the other communities are defined as follows All routes with the NO_EXPORT_SUBCONFED 0xFFFFFF03 community attribute are not sent to CONFED EBGP or EBGP peers but are sent to IBGP pe...

Page 209: ...y List To configure an IP extended community list use these commands 1 Create a extended community list and enter the EXTCOMMUNITY LIST mode CONFIGURATION mode ip extcommunity list extcommunity list name 2 Two types of extended communities are supported CONFIG COMMUNITY LIST mode permit deny rt soo ASN NN IPADDR N regex REGEX LINE Filter routes based on the type of extended communities they carry ...

Page 210: ...ed community list CONFIG ROUTE MAP mode match community community list name exact extcommunity extcommunity list name exact 3 Return to CONFIGURATION mode CONFIG ROUTE MAP mode exit 4 Enter ROUTER BGP mode CONFIGURATION mode router bgp as number AS number 0 to 65535 2 Byte or 1 to 4294967295 4 Byte or 0 1 to 65535 65535 Dotted format 5 Apply the route map to the neighbor or peer group s incoming o...

Page 211: ...p map name permit deny sequence number 2 Configure a set filter to delete all COMMUNITY numbers in the IP community list CONFIG ROUTE MAP mode set comm list community list name delete OR set community community number local as no advertise no export none Configure a community list by denying or permitting specific community numbers or types of community community number use AA NN format where AA i...

Page 212: ...55 i i 6 5 0 0 19 195 171 0 16 100 0 209 7170 1455 i i 6 8 0 0 20 195 171 0 16 100 0 209 7170 1455 i i 6 9 0 0 20 195 171 0 16 100 0 209 7170 1455 i i 6 10 0 0 15 195 171 0 16 100 0 209 7170 1455 i i 6 14 0 0 15 205 171 0 16 100 0 209 7170 1455 i i 6 133 0 0 21 205 171 0 16 100 0 209 7170 1455 i i 6 151 0 0 16 205 171 0 16 100 0 209 7170 1455 i More Changing MED Attributes By default Dell Networki...

Page 213: ...IG ROUTER BGP mode neighbor ip address peer group name route map map name in out To view the BGP configuration use the show config command in CONFIGURATION ROUTER BGP mode To view a route map configuration use the show route map command in EXEC Privilege mode Configuring the local System or a Different System to be the Next Hop for BGP Learned Routes You can configure the local router or a differe...

Page 214: ...t the range is from 0 to 65535 To view BGP configuration use the show config command in CONFIGURATION ROUTER BGP mode or the show running config bgp command in EXEC Privilege mode Enabling Multipath By default the software allows one path to a destination You can enable multipath to allow up to 64 parallel paths to a destination NOTE Dell Networking recommends not using multipath and add path simu...

Page 215: ...r routes using prefix lists use the following commands 1 Create a prefix list and assign it a name CONFIGURATION mode ip prefix list prefix name 2 Create multiple prefix list filters with a deny or permit action CONFIG PREFIX LIST mode seq sequence number deny permit any ip prefix ge le ge minimum prefix length to be matched le maximum prefix length to me matched For information about configuring ...

Page 216: ...r 2 Create multiple route map filters with a match or set action CONFIG ROUTE MAP mode match set For information about configuring route maps see Access Control Lists ACLs 3 Return to CONFIGURATION mode CONFIG ROUTE MAP mode exit 4 Enter ROUTER BGP mode CONFIGURATION mode router bgp as number 5 Filter routes based on the criteria in the configured route map CONFIG ROUTER BGP mode neighbor ip addre...

Page 217: ...nded for ASs with a large mesh they reduce the amount of BGP control traffic NOTE Dell Networking recommends not using multipath and add path simultaneously in a route reflector With route reflection configured properly IBGP routers are not fully meshed within a cluster but all receive routing information Configure clusters of routers where one router is a concentration router and the others are c...

Page 218: ...Network Next Hop Metric LocPrf Weight Path 7 0 0 0 29 10 114 8 33 0 0 18508 7 0 0 0 30 10 114 8 33 0 0 18508 a 9 0 0 0 8 192 0 0 0 32768 18508 701 7018 2686 3786 9 2 0 0 16 10 114 8 33 0 18508 701 i 9 141 128 0 24 10 114 8 33 0 18508 701 7018 2686 Dell Configuring BGP Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations A...

Page 219: ...ng CONFIG ROUTER BGP mode bgp dampening half life reuse suppress max suppress time route map map name Enter the following optional parameters to configure route dampening parameters half life the range is from 1 to 45 Number of minutes after which the Penalty is decreased After the router assigns a Penalty of 1024 to a route the Penalty is decreased by half after the half life period expires The d...

Page 220: ...e the best path selection method to non deterministic Change the best path selection method to non deterministic CONFIG ROUTER BGP mode bgp non deterministic med NOTE When you change the best path selection method path selection for existing paths remains unchanged until you reset it by entering the clear ip bgp command in EXEC Privilege mode Examples of Configuring a Route and Viewing the Number ...

Page 221: ...keepalive holdtime keepalive the range is from 1 to 65535 Time interval in seconds between keepalive messages sent to the neighbor routers The default is 60 seconds holdtime the range is from 3 to 65536 Time interval in seconds between the last keepalive message and declaring the router dead The default is 180 seconds Configure timer values for all neighbors CONFIG ROUTER BGP mode timers bgp keepa...

Page 222: ...ghbor address AS Numbers ipv4 peer group name soft in out Clears all peers neighbor address Clears the neighbor with this IP address AS Numbers Peers AS numbers to be cleared ipv4 Clears information for the IPv4 address family peer group name Clears all members of the specified peer group Enable soft reconfiguration for the BGP neighbor specified CONFIG ROUTER BGP mode neighbor ip address peer gro...

Page 223: ...6 unicast groups using the following command ROUTER BGP Mode shutdown address family ipv6 unicast When you configure BGP you must explicitly enable the BGP neighbors using the following commands neighbor ip address peer group name remote as as number neighbor ip address peer group name no shutdown For more information on enabling BGP see Enabling BGP When you use the shutdown all command in global...

Page 224: ...ists Set a Clause with a Continue Clause If the route map entry contains sets with the continue clause the set actions operation is performed first followed by the continue clause jump to the specified route map entry If a set actions operation occurs in the first route map entry and then the same set action occurs with a different value in a subsequent route map entry the last set of actions over...

Page 225: ...ce manually To enable BGP to pick the next hop IPv6 address automatically for IPv6 prefix advertised over an IPv4 neighbor follow this procedure Enable the system to pick the next hop IPv6 address dynamically for IPv6 prefix advertised over an IPv4 neighbor ROUTER BGP mode mode neighbor neighbor ipv6 address peer group name auto local address Enter either the neighbor IPv6 address or the name of t...

Page 226: ...vilege mode To disable a specific debug command use the keyword no then the debug command For example to disable debugging of BGP updates use no debug ip bgp updates command To disable all BGP debugging use the no debug ip bgp command To disable all debugging use the undebug all command Storing Last and Bad PDUs Dell Networking OS stores the last notification sent received and the last bad protoco...

Page 227: ...rts a maximum value between 40 MB the default and 100 MB The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction Setting the buffer size to a value lower than the current maximum might cause captured PDUs to be freed to set the new limit NOTE Memory on RP1 is not pre allocated and is allocate...

Page 228: ...l AS number 65056 BGP table version is 313511 main routing table version 313511 207896 network entrie s and 207896 paths using 42364576 bytes of memory 59913 BGP path attribute entrie s using 2875872 bytes of memory 59910 BGP AS PATH entrie s using 2679698 bytes of memory 3 BGP community entrie s using 81 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up Down State Pfx 1 1 1 2 2 17 18...

Page 229: ...t 1 21 ip address 10 0 1 21 24 no shutdown R1 conf if te 1 21 int te 1 31 R1 conf if te 1 31 ip address 10 0 3 31 24 R1 conf if te 1 31 no shutdown R1 conf if te 1 31 show config interface TengigabitEthernet 1 31 ip address 10 0 3 31 24 no shutdown R1 conf if te 1 31 router bgp 99 R1 conf router_bgp network 192 168 128 0 24 R1 conf router_bgp neighbor 192 168 128 2 remote 99 R1 conf router_bgp nei...

Page 230: ...f if te 2 31 ip address 10 0 2 2 24 R2 conf if te 2 31 no shutdown R2 conf if te 2 31 show config interface TengigabitEthernet 2 31 ip address 10 0 2 2 24 no shutdown R2 conf if te 2 31 R2 conf if te 2 31 router bgp 99 R2 conf router_bgp network 192 168 128 0 24 R2 conf router_bgp neighbor 192 168 128 1 remote 99 R2 conf router_bgp neighbor 192 168 128 1 no shut R2 conf router_bgp neighbor 192 168...

Page 231: ...2 168 128 2 peer group AAA R1 conf router_bgp neighbor 192 168 128 3 peer group BBB R1 conf router_bgp R1 conf router_bgp show config router bgp 99 network 192 168 128 0 24 neighbor AAA peer group neighbor AAA no shutdown neighbor BBB peer group neighbor BBB no shutdown neighbor 192 168 128 2 remote as 99 neighbor 192 168 128 2 peer group AAA neighbor 192 168 128 2 update source Loopback 0 neighbo...

Page 232: ... before advertisements start is 0 seconds Example of Enabling Peer Groups Router 2 R2 conf R2 conf router bgp 99 R2 conf router_bgp neighbor CCC peer group R2 conf router_bgp neighbor CC no shutdown R2 conf router_bgp neighbor BBB peer group R2 conf router_bgp neighbor BBB no shutdown R2 conf router_bgp neighbor 192 168 128 1 peer AAA R2 conf router_bgp neighbor 192 168 128 1 no shut R2 conf route...

Page 233: ...nk Member of peer group BBB for session parameters BGP version 4 remote router ID 192 168 128 1 BGP state ESTABLISHED in this state for 00 00 21 Last read 00 00 09 last write 00 00 08 Hold time is 180 keepalive interval is 60 seconds Received 93 messages 0 in queue 5 opens 0 notifications 5 updates 83 keepalives 0 route refresh requests Sent 99 messages 0 in queue 5 opens 4 notifications 5 updates...

Page 234: ...0 00 44 Hold time is 180 keepalive interval is 60 seconds Received 138 messages 0 in queue 7 opens 2 notifications 7 updates 122 keepalives 0 route refresh requests Sent 140 messages 0 in queue 234 Border Gateway Protocol IPv4 BGPv4 ...

Page 235: ...pace is allotted in field processor FP blocks The total space allocated must equal 13 FP blocks The following table lists the default CAM allocation settings NOTE There are 16 FP blocks but the system flow requires three blocks that cannot be reallocated The following table displays the default CAM allocation settings To display the default CAM allocation enter the show cam acl command Table 12 De...

Page 236: ... other blocks must be in factors of 2 For example a CLI configuration of 5 4 2 1 1 blocks is not supported a configuration of 6 4 2 1 blocks is supported For the new settings to take effect you must save the new CAM settings to the startup config write mem or copy run start then reload the system for the new settings to take effect CAM Allocation for Egress To allocate the space for egress L2 IPV4...

Page 237: ...n Privilege mode The Status column in the command output indicates whether or not you can enable the policy Example of the test cam usage Command Dell test cam usage service policy input test cam usage stack unit 2 po 0 Stack Unit Portpipe CAM Partition Available CAM Estimated CAM per Port Status 2 0 IPv4Flow 192 3 Allowed 64 Dell View CAM ACL Settings The show cam acl command shows the cam acl se...

Page 238: ... acl command are Dell show cam acl Chassis Cam ACL Current Settings in block sizes 1 block 128 entries L2Acl 6 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 IpMacAcl 0 VmanQos 0 VmanDualQos 0 EcfmAcl 0 FcoeAcl 0 iscsiOptAcl 0 ipv4pbr 0 vrfv4Acl 0 Openflow 0 fedgovacl 0 Stack unit 0 Current Settings in block sizes 1 block 128 entries L2Acl 6 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 IpMacAcl 0 Vm...

Page 239: ...158 0 158 OUT L2 ACL 206 7 199 Codes cam usage is above 90 Dell CAM Optimization When you enable the CAM optimization if a Policy Map containing classification rules ACL and or DSCP ip precedence rules is applied to more than one physical interface on the same port pipe only a single copy of the policy is written only one FP entry is used When you disable this command the system behaves as describ...

Page 240: ...m flow region 2 Allocate more entries in the IPv4Flow region to QoS Dell Networking OS supports the ability to view the actual CAM usage before applying a service policy The test cam usage service policy command provides this test framework For more information refer to Pre Calculating Available QoS CAM Space 240 Content Addressable Memory CAM ...

Page 241: ...ses security on the system by protecting the routing processor from unnecessary or DoS traffic giving priority to important control plane and management traffic CoPP uses a dedicated control plane configuration through the ACL and QoS command line interfaces CLIs to provide filtering and rate limiting capabilities for the control plane packets The following illustration shows an example of the dif...

Page 242: ...d to BGP If ICMP packets come at 400 PPS BGP packets may be dropped though ICMP packets are rate limited to 100 PPS You can solve this by increasing Q6 bandwidth to 700 PPS to allow both ICMP and BGP packets and then applying per flow CoPP for ICMP and BGP packets The setting of this Q6 bandwidth is dependent on the incoming traffic for the set of protocols sharing the same queue If you are not aw...

Page 243: ...cess list extended name cpu qos permit arp frrp gvrp isis lacp lldp stp 2 Create a Layer 3 extended ACL for control plane traffic policing for a particular protocol CONFIGURATION mode ip access list extended name cpu qos permit bgp dhcp dhcp relay ftp icmp igmp msdp ntp ospf pim ip ssh telnet vrrp 3 Create an IPv6 ACL for control plane traffic policing for a particular protocol CONFIGURATION mode ...

Page 244: ...icy cpuqos exit Dell conf qos policy in rate_limit_400k cpu qos Dell conf in qos policy cpuqos rate police 400 50 peak 600 50 Dell conf in qos policy cpuqos exit Dell conf qos policy in rate_limit_500k cpu qos Dell conf in qos policy cpuqos rate police 500 50 peak 1000 50 Dell conf in qos policy cpuqos exit The following example shows creating the QoS class map Dell conf class map match any class_...

Page 245: ...N mode qos policy input name cpu qos 2 Create an input policy map to assign the QoS policy to the desired service queues l CONFIGURATION mode policy map input name cpu qos service queue queue number qos policy name 3 Enter Control Plane mode CONFIGURATION mode control plane cpuqos 4 Assign a CPU queue based service policy on the control plane in cpu qos mode Enabling this command sets the queue ra...

Page 246: ...W packets packet streams that are trapped to CPU for logging info on MAC learn limit exceeded and other violations L3 packets with unknown destination for soft forwarding etc Other 4 CMIC queues will carry the L2 L3 well known protocol streams However there are about 20 well known protocol streams that have to share these 4 CMIC queues Before 9 4 0 0 Dell Networking OS used only 8 queues most of t...

Page 247: ...ng Policing provides a method for protecting CPU bound control plane packets by policing packets transmited to CPU with a specified rate and from undesired or malicious traffic This is done at each CPU queue on each unit FP Entries for Distribution of NDP Packets to Various CPU Queues At present generic mac based entries in system flow region will take IPv6 packets to CPU OSPFv3 33 33 0 0 0 5 Q7 3...

Page 248: ...RP 11 32 300 PIM IGMP MSDP MLD Catch All Entry for IPv6 Packets Dell Networking OS currently supports configuration of IPv6 subnets greater than 64 mask length but the agent writes it to the default LPM table where the key length is 64 bits The device supports table to store up to 256 subnets of maximum of 128 mask lengths This can be enabled and agent can be modified to update the 128 table for m...

Page 249: ...icy input ospfv3_rate cpu qos Dell conf in qos policy cpuqos rate police 1500 16 peak 1500 16 3 Create a QoS class map to differentiate the control plane traffic and assign to the ACL CONFIGURATION mode Dell conf class map match any ospfv3 cpu qos Dell conf class map cpuqos match ipv6 access group ospfv3 4 Create a QoS input policy map to match to the class map and qos policy for each desired prot...

Page 250: ... TCP TELNET any 23 _ Q6 CP _ VRRP any any _ Q7 CP _ Dell To view the queue mapping for the MAC protocols use the show mac protocol queue mapping command Example of Viewing Queue Mapping for MAC Protocols Dell show mac protocol queue mapping Protocol Destination Mac EtherType Queue EgPort Rate kbps ARP any 0x0806 Q5 Q6 CP _ FRRP 01 01 e8 00 00 10 11 any Q7 CP _ LACP 01 80 c2 00 00 02 0x8809 Q7 CP _...

Page 251: ...Dell Control Plane Policing CoPP 251 ...

Page 252: ... in ETS Output Policies Using ETS to Manage Converged Ethernet Traffic Applying DCB Policies in a Switch Stack Configure a DCBx Operation Verifying the DCB Configuration QoS dot1p Traffic Classification and Queue Assignment Configuring the Dynamic Buffer Method Sample DCB Configuration Ethernet Enhancements in Data Center Bridging The following section describes DCB The S4048 ON system supports lo...

Page 253: ...he associated cost of greater processing overhead and performance impact Storage traffic Storage traffic based on Fibre Channel media uses the Small Computer System Interface SCSI protocol for data transfer This traffic typically consists of large data packets with a payload of 2K bytes that cannot recover from frame loss To successfully transport storage traffic data center Ethernet must provide ...

Page 254: ...s enabled when you enable DCB If you have not loaded FCoE_DCB_Config and iSCSI_DCB_Config DCB is disabled When you enable DCB globally you cannot simultaneously enable link level flow control Buffer space is allocated and de allocated only when you configure a PFC priority on the port Enhanced Transmission Selection Enhanced transmission selection ETS supports optimized bandwidth allocation betwee...

Page 255: ...idth limit or no ETS processing ETS uses the DCB MIB IEEE 802 1azd2 5 Data Center Bridging Exchange Protocol DCBx DCBx allows a switch to automatically discover DCB enabled peers and exchange configuration information PFC and ETS use DCBx to exchange and negotiate parameters with peer devices DCBx capabilities include Discovery of DCB capabilities on peer device connections Determination of possib...

Page 256: ...on Data center bridging exchange protocol FCoE initialization protocol FIP snooping DCB processes virtual local area network VLAN tagged packets and dot1p priority values Untagged packets are treated with a dot1p priority of 0 For DCB to operate effectively you can classify ingress traffic according to its dot1p priority so that it maps to different data queues The dot1p queue assignments used are...

Page 257: ... the committed rates The bandwidth allocated to other priority groups is made available and allocated according to the specified percentages If a priority group does not use its allocated bandwidth the unused bandwidth is made available to other priority groups Repeat the above procedure to configure PFC and ETS traffic handling for each priority group Specify the dot1p priority to priority group ...

Page 258: ...s in converged Ethernet traffic received on an interface and is enabled by default when you enable DCB As an enhancement to the existing Ethernet pause mechanism PFC stops traffic transmission for specified priorities Class of Service CoS values without impacting other priority classes Different traffic types are assigned to different priority classes When traffic congestion occurs PFC sends a pau...

Page 259: ...ons PFC mode is off no pfc mode on No PFC priority classes are configured no pfc priority priority range Example Port A Port B Port C Port B PFC no drop queues are configured for queues 1 2 on Port B PFC capability is enabled on priorities 3 4 on PORT A and C Port B acting as Egress During the congestion traffic pump on priorities 3 and 4 from PORT A and PORT C is at full line rate PORT A and C se...

Page 260: ...of PFC parameters between peer devices PFC allows network administrators to create zero loss links for SAN traffic that requires no drop service while at the same time retaining packet drop congestion management for LAN traffic On a switch PFC is enabled by default on Ethernet ports pfc mode on command You can configure PFC parameters using a DCB map or the pfc priority command in Interface config...

Page 261: ...the interfaces All 802 1p priorities mapped to the same queue must be in the same priority group A maximum of two PFC enabled lossless queues are supported on an interface Otherwise the reconfiguration of a default dot1p queue assignment is rejected To ensure complete no drop service apply the same PFC parameters on all PFC enabled peers PFC Prerequisites and Restrictions On a switch PFC is global...

Page 262: ... slot port subport fortygigabitEthernet slot port CONFIGURATION 2 Enable PFC on specified priorities Range 0 7 Default None Maximum number of lossless queues supported on an Ethernet port 2 Separate priority values with a comma Specify a priority range with a dash for example pfc priority 3 5 7 1 You cannot configure PFC using the pfc priority command on an interface on which a DCB map has been ap...

Page 263: ...aximum supported limit per port two an error message is displayed Reconfigure the value to a smaller number of queues If you configure lossless queues on an interface that already has a DCB map with PFC enabled pfc on an error message is displayed Table 18 Configuring Lossless Queues on a Port Interface Step Task Command Command Mode 1 Enter INTERFACE Configuration mode interface tengigabitEtherne...

Page 264: ...ed dynamically You can configure a buffer size pause threshold ingress shared threshold weight and resume threshold to control and manage the total amount of buffers that are to be used in your network environment Buffer Sizes for Lossless or PFC Packets You can configure up to a maximum of 4 lossless PFC queues By configuring 4 lossless queues you can configure 4 different priorities and assign a...

Page 265: ...th packet dot1p 2 alone are assign to PG6 on ingress The packets come in with packet dot1p 2 alone use Q1 as per dot1p to Queue classification Table 2 on the egress port When Peer sends a PFC message for Priority 2 based on above PRIO2COS table TABLE 2 Queue 1 is halted Queue 1 starts buffering the packets with Dot1p 2 This causes PG6 buffer counter to increase on the ingress since P dot1p 2 is ma...

Page 266: ...fic is sensitive to frame loss interprocess communication IPC traffic is latency sensitive ETS allows different traffic types to coexist without interruption in the same converged link by Allocating a guaranteed share of bandwidth to each priority group Allowing each group to exceed its minimum guaranteed bandwidth if another group is not fully using its allotted bandwidth ETS Prerequisites and Re...

Page 267: ...ity group 0 maps to dot1p priorities 0 1 and 2 priority group 1 maps to dot1p priority 3 priority group 2 maps to dot1p priority 4 priority group 4 maps to dot1p priorities 5 6 and 7 Dell Networking OS Behavior A priority group consists of 802 1p priority values that are grouped for similar bandwidth allocation and scheduling and that share latency and loss requirements All 802 1p priorities mappe...

Page 268: ...pports only the dot1p priority queue assignment in a priority group To configure a dot1p priority flow in a priority group to operate with link strict priority you configure The dot1p priority for strict priority scheduling strict priority command The priority group for strict priority scheduling scheduler strict command Configuring Bandwidth Allocation for DCBx CIN After you apply an ETS output p...

Page 269: ...l Networking OS supports hierarchical scheduling on an interface The control traffic on Dell Networking OS is redirected to control queues as higher priority traffic with strict priority scheduling After the control queues drain out the remaining data traffic is scheduled to queues according to the bandwidth and scheduler configuration in the DCB map The available bandwidth calculated by the ETS a...

Page 270: ...ame priority group In a DCB map each 802 1p priority must map to a priority group The maximum number of priority groups supported in a DCB map on an interface is equal to the number of data queues 4 on the port Each priority group can support more than one data queue You can enable PFC on a maximum of two priority queues on an interface If you configure more than one priority group as strict prior...

Page 271: ...the link layer discovery protocol LLDP protocol DCBx can detect the misconfiguration of a peer DCB device and optionally configure peer DCB devices with DCB feature settings to ensure consistent operation in a data center network DCBx is a prerequisite for using DCB features such as priority based flow control PFC and enhanced traffic selection ETS to exchange link level configurations in a conver...

Page 272: ... configuration source An auto downstream port that receives an internally propagated configuration overwrites its local configuration with the new parameter values When an auto downstream port receives and overwrites its configuration with internally propagated information one of the following actions is taken If the peer configuration received is compatible with the internally propagated port con...

Page 273: ...CB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced transmission selection ETS and priority based flow control PFC DCB features DCBx uses the following methods to exchange DCB configuration parameters Asymmetric DCB parameters are exchanged between a DCBx enabled port and a peer port without requiring that a peer port and ...

Page 274: ...guration source are marked as willing disabled The internally propagated DCB configuration is refreshed on all auto configuration ports and each port may begin configuration negotiation with a DCBx peer again Auto Detection and Manual Configuration of the DCBx Version When operating in Auto Detection mode the DCBx version auto command a DCBx port automatically detects the DCBx version on a peer po...

Page 275: ...n both Send TX and Receive RX mode the protocol lldp mode command refer to the example in CONFIGURATION versus INTERFACE Configurations in the Link Layer Discovery Protocol LLDP chapter If multiple DCBx peer ports are detected on a local DCBx interface LLDP is shut down The CIN version of DCBx supports only PFC ETS and FCOE it does not support iSCSI backward congestion management BCN logical link ...

Page 276: ... propagated DCB configuration from a configuration source config source configures the port to serve as the configuration source on the switch manual configures the port to operate only on administer configured DCB parameters The port does not accept a DCB configuration received from a peer or a local configuration source The default is Manual 5 On manual ports only Configure the PFC and ETS TLVs ...

Page 277: ...uto cee cin ieee v2 5 auto configures all ports to operate using the DCBx version received from a peer cee configures a port to use CEE Intel 1 01 cin configures a port to use Cisco Intel Nuova DCBx 1 0 ieee v2 5 configures a port to use IEEE 802 1Qaz Draft 2 5 The default is Auto NOTE To configure the DCBx port role the interfaces use to exchange DCB information use the DCBx port role command in ...

Page 278: ...ng syslog messages appear when an error in DCBx operation occurs LLDP_MULTIPLE_PEER_DETECTED DCBx is operationally disabled after detecting more than one DCBx peer on the port interface LLDP_PEER_AGE_OUT DCBx is disabled as a result of LLDP timing out on a DCBx peer interface DSM_DCBx_PEER_VERSION_CONFLICT A local port expected to receive the IEEE CIN or CEE version in a DCBx TLV from a remote pee...

Page 279: ...ess traffic on an interface including priorities and link delay To clear PFC TLV counters use the clear pfc counters interface port type slot port command show interface port type pfc statistics Displays counters for the PFC frames received and transmitted by dot1p priority class on an interface You can use the show interface pfc statistics command even without enabling DCB on the system show inte...

Page 280: ...ode is on Admin is enabled Remote is enabled Priority list is 4 Remote Willing Status is enabled Local is enabled Oper status is Recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quantams Application Priority TLV Parameters FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Local ISCSI ...

Page 281: ...abled or disabled with a list of the configured PFC priorities Operational status local port DCBx operational status enabled or disabled with a list of the configured PFC priorities Port state for current operational PFC configuration Init Local PFC configuration parameters were exchanged with peer Recommend Remote PFC configuration parameters were received from peer Internally propagated PFC conf...

Page 282: ... frames transmitted PFC TLV Statistics Pause Rx pkts Number of PFC pause frames received The following example shows the show interface pfc statistics command Dell show interfaces te 1 1 pfc statistics Interface TenGigabitEthernet 1 1 Interface Priority Rx XOFF Frames Rx Total Frames Tx Total Frames Te 1 1 P0 0 0 0 Te 1 1 P1 0 0 0 Te 1 1 P2 0 0 0 Te 1 1 P3 0 0 0 Te 1 1 P4 0 0 0 Te 1 1 P5 0 0 0 Te ...

Page 283: ...detail Interface TenGigabitEthernet 1 1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 0 ETS 2 0 ETS 3 0 ETS 4 0 ETS 5 0 ETS 6 0 ETS 7 0 ETS Priority Bandwidth TSA 0 13 ETS 1 13 ETS 2 13 ETS 3 13 ETS 4 12 ETS 5 12 ETS 6 12 ETS 7 12 ETS Remote Parameters Remote is disabled Local...

Page 284: ... is enabled on the remote port for DCBx exchange the Willing bit received in ETS TLVs from the remote peer is included Local Parameters ETS configuration on local port including Admin mode enabled when a valid TLV is received from a peer priority groups assigned dot1p priorities and bandwidth allocation Operational status local port Port state for current operational ETS configuration Init Local E...

Page 285: ...ack unit all stack ports all ets details command Dell conf show stack unit all stack ports all ets details Stack unit 0 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 2 3 4 5 6 7 8 Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes...

Page 286: ... DCBx Operational Status is Enabled Is Configuration Source FALSE Local DCBx Compatibility mode is IEEEv2 5 Local DCBx Configured mode is IEEEv2 5 Peer Operating version is IEEEv2 5 Local DCBx TLVs Transmitted ERPFi 1 Input PFC TLV pkts 2 Output PFC TLV pkts 0 Error PFC pkts 0 PFC Pause Tx pkts 0 Pause Rx pkts 1 Input ETS Conf TLV Pkts 1 Output ETS Conf TLV Pkts 0 Error ETS Conf TLV Pkts 1 Input E...

Page 287: ...nfiguration source and internally propagate a DCB configuration The DCBx operational status is the combination of PFC and ETS operational status Configuration Source Specifies whether the port serves as the DCBx configuration source on the switch true yes or false no Local DCBx Compatibility mode DCBx version accepted in a DCB configuration as compatible In auto upstream mode a port can only recei...

Page 288: ...ult dot1p to Queue Mapping using the service class dynamic dot1p command in INTERFACE configuration mode Layer 2 class maps You can use dot1p priorities to classify traffic in a class map and apply a service policy to an ingress port to map traffic to egress queues NOTE Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS However Dell Networking d...

Page 289: ...shared PFC buffer size and the total buffer size A maximum of 4 lossless queues are supported CONFIGURATION mode dcb pfc shared buffer size value dcb pfc total buffer size value The buffer size range is from 0 to 3399 Default is 3088 3 Configure the number of PFC queues CONFIGURATION mode dcb enable pfc queues pfc queues The number of ports supported based on lossless queues configured depends on ...

Page 290: ... setting INTERFACE mode conf if te dcb policy buffer threshold buffer threshold 8 Configuring Global total buffer size on stack ports CONFIGURATION mode dcb pfc total buffer size buffer size stack unit all port set port pipe all Port set number range is from 0 to 3 Sample DCB Configuration The following shows examples of using PFC and ETS to manage your data center traffic In the following example...

Page 291: ...Configuration mode to map ingress dot1p frames to the queues shown in the following table For more information refer to QoS dot1p Traffic Classification and Queue Assignment The following describes the dot1p priority class group assignment dot1p Value in the Incoming Frame Priority Group Assignment 0 LAN 1 LAN 2 LAN 3 SAN 4 IPC Data Center Bridging DCB 291 ...

Page 292: ...Enabling DCB Dell conf dcb enable 2 Configure DCB map and enable PFC and ETS Dell conf service class dynamic dot1p Or Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 service class dynamic dot1p 3 Apply DCB map to relevant interface dcb map test priority group 1 bandwidth 50 pfc on priority group 2 bandwidth 45 pfc off priority group 3 bandwidth 5 pfc on priority pgid 2 2 2 1 3 2 2 2...

Page 293: ...lay Agent This is an intermediary network device that passes DHCP messages between the client and server when the server is not on the same subnet as the host Topics DHCP Packet Format and Options Assign an IP Address using DHCP Implementation Information Configure the System to be a DHCP Server Configure the System to be a Relay Agent Configure the System to be a DHCP Client Configure the System ...

Page 294: ...ELEASE 8 DHCPINFORM Parameter Request List Option 55 Clients use this option to tell the server which parameters it requires It is a series of octets where each octet is DHCP option code Renewal Time Option 58 Specifies the amount of time after the IP address is granted that the client attempts to renew its lease with the original server Rebinding Time Option 59 Specifies the amount of time after ...

Page 295: ...address to the accepted configuration parameters and stores the data in a database called a binding table The server then broadcasts a DHCPACK message which signals to the client that it may begin using the assigned parameters 5 When the client leaves the network or the lease time expires returns its IP address to the server in a DHCPRELEASE message There are additional messages that are used in c...

Page 296: ...support Dynamic ARP Inspection on 16 VLANs per system For more information refer to Dynamic ARP Inspection NOTE If the DHCP server is on the top of rack ToR and the VLTi ICL is down due to a failed link when a VLT node is rebooted in BMP Bare Metal Provisioning mode it is not able to reach the DHCP server resulting in BMP failure Configure the System to be a DHCP Server A DHCP server is a network ...

Page 297: ...rom 17 to 31 4 Display the current pool configuration DHCP POOL mode show config After an IP address is leased to a client only that client may release the address Dell Networking OS performs a IP MAC source address validation to ensure that no client can release another clients address This validation is a default behavior and is separate from IP MAC source address validation Configuration Tasks ...

Page 298: ...4 hours Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client To specify a default gateway follow this step Specify default gateway s for the clients on the subnet in order of preference DHCP POOL default router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods ...

Page 299: ...tically and then creates an entry in the binding table However the administrator can manually create an entry for a client manual bindings are useful when you want to guarantee that a particular network device receives a particular IP address Manual bindings can be considered single host address pools There is no limit on the number of manual bindings but you can only configure one manual binding ...

Page 300: ...d from INTERFACE mode as shown in the following illustration Specify multiple DHCP servers by using the ip helper address dhcp address command multiple times When you configure the ip helper address command the system listens for DHCP broadcast messages on port 67 The system rewrites packets received from the client and forwards them via unicast to the DHCP servers the system rewrites the destinat...

Page 301: ... 1 3 TenGigabitEthernet 1 3 is up line protocol is down Internet address is 10 11 0 1 24 Broadcast address is 10 11 0 255 Address determined by user input IP MTU is 1500 bytes Helper address is 192 168 0 1 192 168 0 2 Directed broadcast forwarding is disabled Proxy ARP is enabled Split Horizon is enabled Poison Reverse is disabled ICMP redirects are not sent ICMP unreachables are not sent Dynamic ...

Page 302: ...igure the switch so that it boots up in normal mode using the Dell Networking OS image and startup configuration file in local flash enter the reload type normal reload command and save it to the startup configuration Dell reload type normal reload Dell write memory Dell reload To re enable BMP mode for the next reload enter the reload type jump start command If the management port is associated w...

Page 303: ...cp Dynamically assigned IP addresses can be released without removing the DHCP client operation on the interface on a switch configured as a DHCP client 3 Manually acquire a new IP address from the DHCP server by releasing a dynamically acquired IP address while retaining the DHCP client configuration on the interface EXEC Privilege mode release dhcp interface type slot port subport 4 Acquire a ne...

Page 304: ...he DHCP IP address and renew it on the management interface Management routes added by the DHCP client have higher precedence over the same statically configured management route Static routes are not removed from the running configuration if a dynamically acquired management route added by the DHCP client overwrites a static management route Management routes added by the DHCP client are not adde...

Page 305: ...Doing so guarantees that this router becomes the VRRP group owner To use the router as the VRRP owner if you enable a DHCP client on an interface that is added to a VRRP group assign a priority less than 255 but higher than any other priority assigned in the group Configure the System for User Port Stacking Option 230 Set the stacking option variable to provide stack port detail on the DHCP server...

Page 306: ...am For routers between the relay agent and the DHCP server enter the trust downstream option Manually reset the remote ID for Option 82 CONFIGURATION mode ip dhcp relay information option remote id DHCP Snooping DHCP snooping protects networks from spoofing In the context of DHCP snooping ports are either trusted or not trusted By default all ports are not trusted Trusted ports are ports through w...

Page 307: ...ver connected port Enabling DHCP Snooping To enable DHCP snooping use the following commands 1 Enable DHCP snooping globally CONFIGURATION mode ip dhcp snooping 2 Specify ports connected to DHCP servers as trusted INTERFACE mode INTERFACE PORT EXTENDER mode ip dhcp snooping trust 3 Enable DHCP snooping on a VLAN CONFIGURATION mode ip dhcp snooping vlan name Enabling IPv6 DHCP Snooping To enable IP...

Page 308: ...e binding table EXEC Privilege mode clear ipv6 dhcp snooping binding Dell clear ipv6 dhcp snooping binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table use the following command Display the contents of the binding table EXEC Privilege mode show ip dhcp snooping Example of the show ip dhcp snooping Command View the DHC...

Page 309: ...11 22 11 22 11 22 120331 S Vl 100 Te 1 1 33 22 11 22 11 22 11 23 120331 S Vl 200 Te 1 1 333 22 22 11 22 11 22 11 24 120331 D Vl 300 Te 1 2 Debugging the IPv6 DHCP To debug the IPv6 DHCP use the following command Display debug information for IPV6 DHCP EXEC Privilege mode debug ipv6 dhcp IPv6 DHCP Snooping MAC Address Verification Configure to enable verify source mac address in the DHCP packet aga...

Page 310: ...ARP spoofing is a technique attackers use to inject false IP to MAC mappings into the ARP cache of a network device It is used to launch man in the middle MITM and denial of service DoS attacks among others A spoofed ARP message is one in which the MAC address in the sender hardware address field and the IP address in the sender protocol field are strategically chosen by the attacker For example i...

Page 311: ...tocol entries are required L2SystemFlow has 15 entries by default but only nine are for DAI to enable DAI on 16 VLANs seven more entries are required 87 L2Protocol 13 additional L2Protocol 15 L2SystemFlow 7 additional L2SystemFlow equals 122 Configuring Dynamic ARP Inspection To enable dynamic ARP inspection use the following commands 1 Enable DHCP snooping 2 Validate ARP frames against the DHCP s...

Page 312: ...e client s IP address to interact with other clients The DHCP binding table associates addresses the DHCP servers assign with the port or the port channel interface on which the requesting client is attached and the VLAN the client belongs to When you enable IP source address validation on a port the system verifies that the source IP address is one that is associated with the incoming port and op...

Page 313: ...IP source address and MAC source address are a legitimate pair rather than validating each attribute individually You cannot configure IP MAC SAV with IP SAV 1 Allocate at least one FP block to the ipmacacl CAM region CONFIGURATION mode cam acl l2acl 2 Save the running config to the startup config EXEC Privilege mode copy running config startup config 3 Reload the system EXEC Privilege reload 4 Do...

Page 314: ...packets on a particular interface Dell show ip dhcp snooping source address validation discard counters interface TenGigabitEthernet 1 1 deny access list on TenGigabitEthernet 1 1 Total cam count 2 deny vlan 10 count 0 packets deny vlan 20 count 0 packets Clearing the Number of SAV Dropped Packets To clear the number of SAV dropped packets use the clear ip dhcp snooping source address validation d...

Page 315: ...default hash algorithm is 24 Enabling Deterministic ECMP Next Hop Deterministic ECMP next hop arranges all ECMPs in order before writing them into the content addressable memory CAM For example suppose the RTM learns eight ECMPs in the order that the protocols and interfaces came up In this case the forwarding information base FIB and CAM sorts them so that the ECMPs are always arranged This imple...

Page 316: ... A global default threshold of 60 is Link bundle monitoring allows the system to monitor the use of multiple links for an uneven distribution Links are monitored in 15 second intervals for three consecutive instances Any deviation within that time causes a syslog to be sent and an alarm event generate When the deviation clears another syslog is sent and a clear alarm event generates For example li...

Page 317: ... conf ip ecmp group maximum paths 3 User configuration has been changed Save the configuration and reload to take effect Dell conf Creating an ECMP Group Bundle Within each ECMP group you can specify an interface If you enable monitoring for the ECMP group the utilization calculation is performed when the average utilization of the link bundle as opposed to a single link within the bundle exceeds ...

Page 318: ... load balances the traffic within a trunk group in a controlled manner In order to effectively increase the bandwidth of the LAG Equal Cost Multiple Path routes traffic is balanced across the member links The balancing is performed by using the RTAG7 hashing which is designed to have the member links used efficiently as the traffic profile gets more diverse Hashing based load balancing is used in ...

Page 319: ... hashing dest ip Use Destination IP for ECMP hashing lsb Always return the LSB of the key as the hash xor1 CRC16_BISYNC_AND_XOR1 Upper 8 bits of CRC16 BISYNC and lower 8 bits of xor1 xor2 CRC16_BISYNC_AND_XOR2 Upper 8 bits of CRC16 BISYNC and lower 8 bits of xor2 xor4 CRC16_BISYNC_AND_XOR4 Upper 8 bits of CRC16 BISYNC and lower 8 bits of xor4 xor8 CRC16_BISYNC_AND_XOR8 Upper 8 bits of CRC16 BISYNC...

Page 320: ...t whereas on Router B the hash fields use only source ip dest ip and protocol 4 Configuring different hash algorithms at different tiers For example Router A could use crc16 as the hash algorithm while router B can use XOR16 as the hash algorithm Configuration and Benefits The preceding anti polarization techniques require some coordinated configuration of network nodes to solve the problem and th...

Page 321: ...conf hash algorithm ecmp flow based hashing crc16 Dell conf end Dell show hash algorithm Hash Algorithm linecard 0 Port Set 0 Seed 185270328 Hg Seed 185282673 EcmpFlowBasedHashingAlgo crc16 EcmpAlgo crc32MSB LagAlgo crc32LSB HgAlgo crc16 Figure 36 After Polarization Effect Traffic flow after enabling flow based hashing When the flow based hashing is enabled at all the nodes in the multi tier netwo...

Page 322: ...her end devices attached to the Fibre Channel network end devices log into the switch to which they are attached Because Fibre Channel links are point to point a Fibre Channel switch controls all storage traffic that an end device sends and receives over the network As a result the switch can enforce zoning configurations ensure that end devices use their assigned addresses and secure the network ...

Page 323: ...e and frame format The following illustration shows the communication that occurs between an ENode server and an FCoE switch FCF The following table lists the FIP functions Table 26 FIP Functions FIP Function Description FIP VLAN discovery FCoE devices ENodes discover the FCoE VLANs on which to transmit and receive FIP and FCoE traffic FIP discovery FCoE end devices and FCFs are automatically disc...

Page 324: ...ure CAM allocation for FCoE When you enable FIP snooping all ports on the switch by default become ENode ports Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows Port based ACLs These ACLs are applied on all three port modes on ports directly connected to an FCF server facing ENode ports and bridge to bridge links Port based ACLs take precedence over global...

Page 325: ...FCoE MAC address prefix FC MAP value an FCF uses The FC MAP value is used in the ACLs installed in bridge to bridge links on the switch To provide more port security on ports that are directly connected to an FCF and have links to other FIP snooping bridges set the FCF or Bridge to Bridge Port modes To ensure that they are operationally active check FIP snooping enabled VLANs Process FIP VLAN disc...

Page 326: ...enabled on the switch for lossless Ethernet connections refer to the Data Center Bridging DCB chapter Dell Networking recommends also enabling enhanced transmission selection ETS however ETS is recommended but not required If you enable DCBx and PFC mode is on PFC is operationally up in a port configuration FIP snooping is operational on the port If the PFC parameters in a DCBx exchange with a pee...

Page 327: ... 4 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 IpMacAcl 0 VmanQos 0 VmanDualQos 0 EcfmAcl 0 FcoeAcl 2 iscsiOptAcl 0 ipv4pbr 0 vrfv4Acl 0 Openflow 0 fedgovacl 0 nlbclusteracl 0 st sjc s5000 29 Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit NOTE FCoE transit is disabled by default To enable this feature you must follow the Configure FIP Snooping As soon...

Page 328: ...FCF is established by the switch bridge only when the FC MAP value on the FCF matches the FC MAP value on the FIP snooping bridge Configure a Port for a Bridge to Bridge Link If a switch port is connected to another FIP snooping bridge configure the FCoE Trusted Port mode for bridge bridge links Initially all FCoE traffic is blocked Only FIP frames with the ALL_FCF_MAC and ALL_ENODE_MAC values in ...

Page 329: ...um number of FCoE VLANs supported on the switch is eight The maximum number of FIP snooping sessions supported per ENode server is 32 To increase the maximum number of sessions to 64 use the fip snooping max sessions per enodemac command The maximum number of FCFs supported per FIP snooping enabled VLAN is twelve When FCoE is configured on fanned out ports or unusable 100G ports traffic outage occ...

Page 330: ...ncluding the ENode interface and MAC address FCF MAC address VLAN ID and FC ID show fip snooping fcf fcf mac address Displays information on the FCFs in FIP snooped sessions including the FCF interface and MAC address FCF interface VLAN ID FC MAP value FKA advertisement period and number of ENodes connected clear fip snooping database interface vlan vlan id fcoe mac address enode mac address fcf m...

Page 331: ...snooping sessions command fields Table 29 show fip snooping sessions Command Description Field Description ENode MAC MAC address of the ENode ENode Interface Slot port number of the interface connected to the ENode FCF MAC MAC address of the FCF FCF Interface Slot port number of the interface to which the FCF is connected VLAN VLAN ID number used by the session FCoE MAC MAC address of the FCoE ses...

Page 332: ...nterface Slot port number of the interface connected to the ENode FKA_ADV_PERIOD Period of time in milliseconds during which FIP keep alive advertisements are transmitted No of ENodes Number of ENodes connected to the FCF FC ID Fibre Channel session ID assigned by the FCF The following example shows the show fip snooping statistics interface vlan command VLAN and port Dell show fip snooping statis...

Page 333: ...f Vlan Requests 0 Number of Vlan Notifications 2 Number of Multicast Discovery Solicits 0 Number of Unicast Discovery Solicits 0 Number of FLOGI 0 Number of FDISC 0 Number of FLOGO 0 Number of Enode Keep Alive 0 Number of VN Port Keep Alive 0 Number of Multicast Discovery Advertisement 4451 Number of Unicast Discovery Advertisement 2 Number of FLOGI Accepts 2 Number of FLOGI Rejects 0 Number of FD...

Page 334: ...f FIP FLOGI reject frames received on the interface Number of FDISC Accepts Number of FIP FDISC accept frames received on the interface Number of FDISC Rejects Number of FIP FDISC reject frames received on the interface Number of FLOGO Accepts Number of FIP FLOGO accept frames received on the interface Number of FLOGO Rejects Number of FIP FLOGO reject frames received on the interface Number of CV...

Page 335: ...erver facing port and the DCB PFC configuration on both ports is synchronized For more information about how to configure DCBx and PFC on a port refer to the Data Center Bridging DCB chapter The following example shows how to configure FIP snooping on FCoE VLAN 10 on an FCF facing port 1 5 on an ENode server facing port 1 1 and to configure the FIP snooping ports as tagged members of the FCoE VLAN...

Page 336: ...if te 1 5 switchport Dell conf if te 1 5 fip snooping port mode fcf Dell conf if te 1 5 protocol lldp Dell conf if te 1 5 lldp dcbx port role auto upstream Example of Configuring FIP Snooping Ports as Tagged Members of the FCoE VLAN Dell conf interface vlan 10 Dell conf if vl 10 tagged tengigabitethernet 1 1 Dell conf if vl 10 tagged tengigabitethernet 1 5 Dell conf if te 1 1 no shut Dell conf if ...

Page 337: ...ability A maximum of eight flex hash entries is supported A maximum of 4 bytes can be extracted from the start of the L4 header The offset range is 0 30 bytes from the start of the L4 header Flex hash uses the RTAG7 bins 2 and 3 overlay bins These bins must be enabled for flex hash to be configured If you configure flex hash by using the load balance ingress port enable and the load balance flexha...

Page 338: ...timized booting time capability and perform a reload of the system the LACP application sends PDUs across all the active LACP links immediately INTERFACE conf if po number mode Dell conf if po number lacp fast switchover Optimizing the Boot Time You can reduce the booting time of a switch by using the fast boot feature With the reduced time that is taken to reboot the switch upon a manually initia...

Page 339: ...the IPv6 Neighbor Discovery ND reachable timer is increased to a value of 300 seconds or longer on the adjacent devices to prevent the ND cache entries from becoming stale and being removed while the ToR goes through a CPU reset This timer can be restored to its prior value after the ToR has completed its planned reload 4 The BGP protocol on the adjacent devices responds to network link state chan...

Page 340: ...onfigure BGP GR you must configure the peering with BGP keepalive and hold timers to be as high as possible depending on your network deployment and the scaled parameters or sessions to enable the connection to be active until the system re initializes the switch causing the links to adjacent devices to go down If the BGP sessions are disabled before the re initialization of the switch occurs beca...

Page 341: ...en if it is configured for fast boot When the system comes up it is expected that there will be no dynamic ARP or ND database to restore The system boot up mode will not be fast boot and Unexpected Reload of the System When an unexpected or unplanned reload occurs such as a reset caused by the software the system performs the regular boot sequence even if it is configured for fast boot When the sy...

Page 342: ...DMA is a technology that a virtual machine VM uses to directly transfer information to the memory of another VM thus enabling VMs to be connected to storage networks With RoCE RDMA enables data to be forwarded without passing through the CPU and the main memory path of TCP IP In a deployment that contains both the RoCE network and the normal IP network on two different networks RRoCE combines the ...

Page 343: ... frames or traffic are relevant or associated Such frames are encapsulated with the 802 1Q tags If a single VLAN is configured in a network topology all the traffic packets contain the same do1q tag which is the tag value of the 802 1Q header If a VLAN is split into multiple different sub VLANs each VLAN is denoted by a unique 8021 Q tag to enable the nodes that receive the traffic frames determin...

Page 344: ... 2 validated cryptography module SSH Client SSH Server RSA Host Key Generation SCP File Transfers Currently other features using cryptography do not use the embedded FIPS 140 2 validated cryptography module Topics Configuration Tasks Preparing the System Enabling FIPS Mode Generating Host Keys Monitoring FIPS Mode Status Disabling FIPS Mode Configuration Tasks To enable FIPS cryptography complete ...

Page 345: ...a remote host is in the process of establishing an SSH session to the local system and has been prompted to accept a new host key or to enter a password but is not responding to the request Assuming this failure is a transient condition attempting to enable FIPS mode again should be successful To enable FIPS mode use the following command Enable FIPS mode from a console port CONFIGURATION fips mod...

Page 346: ...d FTP file transfers close Any existing host keys both RSA and RSA1 are deleted from system memory and NVRAM storage FIPS mode disables The SSH server re enables The Telnet server re enables if it is present in the configuration New 1024 bit RSA and RSA1 host key pairs are created To disable FIPS mode use the following command To disable FIPS mode from a console port CONFIGURATION mode no fips mod...

Page 347: ...g The Master node checks the status of the Ring by sending ring health frames RHF around the Ring from its Primary port and returning on its Secondary port If the Master node misses three consecutive RHFs the Master node determines the ring to be in a failed state The Master then sends a Topology Change RHF to the Transit Nodes informing them that the ring has changed This causes the Transit Nodes...

Page 348: ...ode begins learning the new topology Ring Restoration The Master node continues sending ring health frames out its primary port even when operating in the Ring Fault state After the ring is restored the next status check frame is received on the Master node s Secondary port This causes the Master node to transition back to the Normal state The Master node then logically blocks non control frames o...

Page 349: ...oth FRRP groups Switch R3 has two instances of FRRP running on it one for each ring The example topology that follows shows R3 assuming the role of a Transit node for both FRRP 101 and FRRP 202 Figure 40 Example of Multiple Rings Connected by Single Switch Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks The Master node o...

Page 350: ... one of four states Blocking State Accepts ring protocol packets but blocks data packets LLDP FEFD or other Layer 2 control packets are accepted Only the Master node Secondary port can enter this state Pre Forwarding State A transition state before moving to the Forward state Control traffic is forwarded but data traffic is blocked The Master node Secondary port transitions through this state duri...

Page 351: ...rts must be Layer 2 ports This is required for both Master and Transit nodes A VLAN configured as a control VLAN for a ring cannot be configured as a control or member VLAN for any other ring The control VLAN is not used to carry any data traffic it carries only RHFs The control VLAN cannot have members that are not ring ports If multiple rings share one or more member VLANs they cannot share any ...

Page 352: ...ate a VLAN with this ID number CONFIGURATION mode interface vlan vlan id VLAN ID from 1 to 4094 2 Tag the specified interface or range of interfaces to this VLAN CONFIG INT VLAN mode tagged interface range Interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the...

Page 353: ...s to this VLAN CONFIG INT VLAN mode tagged interface range Interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information 3 Assign the Primary and Secondary ports and the Control VLAN for the ports on the ring CONFIG FRRP mode interface primary i...

Page 354: ...ds Clear the counters associated with this Ring ID EXEC PRIVELEGED mode clear frrp ring id Ring ID the range is from 1 to 255 Clear the counters associated with all FRRP groups EXEC PRIVELEGED mode clear frrp Viewing the FRRP Configuration To view the configuration for the FRRP group use the following command Show the configuration for this FRRP group CONFIG FRRP mode show configuration Viewing th...

Page 355: ... interface The maximum number of rings allowed on a chassis is 255 Sample Configuration and Topology The following example shows a basic FRRP topology Example of R1 MASTER interface TenGigabitEthernet 1 24 no ip address switchport no shutdown interface TenGigabitEthernet 1 34 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 1 24 34 no shutdown interfa...

Page 356: ...igabitEthernet 3 14 21 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 3 21 secondary TenGigabitEthernet 3 14 control vlan 101 member vlan 201 mode transit no disable FRRP Support on VLT Using FRRP rings you can inter connect VLT domains across data centers These FRRP rings make use of Layer2 VLANs that spawn across Data Centers and provide resiliency by detecting node or link l...

Page 357: ...e2 as the master node and VLT node1 as the trasit node In the FRRP ring R1 the primary interface for VLT Node1 is the VLTi P1 is the secondary interface which is an orphan port that is participating in the FRRP ring topology V1 is the control VLAN through which the RFHs are exchanged indicating the health of the nodes and the FRRP ring itself In addition to the control VLAN multiple member VLANS a...

Page 358: ...econdary port P2 is tagged to the control VLAN V1 VLTi is implicitly tagged to the member VLANs when these VLANs are configured in the VLT peer As a result of the VLT Node2 configuration on R2 the secondary interface P2 is blocked for the member VLANs M11 to Mn Following figure illustrated the FRRP Ring R1 topology Figure 42 FRRP Ring using VLTi links Important Points to Remember VLTi can be confi...

Page 359: ... As such the edge ports must still be statically configured with VLAN membership information and they do not run GVRP It is this information that is propagated to create dynamic VLAN membership in the core of the network Important Points to Remember GVRP propagates VLAN membership throughout a network GVRP allows end stations and switches to issue and revoke declarations relating to VLAN membershi...

Page 360: ...basis Enable GVRP on each port that connects to a switch where you want GVRP information exchanged In the following example GVRP is configured on VLAN trunk ports Figure 43 Global GVRP Configuration Example Basic GVRP configuration is a two step process 1 Enabling GVRP Globally 2 Enabling GVRP on a Layer 2 Interface Related Configuration Tasks Configure GVRP Registration Configure a GARP Timer 360...

Page 361: ...nd from INTERFACE mode or use the show gvrp interface command in EXEC or EXEC Privilege mode Configure GVRP Registration Configure GVRP registration There are two GVRP registration modes Fixed Registration Mode figuring a port in fixed registration mode allows for manual creation and registration of VLANs prevents VLAN deregistration and registers all VLANs known on other ports on the port For exa...

Page 362: ...red The Leave timer must be greater than or equal to 3x the Join timer The Dell Networking OS default is 600ms LeaveAll After startup a GARP device globally starts a LeaveAll timer After expiration of this interval it sends out a LeaveAll message so that other GARP devices can re register all relevant attribute information The device then restarts the LeaveAll timer to begin a new cycle The LeaveA...

Page 363: ... RPM Synchronization GARP VLAN Registration Protocol GVRP 363 ...

Page 364: ...siliency Hot Lock Behavior Topics Component Redundancy Pre Configuring a Stack Unit Slot Removing a Provisioned Logical Stack Unit Hitless Behavior Graceful Restart Software Resiliency Hot Lock Behavior Component Redundancy Dell Networking systems eliminate single points of failure by providing dedicated or load balanced redundancy for each component Automatic and Manual Stack Unit Failover Stack ...

Page 365: ...e Running Config no block sync done ACL Mgr no block sync done LACP no block sync done STP no block sync done SPAN no block sync done Dell Synchronization between Management and Standby Units Data between the Management and Standby units is synchronized immediately after bootup After the Management and Standby units have done an initial full synchronization block sync Dell Networking OS only updat...

Page 366: ...hronize Management and Standby units at any time use the following command Manually synchronize Management and Standby units EXEC Privilege mode redundancy synchronize full Pre Configuring a Stack Unit Slot You may also pre configure an empty stack unit slot with a logical stack unit To pre configure an empty stack unit slot use the following command Pre configure an empty stack unit slot with a l...

Page 367: ...g table of the restarting router and its neighbors for a specified period to minimize the loss of packets A graceful restart router does not immediately assume that a neighbor is permanently down and so does not trigger a topology change Packet loss is non zero but trivial and so is still called hitless Dell Networking OS supports graceful restart for the following protocols Border gateway Open sh...

Page 368: ...on and is used to identify the cause of the exception There are two types of core dumps application and kernel Application core dump is the contents of the memory allocated to a failed application at the time of an exception Kernel core dump is the central component of an operating system that manages system processors and memory allocation and makes these facilities available to applications A ke...

Page 369: ...ting an IGMP Version Viewing IGMP Groups Adjusting Timers Preventing a Host from Joining a Group Enabling IGMP Immediate Leave IGMP Snooping Fast Convergence after MSTP Topology Changes Egress Interface Selection EIS for HTTP and IGMP Applications Designating a Multicast Router Interface IGMP Protocol Overview IGMP has three versions Version 3 obsoletes and is backwards compatible with version 2 v...

Page 370: ...nt to join the same multicast group only the report from the first host to respond reaches the querier and the remaining hosts suppress their responses For how the delay timer mechanism works refer to Adjusting Query and Response Timers 3 The querier receives the report for a group and adds the group to the list of multicast groups associated with its outgoing port to the subnet Multicast traffic ...

Page 371: ...t of sources that must be filtered An additional query type the Group and Source Specific Query keeps track of state changes while the Group Specific and General queries still refresh the existing state Reporting is more efficient and robust hosts do not suppress query responses non suppression helps track state and enables the immediate leave and IGMP snooping features state change reports are re...

Page 372: ...uery to verify that there are no hosts interested in any other sources The multicast router must satisfy all hosts if they have conflicting requests For example if another host on the subnet is interested in traffic from 10 11 1 3 the router cannot record the include request There are no other interested hosts so the request is recorded At this point the multicast routing protocol prunes the tree ...

Page 373: ...essary 2 The querier before making any state changes sends a group and source query to see if any other host is interested in these two sources queries for state changes are retransmitted multiple times If any are they respond with their current state information and the querier refreshes the relevant state information 3 Separately in the following illustration the querier sends a general query to...

Page 374: ... Enable a multicast routing protocol Related Configuration Tasks Viewing IGMP Enabled Interfaces Selecting an IGMP Version Viewing IGMP Groups Adjusting Timers Preventing a Host from Joining a Group Enabling IGMP Immediate Leave IGMP Snooping Fast Convergence after MSTP Topology Changes Designating a Multicast Router Interface 374 Internet Group Management Protocol IGMP ...

Page 375: ...with version 3 on the same subnet If hosts require IGMP version 3 you can switch to IGMP version 3 To switch to version 3 use the following command Switch to a different IGMP version INTERFACE mode ip igmp version Example of the ip igmp version Command Dell conf if te 1 13 ip igmp version 3 Dell conf if te 1 13 do show ip igmp interface TenGigabitEthernet 1 13 is up line protocol is down Inbound I...

Page 376: ...he timer expires in version 2 if another host responds before the timer expires the timer is nullified and no response is sent The maximum response time is the amount of time that the querier waits for a response to a query before taking further action The querier advertises this value in the query refer to the illustration in IGMP Version 2 Lowering this value decreases leave latency but increase...

Page 377: ...lears the multicast routing table and re learns all groups even those not covered by the rules in the access list because there is an implicit deny all rule at the end of all access lists Therefore configuring an IGMP join request filter in this order might result in data loss If you must enter the ip igmp access group command before creating the access list prevent the Dell Networking OS from cle...

Page 378: ...vious illustration Table 34 Preventing a Host from Joining a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 no shutdown 1 31 Interface TenGigabitEthernet 1 31 ip pim sparse mode ip address 10 11 13 1 24 378 Internet Group Management Protocol IGMP ...

Page 379: ...pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode ip address 10 11 3 1 24 untagged TenGigabitEthernet 1 1 no shutdown Receiver 2 Interface VLAN 400 ip pim spar...

Page 380: ... in a virtual local area network VLAN by default even though there may be only some interested hosts which is a waste of bandwidth If you enable IGMP snooping on a VLT unit IGMP snooping dynamically learned groups and multicast router ports are made to learn on the peer by explicitly tunneling the received IGMP control packets IGMP Snooping Implementation Information IGMP snooping on Dell Networki...

Page 381: ... VLAN mode show config Example of Configuration Output After Removing a Group Port Association Dell conf if vl 100 show config interface Vlan 100 no ip address ip igmp snooping fast leave shutdown Dell conf if vl 100 Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned unregistered frame the switch floods that packet out of all...

Page 382: ...de ip igmp snooping querier IGMP snooping querier does not start if there is a statically configured multicast router interface in the VLAN The switch may lose the querier election if it does not have the lowest IP address of all potential queriers on the subnet When enabled IGMP snooping querier starts after one query interval in case no IGMP general query with IP SA lower than its VLAN IP addres...

Page 383: ... on the management port is dropped and received in the management port with destination on the front end port is dropped Switch destined traffic destination IP configured in the switch is Received in the front end port with destination IP equal to management port IP address or management port subnet broadcast address is dropped Received in the management port with destination IP not equal to manag...

Page 384: ... SNMP traps because these applications do not require a response after a packet is sent The switch also processes user specified port numbers for applications such as RADIUS TACACS SSH and sFlow The OS maintains a list of configured management applications and their port numbers You can configure two default routes one configured on the management port and the other on the front end port Two table...

Page 385: ...cations and route lookup for these applications is done in the default routing table only For ping and traceroute utilities that are initiated from the switch if reachability needs to be tested through routes in the management EIS routing table you must configure ICMP as a management application If ping and traceroute are destined to the management port IP address the response traffic for these pa...

Page 386: ...P packets received through the management interface a double route lookup is done one in the default routing table and another in the management EIS routing table This is because in the ARP layer we do not have TCP UDP port information to decide the table in which the route lookup should be done The show arp command is enhanced to show the routing table type for the ARP entry For the clear arp cac...

Page 387: ...ter is incremented for this case This counter is viewed using the netstat command like all other IP layer counters Consider a scenario in which ip1 is an address assigned to the management port and ip2 is an address assigned to any of the front panel port of a switch End users on the management and front panel port networks are connected In such an environment traffic received in the management po...

Page 388: ...ment port is an egress port for management applications If the management port is down or the destination is not reachable through the management port next hop ARP is not resolved and so on and if the destination is reachable through a data port then the management application traffic is sent out through the front end data port This fallback mechanism is required 2 Non Management Applications Appl...

Page 389: ... and also for ICMP based applications like ping and traceroute FTP SSH and Telnet are the applications that can function as servers for the TCP session EIS Behavior If source TCP or UDP port matches an EIS management or a non EIS management application and source IP address is management port IP address management port is the preferred egress port selected based on route lookup in EIS table If the...

Page 390: ...If DHCP Client is enabled on the management port a management default route is installed to the switch If management EIS is enabled this default route is added to the management EIS routing table and the default routing table ARP learn enable When ARP learn enable is enabled the switch learns ARP entries for ARP Request packets even if the packet is not destined to an IP configured in the box The ...

Page 391: ... Designate an interface as a multicast router interface ip igmp snooping mrouter interface Internet Group Management Protocol IGMP 391 ...

Page 392: ...anagement Interfaces VLAN Interfaces Loopback Interfaces Null Interfaces Port Channel Interfaces Advanced Interface Configuration Bulk Configuration Defining Interface Range Macros Monitoring and Maintaining Interfaces Splitting QSFP Ports to SFP Ports Link Dampening Link Bundle Monitoring Ethernet Pause Frames Configure the MTU Size on an Interface Port pipes Auto Negotiation on Ethernet Interfac...

Page 393: ...figuring the Traffic Sampling Size Globally Dynamic Counters Interface Types The following table describes different interface types Table 39 Different Types of Interfaces Interface Type Modes Possible Default Mode Requires Creation Default State Physical L2 L3 Unset No Shutdown disabled Management N A N A No No Shutdown enabled Loopback L3 L3 Yes No Shutdown enabled Null N A N A No Enabled Port C...

Page 394: ...yte pkts 0 over 1023 byte pkts 0 Multicasts 0 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 3 packets 192 bytes 0 underruns 3 64 byte pkts 0 over 64 byte pkts 0 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 0 Multicasts 3 Broadcasts 0 Unicasts 0 Vlans 0 throttles 0 discarded 0 collisions Rate info interval 299 seconds Inp...

Page 395: ...ace to its factory default state To reset the configuration perform the following steps 1 View the configurations applied on an interface INTERFACE mode show config Dell conf if te 1 5 show config interface TenGigabitEthernet 1 5 no ip address portmode hybrid switchport rate interval 8 mac learning limit 10 no station move no shutdown 2 Reset an interface to its factory default state CONFIGURATION...

Page 396: ...stem Stack unit interfaces support Layer 2 and Layer 3 traffic over the 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces These interfaces can also become part of virtual interfaces such as virtual local area networks VLANs or port channels For more information about VLANs refer to Bulk Configuration For more information on port channels refer to Port Channel Interfaces Dell Networking OS Beh...

Page 397: ...rotocol STP on an interface unless the interface has been set to Layer 2 mode To set Layer 2 data transmissions through an individual interface use the following command Enable Layer 2 data transmissions through an individual interface INTERFACE mode switchport Example of a Basic Layer 2 Interface Configuration Dell conf if show config interface Port channel 1 no ip address switchport no shutdown ...

Page 398: ...e following example the ip address command triggered an error message because the interface is in Layer 2 mode and the ip address command is a Layer 3 command only Dell conf if show config interface TenGigabitEthernet 1 2 no ip address switchport no shutdown Dell conf if ip address 10 10 1 1 24 Error Port is in Layer 2 mode Te 1 2 Dell conf if To determine the configuration of an interface use the...

Page 399: ...route command to add new management routes to the default and EIS routing tables Use the show ip management eis route command to view the EIS routes Important Points to Remember Deleting a management route removes the route from both the EIS routing table and the default routing table If the management port is down or route lookup fails in the management EIS routing table the outgoing interface is...

Page 400: ... mode To view the addresses use the show interface managementethernet command as shown in the following example If you try to configure a third IPv6 address an error message displays If you enable auto configuration all IPv6 addresses on that management interface are auto configured The first IPv6 address that you configure on the management interface is the primary address If deleted you must re ...

Page 401: ... brief commands on the primary RPM management interface displays the virtual IP address and not the actual IP address assigned on that interface A duplicate IP address message is printed for the management port s virtual IP address on an RPM failover This behavior is a harmless error that is generated due to a brief transitory moment during failover when both RPMs management ports own the virtual ...

Page 402: ... For more information about VLANs and Layer 2 see Layer 2 and Virtual LANs VLANs NOTE To monitor VLAN interfaces use Management Information Base for Network Management of TCP IP based internets MIB II RFC 1213 NOTE You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN Dell Networking OS supports Inter VLAN routing Layer 3 routing in VLANs You can add IP addre...

Page 403: ...de show interface loopback number Delete a Loopback interface CONFIGURATION mode no interface loopback number Many of the commands supported on physical interfaces are also supported on a Loopback interface Null Interfaces The Null interface is another virtual interface There is only one Null interface It is always up but no traffic is transmitted through this interface To enter INTERFACE mode of ...

Page 404: ...are dynamically configured using the link aggregation control protocol LACP For details see Link Aggregation Control Protocol LACP There are 128 port channels with 16 members per channel As soon as you configure a port channel Dell Networking OS treats it like a physical interface For example IEEE 802 1Q tagging is maintained while the physical interface is in the port channel Member ports of a LA...

Page 405: ...peed or auto negotiate are disabled Dell Networking OS brings up the interfaces that are set to auto negotiate so that their speed is identical to the speed of the first channel member in the port channel Configuration Tasks for Port Channel Interfaces To configure a port channel LAG use the commands similar to those found in physical interfaces By default no port channels are configured in the st...

Page 406: ...E mode To view the interface s configuration enter INTERFACE mode for that interface and use the show config command or from EXEC Privilege mode use the show running config interface interface command When an interface is added to a port channel Dell Networking OS recalculates the hash algorithm To add a physical interface to a port use the following commands 1 Add the interface to a port channel ...

Page 407: ... soon as a physical interface is added to a port channel the properties of the port channel determine the properties of the physical interface The configuration and status of the port channel are also applied to the physical interfaces within the port channel For example if the port channel is in Layer 2 mode you cannot add an IP address or a static MAC address to an interface that is part of that...

Page 408: ...LAG that must be in oper up status to consider the port channel to be in oper up status To set the oper up status of your links use the following command Enter the number of links in a LAG that must be in oper up status INTERFACE mode minimum links number The default is 1 Example of Configuring the Minimum Oper Up Links in a Port Channel Dell config t Dell conf int po 1 Dell conf if po 1 minimum l...

Page 409: ...chport command in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell conf if switchport 3 Verify the manually configured VLAN membership show interfaces switchport interface command EXEC mode Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 switchport Dell conf if te 1 1 vlan tagged 2 5 100 4010 Dell show interfaces switchport te 1...

Page 410: ...port channel based on the IP Identifier field within the packet Load balancing uses source and destination packet information to get the greatest advantage of resources by distributing traffic over multiple paths when transferring data to a destination Dell Networking OS allows you to modify the hashing algorithms used for flows and for fragments The load balance and hash algorithm commands are av...

Page 411: ...he interface with slot and port information for valid interfaces The maximum size of an interface range prompt is 32 If the prompt size exceeds this maximum it displays at the end of the output NOTE Non existing interfaces are excluded from the interface range prompt NOTE When creating an interface range interfaces appear in the order they were entered and are not sorted The show range command is ...

Page 412: ...r Duplicate Interfaces Dell conf interface range vlan 1 vlan 1 vlan 3 vlan 3 Dell conf if range vl 1 vl 3 Dell conf interface range tengigabitethernet 2 1 2 23 tengigabitethernet 2 1 2 23 tengigab 2 1 2 23 Dell conf if range te 2 1 23 Exclude a Smaller Port Range The following is an example show how the smaller of two port ranges is omitted in the interface range prompt Example of the Interface Ra...

Page 413: ...es the interface range macro and saves it in the running configuration file CONFIGURATION mode define interface range macro_name vlan vlan_ID vlan_ID tengigabitethernet fortyGigE slot port subport slot port subport vlan vlan_ID vlan_ID tengigabitethernet fortyGigE slot interfaceslot port subport interfaceslot port subport Define the Interface Range The following example shows how to define an inte...

Page 414: ...ys m Change mode l Page up T Increase refresh interval by 1 second t Decrease refresh interval by 1 second c Clear screen a Page down q Quit Dell monitor interface Te 3 1 Dell uptime is 1 day s 4 hour s 31 minute s Monitor time 00 00 00 Refresh Intvl 2s Interface Te 3 1 Disabled Link is Down Linespeed is 1000 Mbit Traffic statistics Current Rate Delta Input bytes 0 0 Bps 0 Output bytes 0 0 Bps 0 I...

Page 415: ...of the cable Enable the interface before starting the test Enable the port to run the test or the test prints an error message 2 Displays TDR test results EXEC Privilege mode show tdr tengigabitethernet slot port subport Non Dell Qualified Transceivers The system supports Dell qualified transceivers and only some of the non Dell qualified transceivers If the system displays an error message simila...

Page 416: ...stem stack unit stack unit number fanout configured command Dell show system stack unit 1 fanout configured Configured fan out ports in stack unit 1 Configured Present 49 49 50 50 51 51 52 52 53 53 54 54 The following example shows the interface status before splitting a 40G interface Dell show interfaces status Port Description Status Speed Duplex Vlan Fo 1 49 Down 40000 Mbit Auto Fo 1 50 Down 40...

Page 417: ...les for a list of supported cables refer to the Installation Guide or the Release Notes NOTE When you split a 40G port such as fo 1 4 into four 10G ports the 40G interface configuration is still available in the startup configuration when you save the running configuration by using the write memory command When a reload of the system occurs the 40G interface configuration is not applicable because...

Page 418: ... SFP or SFP cable into a QSA connected to a 40 Gigabit port Dell Networking OS assumes that all the four fanned out 10 Gigabit ports have plugged in SFP or SFP optical cables However the link UP event happens only for the first 10 Gigabit port and you can use only that port for data transfer As a result only the first fanned out port is identified as the active 10 Gigabit port with a speed of 10G ...

Page 419: ...ollowing show interfaces tengigbitethernet commands the ports 1 2 and 3 are inactive and no physical SFP or SFP connection actually exists on these ports However Dell Networking OS still perceives these ports as valid and the output shows that pluggable media optical cables is inserted into these ports This is a software limitation for this release Dell show interfaces tengigabitethernet 1 1 trans...

Page 420: ...apping by imposing a penalty for each interface flap and decaying the penalty exponentially After the penalty exceeds a certain threshold the interface is put in an Error Disabled state and for all practical purposes of routing the interface is deemed to be down After the interface becomes stable and the penalty decays below a certain threshold the interface comes up again and the routing protocol...

Page 421: ... command from EXEC Privilege mode Dell show interfaces dampening summary 20 interfaces are configured with dampening 3 interfaces are currently suppressed Following interfaces are currently suppressed Te 1 2 Te 3 1 Te 4 2 Dell Clearing Dampening Counters To clear dampening counters and accumulated penalties use the following command Clear dampening counters clear dampening Example of the clear dam...

Page 422: ...e deviation clears another Syslog sends and a clear alarm event generates The link bundle utilization is calculated as the total bandwidth of all links divided by the total bytes per second of all links If you enable monitoring the utilization calculation is performed when the utilization of the link bundle not a link within a bundle exceeds 60 To enable and view link bundle monitoring use the fol...

Page 423: ...nables mirror flow control frames on this port Changes in the flow control values may not be reflected automatically in the show interface output To display the change apply the new flow control setting shutdown the interface using the shutdown command enable the interface using the no shutdown command and use the show interface command to verify the changes Enabling Pause Frames Enable Ethernet p...

Page 424: ... Stack Header 26 bytes Link MTU and IP MTU considerations for port channels and VLANs are as follows Port Channels All members must have the same link MTU value and the same IP MTU value The port channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members For example if the members have a link MTU of 2100 and an IP MTU 2000 the port ch...

Page 425: ...d command manually on both the ends and disable autonegotiation if it is enabled NOTE Setting the Speed of Ethernet Interfaces To discover whether the remote and local interface requires manual speed synchronization and to manually synchronize them if necessary use the following command sequence 1 Determine the local interface status Refer to the following example EXEC Privilege mode show interfac...

Page 426: ...rt 1 1 is set to 100Mb and then its auto negotiation is disabled Dell configure Dell config interface tengig 1 1 Dell conf if te 1 1 speed 100 Dell conf if te 1 1 duplex full Dell conf if te 1 1 no negotiation auto Dell conf if te 1 1 show config interface TenGigabitEthernet 1 1 no ip address speed 100 duplex full no shutdown Set Auto Negotiation Options The negotiation auto command provides a mod...

Page 427: ... configured keyword only interfaces that have non default configurations are displayed Dummy stack unit interfaces created with the stack unit command are treated like any other physical interface Examples of the show Commands The following example lists the possible show commands that have the configured keyword available Dell show interfaces configured Dell show interfaces stack unit 1 configure...

Page 428: ...Ethernet 1 1 is down line protocol is down Hardware is Force10Eth address is 00 01 e8 01 9e d9 Internet address is not set MTU 1554 bytes IP MTU 1500 bytes LineSpeed 10000 Mbit ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 1d23h44m Queueing strategy fifo 0 packets input 0 bytes Input 0 IP Packets 0 Vlans 0 MPLS 0 64 byte pkts 0 over 64 byte pkts 0 over 127 byte pkts 0...

Page 429: ...lt value To configure the number of seconds of traffic statistics to display in the show interfaces output use the following command Configure the number of seconds of traffic statistics to display in the show interfaces output CONFIGURATION Mode rate interval Example of the rate interval Command The bold lines shows the default value of 299 seconds the change rate interval of 100 and the new rate...

Page 430: ...er 64 byte pkts 89 over 127 byte pkts 1 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 13761 Multicasts 9 Broadcasts 162 Unicasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 13908 packets 1114396 bytes 0 underruns 5555 64 byte pkts 8213 over 64 byte pkts 140 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 13727 Multic...

Page 431: ...interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For the Management interface on the stack unit enter the keyword ManagementEthernet then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number f...

Page 432: ...cannot enable IPSec on all packets in a communication session IPSec uses the following protocols Authentication Headers AH Disconnected integrity and origin authentication for IP packets Encapsulating Security Payload ESP Confidentiality authentication and data integrity for IP packets Security Associations SA Necessary algorithmic parameters for AH and ESP functionality IPSec supports the followi...

Page 433: ...28 23 match 1 tcp a 1 128 23 a 2 128 0 match 2 tcp a 1 128 0 a 2 128 21 match 3 tcp a 1 128 21 a 2 128 0 match 4 tcp 1 1 1 1 32 0 1 1 1 2 32 23 match 5 tcp 1 1 1 1 32 23 1 1 1 2 32 0 match 6 tcp 1 1 1 1 32 0 1 1 1 2 32 21 match 7 tcp 1 1 1 1 32 21 1 1 1 2 32 0 3 Apply the crypto policy to management traffic CONFIGURATION mode management crypto policy myCryptoPolicy Internet Protocol Security IPSec...

Page 434: ...e Static Routes for the Management Interface IPv4 Path MTU Discovery Overview Using the Configured Source IP Address in ICMP Messages Configuring the Duration to Establish a TCP Connection Enabling Directed Broadcast Resolution of Host Names Enabling Dynamic Resolution of Host Names Specifying the Local System Domain and a List of Domains Configuring DNS with Traceroute ARP Configuration Tasks for...

Page 435: ...30 bit masks Dell Networking OS supports RFC 3021 with ARP NOTE Even though Dell Networking OS listens to all ports you can only use the ports starting from 35001 for IPv4 traffic Ports starting from 0 to 35000 are reserved for internal use and you cannot use them for IPv4 traffic Configuration Tasks for IP Addresses The following describes the tasks associated with IP address configuration Config...

Page 436: ... Routes A static route is an IP address that you manually configure and that the routing protocol does not learn such as open shortest path first OSPF Often static routes are used as backup routes in case other dynamically learned routes are unreachable You can enter as many static IP addresses as necessary To configure a static route use the following command Configure a static IP address CONFIGU...

Page 437: ...e directly connected subnet of current IP address on the interface Dell Networking OS also installs a next hop that is not on the directly connected subnet but which recursively resolves to a next hop on the interface s configured subnet When the interface goes down Dell Networking OS withdraws the route When the interface comes up Dell Networking OS re installs the route When the recursive resolu...

Page 438: ... the layer 3 VLAN interfaces Because all of the Layer 3 interfaces are mapped to the VLAN ID of 4095 when VLAN sub interfaces are configured on it it is not possible to configure unique layer 3 MTU values for each of the layer 3 interfaces If a VLAN interface contains both IPv4 and IPv6 addresses configured on it both the IPv4 and IPv6 traffic are applied the same MTU size you cannot specify diffe...

Page 439: ... the wait duration in seconds for the TCP connection to be established CONFIGURATION mode Dell conf ip tcp reduced syn ack wait 9 75 You can use the no ip tcp reduced syn ack wait command to restore the default behavior which causes the wait period to be set as 8 seconds 2 View the interval that you configured for the device to wait before the TCP connection is attempted to be established EXEC mod...

Page 440: ...m OK IP 2 2 2 2 patch1 perm OK IP 192 68 69 2 tomm 3 perm OK IP 192 68 99 2 gxr perm OK IP 192 71 18 2 f00 3 perm OK IP 192 71 23 1 Dell To view the current configuration use the show running config resolve command Specifying the Local System Domain and a List of Domains If you enter a partial domain Dell Networking OS can search different domains to finish or fully qualify that partial domain A f...

Page 441: ...raceroute www force10networks com Translating www force10networks com domain server 10 11 0 1 OK Type Ctrl C to abort Tracing the route to www force10networks com 10 11 84 18 30 hops max 40 byte packets TTL Hostname Probe1 Probe2 Probe3 1 10 11 199 190 001 000 ms 001 000 ms 002 000 ms 2 gwegress sjc 02 force10networks com 10 11 30 126 005 000 ms 001 000 ms 001 000 ms 3 fw sjc 01 force10networks co...

Page 442: ...tion to configure a static ARP on that particular VRF ip address IP address in dotted decimal format A B C D mac address MAC address in nnnn nnnn nnnn format interface enter the interface type slot port information For 10G interfaces enter the slot port information Example of the show arp Command These entries do not age and can only be removed manually To remove a static ARP entry use the no arp ...

Page 443: ...h extreme caution ARP Learning via Gratuitous ARP Gratuitous ARP can mean an ARP request or reply In the context of ARP learning via gratuitous ARP on Dell Networking OS the gratuitous ARP is a request A gratuitous ARP request is an ARP request that is not needed according to the ARP specification but one that hosts may send to detect IP address conflicts inform switches of their presence on a por...

Page 444: ...with the source IP of the request Configuring ARP Retries You can configure the number of ARP retries The default backoff interval remains at 20 seconds On the device the time between ARP resend is configurable This timer is an exponential backoff timer Over the specified period the time between ARP requests increases This time increase reduces the potential for the system to slow down while waiti...

Page 445: ...re disabled When enabled ICMP unreachable messages are created and sent out all interfaces To disable and re enable ICMP unreachable messages use the following commands To disable ICMP unreachable messages INTERFACE mode no ip unreachable Set Dell Networking OS to create and send ICMP unreachable messages on the interface INTERFACE mode ip unreachable To view if ICMP unreachable messages are sent ...

Page 446: ...e 1 1 ip udp helper udp port 1000 Dell conf if te 1 1 show config interface TenGigabitEthernet 1 1 ip address 2 1 1 1 24 ip udp helper udp port 1000 no shutdown To view the interfaces and ports on which you enabled UDP helper use the show ip udp helper command from EXEC Privilege mode Dell show ip udp helper Port UDP port list te 1 1 1000 Configuring a Broadcast Address To configure a broadcast ad...

Page 447: ...e address to match the configured broadcast address In the following illustration 1 Packet 1 is dropped at ingress if you did not configure UDP helper address 2 If you enable UDP helper using the ip udp helper udp port command and the UDP destination port of the packet matches the UDP port configured the system changes the destination address to the configured broadcast 1 1 255 255 and routes the ...

Page 448: ...ed on VLAN 101 in its original condition as the forwarding process is Layer 2 Figure 53 UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces In the following illustration Packet 1 has a destination IP address that ma...

Page 449: ...ffffff will be sent on Te 5 2 Te 5 3 Vlan 3 01 44 54 Pkt rcvd on Te 7 1 is handed over for DHCP processing When using the IP helper and UDP helper on the same interface use the debug ip dhcp command Example Output from the debug ip dhcp Command Packet 0 0 0 0 68 255 255 255 255 67 TTL 128 2005 11 05 11 59 35 RELAY I PACKET BOOTP REQUEST Unicast received at interface 172 21 50 193 BOOTP Request XID...

Page 450: ...rms refer to Implementing IPv6 with Dell Networking OS NOTE Even though Dell Networking OS listens to all ports you can only use the ports starting from 1024 for IPv6 traffic Ports from 0 to 1023 are reserved for internal use and you cannot use them for IPv6 traffic Topics Protocol Overview Implementing IPv6 with Dell Networking OS ICMPv6 Path MTU Discovery IPv6 Neighbor Discovery Configuration Ta...

Page 451: ...dresses using the dynamic host control protocol DHCP servers via stateful auto configuration NOTE Dell Networking OS provides the flexibility to add prefixes on Router Advertisements RA to advertise responses to Router Solicitations RS By default RA response messages are sent when an RS message is received Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side...

Page 452: ...ding and forwarding routers use this field to identify different IPv6 classes and priorities Routers understand the priority settings and handle them appropriately during conditions of congestion Flow Label 20 bits The Flow Label field identifies packets requiring special treatment in order to manage real time data traffic The sending router can label sequences of IPv6 packets so that forwarding r...

Page 453: ...gmentation header 50 Encrypted Security 51 Authentication header 59 No Next Header 60 Destinations option header NOTE This table is not a comprehensive list of Next Header field values For a complete and current listing refer to the Internet Assigned Numbers Authority IANA web page at Hop Limit 8 bits The Hop Limit field shows the number of hops remaining for packet processing In IPv4 this is know...

Page 454: ... by the value 0 zero in the Next Header field Extension headers are processed in the order in which they appear in the packet header Hop by Hop Options Header The Hop by Hop options header contains information that is examined by every router along the packet s path It follows the IPv6 header and is designated by the Next Header value 0 zero When a Hop by Hop Options header is not included the rou...

Page 455: ...e written using classless inter domain routing CIDR notation An IPv6 network or subnet is a contiguous group of IPv6 addresses the size of which must be a power of two the initial bits of addresses which are identical for all hosts in the network are called the network s prefix A network is denoted by the first address in the network and the size in bits of the prefix in decimal separated with a s...

Page 456: ...troduction Documentation and Chapter Location S4048 ON Basic IPv6 Commands 9 8 0 0 IPv6 Basic Commands in the Dell Networking OS Command Line Interface Reference Guide IPv6 Basic Addressing IPv6 address types Unicast 9 7 0 1 Extended Address Space IPv6 neighbor discovery 9 7 0 1 IPv6 Neighbor Discovery IPv6 stateless autoconfiguration 9 7 0 1 Stateless Autoconfiguration IPv6 MTU path discovery 9 7...

Page 457: ...and Line Reference Guide Telnet server over IPv6 inbound Telnet 9 7 0 1 Configuring Telnet with IPv6 Control and Monitoring in the Dell Networking OS Command Line Reference Guide Secure Shell SSH client support over IPv6 outbound SSH Layer 3 only 9 7 0 1 Secure Shell SSH Over an IPv6 Transport Secure Shell SSH server support over IPv6 inbound SSH Layer 3 only 9 7 0 1 Secure Shell SSH Over an IPv6 ...

Page 458: ...reater MTU settings increase processing efficiency because each packet carries more data while protocol overheads for example headers or underlying per packet delays remain fixed Figure 56 Path MTU Discovery Process IPv6 Neighbor Discovery The IPv6 neighbor discovery protocol NDP is a top level protocol for neighbor discovery on an IPv6 network In place of address resolution protocol ARP NDP uses ...

Page 459: ...List for IPv6 RDNSS This section describes how to configure the IPv6 Recursive DNS Server This sections contains the following configuration task list for IPv6 RDNSS Configuring the IPv6 Recursive DNS Server Debugging IPv6 RDNSS Information Sent to the Host Displaying IPv6 RDNSS Information Configuring the IPv6 Recursive DNS Server You can configure up to four Recursive DNS Server RDNSS addresses ...

Page 460: ...igured correctly use the debug ipv6 nd command in EXEC Privilege mode Example of Debugging IPv6 RDNSS Information Sent to the Host The following example debugs IPv6 RDNSS information sent to the host Dell conf if te 1 1 do debug ipv6 nd tengigabitethernet 1 1 ICMPv6 Neighbor Discovery packet debugging is on for tengigabitethernet 1 1 Dell conf if te 1 1 00 13 02 cp ICMPV6 ND Sending RA on Te 1 1 c...

Page 461: ...er advertisements are sent every 198 to 600 seconds ND router advertisements live for 1800 seconds ND advertised hop limit is 64 IPv6 hop limit for originated packets is 64 ND dns server address is 1000 1 with lifetime of 1 seconds ND dns server address is 3000 1 with lifetime of 1 seconds ND dns server address is 2000 1 with lifetime of 0 seconds IP unicast RPF check is not supported To display I...

Page 462: ...rofile allocations can use either even or odd numbered ranges The default option sets the CAM Profile as follows L3 ACL ipv4acl 6 L2 ACL l2acl 5 IPv6 L3 ACL ipv6acl 0 L3 QoS ipv4qos 1 L2 QoS l2qos 1 To have the changes take effect save the new CAM settings to the startup config write mem or copy run start then reload the system for the new settings Allocate space for IPV6 ACLs Enter the CAM profil...

Page 463: ...d as described in Addressing Assigning a Static IPv6 Route To configure IPv6 static routes use the ipv6 route command NOTE After you configure a static IPv6 route the ipv6 route command and configure the forwarding router s address specified in the ipv6 route command on a neighbor s interface the IPv6 neighbor does not display in the show ipv6 route command output Set up IPv6 static routes CONFIGU...

Page 464: ...notifications from a device running Dell Networking OS IPv6 The Dell Networking OS SNMP server commands for IPv6 have been extended to support IPv6 For more information regarding SNMP commands refer to the SNMP and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide snmp server host snmp server user ipv6 snmp server community ipv6 snmp server community access list name...

Page 465: ...n a number from 1 to 4094 Example of the show ipv6 interface Command Dell show ipv6 int ManagementEthernet 1 1 ManagementEthernet 1 1 is up line protocol is up IPV6 is enabled Stateless address autoconfiguration is enabled Link Local address fe80 201 e8ff fe8b 386e Global Unicast address es Actual address is 400 201 e8ff fe8b 386e subnet is 400 64 Actual address is 412 201 e8ff fe8b 386e subnet is...

Page 466: ...6 route summary command Dell show ipv6 route summary Route Source Active Routes Non active Routes connected 5 0 static 0 0 Total 5 0 The following example shows the show ipv6 route command Dell show ipv6 route Codes C connected L local S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OS...

Page 467: ...own Dell Clearing IPv6 Routes To clear routes from the IPv6 routing table use the following command Clear refresh all or a specific route from the IPv6 routing table EXEC mode clear ipv6 route ipv6 address prefix length all routes ipv6 address the format is x x x x x mask the prefix length is from 0 to 128 NOTE IPv6 addresses are normally written as eight groups of four hexadecimal digits where ea...

Page 468: ...vice role host router Use the keyword host to set the device role as host Use the keyword router to set the device role as router 5 Set the hop count limit POLICY LIST CONFIGURATION mode hop limit maximum minimum limit The hop limit range is from 0 to 254 6 Set the managed address configuration flag POLICY LIST CONFIGURATION mode managed config flag on off 7 Enable verification of the sender IPv6 ...

Page 469: ...on time range is from 100 to 4 294 967 295 milliseconds 15 Display the configurations applied on the RA guard policy mode POLICY LIST CONFIGURATION mode show config Example of the show config Command Dell conf ra_guard_policy_list show config ipv6 nd ra guard policy test device role router hop limit maximum 251 mtu 1350 other config flag on reachable time 540 retrans timer 101 router preference ma...

Page 470: ...ra guard policy test ipv6 nd ra guard policy test device role router hop limit maximum 1 match ra ipv6 access list access other config flag on router preference maximum medium trusted port Interfaces Te 1 1 Dell Monitoring IPv6 RA Guard To debug IPv6 RA guard use the following command EXEC Privilege mode debug ipv6 nd ra guard interface slot port subport count value The count range is from 1 to 65...

Page 471: ...mination of iSCSI connections The switch uses the snooped information to detect iSCSI sessions and connections established through the switch iSCSI optimization allows you to reduce deployment time and management complexity in data centers In a data center network Dell EqualLogic and Compellent iSCSI storage arrays are connected to a converged Ethernet network using the data center bridging exchan...

Page 472: ...formation is not available in the show commands NOTE After a switch is reloaded powercycled or upgraded the system may display the ACL_AGENT 3 ISCSI_OPT_MAX_SESS_LIMIT_REACHED Monitored iSCSI sessions reached maximum limit log message This cannot be inferred as the maximum supported iSCSI sessions are reached Also number of iSCSI sessions displayed on the system may show any number equal to or les...

Page 473: ...ority or IP DSCP mapping to determine the traffic class queue By default iSCSI flows are assigned to dot1p priority 4 To map incoming iSCSI traffic on an interface to a dot1p priority queue other than 4 use the QoS dot1p priority command refer to QoS dot1p Traffic Classification and Queue Assignment Dell Networking recommends setting the CoS dot1p priority queue to 0 zero You can configure whether...

Page 474: ... The switch uses the link layer discovery protocol LLDP to discover Dell EqualLogic devices on the network LLDP is enabled by default For more information about LLDP refer to Link Layer Discovery Protocol LLDP The following message displays the first time a Dell EqualLogic array is detected and describes the configuration changes that are automatically performed STKUNIT0 M CP IFMGR 5 IFM_ISCSI_AUT...

Page 475: ...tion The following describes enabling and disabling iSCSI optimizaiton NOTE iSCSI monitoring is disabled by default iSCSI auto configuration and auto detection is enabled by default If you enable iSCSI flow control is automatically enabled on all interfaces To disable flow control on all interfaces use the no flow control rx on tx off command and save the configuration To disable iSCSI optimizatio...

Page 476: ...configurable Remark Not configured iSCSI session aging time 10 minutes iSCSI optimization target ports iSCSI well known ports 3260 and 860 are configured as default with no IP address or name but can be removed as any other configured target iSCSI session monitoring Disabled The CAM allocation for iSCSI is set to zero 0 iSCSI Optimization Prerequisites The following are iSCSI optimization prerequi...

Page 477: ...ure the iSCSI target ports and optionally the IP addresses on which iSCSI communication is monitored CONFIGURATION mode no iscsi target port tcp port 1 tcp port 2 tcp port 16 ip address address tcp port n is the TCP port number or a list of TCP port numbers on which the iSCSI target listens to requests You can configure up to 16 target TCP ports on the switch in one command or multiple commands Th...

Page 478: ...ing time for iSCSI session monitoring CONFIGURATION mode no iscsi aging time time The range is from 5 to 43 200 minutes The default is 10 minutes 9 Optional Configures DCBX to send iSCSI TLV advertisements LLDP CONFIGURATION mode or INTERFACE LLDP CONFIGURATION mode no advertise dcbx app tlv iscsi You can send iSCSI TLVs either globally or on a specified interface The interface configuration takes...

Page 479: ... iom011 iqn 1991 05 com microsoft win x9l8v27yajg ISID 400001370000 The following example shows the show iscsi session detailed command VLT PEER1 Dell show iscsi session detailed Session 0 Target iqn 2010 11 com ixia ixload iscsi TG1 Initiator iqn 2010 11 com ixia ixload initiator iscsi 2c Up Time 00 00 01 28 DD HH MM SS Time for aging out 00 00 09 34 DD HH MM SS ISID 806978696102 Initiator Initia...

Page 480: ...uters Only Level 2 routers can exchange data packets or routing information directly with external routers located outside of the routing domains Level 1 2 systems manage both inter area and intra area traffic by maintaining two separate link databases one for Level 1 routes and one for Level 2 routes A Level 1 2 router does not advertise Level 2 routes to a Level 1 router To establish adjacencies...

Page 481: ...rtise IPv6 information in link state packets LSPs are defined to use only extended metrics The multi topology ID is shown in the first octet of the IS IS packet Certain MT topologies are assigned to serve predetermined purposes MT ID 0 Equivalent to the standard topology MT ID 1 Reserved for IPv4 in band management purposes MT ID 2 Reserved for IPv6 routing topology MT ID 3 Reserved for IPv4 multi...

Page 482: ...omputed by an active RPM have been downloaded into the forwarding information base FIB on the line cards the data plane For packets that have existing FIB content addressable memory CAM entries forwarding between ingress and egress ports can continue uninterrupted while the control plane IS IS process comes back to full functionality and rebuilds its routing tables A new TLV the Restart TLV is int...

Page 483: ... the PDUs Processes IPv6 information received in the PDUs Computes routes to IPv6 destinations Downloads IPv6 routes to the RTM for installing in the FIB Accepts external IPv6 information and advertises this information in the PDUs The following table lists the default IS IS values Table 44 IS IS Default Values IS IS Parameter Default Value Complete sequence number PDU CSNP interval 10 seconds IS ...

Page 484: ...forms Level 1 adjacencies with a neighboring Level 1 router and forms Level 2 adjacencies with a neighboring Level 2 router NOTE Even though you enable IS IS globally enable the IS IS process on an interface for the IS IS process to exchange protocol information and form adjacencies To configure IS IS globally use the following commands 1 Create an IS IS routing process CONFIGURATION mode router i...

Page 485: ...4 interface ROUTER ISIS mode ip router isis tag If you configure a tag variable it must be the same as the tag variable assigned in step 1 7 Enable IS IS on the IPv6 interface ROUTER ISIS mode ipv6 router isis tag If you configure a tag variable it must be the same as the tag variable assigned in step 1 Examples of the show isis Commands The default IS type is level 1 2 To change the IS type to Le...

Page 486: ...ardless of the area address configured However if the area addresses are different the link between the Level 2 routers is only at Level 2 Configuring Multi Topology IS IS MT IS IS To configure multi topology IS IS MT IS IS use the following commands 1 Enable multi topology IS IS for IPv6 ROUTER ISIS AF IPV6 mode multi topology transition Enter the keyword transition to allow an IS IS IPv6 user to...

Page 487: ... time that the graceful restart timer T1 defines for a restarting router to use for each interface as an interval before regenerating Restart Request an IIH with RR bit set in Restart TLV after waiting for an acknowledgement ROUTER ISIS mode graceful restart t1 interval seconds retry times value interval wait time the range is from 5 to 120 The default is 5 retry times number of times an unacknowl...

Page 488: ...level 2 Restart ACK rcv count 0 level 1 0 level 2 Restart Req rcv count 0 level 1 0 level 2 Suppress Adj rcv count 0 level 1 0 level 2 Restart CSNP rcv count 0 level 1 0 level 2 Database Sync count 0 level 1 0 level 2 Circuit TenGigabitEthernet 2 10 Mode Normal L1 State NORMAL L2 State NORMAL L1 Send Receive RR 0 0 RA 0 0 SA 0 0 T1 time left 0 retry count left 0 L2 Send Receive RR 0 0 RA 0 0 SA 0 ...

Page 489: ...m 0 to 120 The default is 5 seconds The default level is Level 1 Set the LSP size ROUTER ISIS mode lsp mtu size size the range is from 128 to 9195 The default is 1497 Set the LSP refresh interval ROUTER ISIS mode lsp refresh interval seconds seconds the range is from 1 to 65535 The default is 900 seconds Set the maximum time LSPs lifetime ROUTER ISIS mode max lsp lifetime seconds seconds the range...

Page 490: ...st Range Supported on IS IS Interfaces narrow Sends and accepts narrow or old TLVs Type Length Value 0 to 63 wide Sends and accepts wide or new TLVs 0 to 16777215 transition Sends both wide new and narrow old TLVs 0 to 63 narrow transition Sends narrow old TLVs and accepts both narrow old and wide new TLVs 0 to 63 wide transition Sends wide new TLVs and accepts both narrow old and wide new TLVs 0 ...

Page 491: ...an IPv6 link or interface INTERFACE mode isis ipv6 metric default metric level 1 level 2 default metric the range is from 0 to 63 for narrow and transition metric styles The range is from 0 to 16777215 for wide metric styles The default is 10 The default level is level 1 For more information about this command refer to Configuring the IS IS Metric Style The following table describes the correct va...

Page 492: ... State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL B233 00 00 0x00000003 0x07BF 1088 0 0 0 eljefe 00 00 0x00000009 0xF76A 1126 0 0 0 eljefe 01 00 0x00000001 0x68DF 1122 0 0 0 eljefe 02 00 0x00000001 0x2E7F 1113 0 0 0 Force10 00 00 0x00000002 0xD1A7 1102 0 0 0 IS IS Level 2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL B233 00 00 0x00000006 0xC38A 1124 0...

Page 493: ...information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For a port channel interface enter the keywords port channel then a number For a VLAN interface ent...

Page 494: ... ROUTER ISIS AF IPV6 mode distribute list redistributed override in Redistributing IPv4 Routes In addition to filtering routes you can add routes from other routing instances or protocols to the IS IS process With the redistribute command syntax you can include BGP OSPF RIP static or directly connected routes in the IS IS process NOTE Do not route iBGP routes to IS IS unless there are route maps a...

Page 495: ...l 2 assign all redistributed routes to a level The default is level 2 metric value the range is from 0 to 16777215 The default is 0 metric type choose either external or internal The default is internal map name enter the name of a configured route map Include specific OSPF routes in IS IS ROUTER ISIS mode redistribute ospf process id level 1 level 1 2 level 2 metric value match external 1 2 match...

Page 496: ...n EXEC Privilege mode To remove a password use either the no area password or no domain password commands in ROUTER ISIS mode Setting the Overload Bit Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first SPF calculations For example if the IS IS routing database is out of memory and cannot accept new LSPs Dell Netwo...

Page 497: ...about IS IS local update packets EXEC Privilege mode debug isis local updates interface To view specific information enter the following optional parameter interface Enter the type of interface and slot port information to view IS IS information on that interface only View IS IS SNP packets include CSNPs and PSNPs EXEC Privilege mode debug isis snp packets interface To view specific information en...

Page 498: ...e TLV Configure Metric Values For any level Level 1 Level 2 or Level 1 2 the value range possible in the isis metric command in INTERFACE mode changes depending on the metric style The following describes the correct value range for the isis metric command Metric Style Correct Value Range for the isis metric Command wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition ...

Page 499: ...de original value narrow transition original value narrow narrow transition original value narrow wide transition original value transition wide original value transition narrow original value transition narrow original value transition wide transition original value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narro...

Page 500: ...ffer Leaks from One Level to Another In the following scenarios each IS IS level is configured with a different metric style Table 48 Metric Value with Different Levels Configured with Different Metric Styles Level 1 Metric Style Level 2 Metric Style Resulting Metric Value narrow wide original value narrow wide transition original value narrow narrow transition original value narrow transition ori...

Page 501: ... the router Dell clear isis ISIS not enabled Dell clear isis 9999 You can configure IPv6 IS IS routes in one of the following three different methods Congruent Topology You must configure both IPv4 and IPv6 addresses on the interface Enable the ip router isis and ipv6 router isis commands on the interface Enable the wide metrics parameter in router isis configuration mode Multi topology You must c...

Page 502: ...0000 0000 AAAA 00 Dell conf router_isis Dell conf if te 3 17 show config interface TenGigabitEthernet 3 17 ipv6 address 24 3 1 76 ipv6 router isis no shutdown Dell conf if te 3 17 Dell conf router_isis show config router isis net 34 0000 0000 AAAA 00 address family ipv6 unicast multi topology exit address family Dell conf router_isis Dell conf if te 3 17 show config interface TenGigabitEthernet 3 ...

Page 503: ...ntly exchanging custom MAC protocol data units PDUs across local area network LAN Ethernet links The protocol packets are only exchanged between ports that are configured as LACP capable Important Points to Remember LACP allows you to add members to a port channel LAG as long as it has no static members Conversely if the LAG already contains a statically defined member the channel member command t...

Page 504: ... port in Active state A port in Active state can set up a LAG with another port in Passive state A port in Passive state cannot set up a LAG with another port in Passive state Configuring LACP Commands If you configure aggregated ports with compatible LACP modes Off Active Passive LACP can automatically link them as defined in IEEE 802 3 Section 43 To configure LACP use the following commands Conf...

Page 505: ...s in the default VLAN To place the LAG into a non default VLAN use the tagged command on the LAG Dell conf interface vlan 10 Dell conf if vl 10 tagged port channel 32 Configuring the LAG Interfaces as Dynamic After creating a LAG configure the dynamic LAG interfaces To configure the dynamic LAG interfaces use the following command Configure the dynamic LAG interfaces CONFIGURATION mode port channe...

Page 506: ... can enter the lacp long timeout command for static LAGs but it has no effect To configure LACP long timeout use the following command Set the LACP timeout value to 30 seconds CONFIG INT PO mode lacp long timeout Example of the lacp long timeout and show lacp Commands Dell conf interface port channel 32 Dell conf if po 32 no shutdown Dell conf if po 32 switchport Dell conf if po 32 lacp long timeo...

Page 507: ...c through the next lowest cost link R3 to R4 Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails so that traffic can be redirected This redirection is what is meant by shared LAG state tracking To achieve this functionality you must group LAG 1 and LAG 2 into a single entity called a failover group Configuring Shared LAG State Tracking To configure shared LAG state tracking you c...

Page 508: ...hanged interface state to down Po 2 To view the status of a failover group member use the show interface port channel command Dell show interface port channel 2 Port channel 2 is up line protocol is down Failover group 1 is down Hardware address is 00 01 e8 05 e8 4c Current address is 00 01 e8 05 e8 4c Interface index is 1107755010 Minimum number of links to bring Port channel up is 1 Port channel...

Page 509: ...d on the following example topology Two routers are named ALPHA and BRAVO and their hostname prompts reflect those names Figure 63 LACP Basic Configuration Example Configure a LAG on ALPHA The following example creates a LAG on ALPHA Example of Configuring a LAG Alpha conf interface port channel 10 Alpha conf if po 10 no ip address Alpha conf if po 10 switchport Alpha conf if po 10 no shutdown Alp...

Page 510: ...ts 12 over 64 byte pkts 120 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 132 Multicasts 0 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 136 packets 16718 bytes 0 underruns 0 64 byte pkts 15 over 64 byte pkts 121 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 136 Multicasts 0 Broadcasts...

Page 511: ...Figure 64 Inspecting the LAG Configuration Link Aggregation Control Protocol LACP 511 ...

Page 512: ...Figure 65 Inspecting Configuration of LAG 10 on ALPHA 512 Link Aggregation Control Protocol LACP ...

Page 513: ...ha conf if te 2 31 port channel protocol lacp Alpha conf if te 2 31 lacp port channel 10 mode active Alpha conf if te 2 31 lacp no shut Alpha conf if te 2 31 show config interface GigabitEthernet 2 31 no ip address port channel protocol LACP port channel 10 mode active no shutdown Alpha conf if te 2 31 interface Port channel 10 no ip address switchport no shutdown interface TenGigabitEthernet 2 31...

Page 514: ...Bravo conf no ip address Bravo conf no switchport Bravo conf shutdown Bravo conf if te 3 21 port channel protocol lacp Bravo conf if te 3 21 lacp port channel 10 mode active Bravo conf if te 3 21 lacp no shut Bravo conf if te 3 21 end interface TenGigabitEthernet 3 21 no ip address port channel protocol LACP port channel 10 mode active no shutdown Bravo conf if te 3 21 end int port channel 10 no i...

Page 515: ...Figure 67 Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol LACP 515 ...

Page 516: ...Figure 68 Inspecting LAG 10 Using the show interfaces port channel Command 516 Link Aggregation Control Protocol LACP ...

Page 517: ...ed on both synchronous and asynchronous lines and can operate in Half Duplex or Full Duplex mode It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection As its name implies it is for point to point connections between exactly two devices and assumes that frames are sent and received in the same order Link Aggregation Co...

Page 518: ...ed entry all deletes all dynamic entries interface deletes all entries for the specified interface vlan deletes all entries for the specified VLAN Setting the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries which means that they are subject to aging For any dynamic entry if no packet arrives on the switch with the MAC address as the source or destin...

Page 519: ...entries for the specified VLAN MAC Learning Limit MAC address learning limit is a method of port security on Layer 2 port channel and physical interfaces and VLANs It allows you to set an upper limit on the number of MAC addresses that learned on an interface VLAN After the limit is reached the system drops all traffic from a device with an unlearned MAC address This section describes the followin...

Page 520: ...n and are subject to aging Entries created before this option is set are not affected Dell Networking OS Behavior If you do not configure the dynamic option the system does not detect station moves in which a MAC address learned from a MAC limited port is learned on another port on the same system Therefore any configured violation response to detected station moves is not performed When a MAC add...

Page 521: ... with a MAC learning limit use the following command Display a list of all interfaces with a MAC learning limit EXEC Privilege mode show mac learning limit Dell Networking OS Behavior The systems do not generate a station move violation log entry for physical interfaces or port channels when you configure mac learning limit or when you configure mac learning limit station move violation log Dell N...

Page 522: ...learning limit violate action NOTE When the MAC learning limit MLL is configured as no station move the MLL will be processed as static entries internally For static entries the MAC address will be installed in all port pipes irrespective of the VLAN membership Recovering from Learning Limit and Station Move Violations After a learning limit or station move violation shuts down an interface you mu...

Page 523: ...cing and to fully utilize network adapter resources The following illustration shows a topology where two NICs have been teamed together In this case if the primary NIC fails traffic switches to the secondary NIC because they are represented by the same set of addresses Figure 70 Redundant NICs with NIC Teaming When you use NIC teaming consider that the server MAC address is originally learned on ...

Page 524: ...t links in networks that do not use STP by configuring backup interfaces for the interfaces on either side of the primary link NOTE For more information about STP refer to Spanning Tree Protocol STP Assign a backup interface to an interface using the switchport backup command The backup interface remains in a Down state until the primary fails at which point it transitions to Up state If the prima...

Page 525: ...or dynamic LAG primary interface is a static or dynamic LAG the backup interface can be a physical interface primary interface is a static or dynamic LAG the backup interface can be a static or dynamic LAG In a redundant pair any combination of physical and port channel interfaces is supported as the two interfaces in a redundant pair For example you can configure a static without LACP or dynamic ...

Page 526: ...own interface TenGigabitEthernet 3 42 no ip address switchport no shutdown Dell conf if range te 3 41 42 Dell conf if range te 3 41 42 do show ip int brief find 3 41 TenGigabitEthernet 3 41 unassigned YES Manual up up TenGigabitEthernet 3 42 unassigned NO Manual up down output omitted Dell conf if range te 3 41 42 interface tengig 3 41 Dell conf if te 3 41 shutdown 00 24 53 RPM0 P CP IFMGR 5 ASTAT...

Page 527: ...tion Far end failure detection FEFD is a protocol that senses remote data link errors in a network FEFD responds by sending a unidirectional report that triggers an echoed response after a specified time interval You can enable FEFD globally or locally on an interface basis Disabling the global FEFD configuration does not disable the interface configuration Figure 73 Configuring Far End Failure De...

Page 528: ... intervals the state changes to Err disabled You must manually reset all interfaces in the Err disabled state using the fefd reset interface command in EXEC privilege mode it can be done globally or one interface at a time before the FEFD enabled system can become operational again Table 49 State Change When Configuring FEFD Local Event Mode Local State Remote State Local Admin Status Local Protoc...

Page 529: ...hutdown 3 Enable fefd globally CONFIGURATION mode fefd global interval mode Example of the show fefd Command To display information about the state of each interface use the show fefd command in EXEC privilege mode Dell show fefd FEFD is globally ON interval is 3 seconds mode is Normal INTERFACE MODE INTERVAL STATE second Te 1 1 Normal 3 Bi directional Te 1 2 Normal 3 Admin Shutdown Te 1 3 Normal ...

Page 530: ...ode normal no shutdown Dell conf if te 1 1 do show fefd grep 1 1 Te 1 1 Normal 3 Unknown Debugging FEFD To debug FEFD use the first command To provide output for each packet transmission over the FEFD enabled connection use the second command Display output whenever events occur that initiate or disrupt an FEFD enabled connection EXEC Privilege mode debug fefd events Provide output for each packet...

Page 531: ... 1 1 Peer info Mgmt Mac 00 01 e8 14 89 25 Slot Port Te 4 1 Sender hold time 3 second An RPM Failover In the event that an RPM failover occurs FEFD becomes operationally down on all enabled ports for approximately 8 10 seconds before automatically becoming operational again 02 05 2009 12 40 38 Local7 Debug 10 16 151 12 Feb 5 07 06 09 RPM1 S CP RAM 6 FAILOVER_REQ RPM failover request from active pee...

Page 532: ... The kind of information included in the TLV Length The value in octets of the TLV after the Length field Value The configuration information that the agent is advertising The chassis ID TLV is shown in the following illustration Figure 74 Type Length Value TLV Segment TLVs are encapsulated in a frame called an LLDP data unit LLDPDU shown in the following table which is transmitted from one LLDP e...

Page 533: ... sub types are Management TLVs IEEE 802 1 IEEE 802 3 and TIA 1057 Organizationally Specific TLVs Figure 75 LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs management TLVs IEEE 802 1 and 802 3 organizationally specific TLVs and TIA 1057 organizationally specific TLVs Management TLVs A management TLV is an optional TLVs sub type This kind of TLV contains essential mana...

Page 534: ...phone DOCSIS cable device end station only or other 8 Management address Indicates the network address of the management interface Dell Networking OS does not currently support this TLV IEEE 802 1 Organizationally Specific TLVs 127 Port VLAN ID On Dell Networking systems indicates the untagged VLAN to which a port belongs 127 Port and Protocol VLAN ID On Dell Networking systems indicates the tagge...

Page 535: ...MED Endpoint Device any device that is on an IEEE 802 LAN network edge can communicate using IP and uses the LLDP MED framework LLDP MED Network Connectivity Device any device that provides access to an IEEE 802 LAN to an LLDP MED endpoint device and supports IEEE 802 1AB LLDP and TIA 1057 LLDP MED The Dell Networking system is an LLDP MED network connectivity device Regarding connected endpoint d...

Page 536: ...l in LLDP MED devices None or all TLVs must be supported Dell Networking OS does not currently support these TLVs 127 5 Inventory Hardware Revision Indicates the hardware revision of the LLDP MED device 127 6 Inventory Firmware Revision Indicates the firmware revision of the LLDP MED device 127 7 Inventory Software Revision Indicates the software revision of the LLDP MED device 127 8 Inventory Ser...

Page 537: ...g OS using the advertise med command the system begins transmitting this TLV Figure 77 LLDP MED Capabilities TLV Table 53 Dell Networking OS LLDP MED Capabilities Bit Position TLV Dell Networking OS Support 0 LLDP MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI PSE Yes 4 Extended Power via MDI PD No 5 Inventory No 6 15 reserved No Table 54 LLDP MED ...

Page 538: ...ting interactive voice services 2 Voice Signaling Specify this application type only if voice control packets use a separate network policy than voice data 3 Guest Voice Specify this application type for a separate limited voice service for guest users with their own IP telephony handsets and other appliances supporting interactive voice services 4 Guest Voice Signaling Specify this application ty...

Page 539: ...working advertises the maximum amount of power that can be supplied on the port By default the power is 15 4W which corresponds to a power value of 130 based on the TIA 1057 specification You can advertise a different power value using the max milliwatts option with the power inline auto static command Dell Networking also honors the power value power requirement the powered device sends when the ...

Page 540: ...llo LLDP hello configuration mode LLDP mode configuration default rx and tx multiplier LLDP multiplier configuration no Negate a command or set its defaults show Show LLDP configuration Dell conf lldp exit Dell conf interface tengigabitethernet 1 3 Dell conf if te 1 3 protocol lldp Dell conf if te 1 3 lldp advertise Advertise TLVs disable Disable LLDP protocol on this interface end Exit from confi...

Page 541: ...DP on management ports use the following command 1 Enter Protocol LLDP mode CONFIGURATION mode protocol lldp 2 Enter LLDP management interface mode LLDP MANAGEMENT INTERFACE mode management interface 3 Enter the disable command LLDP MANAGEMENT INTERFACE mode To undo an LLDP management port configuration precede the relevant command with the keyword no Advertising TLVs You can configure the system ...

Page 542: ...s system capabilities system description For 802 1 TLVs port protocol vlan id port vlan id vlan name For 802 3 TLVs max frame size For TIA 1057 TLVs guest voice guest voice signaling location identification power via mdi softphone voice streaming video video conferencing video signaling voice voice signaling In the following example LLDP is enabled globally R1 and R2 are transmitting periodic LLDP...

Page 543: ...Dell conf if te 1 31 lldp show config protocol lldp Dell conf if te 1 31 lldp Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising use the following commands Display brief information about adjacent devices show lldp neighbors Display all of the information that neighbors are advertisin...

Page 544: ...05 51 PDT 1999 2014 Existing System Capabilities Repeater Bridge Router Enabled System Capabilities Repeater Bridge Router Remote Port Vlan ID 1 Port and Protocol Vlan ID 1 Capability Supported Status Enabled Configuring LLDPDU Intervals LLDPDUs are transmitted periodically the default interval is 30 seconds To configure LLDPDU intervals use the following command Configure a non default transmit i...

Page 545: ...rtise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp mode rx Rx only tx Tx only R1 conf lldp mode tx R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description mode tx no disable R1 conf lldp no mode R1 ...

Page 546: ...t vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description multiplier 5 no disable R1 conf lldp no multiplier R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Debugging LLDP You can vie...

Page 547: ...ed and transmitted LLDP MED TLVs Table 56 LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit receive or both msgTxHold lldpMessageTxHoldMultiplier Multiplier value msgTxInterval lldpMessageTxInterval Transmit Interval value rxInfoTTL lldpRxInfoTTL ...

Page 548: ...number of LLDP frames received through the port statsFramesOutTotal lldpStatsTxPortFramesTotal Total number of LLDP frames transmitted through the port statsTLVsDiscardedTotal lldpStatsRxPortTLVsDiscardedTotal Total number of TLVs received then discarded statsTLVsUnrecognizedTotal lldpStatsRxPortTLVsUnrecognizedTot al Total number of all TLVs the local agent does not recognize Table 57 LLDP System...

Page 549: ... lldpLocManAddrIfId Remote lldpRemManAddrIfId OID Local lldpLocManAddrOID Remote lldpRemManAddrOID Table 58 LLDP 802 1 Organizationally specific TLV MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object 127 Port VLAN ID PVID Local lldpXdot1LocPortVlanId Remote lldpXdot1RemPortVlanId 127 Port and Protocol VLAN ID port and protocol VLAN supported Local lldpXdot1LocProtoVlanSupp orted Rem...

Page 550: ...iceClass 2 Network Policy Application Type Local lldpXMedLocMediaPolicyAp pType Remote lldpXMedRemMediaPolicyA ppType Unknown Policy Flag Local lldpXMedLocMediaPolicyUn known Remote lldpXMedLocMediaPolicyUn known Tagged Flag Local lldpXMedLocMediaPolicyTa gged Remote lldpXMedLocMediaPolicyTa gged VLAN ID Local lldpXMedLocMediaPolicyVl anID Remote lldpXMedRemMediaPolicyV lanID L2 Priority Local lld...

Page 551: ...e Power Source Local lldpXMedLocXPoEPSEPow erSource lldpXMedLocXPoEPDPowe rSource Remote lldpXMedRemXPoEPSEPo werSource lldpXMedRemXPoEPDPow erSource Power Priority Local lldpXMedLocXPoEPDPowe rPriority lldpXMedLocXPoEPSEPort PDPriority Remote lldpXMedRemXPoEPSEPo werPriority lldpXMedRemXPoEPDPow erPriority Power Value Local lldpXMedLocXPoEPSEPort PowerAv lldpXMedLocXPoEPDPowe rReq Remote lldpXMed...

Page 552: ...forwards to all the servers in the VLAN corresponding to the cluster virtual IP address NLB Unicast Mode Scenario Consider a topology in which you configure four servers S1 through S4 as a cluster or a farm This set of servers connects to a Layer 3 switch which connects to the end clients The servers contain a single IP address IP cluster address of 172 16 2 20 and a single unicast MAC address MAC...

Page 553: ...irtual MAC address is never learned Because the virtual MAC address is never learned traffic is forwarded to only one server rather than the entire cluster and failover and balancing are not preserved To preserve failover and balancing the switch forwards the traffic destined for the server cluster to all member ports in the VLAN connected to the cluster To ensure that this happens use the ip vlan...

Page 554: ...ch CONFIGURATION mode arp ip address multicast mac address interface This setting causes the multicast MAC address to be mapped to the Cluster IP address for the NLB mode of operation of the switch NOTE While configuring static ARP for the Cluster IP provide any one of the interfaces that is used in the static multicast MAC configuration where the Cluster host is connected As the switch does not a...

Page 555: ...ol TCP Through this connection peers advertise the sources in their domain 1 When an RP in a PIM SM domain receives a PIM register message from a source it sends a source active SA message to MSDP peers as shown in the following illustration 2 Each MSDP peer receives and forwards the message to its peers away from the originating RP 3 When an MSDP peer receives an SA message it determines if there...

Page 556: ...ng MSDP anycast RP provides load sharing and redundancy in PIM SM networks Anycast RP allows two or more rendezvous points RPs to share the load for source registration and the ability to act as hot backup routers for each other Anycast RP allows you to configure two or more RPs with the same IP address on Loopback interfaces The Anycast RP Loopback address are configured with a 32 bit mask making...

Page 557: ...Refer to the following figures The MSDP Sample Configurations show the OSPF BGP configuration used in this chapter for MSDP Also refer to Open Shortest Path First OSPFv2 and Border Gateway Protocol IPv4 BGPv4 2 Configure PIM SM within each EGP routing domain Refer to the following figures The MSDP Sample Configurations show the PIM SM configuration in this chapter for MSDP Also refer to PIM Sparse...

Page 558: ...Figure 84 Configuring Interfaces for MSDP 558 Multicast Source Discovery Protocol MSDP ...

Page 559: ...Figure 85 Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol MSDP 559 ...

Page 560: ...Figure 86 Configuring PIM in Multiple Routing Domains 560 Multicast Source Discovery Protocol MSDP ...

Page 561: ...SDP CONFIGURATION mode ip multicast msdp 2 Peer PIM systems in different administrative domains CONFIGURATION mode ip msdp peer connect source Examples of Configuring and Viewing MSDP R3 conf ip multicast msdp R3 conf ip msdp peer 192 168 0 1 connect source Loopback 0 Multicast Source Discovery Protocol MSDP 561 ...

Page 562: ...lower join latency RPs can transmit SA messages periodically to prevent SA storms only sources that are in the cache are advertised in the SA to prevent transmitting multiple copies of the same source information Viewing the Source Active Cache To view the source active cache use the following command View the SA cache EXEC Privilege mode show ip msdp sa cache Example of the show ip msdp sa cache ...

Page 563: ...he rejected sources CONFIGURATION mode ip msdp cache rejected sa Accept Source Active Messages that Fail the RFP Check A default peer is a peer from which active sources are accepted even though they fail the RFP check Referring to the following illustrations In Scenario 1 all MSPD peers are up In Scenario 2 the peership between RP1 and RP2 is down but the link and routing protocols between them i...

Page 564: ...Figure 88 MSDP Default Peer Scenario 2 564 Multicast Source Discovery Protocol MSDP ...

Page 565: ...Figure 89 MSDP Default Peer Scenario 3 Multicast Source Discovery Protocol MSDP 565 ...

Page 566: ...t specify an access list the peer accepts all sources that peer advertises All sources from RPs that the ACL denies are subject to the normal RPF check Example of the ip msdp default peer Command and Viewing Denied Sources Dell conf ip msdp peer 10 0 50 2 connect source Vlan 50 Dell conf ip msdp default peer 10 0 50 2 list fifty Dell conf ip access list standard fifty Dell conf seq 5 permit host 2...

Page 567: ... discarded To enforce the limit in such a situation first clear the SA cache Preventing MSDP from Caching a Local Source You can prevent MSDP from caching an active source based on source and or group Because the source is not cached it is not advertised to remote RPs 1 OPTIONAL Cache sources that are denied by the redistribute list in the rejected SA cache CONFIGURATION mode ip msdp cache rejecte...

Page 568: ... expires and is not stored in the rejected SA cache Router 3 R3 conf do show run msdp ip multicast msdp ip msdp peer 192 168 0 1 connect source Loopback 0 ip msdp sa filter in 192 168 0 1 list myremotefilter R3 conf do show run acl ip access list extended myremotefilter seq 5 deny ip host 239 0 0 1 host 10 11 4 2 R3 conf do show ip msdp sa cache MSDP Source Active Cache 1 entries GroupAddr SourceA...

Page 569: ... configured SA filters for a peer use the show ip msdp peer command from EXEC Privilege mode Logging Changes in Peership States To log changes in peership states use the following command Log peership state changes CONFIGURATION mode ip msdp log adjacency changes Terminating a Peership MSDP uses TCP as its transport protocol In a peering relationship the peer with the lower IP address initiates th...

Page 570: ...ering Input S G filter myremotefilter Output S G filter none R3 conf do clear ip msdp peer 192 168 0 1 R3 conf do show ip msdp peer Peer Addr 192 168 0 1 Local Addr 0 0 0 0 0 Connect Source Lo 0 State Inactive Up Down Time 00 00 04 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 0 0 SAs learned from this peer 0 SA Filtering Input S G filter myremotefilter Output S G filte...

Page 571: ...alancing requires prior knowledge of traffic distributions lack of scalable register decasulation With only a single RP per group all joins are sent to that RP regardless of the topological distance between the RP sources and receivers and data is transmitted to the RP until the SPT switch threshold is reached slow convergence when an active RP fails When you configure multiple RPs there can be co...

Page 572: ...each RP serving the group with the same IP address CONFIGURATION mode interface loopback 2 Make this address the RP for the group CONFIGURATION mode ip pim rp address 3 In each routing domain that has multiple RPs serving a group create another Loopback interface on each RP serving the group with a unique IP address CONFIGURATION mode interface loopback 572 Multicast Source Discovery Protocol MSDP...

Page 573: ...oup use the following command Create a mesh group CONFIGURATION mode ip msdp mesh group Specifying the RP Address Used in SA Messages The default originator id is the address of the RP that created the message In the case of Anycast RP there are multiple RPs all with the same address To use the unique address of another interface as the originator id use the following command Use the address of an...

Page 574: ... 11 1 21 24 no shutdown interface TenGigabitEthernet 2 31 ip pim sparse mode ip address 10 11 0 23 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 1 32 no shutdown interface Loopback 1 ip address 192 168 0 22 32 no shutdown router ospf 1 network 10 11 1 0 24 area 0 network 10 11 4 0 24 area 0 network 192 168 0 22 32 area 0 redistribute static redistribute connected redi...

Page 575: ...92 168 0 22 no shutdown ip multicast msdp ip msdp peer 192 168 0 11 connect source Loopback 0 ip msdp peer 192 168 0 22 connect source Loopback 0 ip msdp sa filter out 192 168 0 22 ip route 192 168 0 1 32 10 11 0 23 ip route 192 168 0 22 32 10 11 0 23 ip pim rp address 192 168 0 3 group address 224 0 0 0 4 MSDP Sample Configurations The following examples show the running configurations described ...

Page 576: ...ip pim sparse mode ip address 10 11 0 23 24 no shutdown interface Loopback 0 ip address 192 168 0 2 32 no shutdown router ospf 1 network 10 11 1 0 24 area 0 network 10 11 4 0 24 area 0 network 192 168 0 2 32 area 0 redistribute static redistribute connected redistribute bgp 100 router bgp 100 redistribute ospf 1 neighbor 192 168 0 3 remote as 200 neighbor 192 168 0 3 ebgp multihop 255 neighbor 192...

Page 577: ... 0 2 no shutdown ip multicast msdp ip msdp peer 192 168 0 1 connect source Loopback 0 ip route 192 168 0 2 32 10 11 0 23 MSDP Sample Configuration R4 Running Config ip multicast routing interface TenGigabitEthernet 4 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown interface TenGigabitEthernet 4 22 ip address 10 10 42 1 24 no shutdown interface TenGigabitEthernet 4 31 ip pim sparse mode ip...

Page 578: ...iple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances In contrast PVST allows a spanning tree instance for each VLAN This 1 1 approach is not suitable if you have many VLANs because each spanning tree instance costs bandwidth and processing resources In the following illustration three VLANs are mapped to two mu...

Page 579: ...otocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Implementation Information MSTP is implemented as follows in Dell Networking OS The Dell Networking OS MSTP implementation is based on IEEE 802 1Q 2003 and interoperates only with bridges that also use this standard implementation MSTP is compatible with STP and RSTP Dell Networking OS suppo...

Page 580: ...ysical VLAN and port channel interfaces that are enabled and in Layer 2 mode are automatically part of the MSTI 0 Within an MSTI only one path from any bridge to any other bridge is enabled Bridges block a redundant path by disabling one of the link ports 1 Enter PROTOCOL MSTP mode CONFIGURATION mode protocol spanning tree mstp 2 Enable MSTP PROTOCOL MSTP mode no disable Example of Verifying MSTP ...

Page 581: ... Dell conf do show spanning tree mst config MST region name my mstp region Revision 0 MSTI VID 1 100 2 200 300 To view the forwarding discarding state of the ports participating in an MSTI use the show spanning tree msti command from EXEC Privilege mode Dell show spanning tree msti 1 MSTI 1 VLANs mapped 100 Root Identifier has priority 32768 Address 0001 e806 953e Root Bridge hello time 2 max age ...

Page 582: ...h elects a different root bridge than MSTI 2 To view the bridge priority use the show config command from PROTOCOL MSTP mode R3 conf mstp msti 2 bridge priority 0 1d2h51m RPM0 P RP2 SPANMGR 5 STP_ROOT_CHANGE MSTP root changed for instance 2 My Bridge ID 0 0001 e809 c24a Old Root 32768 0001 e806 953e New Root 0 0001 e809 c24a R3 conf mstp show config protocol spanning tree mstp no disable MSTI 1 VL...

Page 583: ...terface waits in the Listening state and the Learning state before it transitions to the Forwarding state Hello time the time interval in which the bridge sends MSTP bridge protocol data units BPDUs Max age the length of time the bridge maintains configuration information before it refreshes that information by recomputing the MST topology Max hops the maximum number of hops a BPDU can travel befo...

Page 584: ...stp protocol spanning tree mstp no disable name my mstp region MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 forward delay 16 MSTI 2 bridge priority 4096 Dell conf Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port Port cost is a value that is based on the interface type The greater the port cost the less l...

Page 585: ...FACE mode Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise it does not go through the Learning and Listening states The bpduguard shutdown on violation option causes the interface hardware to be shut ...

Page 586: ...gePort on an Interface To verify that EdgePort is enabled use the show config command from INTERFACE mode Dell conf if te 3 11 spanning tree mstp edge port Dell conf if te 3 11 show config interface TenGigabitEthernet 3 11 no ip address switchport spanning tree mstp edge port spanning tree MSTI 1 priority 144 no shutdown Dell conf if te 3 11 Flush MAC Addresses after a Topology Change Dell Network...

Page 587: ... MSTP instances tag interfaces to the VLANs Step 1 protocol spanning tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 Step 2 interface TenGigabitEthernet 1 21 no ip address switchport no shutdown interface TenGigabitEthernet 1 31 no ip address switchport no shutdown Step 3 interface Vlan 100 no ip address tagged TenGigabitEthernet 1 21 31 no shutdown interface Vlan...

Page 588: ...no shutdown interface TenGigabitEthernet 2 31 no ip address switchport no shutdown Step 3 interface Vlan 100 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown Router 3 Running Configuration This example uses the following steps 1 En...

Page 589: ...set the region name and revision map MSTP instances to the VLANs 2 Assign Layer 2 interfaces to the MSTP topology 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs Step 1 spanning tree spanning tree configuration name Tahiti spanning tree configuration revision 123 spanning tree MSTi instance 1 spanning tree MSTi vlan 1 100 spanning tree MSTi instance 2 spanning tree MSTi vlan 2 ...

Page 590: ...dicate communication received from the same region As shown in the following the MSTP routers are located in the same region Does the debug log indicate that packets are coming from a Different Region If so one of the key parameters is not matching MSTP Region Name and Revision The configured name and revisions must be identical among all the routers Is the Region name blank That may mean that a n...

Page 591: ... Cost 0 Rem Hops 19 Bridge Id 32768 0001 e8d5 cbbd 4w0d4h INST 1 MSTP Instance Flags 0x78 Reg Root 32768 0001 e806 953e Int Root Cost 0 Brg Port Prio 32768 128 Rem Hops 19 INST 2 MSTP Instance Flags 0x78 Reg Root 32768 0001 e806 953e Int Root Cost 0 Brg Port Prio 32768 128 Rem Hops 19 Indicates MSTP routers are in the single region MSTP Instance MSTP Region name The following example shows viewing...

Page 592: ...tworking OS is redirected using the MAC address and multicast control traffic and multicast data traffic might map to the same MAC address the Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic As the upper five bits of an IP Multicast address are dropped in the translation 32 different multicast group IDs map to the same Ethernet add...

Page 593: ...ough it still processes leave messages until the number of entries decreases below 95 of the limit When the limit falls below 95 after hitting the maximum the system begins relearning route entries through IGMP MLD and multicast source discovery protocol MSDP If you increase the limit after it is reached subsequent join requests are accepted In this case increase the limit by at least 10 for IGMP ...

Page 594: ... mode ip igmp access group access list name Dell Networking OS Behavior Do not enter the ip igmp access group command before creating the access list If you do after entering your first deny rule the Dell Networking OS clears the multicast routing table and re learns all groups even those not covered by the rules in the access list because there is an implicit deny all rule at the end of all acces...

Page 595: ... in the previous illustration Table 62 Preventing a Host from Joining a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 no shutdown 1 31 Interface TenGigabitEthernet 1 31 ip pim sparse mode ip address 10 11 13 1 24 Multicast Features 595 ...

Page 596: ...net 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode ip address 10 11 3 1 24 untagged TenGigabitEthernet 1 1 no shutdown Receiver 2 Interface VLAN 400 ...

Page 597: ...egister packets to the RP no hosts can ever discover the source and create a shortest path tree SPT to it Prevent a source from transmitting to a particular group CONFIGURATION mode ip pim register filter In the following example Source 1 and Source 2 are both transmitting packets for groups 239 0 0 1 and 239 0 0 2 R3 has a PIM register filter that only permits packets destined for group 239 0 0 2...

Page 598: ... in the previous illustration Table 63 Preventing a Source from Transmitting to a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 no shutdown 1 31 Interface TenGigabitEthernet 1 31 ip pim sparse mode ip address 10 11 13 1 24 598 Multicast Features ...

Page 599: ...ce TenGigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode ip address 10 11 3 1 24 untagged TenGigabitEthernet 1 1 no shutdown Receiver 2 I...

Page 600: ...ace query packet is forwarded hop by hop untill it reaches the last hop router NOTE If the system initiating the mtrace is the last hop router then the Query message will not be initiated Instead the router sends the request message to it previous router The last hop router converts this query packet to a request packet by adding a response data block This response data block contains the last hop...

Page 601: ... and print the details from received responses MTRACE Transit when a Dell Networking system is an intermediate router between the source and destination in an MTRACE query Dell Networking OS computes the RPF neighbor for the source fills in the request and forwards the request to the RPF neighbor When a Dell Networking system is the last hop to the destination Dell Networking OS sends a response t...

Page 602: ...e will be displayed In cases where the IP cannot be resolved it is displayed as 0 1 1 1 1 Destination The first row in the table corresponds to the destination provided by the user 1 1 1 1 1 PIM Reached RP Core 103 103 103 0 24 The information in each of the response blocks is displayed as follows o 1 Hop count is always a negative number to indicate reverse path o 1 1 1 1 Outgoing interface addre...

Page 603: ...rface for this source and group 0x0A NO_MULTICAST Traceroute request arrived on an interface which is not enabled for multicast 0x81 NO_SPACE There is not enough room to insert another response data block in the packet mtrace Scenarios This section describes various scenarios that may result when an mtrace command is issued The following table describes various scenarios when the mtrace command is...

Page 604: ... enabled interface on this node You invoke a weak mtrace request by specifying only the source without specifying the mulicast tree or multicast group information for the source Mtrace traces a path towards the source by using the RPF neighbor at each node R1 mtrace 103 103 103 3 Type Ctrl C to abort Querying reverse path for source 103 103 103 3 via RPF From source to this node Hop OIF IP Proto F...

Page 605: ... error code is displayed on the node In this scenario the Source Network Mask column for that particular node displays the the value as default R1 mtrace 6 6 6 6 4 4 4 5 234 1 1 1 Type Ctrl C to abort Querying reverse path for source 6 6 6 6 to destination 4 4 4 5 via group 234 1 1 1 From source to destination Hop OIF IP Proto Forwarding Code Source Network Mask 0 4 4 4 5 Destination 1 4 4 4 4 PIM...

Page 606: ...R1 mtrace 6 6 6 6 5 5 5 5 234 1 1 1 Type Ctrl C to abort Querying reverse path for source 6 6 6 6 to destination 4 4 4 5 via group 234 1 1 1 From source to destination Hop OIF IP Proto Forwarding Code Source Network Mask 0 5 5 5 5 Destination 1 5 5 5 4 PIM Wrong Last Hop 6 6 6 0 24 2 20 20 20 2 PIM 6 6 6 0 24 3 10 10 10 1 PIM 6 6 6 0 24 4 6 6 6 6 Source If a router in the network does not process ...

Page 607: ... error is displayed in the output You can initiate a new mtrace query by specifying the destination as the last IP address from the output of the previous trace query R1 mtrace 99 99 99 99 1 1 1 1 Type Ctrl C to abort Querying reverse path for source 99 99 99 99 to destination 1 1 1 1 via RPF From source to destination Hop OIF IP Proto Forwarding Code Source Network Mask 0 1 1 1 1 Destination 1 1 ...

Page 608: ... 6 0 24 3 10 10 10 1 PIM Wrong interface 6 6 6 0 24 R1 mtrace 6 6 6 6 4 4 4 5 Type Ctrl C to abort Querying reverse path for source 6 6 6 6 to destination 4 4 4 5 via RPF From source to destination Hop OIF IP Proto Forwarding Code Source Network Mask 0 4 4 4 5 Destination 1 4 4 4 4 PIM 6 6 6 0 24 2 20 20 20 2 PIM 6 6 6 0 24 3 10 10 10 1 PIM RPF Interface 6 6 6 0 24 608 Multicast Features ...

Page 609: ...available free memory will be supported You can configure client applications such as VRRP to receive a notification when the state of a tracked object changes The following example shows how object tracking is performed Router A and Router B are both connected to the internet via interfaces running OSPF Both routers belong to a VRRP group with a virtual router at 10 0 0 1 on the local area networ...

Page 610: ...e link level status goes down the tracked resource status is considered to be DOWN if the link level status goes up the tracked resource status is considered to be UP For logical interfaces such as port channels or virtual local area networks VLANs the link protocol status is considered to be UP if any physical interface under the logical interface is UP Track Layer 3 Interfaces You can create an ...

Page 611: ...e for different clients route metrics are scaled in the range from 0 to 255 where 0 is connected and 255 is inaccessible The scaled metric value communicated to a client always considers a lower value to have priority over a higher value The resulting scaled value is compared against the threshold values to determine the state of a tracked route as follows If the scaled metric for a route entry is...

Page 612: ...ct is in a DOWN state If a VRRP group router acts as owner master the run time VRRP group priority remains fixed at 255 and changes in the state of a tracked object have no effect NOTE In VRRP object tracking the sum of the priority costs for all tracked objects and interfaces cannot equal or exceed the priority of the VRRP group Object Tracking Configuration You can configure three types of objec...

Page 613: ... conf track 100 end Dell show track 100 Track 100 Interface TenGigabitEthernet 1 1 line protocol Description San Jose data center Tracking a Layer 3 Interface You can create an object that tracks the routing status of an IPv4 or IPv6 Layer 3 interface You can track the routing status of any of the following Layer 3 interfaces For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet...

Page 614: ...cked interface OBJECT TRACKING mode delay up seconds down seconds Valid delay times are from 0 to 180 seconds The default is 0 3 Optional Identify the tracked object with a text description OBJECT TRACKING mode description text The text string can be up to 80 characters 4 Optional Display the tracking configuration and the tracked object s status EXEC Privilege mode show track object id Examples o...

Page 615: ...h current entries in the route table The UP DOWN state of the tracked route is determined by the threshold for the current value of the route metric in the routing table To provide a common tracking interface for different clients route metrics are scaled in the range from 0 to 255 where 0 is connected and 255 is inaccessible The scaled metric value communicated to a client always considers a lowe...

Page 616: ... communicating a change in the status of a tracked route OBJECT TRACKING mode delay up seconds down seconds Valid delay times are from 0 to 180 seconds The default is 0 3 Optional Identify the tracked object with a text description OBJECT TRACKING mode description text The text string can be up to 80 characters 4 Optional Display the tracking configuration and the tracked object s status EXEC Priv...

Page 617: ...1 to 1000 The default is 1 OSPF routes 1 to 1592 The efault is 1 2 Configure object tracking on the metric of an IPv4 or IPv6 route CONFIGURATION mode track object id ip route ip address prefix len ipv6 route ipv6 address prefix len metric threshold vrf vrf name Valid object IDs are from 1 to 500 Enter an IPv4 address in dotted decimal format Valid IPv4 prefix lengths are from 0 to 32 Enter an IPv...

Page 618: ... 30 Dell conf track 8 threshold metric down 40 Displaying Tracked Objects To display the currently configured objects used to track Layer 2 and Layer 3 interfaces and IPv4 and IPv6 routes use the following show commands To display the configuration and status of currently tracked Layer 2 or Layer 3 interfaces IPv4 or IPv6 routes or a VRF instance use the show track command You can also display the...

Page 619: ... 0 0 16 Example of the show track resolution Command Dell show track resolution IP Route Resolution ISIS 1 OSPF 1 IPv6 Route Resolution ISIS 1 Example of the show track vrf Command Dell show track vrf red Track 5 IP route 192 168 0 0 24 reachability Vrf red Reachability is Up CONNECTED 3 changes last change 00 02 39 First hop interface is TenGigabitEthernet 1 4 Example of Viewing Object Tracking C...

Page 620: ...SPF algorithm to calculate the shortest path to each node OSPF routers initially exchange HELLO messages to set up adjacencies with neighbor routers The HELLO process is used to establish adjacencies between routers of the AS It is not required that every router within the AS areas establish adjacencies If two routers on the same subnet agree to become neighbors through the HELLO process they begi...

Page 621: ...nformation between areas It consists of all area border routers networks not wholly contained in any area and their attached routers NOTE If you configure two non backbone areas then you must enable the B bit in OSPF The backbone is the only area with a default area number All other areas can have their Area ID assigned in the configuration In the previous example Routers A B C G H and I are the B...

Page 622: ...rs are neighbors they may proceed to exchange and synchronize their databases which creates an adjacency Router Types Router types are attributes of the OSPF process A given physical router may be a part of one or more OSPF processes For example a router connected to more than one area receiving routing from a border gateway protocol BGP process connected to another AS acts as both an area border ...

Page 623: ... in the previous example Area Border Router ABR Within an AS an area border router ABR connects one or more areas to the backbone The ABR keeps a copy of the link state database for every area it connects to so it may keep multiple copies of the link state database An ABR takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is c...

Page 624: ...ssigns them OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR The router with the highest priority is elected the DR If there is a tie the router with the higher router ID takes precedence After the DR is elected the BDR is elected the same way A router with a router priority set to zero cannot become the DR or BDR Link State Advertisements LSAs...

Page 625: ...or system acceptance of arriving LSAs However some networks may require reduced intervals for LSA transmission and acceptance Throttling timers allow for this improved convergence times The LSA throttling timers are configured in milliseconds with the interval time increasing exponentially until a maximum time has been reached If the maximum time is reached the system the system continues to trans...

Page 626: ...l Networking OS supports only one OSPFv3 process per VRF OSPFv2 and OSPFv3 can co exist but you must configure them individually Dell Networking OS supports stub areas totally stub no summary and not so stubby areas NSSAs and supports the following LSAs as described earlier Router type 1 Network type 2 Network Summary type 3 AS Boundary type 4 LSA type 5 External LSA type 7 Link LSA OSPFv3 only ty...

Page 627: ...e period expires Dell Networking routers support the following OSPF graceful restart functionality Restarting role in which an enabled router performs its own graceful restart Helper role in which the router s graceful restart function is to help a restarting neighbor router in its graceful restarts Helper reject role in which OSPF does not participate in the graceful restart of a neighbor OSPFv2 ...

Page 628: ...continue to function Processing SNMP and Sending SNMP Traps Only the process in default vrf can process the SNMP requests and send SNMP traps NOTE SNMP gets request corresponding to the OspfNbrOption field in the OspfNbrTable returns a value of 66 OSPF ACK Packing The OSPF ACK packing feature bundles multiple LS acknowledgements in a single packet significantly reducing the number of ACK packets t...

Page 629: ...he interfaces must be in Layer 3 mode assigned an IP address and enabled so that they can send and receive traffic The OSPF process must know about these interfaces To make the OSPF process aware of these interfaces they must be assigned to OSPF areas You must configure OSPF GLOBALLY on the system in CONFIGURATION mode NOTE Loop back routes are not installed in the Route Table Manager RTM as non a...

Page 630: ...mand Line Reference Guide document Enabling OSPFv2 To enable Layer 3 routing assign an IP address to an interface physical or Loopback By default OSPF similar to all routing protocols is disabled You must configure at least one interface for Layer 3 before enabling OSPFv2 globally If implementing multi process OSPF create an equal number of Layer 3 enabled interfaces and OSPF process IDs For examp...

Page 631: ...cess id Example of Viewing the Current OSPFv2 Status Dell show ip ospf 55555 Routing Process ospf 55555 with ID 10 10 10 10 Supports only single TOS TOS0 routes SPF schedule delay 5 secs Hold time between two SPFs 10 secs Number of area in this router is 0 normal 0 stub 0 nssa 0 Dell Assigning an OSPFv2 Area After you enable OSPFv2 assign the interface to an OSPF area Set up OSPF areas and enable ...

Page 632: ...own Dell conf if te 4 14 ex Dell conf router ospf 1 Dell conf router_ospf 1 network 1 2 3 4 24 area 0 Dell conf router_ospf 1 network 10 10 10 10 24 area 1 Dell conf router_ospf 1 network 20 20 20 20 24 area 2 Dell conf router_ospf 1 Dell Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting To view the configuration use the ...

Page 633: ...5 Hello due in 00 00 08 Neighbor Count is 3 Adjacent neighbor count is 2 Adjacent with neighbor 10 168 253 5 Designated Router Adjacent with neighbor 10 168 253 3 Backup Designated Router Loopback 0 is up line protocol is up Internet Address 10 168 253 2 32 Area 0 0 0 1 Process ID 1 Router ID 10 168 253 2 Network Type LOOPBACK Cost 1 Loopback interface is treated as a stub Host Dell Configuring St...

Page 634: ...e of the interfaces are passive CONFIG ROUTEROSPF id mode passive interface default interface The default is enabled passive interfaces on ALL interfaces in the OSPF process Entering the physical interface type slot and number enables passive interface on only the identified interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information Fo...

Page 635: ... parameter from 1 to 4 indicates the actual convergence level Each convergence setting adjusts the LSA parameters to zero but the fast convergence parameter setting allows for even finer tuning of the convergence speed The higher the number the faster the convergence To enable or disable fast convergence use the following command Enable OSPF fast convergence and specify the convergence level CONFI...

Page 636: ...1 to 65535 the default depends on the interface speed Change the time interval the router waits before declaring a neighbor dead CONFIG INTERFACE mode ip ospf dead interval seconds seconds the range is from 1 to 65535 the default is 40 seconds The dead interval must be four times the hello interval The dead interval must be the same on all routers in the OSPF network Change the time interval betwe...

Page 637: ... ospf interface command in EXEC mode The bold lines in the example show the change on the interface The change is reflected in the OSPF configuration Dell conf if ip ospf cost 45 Dell conf if show config interface TenGigabitEthernet 1 1 ip address 10 1 2 100 255 255 255 0 no shutdown ip ospf cost 45 Dell conf if end Dell show ip ospf 34 interface TenGigabitEthernet 1 1 is up line protocol is up In...

Page 638: ...tart role the role or roles the configured router can perform NOTE By default OSPFv2 graceful restart is disabled To enable and configure OSPFv2 graceful restart use the following commands 1 Enable OSPFv2 graceful restart globally and set the grace period CONFIG ROUTEROSPF id mode graceful restart grace period seconds The seconds range is from 40 and 3000 This setting is the time that an OSPFv2 ro...

Page 639: ... OSPFv2 router the show run ospf command displays information similar to the following Dell show run ospf router ospf 1 graceful restart grace period 300 graceful restart role helper only graceful restart mode unplanned only graceful restart helper reject 10 1 1 1 graceful restart helper reject 20 1 1 1 network 10 0 2 0 24 area 0 Dell Creating Filter Routes To filter routes use prefix lists OSPF a...

Page 640: ...figure the following required and optional parameters bgp connected isis rip static enter one of the keywords to redistribute those routes metric metric value the range is from 0 to 4294967295 metric type metric type 1 for OSPF external route type 1 2 for OSPF external route type 2 route map map name enter a name of a configured route map tag tag value the range is from 0 to 4294967295 Example of ...

Page 641: ...lege mode show ip route summary View the summary information for the OSPF database EXEC Privilege mode show ip ospf database View the configuration of OSPF neighbors connected to the local router EXEC Privilege mode show ip ospf neighbor View the LSAs currently in the queue EXEC Privilege mode show ip ospf timers rate limit View debug messages EXEC Privilege mode debug ip ospf process id event pac...

Page 642: ...u can copy and paste from these examples to your CLI To support your own IP addresses interfaces names and so on be sure that you make the necessary changes Basic OSPFv2 Router Topology The following illustration is a sample basic OSPFv2 topology Figure 100 Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 Te 1 1 and 1 2 router ospf 11111 network 10 0 11 0 24 area 0 network 10 0 12 0 24 area ...

Page 643: ...iguration options of OSPFv3 are the same as those options for OSPFv2 but you may configure OSPFv3 with differently labeled commands Specify process IDs and areas and include interfaces and addresses in the process Define areas as stub or totally stubby The interfaces must be in IPv6 Layer 3 mode assigned an IPv6 IP address and enabled so that they can send and receive traffic The OSPF process must...

Page 644: ...lay holdtime msec command Example Dell conf Dell conf ipv6 router ospf 1 Dell conf ipv6 router_ospf timer spf 2 5 msec Dell conf ipv6 router_ospf Dell conf ipv6 router_ospf show config ipv6 router ospf 1 timers spf 2 5 msec Dell conf ipv6 router_ospf Dell conf ipv6 router_ospf end Dell Enabling IPv6 Unicast Routing To enable IPv6 unicast routing use the following command Enable IPv6 unicast routin...

Page 645: ... area id process id the process ID number assigned area id the area ID for this interface Assigning OSPFv3 Process ID and Router ID Globally To assign disable or reset OSPFv3 globally use the following commands Enable the OSPFv3 process globally and enter OSPFv3 mode CONFIGURATION mode ipv6 router ospf process ID The range is from 0 to 65535 Assign the router ID for this OSPFv3 process CONF IPV6 R...

Page 646: ...nfiguring Passive Interface To suppress the interface s participation on an OSPFv3 interface use the following command This command stops the router from sending updates on that interface Specify whether some or all some of the interfaces are passive CONF IPV6 ROUTER OSPF mode passive interface interface type Interface identifies the specific interface that is passive For a 10 Gigabit Ethernet int...

Page 647: ...information originate always metric metric value metric type type value route map map name Configure the following required and optional parameters always indicate that default route information is always advertised metric metric value The range is from 0 to 4294967295 metric type metric type enter 1 for OSPFv3 external route type 1 OR 2 for OSPFv3 external route type 2 route map map name enter a ...

Page 648: ...A before the system switches over to the secondary RPM OSPFv3 is notified that a planned restart is happening Unplanned only the OSPFv3 router supports graceful restart only for unplanned restarts During an unplanned restart OSPFv3 sends out a Grace LSA once the secondary RPM comes online The default is both planned and unplanned restarts trigger an OSPFv3 graceful restart Selecting one or the oth...

Page 649: ...A count 12010 Summary LSAs 1 Rtr LSA Count 4 Net LSA Count 3 Inter Area Pfx LSA Count 12000 Inter Area Rtr LSA Count 0 Group Mem LSA Count 0 The following example shows the show ipv6 ospf database grace lsa command Dell show ipv6 ospf database grace lsa Type 11 Grace LSA Area 0 LS Age 10 Link State ID 6 16 192 66 Advertising Router 100 1 1 1 LS Seq Number 0x80000001 Checksum 0x1DF1 Length 36 Assoc...

Page 650: ...ay be used together The difference between the two mechanisms is the extent of the coverage ESP only protects IP header fields if they are encapsulated by ESP You decide the set of IPsec protocols that are employed for authentication and encryption and the ways in which they are employed When you correctly implement and deploy IPsec it does not adversely affect users or hosts AH and ESP are design...

Page 651: ...entication for OSPFv3 packets on an IPv6 based interface INTERFACE mode ipv6 ospf authentication null ipsec spi number MD5 SHA1 key encryption type key null causes an authentication policy configured for the area to not be inherited on the interface ipsec spi number the security policy index SPI value The range is from 256 to 4294967295 MD5 SHA1 specifies the authentication type Message Digest 5 M...

Page 652: ... key to exchange information For MD5 authentication the key must be 32 hex digits non encrypted or 64 hex digits encrypted For SHA 1 authentication the key must be 40 hex digits non encrypted or 80 hex digits encrypted key authentication type optional specifies if the authentication key is encrypted The valid values are 0 or 7 Remove an IPsec encryption policy from an interface no ipv6 ospf encryp...

Page 653: ...ncryption command in the area at the same time The configuration of IPsec encryption on an interface level takes precedence over an area level configuration If you remove an interface configuration an area encryption policy that has been configured is applied to the interface Enable IPsec encryption for OSPFv3 packets in an area CONF IPV6 ROUTER OSPF mode area area id encryption ipsec spi number e...

Page 654: ...number from 1 to 4094 Examples of the show crypto ipsec Commands In the first example the keys are not encrypted shown in bold In the second and third examples the keys are encrypted shown in bold The following example shows the show crypto ipsec policy command Dell show crypto ipsec policy Crypto IPSec client security policy data Policy name OSPFv3 1 502 Policy refcount 1 Inbound ESP SPI 502 0x1F...

Page 655: ...on support N STATUS ACTIVE inbound esp sas outbound esp sas Interface TenGigabitEthernet 1 2 Link Local address fe80 201 e8ff fe40 4d11 IPSecv6 policy name OSPFv3 1 600 inbound ah sas outbound ah sas inbound esp sas spi 600 0x258 transform esp des esp sha1 hmac in use settings Transport replay detection support N STATUS ACTIVE outbound esp sas spi 600 0x258 transform esp des esp sha1 hmac in use s...

Page 656: ...ormation For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Configuration Task List for OSPFv3 OSPF for IPv6 This section describes the configuration tasks for Open Shortest Path First version 3 OSPF for IPv6...

Page 657: ...he reception of topology changes and calculation of SPF in milli seconds use the timers spf delay holdtime msec command Example Dell conf Dell conf ipv6 router ospf 1 Dell conf ipv6 router_ospf timer spf 2 5 msec Dell conf ipv6 router_ospf Dell conf ipv6 router_ospf show config ipv6 router ospf 1 timers spf 2 5 msec Dell conf ipv6 router_ospf Dell conf ipv6 router_ospf end Dell Enabling IPv6 Unica...

Page 658: ...he specified area Additionally the command creates the OSPFv3 process with ID on the router OSPFv2 requires two commands to accomplish the same tasks the router ospf command to create the OSPF process then the network area command to enable OSPFv2 on an interface NOTE The OSPFv2 network area command enables OSPFv2 on multiple interfaces with the single command Use the OSPFv3 ipv6 ospf area command...

Page 659: ...er OSPFv3 mode CONFIGURATION mode ipv6 router ospf process ID The process ID range is from 0 to 65535 Assign the router ID for this OSPFv3 process CONF IPV6 ROUTER OSPF mode router id number number the IPv4 address The format is A B C D NOTE Enter the router id for an OSPFv3 router as an IPv4 IP address Disable OSPF CONFIGURATION mode no ipv6 router ospf process id Reset the OSPFv3 process EXEC Pr...

Page 660: ...ts are not transmitted on that interface when you configure a passive interface the show ipv6 ospf interface command adds the words passive interface Redistributing Routes You can add routes from other routing instances or protocols to the OSPFv3 process With the redistribute command you can include RIP static or directly connected routes in the OSPF process Route redistribution is also supported ...

Page 661: ...broken link When you enable the helper reject role on an interface using the ipv6 ospf graceful restart helper reject command you reconfigure OSPFv3 graceful restart to function in a restarting only role OSPFv3 does not participate in the graceful restart of a neighbor NOTE Enter the ipv6 ospf graceful restart helper reject command in Interface configuration mode Enable OSPFv3 graceful restart glo...

Page 662: ...ful Restart show Commands The following example shows the show run ospf command Dell show run ospf router ospf 1 router id 200 1 1 1 log adjacency changes graceful restart grace period 180 network 20 1 1 0 24 area 0 network 30 1 1 0 24 area 0 ipv6 router ospf 1 log adjacency changes graceful restart grace period 180 The following example shows the show ipv6 ospf database database summary command D...

Page 663: ...g two security protocols authentication header AH and encapsulating security payload ESP For OSPFv3 these two IPsec protocols provide interoperable high quality cryptographically based security HA IPsec authentication header is used in packet authentication to verify that data is not altered during transmission and ensures that users are communicating with the intended individual or organization I...

Page 664: ...d extension headers MD5 and SHA1 authentication types are supported encrypted and unencrypted keys are supported In an OSPFv3 encryption policy Both encryption and authentication are used IPsec security associations SAs are supported only in Transport mode Tunnel mode is not supported ESP with null encryption is supported for authenticating only OSPFv3 protocol headers ESP with non null encryption...

Page 665: ...ou configure encryption using the ipv6 ospf encryption ipsec command you enable both IPsec encryption and authentication However when you enable authentication on an interface using the ipv6 ospf authentication ipsec command you do not enable encryption at the same time The SPI value must be unique to one IPsec security policy authentication or encryption on the router Configure the same authentic...

Page 666: ...figured is applied to the interface Enable IPSec authentication for OSPFv3 packets in an area CONF IPV6 ROUTER OSPF mode area id authentication ipsec spi number MD5 SHA1 key encryption type key area area id specifies the area for which OSPFv3 traffic is to be authenticated For area id enter a number or an IPv6 prefix spi number is the SPI value The range is from 256 to 4294967295 MD5 SHA1 specifie...

Page 667: ...28 and 48 or 96 hex digits for AES 192 key encryption type optional specifies if the key is encrypted Valid values 0 key is not encrypted or 7 key is encrypted authentication algorithm specifies the authentication algorithm to use for encryption The valid values are MD5 or SHA1 key specifies the text string used in authentication All neighboring OSPFv3 routers must share key to exchange informatio...

Page 668: ...4 Outbound AH SPI 500 0x1F4 Inbound AH Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Outbound AH Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Transform set ah md5 hmac Crypto IPSec client security policy data Policy name OSPFv3 0 501 Policy refcount 1 Inbound ESP SPI 501 0x1F5 Outbound ESP SPI 501 0x1F5 Inbound ESP Auth Key bbdd96e6eb4828e2e27bc3f9ff5...

Page 669: ...g section is meant to be a comprehensive list but only to provide some examples of typical troubleshooting checks Have you enabled OSPF globally Is the OSPF process active on the interface Are the adjacencies established correctly Did you configure the interfaces for Layer 3 correctly Is the router in the correct area type Did you include the routes in the OSPF database Did you include the OSPF ro...

Page 670: ...ces EXEC Privilege mode debug ipv6 ospf vrf vrf name event packet type slot port subport For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter th...

Page 671: ...ing Internet control message protocol ICMP In these situations you can a configure switch route packet according to a policy applied to interfaces In another scenario when the packet comes from one source and wants to go to another destination then route it to this next hop or onto that specific interface This permits routing over different links or towards different networks even while the destin...

Page 672: ... or Tunnel Interfaces These options allow you to backup Indirect next hop with another Choose the specific Indirect next hop and or Tunnel interface which is available by sending ICMP pings to verify the reach ability and or check the Tunnel interface UP or DOWN status and then route traffic out to that next hop and or Tunnel Interface Implementing PBR Non contiguous bitmasks for PBR Hot Lock PBR ...

Page 673: ...shown ip redirect list rcl0 seq 10 permit ip host 3 3 3 3 any seq 15 redirect 2 2 2 2 ip any any Create a Redirect List To create a redirect list use the following commands Create a redirect list by entering the list name CONFIGURATION mode ip redirect list redirect list name redirect list name 16 characters To delete the redirect list use the no ip redirect list command The following example crea...

Page 674: ...Source address with mask information Destination address with mask information Example Creating a Rule Dell conf redirect list redirect A B C D Forwarding router s address Dell conf redirect list redirect 3 3 3 3 0 255 An IP protocol number icmp Internet Control Message Protocol ip Any Internet Protocol tcp Transmission Control Protocol udp User Datagram Protocol Dell conf redirect list redirect 3...

Page 675: ...a Redirect group IP redirect lists are supported on physical interfaces as well as virtual local area network VLAN and port channel interfaces NOTE When you apply a redirect list on a port channel when traffic is redirected to the next hop and the destination port channel is shut down the traffic is dropped However the traffic redirected to the destination port channel is sometimes switched To app...

Page 676: ...n To view the configuration redirect list configuration use the following commands 1 View the redirect list configuration and the associated interfaces EXEC mode show ip redirect list redirect list name 2 View the redirect list entries programmed in the CAM EXEC mode show cam pbr show cam usage List the redirect list configuration using the show ip redirect list redirect list name command The non ...

Page 677: ...atus for the specified next hop Example Showing CAM PBR Configuration Dell show cam pbr stack unit 1 port set 0 TCP Flag Bit 5 URG Bit 4 ACK Bit 3 PSH Bit 2 RST Bit 1 SYN Bit 0 FIN Cam Port VlanID Proto Tcp Src Dst SrcIp DstIp Next hop Egress Index Flag Port Port MAC Port 06080 0 N A IP 0x0 0 0 200 200 200 200 200 200 200 200 199 199 199 199 199 199 199 199 N A NA 06081 0 N A TCP 0x10 0 40 234 234...

Page 678: ...st show config ip redirect list GOLD description Route GOLD traffic to ISP_GOLD seq 5 redirect 10 99 99 254 ip 192 168 1 0 24 any seq 10 redirect 10 99 99 254 ip 192 168 2 0 24 any seq 15 permit ip any any Assign Redirect List GOLD to Interface 2 11 EDGE_ROUTER conf int Te 2 11 EDGE_ROUTER conf if Te 2 11 ip add 192 168 3 2 24 EDGE_ROUTER conf if Te 2 11 no shut EDGE_ROUTER conf if Te 2 11 EDGE_RO...

Page 679: ...ack 3 udp 155 55 0 0 16 host 144 144 144 144 Dell conf redirect list redirect 42 1 1 2 track 3 udp any host 144 144 144 144 Dell conf redirect list redirect 43 1 1 2 track 4 ip host 7 7 7 7 host 144 144 144 144 Dell conf redirect list end Verify the Status of the Track Objects Up Down Dell show track brief ResId Resource Parameter State LastChange 1 Interface ip routing Tunnel 1 Up 00 02 16 2 Inte...

Page 680: ...tdown Dell conf if tu 2 end Dell Create Track Objects to track the Tunnel Interfaces Dell configure terminal Dell conf track 1 interface tunnel 1 ip routing Dell conf track 1 exit Dell conf track 2 interface tunnel 2 ipv6 routing Dell conf track 2 end Verify the Status of the Track Objects Up Down Dell show track brief ResId Resource Parameter State LastChange 1 Interface ip routing Tunnel 1 Up 00...

Page 681: ...e 1 32 seq 10 redirect tunnel 1 track 1 tcp any any Track 1 up Next hop reachable via Te 1 32 seq 15 redirect tunnel 1 track 1 udp 155 55 0 0 16 host 144 144 144 144 Track 1 up Next hop reachable via Te 1 32 seq 20 redirect tunnel 2 track 2 tcp 155 55 2 0 24 222 22 2 0 24 Track 2 up Next hop reachable via Te 1 33 seq 25 redirect tunnel 2 track 2 tcp any any Track 2 up Next hop reachable via Te 1 3...

Page 682: ...ous point RP to the receivers After a receiver receives traffic from the RP PM SM switches to SPT to forward multicast traffic Every multicast group has an RP and a unidirectional shared tree group specific shared tree Requesting Multicast Traffic A host requesting multicast traffic for a particular group sends an Internet group management protocol IGMP Join message to its gateway router The gatew...

Page 683: ...ssage was received as an outgoing interface thus recreating a SPT to the source 3 After the RP starts receiving multicast traffic via the S G it unicasts a Register Stop message to the first hop DR so that multicast packets are no longer encapsulated in PIM Register packets and unicast After receiving the first multicast packet from a particular source the last hop DR sends a PIM Join message to t...

Page 684: ...0 1 20 1 1 5 165 87 31 200 Vl 30 v2 S 1 30 1 165 87 31 201 NOTE You can influence the selection of the Rendezvous Point by enabling PIM Sparse mode on a Loopback interface and assigning a low IP address To display PIM neighbors for each interface use the show ip pim neighbor command EXEC Privilege mode Dell show ip pim neighbor Neighbor Interface Uptime Expires Ver DR Address Prio Mode 127 87 5 5 ...

Page 685: ...efault is 210 2 Set the expiry time for a specific S G entry as shown in the following example CONFIGURATION mode ip pim sparse mode sg expiry timer seconds sg list access list name The range is from 211 to 86 400 seconds The default is 210 Example Configuring an S G Expiry Time NOTE The expiry time configuration is nullified and the default global expiry time is used if an ACL is specified in the...

Page 686: ...the Rendezvous Point Multicast Group Information To display the assigned RP for a group use the show ip pim rp command from EXEC privilege mode Dell show ip pim rp Group RP 225 0 1 40 165 87 50 5 226 1 1 1 165 87 50 5 To display the assigned RP for a group range group to RP mapping use the show ip pim rp mapping command in EXEC privilege mode Dell show ip pim rp mapping PIM Group to RP Mappings Gr...

Page 687: ...ary defined by PIM multicast border routers PMBRs PMBRs connect each PIM domain to the rest of the Internet Create multicast boundaries and domains by filtering inbound and outbound bootstrap router BSR messages per interface The following command is applied to the subsequent inbound and outbound updates Timeout removes existing BSR advertisements Create multicast boundaries and domains by filteri...

Page 688: ...dresses because if multiple applications use the same address receivers receive unwanted traffic However global multicast address space is limited Currently GLOP EGLOP is used to statically assign Internet routable multicast addresses but each autonomous system number yields only 255 multicast addresses For short term applications an address could be leased but no global dynamic multicast address ...

Page 689: ...ivers support only IGMP version 1 or version 2 by translating G entries to S G entries Translate G entries to S G entries using the ip igmp ssm map acl command source from CONFIGURATION mode In a standard access list specify the groups or the group ranges that you want to map to a source Then specify the multicast source When an SSM map is in place and Dell Networking OS cannot find any matching a...

Page 690: ...p groups Total Number of Groups 2 IGMP Connected Group Membership Group Address Interface Mode Uptime Expires Last Reporter 239 0 0 2 Vlan 300 IGMPv2 Compat 00 00 07 Never 10 11 3 2 Member Ports Te 1 1 239 0 0 1 Vlan 400 INCLUDE 00 00 10 Never 10 11 4 2 R1 conf show ip igmp ssm map Interface Vlan 101 Group 226 0 0 0 Uptime 10 40 31 Expires Never Router mode IGMPv2 Last reporter 110 0 101 22 Group ...

Page 691: ...eporter mode INCLUDE Last report received ALLOW Group source list Source address Uptime Expires 10 11 5 2 00 00 05 00 02 04 Member Ports Te 1 2 Electing an RP using the BSR Mechanism Every PIM router within a domain must map a particular multicast group address to the same RP The group to RP mapping may be statically or dynamically configured RFC 5059 specifies a dynamic self configuring method ca...

Page 692: ... configure an RP candidate for a specified range of multicast group address The Configured multicast group ranges are used by the BSR protocol to advertise the candidate RPs in the bootstrap messages You can configure the multicast group ranges as a standard ACL list of multicast prefixes You can then associate the configured group list with the RP candidate NOTE If there is no multicast group lis...

Page 693: ...hat it can be sent across a routed network Topics Important Points to Remember Port Monitoring Configuring Port Monitoring Configuring Monitor Multicast Queue Enabling Flow Based Monitoring Remote Port Mirroring Encapsulated Remote Port Monitoring ERPM Behavior on a typical Dell Networking OS Port Monitoring on VLT Important Points to Remember Port Monitoring is supported on both physical and logi...

Page 694: ...G port this message displays Error will be thrown in case of RPM and ERPM features In the following examples ports 1 13 1 14 1 15 and 1 16 all belong to the same port pipe They are pointing to four different destinations 1 1 1 2 1 3 and 1 37 Now it is not possible for another source port from the same port pipe for example 1 17 to point to another new destination for example 1 4 If you attempt to ...

Page 695: ... 300 Te 1 17 Te 1 1 rx interface 0 0 0 0 0 0 0 0 0 0 No N A N A yes Dell Example of Viewing a Monitoring Session In the example below 0 25 and 0 26 belong to Port pipe 1 This port pipe has the same restriction of only four destination ports new or used Dell conf mon sess 300 do show mon session SessID Source Destination Dir Mode Source IP Dest IP DSCP TTL Drop Rate Gre Protocol FcMonitor 0 Te 1 13...

Page 696: ... configuration other than no shutdown as shown in the following example EXEC Privilege mode show interface 2 Create a monitoring session using the command monitor session from CONFIGURATION mode as shown in the following example CONFIGURATION mode monitor session monitor session type rpm erpm type is an optional keyword required only for rpm and erpm 3 Specify the source and destination port and d...

Page 697: ...0 No N A N A No NOTE Source as VLAN is achieved via Flow based mirroring Please refer section Enabling Flow Based Monitoring In the following example the host and server are exchanging traffic which passes through the uplink interface 1 1 Port 1 1 is the monitored port and port 1 42 is the destination port which is configured to only monitor traffic received on tengigabitethernet 1 1 host originat...

Page 698: ...hing rules with the keyword monitor CONFIGURATION mode ip access list Refer to Access Control Lists ACLs 3 Apply the ACL to the monitored port INTERFACE mode ip access group access list Example of the flow based enable Command To view an access list that you applied to an interface use the show ip accounting access list command from EXEC Privilege mode Dell conf monitor session 0 Dell conf mon ses...

Page 699: ...t way In a remote port mirroring session monitored traffic is tagged with a VLAN ID and switched on a user defined non routable L2 VLAN The VLAN is reserved in the network to carry only mirrored traffic which is forwarded on all egress ports of the VLAN Each intermediate switch that participates in the transport of mirrored traffic must be configured with the reserved L2 VLAN Remote port monitorin...

Page 700: ...sion for a reserved VLAN at the same time for multiple remote port mirroring sessions You can enable and disable individual mirroring sessions BPDU monitoring is not required to use remote port mirroring A remote port mirroring session mirrors monitored traffic by prefixing the reserved VLAN tag to monitored packets so that they are copied to the reserve VLAN Mirrored traffic is transported across...

Page 701: ...tionally configure one or more source VLANs to specify the VLAN traffic to be mirrored on source ports You can use the default VLAN and native VLANs as a source VLAN You cannot configure the dedicated VLAN used to transport mirrored traffic as a source VLAN Egressing remote vlan packets are rate limited to a default value of 100 Mbps To change the mirroring rate configure rate limit within the RPM...

Page 702: ...n 300 rx Port N A N A 2 Po 10 remote vlan 300 rx Port N A N A To display the current configuration of the reserved VLAN enter the show vlan command Dell show vlan Codes Default VLAN G GVRP VLANs R Remote Port Mirroring VLANs P Primary C Community I Isolated O Openflow Q U Untagged T Tagged x Dot1x untagged X Dot1x tagged o OpenFlow untagged O OpenFlow tagged G GVRP tagged M Vlan stack i Internal u...

Page 703: ...ode remote port mirroring Dell conf if vl 20 tagged te 1 6 Dell conf if vl 20 exit Dell conf monitor session 2 type rpm Dell conf mon sess 2 source vlan 100 destination remote vlan 20 dir rx Dell conf mon sess 2 no disable Dell conf mon sess 2 flow based enable Dell conf mon sess 2 exit Dell conf mac access list standard mac_acl Dell config std macl permit 00 00 00 00 11 22 count monitor Dell conf...

Page 704: ...0 tagged te 1 2 Dell conf if vl 20 exit Dell conf interface vlan 30 Dell conf if vl 30 mode remote port mirroring Dell conf if vl 30 tagged te 1 3 Dell conf if vl 30 exit Dell conf monitor session 1 type rpm Dell conf mon sess 1 source remote vlan 10 dest te 1 4 Dell conf mon sess 1 exit Dell conf monitor session 2 type rpm Dell conf mon sess 2 source remote vlan 20 destination te 1 5 Dell conf mo...

Page 705: ...ied in the session NOTE When configuring ERPM follow these guidelines The Dell Networking OS supports ERPM source session only Encapsulated packets terminate at the destination IP address or at the analyzer You can configure up to four ERPM source sessions on switch Configure the system MTU to accommodate the increased size of the ERPM mirrored packet The maximum number of source ports you can def...

Page 706: ...llowing example shows an ERPM configuration Dell conf monitor session 0 type erpm Dell conf mon sess 0 source tengigabitethernet 1 9 direction rx Dell conf mon sess 0 source port channel 1 direction tx Dell conf mon sess 0 erpm source ip 1 1 1 1 dest ip 7 1 1 2 gre protocol 111 Dell conf mon sess 0 no disable Dell conf monitor session 1 type erpm Dell conf mon sess 1 source vlan 11 direction rx De...

Page 707: ...er plus a new L2 header and sent to the destination ip address Port D s ip address on the sniffer The Header that gets attached to the packet is 38 bytes long If the sniffer does not support IP interface a destination switch will be needed to receive the encapsulated ERPM packet and locally mirror the whole packet to the Sniffer or a Linux Server Decapsulation of ERPM packets at the Destination IP...

Page 708: ...nother interface on the Linux server via which the decapsulation packets can Egress In case there is only one interface the ingress interface itself can be specified as Egress and the analyzer can listen in the tx direction Port Monitoring on VLT Devices on which VLT is configured are seen as a single device in the network You can apply port monitoring function on the VLT devices in the network Po...

Page 709: ...rios Scenario RPM Restriction Recommended Solution Mirroring an Orphan Port on a VLT LAG In this scenario the orphan port on a VLT device is mirrored to the VLT LAG that connects a top of rack TOR switch to the VLT device The packet analyzer is connected to the TOR switch The bandwidth of the VLTi link is unnecessarily used by mirrored traffic if max rate limit value is configured in the RPM mirro...

Page 710: ...e configuration on the secondary VLT device source remote vlan destination orphan port None Mirroring member port of ICL LAG to Orphan Port of peer vlt device In this scenario a member port of the ICL LAG or a member port of the VLT LAG is mirrored to an orphan port on the peer VLT device The packet analyzer is connected to the peer VLT device The bandwidth of the VLTi link is unnecessarily used b...

Page 711: ...rvice provider environment because multiple customers are likely to maintain servers that must be strictly separated in customer specific groups A set of servers owned by a customer could comprise a community VLAN so that those servers could communicate with each other and would be isolated from other customers Another customer might have another set of servers in another community VLAN Another cu...

Page 712: ... traffic between switches A trunk port in a PVLAN is always tagged In tagged mode the trunk port carries the primary or secondary VLAN traffic The tag on the packet helps identify the VLAN to which the packet belongs A trunk port can also belong to a regular VLAN non private VLAN Each of the port types can be any type of physical Ethernet port including port channels LAGs For more information abou...

Page 713: ...nd show vlan commands provide PVLAN data For more information refer to the Dell Networking OS Command Line Reference Guide Configuration Task List The following sections contain the procedures that configure a private VLAN Creating PVLAN Ports Creating a Primary VLAN Creating a Community VLAN Creating an Isolated VLAN Creating PVLAN ports PVLAN ports are ports that will be assigned to the PVLAN 1 ...

Page 714: ...ort based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN A primary VLAN also contains a mapping to secondary VLANs which comprise community VLANs and isolated VLANs 1 Access INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces CONFIGURATION mode interface vlan vlan id 2 Enable the VLAN INT...

Page 715: ... other and with the promiscuous ports in the primary VLAN 1 Access INTERFACE VLAN mode for the VLAN that you want to make a community VLAN CONFIGURATION mode interface vlan vlan id 2 Enable the VLAN INTERFACE VLAN mode no shutdown 3 Set the PVLAN mode of the selected VLAN to community INTERFACE VLAN mode private vlan mode community 4 Add one or more host ports to the VLAN INTERFACE VLAN mode tagge...

Page 716: ... of Configuring Private VLAN Members The following example shows the use of the PVLAN commands that are used in VLAN INTERFACE mode to configure the PVLAN member VLANs primary community and isolated VLANs Dell conf Dell conf interface vlan 10 Dell conf vlan 10 private vlan mode primary Dell conf vlan 10 private vlan mapping secondary vlan 100 101 Dell conf vlan 10 untagged Te 2 1 Dell conf vlan 10...

Page 717: ... to community VLAN 4002 The result is that The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000 All the ports in the secondary VLANs both communit...

Page 718: ...PVLAN parts of the running config from the S50V switch in the topology diagram previously shown Display the type and status of the configured PVLAN interfaces show interfaces private vlan interface interface This command is specific to the PVLAN feature For more information refer to the Security chapter in the Dell Networking OS Command Line Reference Guide Display the configured PVLANs or interfa...

Page 719: ... T Te 1 21 The following example shows viewing a private VLAN configuration interface TenGigabitEthernet 1 3 no ip address switchport switchport mode private vlan promiscuous no shutdown interface TenGigabitEthernet 1 4 no ip address switchport switchport mode private vlan host no shutdown interface TenGigabitEthernet 1 5 no ip address switchport switchport mode private vlan host no shutdown inter...

Page 720: ...erview PVST is a variation of spanning tree developed by a third party that allows you to configure a separate spanning tree instance for each virtual local area network VLAN For more information about spanning tree refer to the Spanning Tree Protocol STP chapter Figure 106 Per VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree as shown in the following tabl...

Page 721: ...o set up VLANs refer to Virtual LANs VLANs Configure Per VLAN Spanning Tree Plus Configuring PVST is a four step process 1 Configure interfaces for Layer 2 2 Place the interfaces in VLANs 3 Enable PVST 4 Optionally for load balancing select a nondefault bridge priority for a VLAN Related Configuration Tasks Modifying Global PVST Parameters Modifying Interface PVST Parameters Configuring an EdgePor...

Page 722: ... conf pvst show config verbose protocol spanning tree pvst no disable vlan 100 bridge priority 4096 Influencing PVST Root Selection As shown in the previous per VLAN spanning tree illustration all VLANs use the same forwarding topology because R2 is elected the root and all TenGigabitEthernet ports have the same cost The following per VLAN spanning tree illustration changes the bridge priority of ...

Page 723: ... mode vlan bridge priority The range is from 0 to 61440 The default is 32768 Example of the show spanning tree pvst vlan Command To display the PVST forwarding topology use the show spanning tree pvst vlan vlan id command from EXEC Privilege mode Dell_E600 conf do show spanning tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096 Address 0001 e80d b6d6 Root Bridge hello time 2 max age 20 ...

Page 724: ... on other PVST bridges Forward delay the amount of time an interface waits in the Listening state and the Learning state before it transitions to the Forwarding state Hello time the time interval in which the bridge sends bridge protocol data units BPDUs Max age the length of time the bridge maintains configuration information before it refreshes that information by recomputing the PVST topology T...

Page 725: ...terfaces 200 Port Channel with 100 Mb s Ethernet interfaces 180000 Port Channel with 1 Gigabit Ethernet interfaces 18000 Port Channel with 10 Gigabit Ethernet interfaces 1800 Port Channel with 25 Gigabit Ethernet interfaces 1200 Port Channel with 50 Gigabit Ethernet interfaces 200 Port Channel with 100 Gigabit Ethernet interfaces 180 NOTE The Dell Networking OS implementation of PVST uses IEEE 802...

Page 726: ...on this physical port the physical port is enabled in the hardware You can clear the Error Disabled state with any of the following methods Perform a shutdown command on the interface Disable the shutdown on violation command on the interface the no spanning tree stp id portfast bpduguard shutdown on violation command Disable spanning tree on the interface the no spanning tree command in INTERFACE...

Page 727: ...sys id ext 5 Address 0001 e832 73f7 We are the root of Vlan 5 Configured hello time 2 max age 20 forward delay 15 PVST Sample Configurations The following examples provide the running configurations for the topology shown in the previous illustration Example of PVST Configuration R1 interface TenGigabitEthernet 1 22 no ip address switchport no shutdown interface TenGigabitEthernet 1 32 no ip addre...

Page 728: ...ace Vlan 200 no ip address tagged TenGigabitEthernet 2 12 32 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 2 12 32 no shutdown protocol spanning tree pvst no disable vlan 200 bridge priority 4096 Example of PVST Configuration R3 interface TenGigabitEthernet 3 12 no ip address switchport no shutdown interface TenGigabitEthernet 3 22 no ip address switchport no shutdown inte...

Page 729: ...protocol spanning tree pvst no disable vlan 300 bridge priority 4096 Per VLAN Spanning Tree Plus PVST 729 ...

Page 730: ...ure Port based Rate Policing Ingress Configure Port based Rate Shaping Egress Policy Based QoS Configurations Ingress Egress Classify Traffic Ingress Create a Layer 3 Class Map Ingress Set DSCP Values for Egress Packets Based on Flow Ingress Create a Layer 2 Class Map Ingress Create a QoS Policy Ingress Egress Create an Input QoS Policy Ingress Configure Policy Based Rate Policing Ingress Set a DS...

Page 731: ...Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict Priority Queueing Weighted Random Early Detection Egress Create WRED Profiles Egress Figure 109 Dell Networking QoS Architecture Topics Quality of Service QoS 731 ...

Page 732: ...Priority Bits for QoS Indication It also implements these Internet Engineering Task Force IETF documents RFC 2474 Definition of the Differentiated Services Field DS Field in the IPv4 Headers RFC 2475 An Architecture for Differentiated Services RFC 2597 Assured Forwarding PHB Group RFC 2598 An Expedited Forwarding PHB You cannot configure port based and policy based QoS on the same interface Port B...

Page 733: ...ION mode which applies the configuration to all interfaces A CONFIGURATION mode service class dynamic dot1p entry supersedes any INTERFACE entries For more information refer to Mapping dot1p Values to Service Queues NOTE You cannot configure service policy input and service class dynamic dot1p on the same interface Honor dot1p priorities on ingress traffic INTERFACE mode service class dynamic dot1...

Page 734: ...owing example shows configuring rate policing Dell configure terminal Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 rate police 100 40 peak 150 50 Dell conf if te 1 1 end Configuring Port Based Rate Shaping Rate shaping buffers rather than drops traffic exceeding the specified rate until the buffer is exhausted If any stream exceeds the configured bandwidth on a continuous basis i...

Page 735: ...Networking OS matches packets against match criteria in the order that you configure them Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value or IP precedence and characteristics defined in an IP ACL You can also use VLAN IDs and VRF IDs to classify the traffic using layer 3 class maps You may specify more than one DSCP and IP precedence value bu...

Page 736: ...p exit Dell conf class map match all cmap2 Dell conf class map match ip access group acl2 Dell conf class map exit Dell conf policy map input pmap Dell conf policy map in service queue 3 class map cmap1 Dell conf policy map in service queue 1 class map cmap2 Dell conf policy map in exit Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 service policy input pmap Examples of Creating a ...

Page 737: ...s within the range 20 1 1 0 24 match positive against cmap1 and are buffered in queue 7 though you intended for these packets to match positive against cmap2 and be buffered in queue 4 In cases such as these where class maps with overlapping ACL rules are applied to different queues use the keyword order Dell Networking OS writes to the CAM ACL rules with lower order numbers order numbers closer t...

Page 738: ...dex Flag Port Port Marking 20416 1 18 IP 0x0 0 0 23 64 0 5 32 0 0 0 0 0 20 2 20417 1 18 IP 0x0 0 0 0 0 0 0 0 0 0 0 0 0 0 20418 1 0 IP 0x0 0 0 23 64 0 2 32 0 0 0 0 0 10 1 20419 1 0 IP 0x0 0 0 0 0 0 0 0 0 0 0 0 0 0 20420 1 0 IP 0x0 0 0 23 64 0 3 32 0 0 0 0 0 12 1 20421 1 0 IP 0x0 0 0 0 0 0 0 0 0 0 0 0 0 0 20422 1 10 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 14 1 24511 1 0 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 0 In the ...

Page 739: ...n in the show qos statistics command is reset NOTE To avoid issues misconfiguration causes Dell Networking recommends configuring either DCBX or Egress QoS features but not both simultaneously If you enable both DCBX and Egress QoS at the same time the DCBX configuration is applied and unexpected behavior occurs on the Egress QoS Creating an Input QoS Policy To create an input QoS policy use the f...

Page 740: ...Deficit Round Robin DRR This strategy offers a guaranteed data rate Allocate bandwidth to queues only in terms of percentage in 4 queue and 8 queue systems The following table shows the default bandwidth percentage for each queue The following table lists the default bandwidth weights for each queue and their equivalent percentage which is derived by dividing the bandwidth weight by the sum of all...

Page 741: ...ying the keyword layer2 with the policy map input command 2 After you create an input policy map do one or more of the following Applying a Class Map or Input QoS Policy to a Queue Applying an Input QoS Policy to an Input Policy Map Honoring DSCP Values on Ingress Packets Honoring dot1p Values on Ingress Packets 3 Apply the input policy map to an interface Applying a Class Map or Input QoS Policy ...

Page 742: ...DSCP CP decimal 111XXX Network Control 3 48 63 110XXX Internetwork Control 3 48 63 101XXX EF Expedited Forwarding CRITIC ECP 2 32 47 100XXX AF4 Assured Forwarding Flash Override 2 32 47 011XXX AF3 Flash 1 16 31 010XXX AF2 Immediate 1 16 31 001XXX AF1 Priority 0 0 15 000XXX BE Best Effort Best Effort 0 0 15 Enable the trust DSCP feature POLICY MAP IN mode trust diffserv Honoring dot1p Values on Ing...

Page 743: ...ayer 2 or Layer 3 service policies supersede dot1p service classes Create service classes INTERFACE mode service class dynamic dot1p Guaranteeing Bandwidth to dot1p Based Service Queues To guarantee bandwidth to dot1p based service queues use the following command Apply this command in the same way as the bandwidth percentage command in an output QoS policy refer to Allocating Bandwidth to Queue T...

Page 744: ... one or more of the following Applying an Output QoS Policy to a Queue Specifying an Aggregate QoS Policy Applying an Output Policy Map to an Interface 3 Apply the policy map to an interface Applying an Output QoS Policy to a Queue To apply an output QoS policy to a queue use the following command Apply an output QoS policy to queues INTERFACE mode service queue Specifying an Aggregate QoS Policy ...

Page 745: ...dence is dropped Important Points to Remember All DSCP values that are not specified as yellow or red are colored green low drop precedence A DSCP value cannot be in both the yellow and red lists Setting the red or yellow list with any DSCP value that is already in the other list results in an error and no update to that DSCP list is made Each color map can only have one list of DSCP values for ea...

Page 746: ... Dell show qos dscp color map mapTWO Dscp color map mapTWO yellow 16 55 Displaying a DSCP Color Policy Configuration To display the DSCP color policy configuration for one or all interfaces use the show qos dscp color policy summary interface detail interface command in EXEC mode summary Displays summary information about a color policy on one or more interfaces detail Displays detailed color poli...

Page 747: ...f packet overhead to include in rate limiting policing and shaping calculations CONFIGURATION mode qos rate adjust overhead bytes For example to include the Preamble and SFD type qos rate adjust 8 For variable length overhead fields know the number of bytes you want to include The default is disabled The range is from 1 to 31 Enabling Strict Priority Queueing In strict priority queuing the system ...

Page 748: ...D uses a profile to specify minimum and maximum threshold values The minimum threshold is the allotted buffer space for specified traffic for example 1000KB on egress If the 1000KB is consumed packets are dropped randomly at an exponential rate until the maximum threshold is reached as shown in the following illustration this procedure is the early detection part of WRED If the maximum threshold f...

Page 749: ...01 map to yellow all other values map to green If you do not configure Dell Networking OS to honor DSCP values on ingress refer to Honoring DSCP Values on Ingress Packets all traffic defaults to green drop precedence Assign a WRED profile to either yellow or green traffic QOS POLICY OUT mode wred Displaying Default and Configured WRED Profiles To display the default and configured WRED profiles us...

Page 750: ...erface a policy map that requires more entries than are available In this case the system writes as many entries as possible and then generates an CAM full error message shown in the following example The partial policy map configuration might cause unintentional system behavior EX2YD 12 DIFFSERV 2 DSA_QOS_CAM_INSTALL_FAILED Not enough space in L3 Cam PolicyQos for class 2 TeGi 12 20 entries on po...

Page 751: ...m consuming too much of the BTM resources WRED drops packets when the average queue length exceeds the configured threshold value to signify congestion ECN is a capability that enhances WRED by marking the packets instead of causing WRED to drop them when the threshold value is exceeded If you configure ECN for WRED devices employ ECN to mark the packets and reduce the rate of sending packets in a...

Page 752: ...one or more queues have WRED enabled and ECN disabled WRED is effective for the minimum of the thresholds between the queue threshold and the service pool threshold When WRED is configured on the global service pool regardless of whether ECN on global service pool is configured and one or more queues are enabled with both WRED and ECN ECN marking takes effect The packets are ECN marked up to share...

Page 753: ...policy out wred profile weight number 2 Configure a WRED profile and specify the threshold and maximum drop rate WRED mode Dell conf wred wred profile thresh 1 Dell conf wred threshold min 100 max 200 max drop rate 40 3 Configure another WRED profile and specify the threshold and maximum drop rate WRED mode Dell conf wred wred profile thresh 2 Dell conf wred threshold min 300 max 400 max drop rate...

Page 754: ...ackets Using ECN and Color Marking Explicit Congestion Notification ECN is a capability that enhances WRED by marking the packets instead of causing WRED to drop them when the threshold value is exceeded If you configure ECN for WRED devices employ this functionality of ECN to mark the packets and reduce the rate of sending packets in a congested heavily loaded network ECN is a mechanism using whi...

Page 755: ...ion to the DSCP categorization The IPv4 ACLs standard and Extended are enhanced to add this qualifier This new keyword ecn is present for all L3 ACL types TCP UDP IP ICMP at the level where the DSCP qualifier is positioned in the current ACL commands Dell Networking OS supports the capability to contain DSCP and ECN classifiers simultaneously for the same ACL entry You can use the ecn keyword with...

Page 756: ... need to be enqueued in queue 2 and packets with DSCP value as 50 need to be enqueued in queue 3 And all the packets with ecn value as 0 must be marked as yellow The above requirement can be achieved using either of the two approaches The above requirement can be achieved using either of the two approaches Approach without explicit ECN match qualifiers for ECN packets ip access list standard dscp_...

Page 757: ...packets that contain a dot1p IEEE 802 1p VLAN Layer 2 header configure VLAN tags on a Layer 3 port interface which is configured with an IP address but has no VLAN associated with it You can also configure a VLAN sub interface on the port interface and apply a policy map that classifies packets using the dot1p VLAN ID To apply an input policy map with Layer 2 match criteria to a Layer 3 port inter...

Page 758: ...tch any or a match all Layer 3 class map depending on whether you want the packets to meet all or any of the match criteria By default a Layer 3 class map is created if you do not enter the layer2 option with the class map command When you create a class map you enter the class map configuration mode CONFIGURATION mode Dell conf class map match all pp_classmap 2 Configure a DSCP value as a match c...

Page 759: ...ach the policy map to the interface Dell Networking OS support different types of match qualifiers to classify the incoming traffic Match qualifiers can be directly configured in the class map command or it can be specified through one or more ACL which in turn specifies the combination of match qualifiers Until Release 9 3 0 0 support is available for classifying traffic based on the 6 bit DSCP f...

Page 760: ...ets are considered as green without the rate policer and trust diffserve configuration and hence support would be provided to mark the packets as yellow alone will be provided By default Dell Networking OS drops all the RED or violate packets The following combination of marking actions to be specified match sequence of the class map command set a new DSCP for the packet set the packet color as ye...

Page 761: ...Consider the example where there are no different traffic classes that is all the packets are egressing on the default queue0 Dell Networking OS can be configured as below to mark the non ecn packets as yellow packets ip access list standard ecn_0 seq 5 permit any ecn 0 class map match any ecn_0_cmap match ip access group ecn_0 set color yellow policy map input ecn_0_pmap service queue 0 class map...

Page 762: ...15 permit any dscp 40 ecn 3 ip access list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ip access list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class map match any class_dscp_40 match ip access group dscp_40_non_ecn set color yellow match ip access group dscp_40_ecn class map match any class_dscp_50 match ip access group dscp_50_non_ecn set color yellow match ip access gr...

Page 763: ...level snapshot in the egress and ingress direction of traffic use show hardware stack unit id buffer stats snapshot unit id resource x EXEC EXEC Privilege mode Dell show hardware stack unit 1 buffer stats snapshot unit 3 resource interface all queue mcast 3 Unit 1 unit 3 port 1 interface Fo 1 144 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 5 interface Fo 1 148 Q TYPE Q TOTAL BUFFERE...

Page 764: ...t id all all to view buffer statistics tracking resource information for a specific interface EXEC EXEC Privilege mode Dell show hardware buffer stats snapshot resource interface fortyGigE 0 0 queue all Unit 0 unit 0 port 1 interface Fo 0 0 Q TYPE Q TOTAL BUFFERED CELLS UCAST 0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0...

Page 765: ...ation that is used to update the routing table is sent as either a request or response message In RIPv1 automatic updates to the routing table are performed as either one time requests or periodic responses every 30 seconds RIP transports its responses or requests by means of user datagram protocol UDP over port 520 RIP must receive regular routing updates to maintain a correct routing table Respo...

Page 766: ...OUTER RIP and INTERFACE Commands executed in the ROUTER RIP mode configure RIP globally while commands executed in the INTERFACE mode configure RIP features on that interface only RIP is best suited for small homogeneous networks You must configure all devices within the RIP network to support RIP if they are to participate in the RIP Configuration Task List The following is the configuration task...

Page 767: ...UTER RIP mode Dell conf router_rip show config router rip network 10 0 0 0 Dell conf router_rip When the RIP process has learned the RIP routes use the show ip rip database command in EXEC mode to view those routes Dell show ip rip database Total number of routes in RIP database 978 160 160 0 0 16 120 1 via 29 10 10 12 00 00 26 Fa 1 49 160 160 0 0 16 auto summary 2 0 0 0 8 120 1 via 29 10 10 12 00...

Page 768: ...ion between it and the Dell Networking system ROUTER RIP mode neighbor ip address You can use this command multiple times to exchange RIP information with as many RIP networks as you want Disable a specific interface from sending or receiving RIP routing information ROUTER RIP mode passive interface interface Assigning a Prefix List to RIP Routes Another method of controlling RIP or any routing pr...

Page 769: ...oute map map name Configure the following parameters process id the range is from 1 to 65535 metric the range is from 0 to 16 map name the name of a configured route map To view the current RIP configuration use the show running config command in EXEC mode or the show config command in ROUTER RIP mode Setting the Send and Receive Version To change the RIP version globally or on an interface in Del...

Page 770: ...0 0 Routing Information Sources Gateway Distance Last Update Distance default is 120 Dell To configure an interface to receive or send both versions of RIP include 1 and 2 in the command syntax The command syntax for sending both RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example Dell conf if ip rip send version 1 2 Dell conf if ip rip receive version 2 The following exampl...

Page 771: ...orm routing between discontiguous subnets disable automatic summarization With automatic route summarization disabled subnets are advertised The autosummary command requires no other configuration commands To disable automatic route summarization enter no autosummary in ROUTER RIP mode NOTE If you enable the ip split horizon command on an interface the system does not advertise the summarized addr...

Page 772: ...en you enable debugging you can view information on RIP protocol changes or RIP routes To enable RIP debugging use the following command debug ip rip interface database events trigger EXEC privilege mode Enable debugging of RIP Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function Dell debug ip rip RIP protocol debug is ON Dell To disab...

Page 773: ...re 2 RIP setup use the show ip route command To display Core 2 RIP activity use the show ip protocols command The following example shows the show ip rip database command to view the learned RIP routes on Core 2 Core2 conf router_rip end 00 12 24 RPM0 P CP SYS 5 CONFIG_I Configured from console by console Core2 show ip rip database Total number of routes in RIP database 7 10 11 30 0 24 120 1 via 1...

Page 774: ...a 10 11 20 1 Te 2 3 120 1 00 05 22 Core2 The following example shows the show ip protocols command to show the RIP configuration activity on Core 2 Core2 show ip protocols Routing Protocol is RIP Sending updates every 30 seconds next due in 17 Invalid after 180 seconds hold down 180 flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in effect Outgoing ...

Page 775: ...nected TenGigabitEthernet 3 21 10 11 30 0 24 directly connected TenGigabitEthernet 3 11 10 0 0 0 8 auto summary 192 168 1 0 24 directly connected TenGigabitEthernet 3 23 192 168 1 0 24 auto summary 192 168 2 0 24 directly connected TenGigabitEthernet 3 24 192 168 2 0 24 auto summary Core3 The following command shows the show ip routes command to view the RIP setup on Core 3 Core3 show ip routes Co...

Page 776: ...uting for Networks 10 11 20 0 10 11 30 0 192 168 2 0 192 168 1 0 Routing Information Sources Gateway Distance Last Update 10 11 20 2 120 00 00 22 Distance default is 120 Core3 RIP Configuration Summary Examples of Viewing RIP Configuration on Core 2 and Core 3 The following example shows viewing the RIP configuration on Core 2 interface TenGigabitEthernet 2 1 ip address 10 11 10 1 24 no shutdown i...

Page 777: ...terface TenGigabitEthernet 3 4 ip address 192 168 1 1 24 no shutdown interface TenGigabitEthernet 3 5 ip address 192 168 2 1 24 no shutdown router rip version 2 network 10 11 20 0 network 10 11 30 0 network 192 168 1 0 network 192 168 2 0 Routing Information Protocol RIP 777 ...

Page 778: ... following tasks Setting the rmon Alarm Configuring an RMON Event Configuring RMON Collection Statistics Configuring the RMON Collection History RMON implements the following standard request for comments RFCs for more information refer to the Standards Compliance chapter RFC 2819 RFC 3273 RFC 3434 RFC 4502 Fault Recovery RMON provides the following fault recovery functions Interface Down When an ...

Page 779: ...e RMON MIB If there is no corresponding rising threshold event the value should be zero falling threshold value value at which the falling threshold alarm is triggered or reset For the rmon alarm command this setting is a 32 bits value for the rmon hc alarm command this setting is a 64 bits value event number event number to trigger when the falling threshold exceeds its limit This value is identi...

Page 780: ...this command This configuration also generates an SNMP trap when the event is triggered using the SNMP community string eventtrap Dell conf rmon event 1 log trap eventtrap description High ifOutErrors owner nms1 Configuring RMON Collection Statistics To enable RMON MIB statistics collection on an interface use the RMON collection statistics command in INTERFACE CONFIGURATION mode Enable RMON MIB s...

Page 781: ...ssociated with the number of buckets specified for the RMON collection history group of statistics The value is limited to from 1 to 1000 The default is 50 as defined in RFC 2819 interval Optional specifies the number of seconds in each polling cycle seconds Optional the number of seconds in each polling cycle The value is ranged from 5 to 3 600 Seconds The default is 1 800 as defined in RFC 2819 ...

Page 782: ...iations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Configuring Rapid Spanning Tree Configuring RSTP is a two step process 1 Configure interfaces for Layer 2 2 Enable the rapid spanning tree protocol Related Conf...

Page 783: ... the spanning tree s operating domain as edge ports which are directly connected to end stations or server racks Ports connected directly to Layer 3 only routers not running STP should have RSTP disabled or be configured as edge ports Ensure that the primary VLT node is the root bridge and the secondary VLT peer node has the second best bridge ID in the network If the primary VLT peer node fails t...

Page 784: ...ally for all Layer 2 interfaces use the following commands 1 Enter PROTOCOL SPANNING TREE RSTP mode CONFIGURATION mode protocol spanning tree rstp 2 Enable RSTP PROTOCOL SPANNING TREE RSTP mode no disable Examples of the RSTP show Commands To disable RSTP globally for all Layer 2 interfaces enter the disable command from PROTOCOL SPANNING TREE RSTP mode To verify that RSTP is enabled use the show ...

Page 785: ...th cost 20000 Port priority 128 Port Identifier 128 377 Designated root has priority 32768 address 0001 e801 cbb4 Designated bridge has priority 32768 address 0001 e801 cbb4 Designated port id is 128 377 designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 121 received 9 The port is not in the Edge port mode Port 378 TenGigabitEthernet 2 2 is designated Forwarding Port path...

Page 786: ...01 e801 cbb4 128 380 Interface Name Role PortID Prio Cost Sts Cost Link type Edge Te 3 1 Altr 128 681 128 20000 BLK 20000 P2P No Te 3 2 Altr 128 682 128 20000 BLK 20000 P2P No Te 3 3 Root 128 683 128 20000 FWD 20000 P2P No Te 3 4 Altr 128 684 128 20000 BLK 20000 P2P No R3 Adding and Removing Interfaces To add and remove interfaces use the following commands To add an interface to the Rapid Spannin...

Page 787: ...ort Priority 128 To change these parameters use the following commands Change the forward delay parameter PROTOCOL SPANNING TREE RSTP mode forward delay seconds The range is from 4 to 30 The default is 15 seconds Change the hello time parameter PROTOCOL SPANNING TREE RSTP mode hello time seconds NOTE With large configurations especially those configurations with more ports Dell Networking recommen...

Page 788: ...wing commands Change the port cost of an interface INTERFACE mode spanning tree rstp cost cost The range is from 0 to 65535 The default is listed in the previous table Change the port priority of an interface INTERFACE mode spanning tree rstp priority priority value The range is from 0 to 15 The default is 128 To view the current values for interface parameters use the show spanning tree rstp comm...

Page 789: ...st mode in Spanning Tree CAUTION Configure EdgePort only on links connecting to an end station If you enable EdgePort on an interface connected to a network it can cause loops Dell Networking OS Behavior Regarding bpduguard shutdown on violation behavior If the interface to be shut down is a port channel all the member ports are disabled in the hardware When you add a physical port to a port chann...

Page 790: ...nd is available only for RSTP Configure a hello time on the order of milliseconds PROTOCOL RSTP mode hello time milli second interval The range is from 50 to 950 milliseconds Example of Verifying Hello Time Interval Dell conf rstp do show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0 Address 0001 e811 2233 Root Bridge hello time 50 ms max age 20 forwa...

Page 791: ...Software Defined Networking SDN The Dell Networking OS supports software defined networking SDN For more information see the SDN Deployment Guide 47 Software Defined Networking SDN 791 ...

Page 792: ...g OS Command Reference Guide AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services When you enable AAA accounting the network server reports user activity to the security server in the form of accounting records Each accounting record comprises accounting attribute value AV pairs and is stored on the access control...

Page 793: ...instructs the TACACS server to send a stop record accounting notice at the end of the requested user process tacacs designate the security service Currently Dell Networking OS supports only TACACS Suppressing AAA Accounting for Null Username Sessions When you activate AAA accounting the Dell Networking OS software issues accounting records for all users on the system including users whose username...

Page 794: ...ounted functions CONFIGURATION mode or EXEC Privilege mode show accounting Example of the show accounting Command for AAA Accounting Dell show accounting Active accounted actions on tty2 User admin Priv 1 Task ID 1 EXEC Accounting record 00 00 39 Elapsed service shell Active accounted actions on tty3 User admin Priv 1 Task ID 2 EXEC Accounting record 00 00 26 Elapsed service shell Dell AAA Authent...

Page 795: ...ds To configure an authentication method and method list use the following commands Dell Networking OS Behavior If you use a method list on the console port in which RADIUS or TACACS is the last authentication method and the server is not reachable Dell Networking OS allows access even though the username and password credentials cannot be verified Only the console port behaves this way and does s...

Page 796: ... do not set the default list only the local enable is checked This setting has the same effect as issuing an aaa authentication enable default enable command Enabling AAA Authentication RADIUS To enable authentication from the RADIUS server and use TACACS as a backup use the following commands 1 Enable RADIUS and set up TACACS as backup CONFIGURATION mode aaa authentication enable default radius t...

Page 797: ...r whenever there is a change in the authenticators The change in authentication happens when Add or remove an authentication server RADIUS TACACS Modify an AAA authentication authorization list Change to role only RBAC mode The re authentication is also applicable for authenticated 802 1x devices When there is a change in the authetication servers the supplicants connected to all the ports are for...

Page 798: ...nd Keys Dell config service obscure passwords AAA Authorization Dell Networking OS enables AAA new model by default You can set authorization to be either local or remote Different combinations of authentication and authorization yield different results By default Dell Networking OS sets both to local Privilege Levels Overview Limiting access to the system is one method of protecting the system an...

Page 799: ...on tasks for privilege levels and passwords Configuring a Username and Password mandatory Configuring the Enable Password Command mandatory Configuring Custom Privilege Levels mandatory Specifying LINE Mode Password and Privilege optional Enabling and Disabling Privilege Levels optional For a complete listing of all commands related to Dell Networking OS privilege levels and passwords refer to the...

Page 800: ... entered Dell Networking OS you can enter the enable 15 command to access and configure all CLIs Configuring Custom Privilege Levels In addition to assigning privilege levels to the user you can configure the privilege levels of commands so that they are visible in different privilege levels Within Dell Networking OS commands have certain privilege levels With the privilege command you can change ...

Page 801: ...l Commands To view the configuration use the show running config command in EXEC Privilege mode The following example shows a configuration to allow a user john to view only EXEC mode commands and all snmp server commands Because the snmp server commands are enable level commands and by default found in CONFIGURATION mode also assign the launch command for CONFIGURATION mode configure to the same ...

Page 802: ...NE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines The user s privilege level is the same as the privilege level assigned to the terminal line unless a more specific privilege level is assigned to the user To specify a password for the terminal line use the following commands Configure a custom privilege level for the terminal lines LI...

Page 803: ...plain text RADIUS uses UDP as the transport protocol between the RADIUS server host and the client For more information about RADIUS refer to RFC 2865 Remote Authentication Dial in User Service RADIUS Authentication Dell Networking OS supports RADIUS for user authentication text password at login and can be specified as one of the login authentication methods in the aaa authentication login comman...

Page 804: ...ing Only standard ACLs in authorization both RADIUS and TACACS are supported Authorization is denied in cases using Extended ACLs Auto Command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line The auto command command is executed when the user is authenticated and before the prompt appears to the user Automatically execute...

Page 805: ...y To create a method list use the following commands Enter a text string up to 16 characters long as the name of the method list you wish to use with the RADIUS authentication method CONFIGURATION mode aaa authentication login method list name radius Create a method list with RADIUS and TACACS as authorization methods CONFIGURATION mode aaa authorization exec method list name default radius tacacs...

Page 806: ...the software connects with the RADIUS server hosts one at a time until a RADIUS server host responds with an accept or reject response If you want to change an optional parameter setting for a specific host use the radius server host command To change the global communication settings to all RADIUS server hosts refer to Setting Global Communication Parameters for all RADIUS Server Hosts To view th...

Page 807: ...ocol for sending the login credentials to the RADIUS server The user password attribute is added to the access request message that is sent to the RADIUS server Depending on the success or failure of authentication the RADIUS server sends back an access accept or access reject message respectively MS CHAPv2 is secure than PAP MS CHAPv2 does not send user password in the Access Request message It i...

Page 808: ...ing TACACS as the Authentication Method One of the login authentication methods available is TACACS and the user s name and password are sent for authentication to the TACACS hosts specified To use TACACS to authenticate users specify at least one TACACS server for the system to communicate with and configure TACACS as one of your authentication methods To select TACACS as the login authentication...

Page 809: ...none aaa accounting exec default start stop tacacs aaa accounting commands 1 default start stop tacacs aaa accounting commands 15 default start stop tacacs Dell conf Dell conf do show run tacacs tacacs server key 7 d05206c308f4d35b tacacs server host 10 10 10 10 timeout 1 Dell conf tacacs server key angeline Dell conf RPM0 P CP SEC 5 LOGIN_SUCCESS Login successful for user admin on vty0 10 11 9 20...

Page 810: ...arameters use the following command Enter the host name or IP address of the TACACS server host CONFIGURATION mode tacacs server host hostname ip address port port number timeout seconds key key Configure the optional communication parameters for the specific host port port number the range is from 0 to 65535 Enter a TCP port number The default is 49 timeout seconds the range is from 0 to 1000 Def...

Page 811: ...d 3128 proposes a countermeasure to the problem This countermeasure is configured into the line cards and enabled by default Enabling SCP and SSH Secure shell SSH is a protocol for secure remote login and other secure network services over an insecure network Dell Networking OS is compatible with SSH versions 1 5 and 2 in both the client and server modes SSH sessions are encrypted and use authenti...

Page 812: ...switch to another use the following commands 1 On Switch 1 set the SSH port number port 22 by default CONFIGURATION MODE ip ssh server port number 2 On Switch 1 enable SSH CONFIGURATION MODE copy ssh server enable 3 On Switch 2 invoke SCP CONFIGURATION MODE copy scp flash 4 On Switch 2 in response to prompts enter the path to the desired file and enter the port number specified in Step 1 EXEC Priv...

Page 813: ... is enabled there is no RSA 1 key pair Any memory currently holding these keys is zeroized written over with zeroes and the NVRAM location where the keys are stored for persistence across reboots is also zeroized To remove the generated RSA host keys and zeroize the key storage location use the crypto key zeroize rsa command in CONFIGURATION mode Dell conf crypto key zeroize rsa Configuring When t...

Page 814: ...a1 When FIPS is enabled the default is diffie hellman group14 sha1 Example of Configuring a Key Exchange Algorithm The following example shows you how to configure a key exchange algorithm Dell conf ip ssh server kex diffie hellman group exchange sha1 diffie hellman group14 sha1 Configuring the HMAC Algorithm for the SSH Server To configure the HMAC algorithm for the SSH server use the ip ssh serv...

Page 815: ...ing HMAC algorithms are available hmac md5 hmac md5 96 hmac sha1 hmac sha1 96 hmac sha2 256 The default list of HMAC algorithm is in the following order hmac sha2 256 hmac sha1 hmac sha1 96 hmac md5 hmac md5 96 When FIPS is enabled the default HMAC algorithm is hmac sha2 256 hmac sha1 hmac sha1 96 Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algor...

Page 816: ...es256 cbc aes128 ctr aes192 ctr aes256 ctr The default cipher list is in the given order aes256 ctr aes256 cbc aes192 ctr aes192 cbc aes128 ctr aes128 cbc 3des cbc Example of Configuring a Cipher List The following example shows you how to configure a cipher list Dell conf ip ssh cipher aes128 ctr aes128 cbc 3des cbc Secure Shell Authentication Secure Shell SSH is enabled by default using the SSH ...

Page 817: ...ub to the Dell Networking system 3 Disable password authentication if enabled CONFIGURATION mode no ip ssh password authentication enable 4 Enable RSA authentication in SSH CONFIGURATION Mode ip ssh rsa authentication enable 5 Install user s public key for RSA authentication in SSH EXEC Privilege Mode ip ssh rsa authentication my authorized keys flash public_key Example of Generating RSA Keys admi...

Page 818: ...lient cat ssh_host_rsa_key pub ssh rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8K7jLZRVfjgHJzUOmXxuIbZx AyWhVgJDQh39k8v3e8eQvLnHBIsqIL8jVy1QHhUeb7GaDlJVEDAMz30myqQbJgXBBRTWgBpLWwL doyUXFufjiL9YmoVTkbKcFmxJEMkE3JyHanEi7hg34LChjk9hL1by8cYZP2kYS2lnSyQWk admin Unix_client ls id_rsa id_rsa pub shosts admin Unix_client cat shosts 10 16 127 201 ssh rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8K7jLZRVfjgHJzUOmXxuIbZx AyW hVgJDQh...

Page 819: ...rst enable SSH as previously described By default the Telnet daemon is enabled If you want to disable the Telnet daemon use the following command or disable Telnet in the startup config To enable or disable the Telnet daemon use the no ip telnet server enable command The Telnet server or client is VRF aware You can enable a Telnet server or client to listen to a specific VRF by using the vrf vrf i...

Page 820: ...zation Based on Access Class Retrieved from a Local Database Per User Dell conf user gooduser password abc privilege 10 access class permitall Dell conf user baduser password abc privilege 10 access class denyall Dell conf Dell conf aaa authentication login localmethod local Dell conf Dell conf line vty 0 9 Dell config line vty login authentication localmethod Dell config line vty end VTY Line Rem...

Page 821: ...Access Control With Role Based Access Control RBAC access and authorization is controlled based on a user s role Users are granted permissions based on their user roles not on their individual user ID User roles are created for job functions and through those roles they acquire the permissions to perform their associated job function This chapter consists of the following sections Overview Privile...

Page 822: ...omatically placed in EXEC Priv mode For greater security the ability to view event audit and security system log is associated with user roles For information about these topics see Audit and Security Logs Privilege or Role Mode versus Role only Mode By default the system provides access to commands determined by the user s role or by the user s privilege level The user s role takes precedence ove...

Page 823: ...est line vty 1 login authentication test authorization exec test To enable role based only AAA authorization enter the following command in Configuration mode Dell conf aaa authorization role only System Defined RBAC User Roles By default the Dell Networking OS provides 4 system defined user roles You can create up to 8 additional user roles NOTE You cannot delete any system defined roles The syst...

Page 824: ...herited from the system administrator can create roles and user names Only the system administrator security administrator and roles inherited from these can use the role command to modify command permissions The security administrator and roles inherited by security administrator can only modify permissions for commands they already have access to Make sure you select the correct role you want to...

Page 825: ...mmand for a role you specify the role the mode and whether you want to restrict access using the deleterole keyword or grant access using the addrole keyword followed by the command you are controlling access The following output displays the modes available for the role command Dell conf role configure Global configuration mode exec Exec Mode interface Interface configuration mode line Line Confi...

Page 826: ...rotocol MAC Example Remove Security Administrator Access to Line Mode The following example removes the secadmin access to LINE mode and then verifies that the security administrator can no longer access LINE mode using the show role mode configure line command in EXEC Privilege mode Dell conf role configure deleterole secadmin LINE Initial keywords of the command to modify Dell conf role configur...

Page 827: ...s Configuring AAA Authentication for Roles Configuring AAA Authorization for Roles Configuring TACACS and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination Users with defined roles and users with privileges are authenticated with the same mechanism There are six methods available for authentication radius tacac...

Page 828: ...information about how to configure authentication for roles see Configure AAA Authentication for Roles aaa authorization exec method list name default method method4 You can further restrict users permissions using the aaa authorization command command in CONFIGURATION mode aaa authorization command method list name default method method4 Examples of Applying a Method List The following configurat...

Page 829: ...tes allow the full set of features available for TACACS authorization and are authorized with the same attributes for RADIUS Example for Configuring a VSA Attribute for a Privilege Level 15 The following example configures an AV pair which allows a user to login from a network access server with a privilege level of 15 to have access to EXEC commands The format to create a Dell Network OS AV pair ...

Page 830: ...g method list to a role executed by a user with that user role use the accounting command in LINE mode accounting exec commands level role role name method list Example of Applying an Accounting Method to a Role The following example applies the accounting default method to the user role secadmin security administrator Dell conf vty 0 accounting commands role secadmin default Displaying Active Acc...

Page 831: ...xec Exec Mode interface Interface configuration mode line Line Configuration mode route map Route map configuration mode router Router configuration mode Dell show role mode configure username Role access sysadmin Dell show role mode configure password attributes Role access secadmin sysadmin Dell show role mode configure interface Role access netadmin sysadmin Dell show role mode configure line R...

Page 832: ...f the user credentials are valid the NAS server receives an Access Challenge request from the RADIUS server Access Accept NAS validates the username and password If the credentials are valid the RADIUS server sends an Access Request to the short message service one time password SMS OTP daemon to generate an OTP The OTP is sent to the user s e mail ID or mobile If the OTP is valid the RADIUS serve...

Page 833: ... from the RADIUS server NAS sends the input OTP in an Access Request to the RADIUS server and the user authentication succeeds or fails depending upon the Access Accept or Access Reject response received at NAS from the RADIUS server Configuring the System to Drop Certain ICMP Reply Messages You can configure the Dell Networking OS to drop ICMP reply messages When you configure the drop icmp comma...

Page 834: ... reply 129 Who are you request 139 Who are you reply 140 Mtrace response 200 Mtrace messages 201 NOTE The Dell Networking OS does not suppress the following ICMPv6 message types Packet too big 2 Echo request 128 Multicast listener query 130 Multicast listener report 131 Multicast listener done 132 Router solicitation 133 Router advertisement 134 Neighbor solicitation 135 Neighbor advertisement 136...

Page 835: ...tions customers and the provider would still share the 4094 available VLANs Instead 802 1ad allows service providers to add their own VLAN tag to frames traversing the provider network The provider can then differentiate customers even if they use the same VLAN ID and providers can map multiple customers to a single VLAN to overcome the 4094 VLAN limitation Forwarding decisions in the provider net...

Page 836: ...k enabled VLAN Dell Networking cautions against using the same MAC address on different customer VLANs on the same VLAN Stack VLAN You cannot ping across the trunk port link if one or both of the systems is an S4048 ON This limitation becomes relevant if you enable the port as a multi purpose port carrying single tagged and double tagged traffic Configure VLAN Stacking Configuring VLAN Stacking is...

Page 837: ...l ports and port channels can be access or trunk ports 1 Assign the role of access port to a Layer 2 port on a provider bridge that is connected to a customer INTERFACE mode vlan stack access 2 Assign the role of trunk port to a Layer 2 port on a provider bridge that is connected to another provider bridge INTERFACE mode vlan stack trunk 3 Assign all access ports and trunk ports to service provide...

Page 838: ...Tag is user configurable To set the S Tag TPID use the following command Select a value for the S Tag TPID CONFIGURATION mode vlan stack protocol type The default is 9100 To display the S Tag TPID for a VLAN use the show running config command from EXEC privilege mode Dell Networking OS displays the S Tag TPID only if it is a non default value Configuring Dell Networking OS Options for Trunk Ports...

Page 839: ...l conf if vl 100 untagged tengigabitethernet 1 1 Dell conf if vl 100 interface vlan 101 Dell conf if vl 101 tagged tengigabitethernet 1 1 Dell conf if vl 101 interface vlan 103 Dell conf if vl 103 vlan stack compatible Dell conf if vl 103 stack member tengigabitethernet 1 1 Dell conf if vl 103 stack do show vlan Codes Default VLAN G GVRP VLANs Q U Untagged T Tagged x Dot1x untagged X Dot1x tagged ...

Page 840: ... R3 VLAN Stacking The default TPID for the outer VLAN tag is 0x9100 The system allows you to configure both bytes of the 2 byte TPID Previous versions allowed you to configure the first byte only and thus the systems did not differentiate between TPIDs with a common first byte For example 0x8100 and any other TPID beginning with 0x81 were treated as the same TPID as shown in the following illustra...

Page 841: ...Figure 115 Single and Double Tag TPID Match Service Provider Bridging 841 ...

Page 842: ...Figure 116 Single and Double Tag First byte TPID Match 842 Service Provider Bridging ...

Page 843: ...ition Incoming Packet TPID System TPID Match Type Pre Version 8 2 1 0 Version 8 2 1 0 Ingress Access Point untagged 0xUVWX switch to default VLAN switch to default VLAN single tag 0x8100 0xUVWX single tag mismatch switch to default VLAN switch to default VLAN 0x8100 single tag match switch to VLAN switch to VLAN 0x81XY single tag first byte match switch to VLAN switch to default VLAN Service Provi...

Page 844: ...rop eligible indicator DEI bit in the S Tag indicates to a service provider bridge which packets it should prefer to drop when congested Enabling Drop Eligibility Enable drop eligibility globally before you can honor or mark the DEI value When you enable drop eligibility DEI mapping or marking takes place according to the defaults In this case the CFI is affected according to the following table T...

Page 845: ...configuration use the show interface dei honor interface slot port subport in EXEC Privilege mode Dell show interface dei honor Default Drop precedence Green Interface CFI DEI Drop precedence Te 1 1 0 Green Te 1 1 1 Yellow Te 2 9 1 Red Te 2 10 0 Yellow Marking Egress Packets with a DEI Value On egress you can set the DEI value according to a different mapping than ingress For ingress information r...

Page 846: ...ck NOTE The ability to map incoming C Tag dot1p to any S Tag dot1p requires installing up to eight entries in the Layer 2 QoS and Layer 2 ACL table for each configured customer VLAN The scalability of this feature is limited by the impact of the 1 8 expansion in these content addressable memory CAM tables Dell Networking OS Behavior For Option A shown in the previous illustration when there is a c...

Page 847: ...ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number vman qos vman qos dual fp number vman qos mark the S Tag dot1p and queue the frame according to the original C Tag dot1p This method requires half as many CAM entries as vman qos dual fp vman qos dual fp mark the S Tag dot1p and queue the frame according to the S Tag dot1p This method requires twice as many CAM e...

Page 848: ... illustration Figure 119 VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region Layer 2 protocol tunneling enables BPDUs to traverse the intermediate network by identifying frames with the Bridge Group Address rewriting the destination MAC to a user configured non reserved address and forwarding the frames Because t...

Page 849: ...iate network because only Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address In Dell Networking OS version 8 2 1 0 and later the L2PT MAC address is user configurable so you can specify an address that non Dell Networking systems can recognize and rewrite the address at egress edge Figure 120 VLAN Stacking with L2P...

Page 850: ... command Overwrite the BPDU with a user specified destination MAC address when BPDUs are tunneled across the provider network CONFIGURATION mode protocol tunnel destination mac The default is 01 01 e8 00 00 00 Setting Rate Limit BPDUs CAM space is allocated in sections called field processor FP blocks There are a total of 13 user configurable FP blocks The default number of blocks for L2PT is 0 yo...

Page 851: ...ridges treat BPDUs originating from the customer network as normal data frames rather than consuming them The same is true for GARP VLAN registration protocol GVRP 802 1ad specifies that provider bridges participating in GVRP use a reserved destination MAC address called the Provider Bridge GVRP Address 01 80 C2 00 00 0D to exchange GARP PDUs instead of the GVRP Address 01 80 C2 00 00 21 specified...

Page 852: ...ce counters into sFlow datagrams and forwards them to the sFlow collector at regular intervals The datagrams consist of information on but not limited to packet header ingress and egress interfaces sampling parameters and interface counters Application specific integrated circuits ASICs typically complete packet sampling sFlow collector analyses the sFlow datagrams received from different devices ...

Page 853: ...elds are not filled in extended gateway element in the sFlow datagram 802 1P source priority field is not filled in extended switch element in sFlow datagram Only Destination and Destination Peer AS number are packed in the dst as path field in extended gateway element If the packet being sampled is redirected using policy based routing PBR the sFlow datagram may contain incorrect extended gateway...

Page 854: ...ed due to sub sampling Enabling and Disabling sFlow on an Interface By default sFlow is disabled on all interfaces This CLI is supported on physical ports and link aggregation group LAG ports To enable sFlow on a specific interface use the following command Enable sFlow on an interface INTERFACE mode no sflow ingress enable To disable sFlow on an interface use the no version of this command Enabli...

Page 855: ...itethernet 1 1 Te 1 1 sFlow type Ingress Configured sampling rate 16384 Actual sampling rate 16384 Counter polling interval 20 Extended max header size 256 Samples rcvd from h w 0 Example of the show running config sflow Command Dell show running config sflow sflow collector 100 1 1 12 agent addr 100 1 1 1 sflow enable sflow max header size extended Dell show run int tengigabitEthernet 1 10 interf...

Page 856: ...c interface use the following command Display sFlow configuration information and statistics on a specific interface EXEC mode show sflow interface interface name Examples of the sFlow show Commands The following example shows the show sflow interface command Dell show sflow interface tengigabitethernet 1 1 Te 1 1 sFlow type Ingress Configured sampling rate 16384 Actual sampling rate 16384 Counter...

Page 857: ... configure an interface to use a different polling interval To configure the polling intervals globally in CONFIGURATION mode or by interface in INTERFACE mode use the following command Change the global default counter polling interval CONFIGURATION mode or INTERFACE mode sflow polling interval interval value interval value in seconds The range is from 15 to 86400 seconds The default is 20 second...

Page 858: ...e extended information in the datagram is disabled Confirm that extended information packing is enabled show sflow Examples of Verifying Extended sFlow The bold line shows that extended sFlow settings are enabled on all three types Dell show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate 32768 Global default counter polling int...

Page 859: ...ress traffic The previous points are summarized in following table Table 88 Extended Gateway Summary IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description static connected IGP static connected IGP Extended gateway data is not exported because there is no AS information static connected IGP BGP 0 Exported src_as and src_peer_as are zero because there is no AS information for IGP BGP stati...

Page 860: ...lue Updates using SNMP Enabling a Subset of SNMP Traps Enabling an SNMP Agent to Notify Syslog Server Failure Copy Configuration Files Using SNMP MIB Support for Power Monitoring MIB Support to Display the Available Memory Size on Flash MIB Support to Display the Software Core Files Generated by the System SNMP Support for WRED Green Yellow Red Drop Counters MIB Support to Display the Available Pa...

Page 861: ...iance with RFC 3826 SNMPv3 provides multiple authentication and privacy options for user configuration A subset of these options are the FIPS approved algorithms HMAC SHA1 96 for authentication and AES128 CFB for privacy The other options are not FIPS approved algorithms because of known security weaknesses The AES128 CFB privacy option is supported and is compliant with RFC 3826 The SNMPv3 featur...

Page 862: ...ttempt to enable or disable FIPS mode and if any SNMPv3 users are previously configured an error message is displayed stating you must delete all of the SNMP users before changing the FIPS mode 4 A message is logged indicating whether FIPS mode is enabled for SNMPv3 This message is generated only when the first SNMPv3 user is configured because you can modify the FIPS mode only when users are not ...

Page 863: ...P community is a group of SNMP agents and managers that are allowed to interact Communities are necessary to secure communication between SNMP managers and agents SNMP agents do not respond to requests from management stations that are not part of the community Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message You must specify whethe...

Page 864: ...ssword Configure an SNMP group password privileges only CONFIGURATION mode snmp server group groupname oid tree auth read name write name Configure an SNMPv3 view CONFIGURATION mode snmp server view view name 3 noauth included excluded NOTE To give a user read and write privileges repeat this step for each privilege type Configure an SNMP group with password or privacy privileges CONFIGURATION mod...

Page 865: ...1 161 1 3 6 1 2 1 1 3 0 The following example shows reading the value of the next managed object snmpgetnext v 2c c mycommunity 10 11 131 161 1 3 6 1 2 1 1 3 0 SNMPv2 MIB sysContact 0 STRING snmpgetnext v 2c c mycommunity 10 11 131 161 sysContact 0 The following example shows reading the value of the many managed objects at one time snmpwalk v 2c c mycommunity 10 11 131 161 1 3 6 1 2 1 1 SNMPv2 MI...

Page 866: ...ment station Identify the system manager along with this person s contact information for example an email address or phone number CONFIGURATION mode snmpset v version c community agent ip sysContact 0 s contact info You may use up to 55 characters The default is None From a management station Identify the physical location of the system for example San Jose 350 Holger Way 1st floor lab rack A1 1 ...

Page 867: ...ing OS sends SNMP traps CONFIGURATION mode snmp server trap source Example of RFC Defined SNMP Traps and Related Enable Commands The following example lists the RFC defined SNMP traps and the command used to enable each The coldStart and warmStart traps are enabled using a single command snmp authentication SNMP_AUTH_FAIL SNMP Authentication failed Request with invalid community string snmp coldst...

Page 868: ... chassis temperature MINOR_TEMP_CLR Minor alarm cleared chassis temperature normal s d temperature is within threshold of dC MAJOR_TEMP Major alarm chassis temperature high s temperature reaches or exceeds threshold of dC MAJOR_TEMP_CLR Major alarm cleared chassis temperature lower s d temperature is within threshold of dC envmon fan FAN_TRAY_BAD Major alarm fantray d is missing or down FAN_TRAY_O...

Page 869: ...0 high capacity rising threshold alarm from SNMP OID oid Enabling an SNMP Agent to Notify Syslog Server Failure You can configure a network device to send an SNMP trap if an audit processing failure occurs due to loss of connectivity with the syslog server If a connectivity failure occurs on a syslog server that is configured for reliable transmission an SNMP trap is sent and a message is displaye...

Page 870: ... Syslog server 10 11 226 121 port 9140 is reachable Copy Configuration Files Using SNMP To do the following use SNMP from a remote client copy the running config file to the startup config file copy configuration files from the Dell Networking system to a server copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses The ...

Page 871: ... 1 1 1 6 1 flash 2 slot0 3 tftp 4 ftp 5 scp Specifies the location of destination file If copyDestFileLocation is FTP or SCP you must specify copyServerAddress copyUserName and copyUserPassword copyDestFileName 1 3 6 1 4 1 6027 3 5 1 1 1 1 7 Path if the file is not in the default directory and filename Specifies the name of destination file copyServerAddress 1 3 6 1 4 1 6027 3 5 1 1 1 1 8 IP Addre...

Page 872: ...bject FTOS COPY CONFIG MIB copySrcFileType 101 To complete the command use as many MIB objects in the command as required by the MIB object descriptions shown in the previous table NOTE You can use the entire OID rather than the object name Use the form OID index i object value To view more information use the following options in the snmpset command c View the community either public or private m...

Page 873: ...ig 2 The following example shows how to copy configuration files from a UNIX machine using OID snmpset c public v 2c 10 11 131 162 1 3 6 1 4 1 6027 3 5 1 1 1 1 2 8 i 3 1 3 6 1 4 1 6027 3 5 1 1 1 1 5 8 i 2 SNMPv2 SMI enterprises 6027 3 5 1 1 1 1 2 8 INTEGER 3 SNMPv2 SMI enterprises 6027 3 5 1 1 1 1 5 8 INTEGER 2 Copying the Startup Config Files to the Server via FTP To copy the startup config to th...

Page 874: ...startup configuration on the Dell Networking system via FTP use the following command Copy a binary file from the server to the startup configuration on the Dell Networking system via FTP snmpset v 2c c public m f10 copy config mib force10system ip address copySrcFileType index i 1 copySrcFileLocation index i 4 copySrcFileName index s filepath filename copyDestFileType index i 3 copyServerAddress ...

Page 875: ...in a value for any of the MIB objects use the following command Get a copy config MIB object value snmpset v 2c c public m f10 copy config mib force10system ip address OID index mib object index index the index value used in the snmpset command used to complete the copy operation NOTE You can use the entire OID rather than the object name Use the form OID index Examples of Getting MIB Object Value...

Page 876: ...95 3000 1 2 110 7 2 1 7 Displays average input power start time SNMP Walk Example Output snmpwalk v 2c c public 10 16 131 156 1 3 6 1 4 1 674 10895 3000 1 2 110 7 2 1 5 SNMPv2 SMI enterprises 674 10895 3000 1 2 110 7 2 1 5 11 INTEGER 48 SNMPv2 SMI enterprises 674 10895 3000 1 2 110 7 2 1 5 12 INTEGER 40 snmpwalk v 2c c public 10 16 131 156 1 3 6 1 4 1 674 10895 3000 1 2 110 7 2 1 6 SNMPv2 SMI ente...

Page 877: ...10 1 2 10 1 3 Contains the time at which core files are created chSysCoresStackUnitNumber 1 3 6 1 4 1 6027 3 10 1 2 10 1 4 Contains information that includes which stack unit or processor the core file was originated from chSysCoresProcess 1 3 6 1 4 1 6027 3 10 1 2 10 1 5 Contains information that includes the process names that generated each core file Viewing the Software Core Files Generated by...

Page 878: ... 27 1 3 1 4 2107012 Counter64 0 SNMPv2 SMI enterprises 6027 3 27 1 3 1 5 2107012 Counter64 0 SNMPv2 SMI enterprises 6027 3 27 1 3 1 6 2107012 Counter64 0 SNMPv2 SMI enterprises 6027 3 27 1 3 1 7 2107012 Counter64 0 SNMPv2 SMI enterprises 6027 3 27 1 3 1 8 2107012 Counter64 0 SNMPv2 SMI enterprises 6027 3 27 1 3 1 9 2107012 Counter64 0 SNMPv2 SMI enterprises 6027 3 27 1 3 1 10 2107012 Counter64 0 S...

Page 879: ...s on Flash To view the available partitions on flash using SNMP use the following command snmpwalk v 2c c public On 10 16 150 97 1 3 6 1 4 1 6027 3 26 1 4 8 1 3 6 1 4 1 6027 3 26 1 4 8 1 2 1 STRING tmpfs 1 3 6 1 4 1 6027 3 26 1 4 8 1 2 2 STRING dev wd0i 1 3 6 1 4 1 6027 3 26 1 4 8 1 2 3 STRING mfs 477 1 3 6 1 4 1 6027 3 26 1 4 8 1 2 4 STRING dev wd0e 1 3 6 1 4 1 6027 3 26 1 4 8 1 3 1 INTEGER 40960...

Page 880: ... to Display Egress Queue Statistics Dell Networking OS provides MIB objects to display the information of the packets transmitted or dropped per unicast or multicast egress queue The following table lists the related MIB objects Table 98 MIB Objects to display egress queue statistics MIB Object OID Description dellNetFpEgrQTxPacketsRate 1 3 6 1 4 1 6027 3 27 1 20 1 6 Rate of Packets transmitted pe...

Page 881: ...R 1258296320 SNMPv2 SMI enterprises 6027 3 9 1 5 1 8 1 1 4 80 80 80 0 24 1 4 30 1 1 1 1 4 30 1 1 1 INTEGER 1275078656 SNMPv2 SMI enterprises 6027 3 9 1 5 1 8 1 1 4 90 90 90 0 24 0 0 0 0 INTEGER 2097157 SNMPv2 SMI enterprises 6027 3 9 1 5 1 8 1 1 4 90 90 90 1 32 1 4 127 0 0 1 1 4 127 0 0 1 INTEGER 0 SNMPv2 SMI enterprises 6027 3 9 1 5 1 8 1 1 4 90 90 90 2 32 1 4 90 90 90 2 1 4 90 90 90 2 INTEGER 20...

Page 882: ...0 0 STRING CP SNMPv2 SMI enterprises 6027 3 9 1 5 1 10 1 1 4 70 70 70 1 32 1 4 127 0 0 1 1 4 127 0 0 1 STRING CP SNMPv2 SMI enterprises 6027 3 9 1 5 1 10 1 1 4 70 70 70 2 32 1 4 70 70 70 2 1 4 70 70 70 2 STRING Fo 1 1 1 SNMPv2 SMI enterprises 6027 3 9 1 5 1 10 1 1 4 80 80 80 0 24 1 4 10 1 1 1 1 4 10 1 1 1 STRING Fo 1 4 1 SNMPv2 SMI enterprises 6027 3 9 1 5 1 10 1 1 4 80 80 80 0 24 1 4 20 1 1 1 1 4...

Page 883: ...enterprises 6027 3 9 1 7 0 Gauge32 1 SNMPv2 SMI enterprises 6027 3 9 1 8 0 Gauge32 2047 MIB Support for entAliasMappingTable Dell Networking provides a method to map the physical interface to its corresponding ifindex value The entAliasMappingTable table contains zero or more rows representing the logical entity mapping and physical component to external MIB identifiers The following table lists t...

Page 884: ...06 300 43 1 1 1 1 Contains a list of Aggregator parameters and indexed by the ifIndex of the Aggregator dot3adAggMACAddress 1 2 840 10006 300 43 1 1 1 1 1 Contains a six octet read only value carrying the individual MAC address assigned to the Aggregator dot3adAggActorSystemPriority 1 2 840 10006 300 43 1 1 1 1 2 Contains a two octet read write value indicating the priority value associated with t...

Page 885: ...nmpbulkget v 2c c LagMIB 10 16 148 157 1 2 840 10006 300 43 1 1 1 1 1 iso 2 840 10006 300 43 1 1 1 1 1 1258356224 Hex STRING 00 01 E8 8A E8 46 iso 2 840 10006 300 43 1 1 1 1 1 1258356736 Hex STRING 00 01 E8 8A E8 46 iso 2 840 10006 300 43 1 1 1 1 2 1258356224 INTEGER 32768 iso 2 840 10006 300 43 1 1 1 1 2 1258356736 INTEGER 32768 iso 2 840 10006 300 43 1 1 1 1 3 1258356224 Hex STRING 00 01 E8 8A E...

Page 886: ... Internet address is not set MTU 1554 bytes IP MTU 1500 bytes LineSpeed auto ARP type ARPA ARP Timeout 04 00 00 To display the ports in a VLAN send an snmpget request for the object dot1qStaticEgressPorts using the interface index as the instance number as shown for an S Series The following example shows viewing VLAN ports using SNMP with no ports assigned snmpget v2c c mycommunity 10 11 131 185 ...

Page 887: ...he value dot1qVlanStaticEgressPorts object is an array of all VLAN members The dot1qVlanStaticUntaggedPorts object is an array of only untagged VLAN members All VLAN members that are not in dot1qVlanStaticUntaggedPorts are tagged To add a tagged port to a VLAN write the port to the dot1qVlanStaticEgressPorts object To add an untagged port to a VLAN write the port to the dot1qVlanStaticEgressPorts ...

Page 888: ...a router while the IS reload is implemented use the following command Set the amount of time after an IS IS reload is performed before ingress traffic is allowed at startup set overload bit on startup isis The following OIDs are configurable through the snmpset command The node OID is 1 3 6 1 4 1 6027 3 18 F10 ISIS MIB f10IsisSysOloadSetOverload F10 ISIS MIB f10IsisSysOloadSetOloadOnStartupUntil F...

Page 889: ...n default VLANs dot3aCurAggFdb Table 1 3 6 1 4 1 6027 3 2 1 1 5 F10 LINK AGGREGATION MIB List the learned MAC addresses of aggregated links LAG In the following example R1 has one dynamic MAC address learned off of port TenGigabitEthernet 1 21 which a member of the default VLAN VLAN 1 The SNMP walk returns the values for dot1dTpFdbAddress dot1dTpFdbPort and dot1dTpFdbStatus Each object comprises a...

Page 890: ...ce type and card type of the interface Dell Networking OS converts this binary index number to decimal and displays it in the output of the show interface command Starting from the least significant bit LSB the first 14 bits represent the card type the next 4 bits represent the interface type the next 7 bits represent the port number the next 5 bits represent the slot number the next 1 bit is 0 fo...

Page 891: ...1107755009 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 3 2 INTEGER 1107755010 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 4 1 INTEGER 1 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 4 2 INTEGER 1 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 5 1 Hex STRING 00 00 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 5 2 Hex STRING 00 00 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 6 1 STRING Gi 5 84 Channel member for Po1 SNMPv2 SMI ent...

Page 892: ...vice to send an SNMP trap if an audit processing failure occurs due to loss of connectivity with the syslog server If a connectivity failure occurs on a syslog server that is configured for reliable transmission an SNMP trap is sent and a message is displayed on the console The SNMP trap is sent only when a syslog connection fails and the time interval between the last syslog notification and curr...

Page 893: ...istics use the show ip traffic command When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command the echo response output may not be displayed To correctly display ICMP statistics such as echo response use the show ip traffic command Transceiver Monitoring To retrieve and display the transceiver related parameters you can perform a snmpwalk transceiver table ...

Page 894: ...6027 3 11 1 3 1 1 4 Vendor Name SNMPv2 SMI enterprises 6027 3 11 1 3 1 1 5 Part Number SNMPv2 SMI enterprises 6027 3 11 1 3 1 1 6 Serial Number SNMPv2 SMI enterprises 6027 3 11 1 3 1 1 7 Transmit Power SNMPv2 SMI enterprises 6027 3 11 1 3 1 1 8 Receive Power 894 Simple Network Management Protocol SNMP ...

Page 895: ...tEthernet Port 1 on Stack Unit 1 enter interface tengigabitethernet 1 1 from CONFIGURATION mode Stack Management Roles The stack elects the management units for the stack management Stack master primary management unit also called the master unit Standby secondary management unit Stack units the remaining units in the stack also called stack members The system supports up to six stack units The ma...

Page 896: ...it The stack takes the MAC address of the master unit and retains it unless it is reloaded To view which switch is the stack master enter the show system command Dell show system Stack MAC 34 17 eb f2 94 c4 Reload Type normal reload Next boot normal reload Unit 1 Unit Type Management Unit Status online Next Boot online Required Type S4048 ON 54 port TE FG SK ON Current Type S4048 ON 54 port TE FG ...

Page 897: ...rts 72 Up Time 33 min 45 sec Dell Networking OS Version 1 0 0 5005 Jumbo Capable yes POE Capable no FIPS Mode disabled Burned In MAC 34 17 eb f2 99 c4 No Of MACs 3 Power Supplies Unit Bay Status Type FanStatus FanSpeed rpm 3 1 up UNKNOWN up 10704 3 2 absent absent 0 Fan Status Unit Bay TrayStatus Fan1 Speed Fan2 Speed 3 1 up up 10031 up 10031 3 2 up up 9929 up 10031 3 3 up up 10031 up 10134 Speed ...

Page 898: ...p of the stack management switching from the standby role to the master role The distributed forwarding tables are retained during the failover as is the stack MAC address The lack of a standby unit triggers an election within the remaining units for a standby role After the former master switch recovers despite having a higher priority or MAC address it does not recover its master role but instea...

Page 899: ...aster priority 0 Example of Adding a Standalone with a Lower MAC Address and Equal Priority to a Stack Stacking LAG When multiple links are used between stack units Dell Networking OS automatically bundles them in a stacking LAG to provide aggregated throughput and redundancy The stacking LAG is established automatically and transparently by Dell Networking OS without user configuration after peer...

Page 900: ...e stack manager and Dell Networking OS elects a new standby unit Dell Networking OS resets the failed master unit after online it becomes a member unit the remaining members remain online Example of Stack Manager Redundancy Dell show redundancy Stack unit Status Mgmt ID 0 Stack unit ID 5 Stack unit Redundancy Role Primary Stack unit State Active Stack unit SW Version 1 0 0 3387 Link to Peer Up PEE...

Page 901: ...unit and standby unit in a stack through the dedicated management Ethernet interfaces with SNMP SSH or via Telnet Example of Accessing Non Master Units on a Stack via the Console Port CONSOLE ACCESS ON A STANDBY Dell standby cd Change current directory clear Reset functions copy Copy from one file to another delete Delete a file dir List files on a filesystem disable Turn off privileged commands e...

Page 902: ...t enable stacking and virtual link trunking VLT simultaneously on the device To convert a stacked unit to VLT see Reconfiguring Stacked Switches as VLT Data ports are configured as stacking ports in predefined groups of four 10G ports called stack groups When using the 40G ports you can configure a single port as a stack port each 40G port is a stack group All the ports in a stack group are placed...

Page 903: ...erformed on the Dell Networking OS version If the stack is running Dell Networking OS version 8 3 12 0 and the new unit is running an earlier software version the new unit is put into a card problem state If the unit is running Dell Networking OS version 8 3 10 x it is upgraded to use the same Dell Networking OS version as the stack rebooted and joined the stack If the new unit is running an Dell ...

Page 904: ...rivilege mode write memory 3 Reload the switch EXEC Privilege mode reload Dell Networking OS automatically assigns a number to the new unit and adds it as member switch in the stack The new unit synchronizes its running and startup configurations with the stack 4 After the units are reloaded the system reboots The units come up in a stack after the reboot completes To view the port assignments use...

Page 905: ...hen each of the members in order of their assigned stack number or the position in the stack you want each unit to take Allow each unit to completely boot and verify that the stack manager detects the unit then power the next unit Example of a Syslog Figure 123 Creating a New Stack In the above example stack unit 1 is the master management unit stack unit 2 is the standby unit The cables are conne...

Page 906: ...nt process to start To view the stack unit information after the reload use the show system brief command Dell show system brief Stack MAC 34 17 eb f2 94 c4 Reload Type normal reload Next boot normal reload Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 1 Management online S4048 ON S4048 ON 1 0 0 5005 72 2 Standby online S4048 ON S4048 ON 1 0 0 5005 72 3 Member online S4048 ON S4048 O...

Page 907: ...stack or manually determine each units position in the stack by configuring each unit to correspond with the stack before connecting it If you add a unit that has a stack number that conflicts with the stack the stack assigns the first available stack number If the stack has a provision for the stack number that will be assigned to the new unit the provision must match the unit type or Dell Networ...

Page 908: ...eqTyp CurTyp Version Ports 1 Management online S4048 ON S4048 ON 9 10 0 0 72 2 Member online S4048 ON S4048 ON 9 10 0 0 72 3 Member not present 4 Standby online S4048 ON S4048 ON 9 10 0 0 72 5 Member not present 6 Member not present Adding a Configured Unit to an Existing Stack To add a configured unit to an existing stack use the following commands If a stack unit goes down and is removed from th...

Page 909: ...lict between the provisioned switch type and the new unit a mismatch error message is displayed Merge Two Stacks You may merge two stacks while they are powered and online To merge two stacks connect one stack to the other using user port cables from the front end user portusing the mini SAS cables from the stacking ports Dell Networking OS selects a master stack manager from the two existing mana...

Page 910: ...in NVRAM and are preserved upon reload Assign a stack number to a unit EXEC Privilege mode stack unit old unit number renumber new unit number Renumbering the stack manager triggers the whole stack to reload as shown in the message below When the stack comes back online the master unit remains the management unit Dell stack unit 2 renumber 1 Renumbering master unit will reload the stack WARNING In...

Page 911: ...ired Type S4048 ON 54 port TE FG SK ON Current Type S4048 ON 54 port TE FG SK ON Master priority 14 Hardware Rev 2 0 Num Ports 72 Up Time 33 min 51 sec Dell Networking OS Version 1 0 0 5005 Jumbo Capable yes POE Capable no FIPS Mode disabled Burned In MAC 34 17 eb f2 94 c4 No Of MACs 3 Power Supplies Unit Bay Status Type FanStatus FanSpeed rpm 1 1 up UNKNOWN up 10704 1 2 absent absent 0 Fan Status...

Page 912: ...o FIPS Mode disabled Burned In MAC 34 17 eb f2 99 c4 No Of MACs 3 Power Supplies Unit Bay Status Type FanStatus FanSpeed rpm 3 1 up UNKNOWN up 10704 3 2 absent absent 0 Fan Status Unit Bay TrayStatus Fan1 Speed Fan2 Speed 3 1 up up 10031 up 10031 3 2 up up 9929 up 10031 3 3 up up 10031 up 10134 Speed in RPM Dell The following is an example of the show system brief command to view the stack summary...

Page 913: ...n the stack are the master and standby management units If multiple units tie for highest priority the unit with the highest MAC address prevails If management was determined by priority only a change in management occurs when the management unit is powered down or a failover occurs you disconnect the management unit from the stack When the management unit fails the unit disappears from the stack ...

Page 914: ...show redundancy Resetting a Unit on a Stack You may reset any stack unit except for the master management unit as shown in the following message Error Reset of master unit is not allowed To rest a unit on a stack use the following commands Reload a stack unit EXEC Privilege mode reset stack unit unit number Reload a member unit from the unit itself EXEC Privilege mode reset self Reset a stack unit...

Page 915: ...nit in the stack Dell show system stack unit 1 Unit 1 Unit Type Management Unit Status online Next Boot online Required Type S4810 52 port GE TE FG SE Current Type S4810 52 port GE TE FG SE Master priority 0 Hardware Rev 3 0 Num Ports 64 Up Time 1 min 14 sec Dell Networking OS Version 4810 8 3 12 1447 Jumbo Capable yes POE Capable no Boot Flash 1 2 0 2 Memory Size 2147483648 bytes Temperature 44C ...

Page 916: ...g a Unit from a Stack Removing Front End Port Stacking Removing a Unit from a Stack The running configuration and startup configuration are synchronized on all stack units A stack member that is disconnected from the stack maintains this configuration To remove a stack member from the stack disconnect the stacking cables from the unit You may do this at any time whether the unit is powered or unpo...

Page 917: ...er not present 10 Member not present 11 Member not present Removing Front End Port Stacking To remove the configuration on the front end ports used for stacking use the following commands 1 Remove the stack group configuration that is configured CONFIGURATION mode no stack unit id stack group id 2 Save the stacking configuration on the ports EXEC Privilege mode write memory 3 Reload the switch EXE...

Page 918: ...NDBY UNIT 10 55 18 STKUNIT1 M CP KERN 2 INT Error Stack Port 50 has flapped 5 times within 10 seonds Shutting down this stack port now 10 55 18 STKUNIT1 M CP KERN 2 INT Error Please check the stack cable module and power cycle the stack MEMBER 2 Error Stack Port 51 has flapped 5 times within 10 seconds Shutting down this stack port now Error Please check the stack cable module and power cycle the ...

Page 919: ...atus 0 0 down DC down 0 1 up DC up 1 0 absent absent 1 1 up AC up Fan Status Unit Bay TrayStatus Fan0 Speed Fan1 Speed 0 0 up up 9360 up 9360 0 1 up up 9600 up 9360 1 0 up up 6720 up 6720 1 1 up up 6960 up 6720 Speed in RPM stack 1 Stacking 919 ...

Page 920: ...cast unknown unicast pfc llfc interface command EXEC Privilege Example Dell show storm control multicast Tengigabitethernet 1 1 Multicast storm control configuration Interface Direction Packets Second Te 1 1 Ingress 5 Dell To display the storm control unknown unicast configuration use the show storm control unknown unicast interface command EXEC Privilege Configure Storm Control Storm control is s...

Page 921: ...s Configuring Storm Control from CONFIGURATION Mode To configure storm control from CONFIGURATION mode use the following command From CONFIGURATION mode you can configure storm control for ingress and egress traffic Do not apply per virtual local area network VLAN quality of service QoS on an interface that has storm control enabled either on an interface or globally Configure storm control CONFIG...

Page 922: ...tes loops in a bridged topology by enabling only a single path through the network By eliminating loops the protocol improves scalability in a large network and allows you to implement redundant paths which can be activated after the failure of active paths Layer 2 loops which can occur in a network due to poor network design and without enabling protocols like xSTP can cause unnecessarily high sw...

Page 923: ...t The Dell Networking OS supports only one spanning tree instance 0 For multiple instances enable the multiple spanning tree protocol MSTP or per VLAN spanning tree plus PVST You may only enable one flavor of spanning tree at any one time All ports in virtual local area networks VLANs and all enabled interfaces in Layer 2 mode are automatically added to the spanning tree topology at the time you e...

Page 924: ...ample of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2 use the following command 1 If the interface has been assigned an IP address remove it INTERFACE mode no ip address 2 Place the interface in Layer 2 mode INTERFACE switchport 3 Enable the interface INTERFACE mode no shutdown 924 Spanning Tree Protocol STP ...

Page 925: ...bled by default When you enable STP all physical VLAN and port channel interfaces that are enabled and in Layer 2 mode are automatically part of the Spanning Tree topology Only one path from any bridge to any other bridge participating in STP is enabled Bridges block a redundant path by disabling one of the link ports Figure 125 Spanning Tree Enabled Globally To enable STP globally use the followi...

Page 926: ...abitEthernet 2 1 is Forwarding Port path cost 4 Port priority 8 Port Identifier 8 289 Designated root has priority 32768 address 0001 e80d 2462 Designated bridge has priority 32768 address 0001 e80d 2462 Designated port id is 8 496 designated path cost 0 Timers message age 1 forward delay 0 hold 0 Number of transitions to forwarding state 1 BPDU sent 21 received 486 The port is not in the portfast...

Page 927: ...meters Default Value Forward Delay 15 seconds Hello Time 2 seconds Max Age 20 seconds Port Cost 100 Mb s Ethernet interfaces 1 Gigabit Ethernet interfaces 10 Gigabit Ethernet interfaces 40 Gigabit Ethernet interfaces Port Channel with 100 Mb s Ethernet interfaces Port Channel with 1 Gigabit Ethernet interfaces Port Channel with 10 Gigabit Ethernet interfaces Port Channel with 40 Gigabit Ethernet i...

Page 928: ...ge the port cost of an interface INTERFACE mode spanning tree 0 cost cost The range is from 0 to 65535 The default values are listed in Modifying Global Parameters Change the port priority of an interface INTERFACE mode spanning tree 0 priority priority value The range is from 0 to 15 The default is 8 To view the current values for interface parameters use the show spanning tree 0 command from EXE...

Page 929: ... enabling PortFast or EdgePort The bpduguard shutdown on violation option causes the interface hardware to be shut down when it receives a BPDU Otherwise although the interface is placed in an Error Disabled state when receiving the BPDU the physical interface remains up and spanning tree will only drop packets after a BPDU violation The following example shows a scenario in which an edgeport migh...

Page 930: ... an interface drops all BPDUs at the line card without generating a console message Example of Blocked BPDUs Dell conf if te 1 7 do show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768 Address 0001 e805 fb07 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 32768 Address 0001 e85d 0e90 Configured hello time 2 max age 20 forward...

Page 931: ...to avoid bridging loops In STP the switch in the network with the lowest priority as determined by STP or set with the bridge priority command is selected as the root bridge If two switches have the same priority the switch with the lower MAC address is selected as the root All other switches in the network use the root bridge as the reference used to calculate the shortest forwarding path Because...

Page 932: ...TP enabled port or port channel interface except when used as a stacking port Root guard is supported on a port in any Spanning Tree mode Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Per VLAN Spanning Tree Plus PVST When enabled on a port root guard applies to all VLANs configured on the port You cannot enable root guard and loop guard at the sa...

Page 933: ...al protocol state information is synchronized between the RPMs so that RPM failover is seamless and no topology change is triggered To be hitless per spanning tree type or for all spanning tree types use the following commands Configure LACP to be hitless CONFIGURATION mode redundancy protocol lacp Configure all spanning tree types to be hitless CONFIGURATION mode redundancy protocol xstp Example ...

Page 934: ...h C transmit traffic to Switch B STP topology 2 lower right As shown in STP topology 3 bottom middle after you enable loop guard on an STP port or port channel on Switch C if no BPDUs are received and the max age timer expires the port transitions from a blocked state to a Loop Inconsistent state instead of to a Forwarding state Loop guard blocks the STP port so that no traffic is transmitted and ...

Page 935: ...med per port or per port channel at a VLAN level If no BPDUs are received on a VLAN interface the port or port channel transitions to a Loop Inconsistent Blocking state only for this VLAN To enable a loop guard on an STP enabled port or port channel interface use the following command Enable loop guard on a port or port channel interface INTERFACE mode or INTERFACE PORT CHANNEL mode spanning tree ...

Page 936: ...iewing STP Guard Configuration Dell show spanning tree 0 guard Interface Name Instance Sts Guard type Te 1 1 0 INCON Root Rootguard Te 1 2 0 LIS Loopguard Te 1 3 0 EDS Shut Bpduguard 936 Spanning Tree Protocol STP ...

Page 937: ...ice For more information on SmartScripts see Dell Networking Open Automation guide Figure 129 SupportAssist NOTE SupportAssist is enabled by default on the system To disable SupportAssist enter the eula consent support assist reject command in Global Configuration mode and save the configuration Topics Configuring SupportAssist Using a Configuration Wizard Configuring SupportAssist Manually Config...

Page 938: ...r your Dell products and services Dell may use the information for providing recommendations to improve your IT infrastructure Dell SupportAssist also collects and stores machine diagnostic information which may include but is not limited to configuration information user supplied contact information names of data volumes IP addresses access control lists diagnostics performance information networ...

Page 939: ...and CONFIGURATION mode support assist Dell conf support assist Dell conf supportassist 3 Optional Configure the contact information for the company SUPPORTASSIST mode contact company name company name company next name company next name Dell conf support assist Dell conf supportassist contact company name test Dell conf supportassist cmpy test 4 Optional Configure the contact name for an individua...

Page 940: ...le specification local file name Dell conf supportassist act full transfer action manifest get tftp 10 0 0 1 test file Dell conf supportassist act full transfer Dell conf supportassist act event transfer action manifest get tftp 10 0 0 1 test file Dell conf supportassist act event transfer 3 Configure the action manifest to use for a specific activity SUPPORTASSIST ACTIVITY mode no action manifest...

Page 941: ...upportAssist Company configurations are optional for the SupportAssist service To configure SupportAssist company use the following commands 1 Configure the contact information for the company SUPPORTASSIST mode no contact company name company name company next name company next name Dell conf supportassist contact company name test Dell conf supportassist cmpy test 2 Configure the address informa...

Page 942: ...ers john_doe 4 Configure the preferred method for contacting the person SUPPORTASSIST PERSON mode preferred method email no contact phone Dell conf supportassist pers john_doe preferred method email Dell conf supportassist pers john_doe 5 Configure the time frame for contacting the person SUPPORTASSIST PERSON mode no time zone zone HH MM start time HH MM end time HH MM Dell conf supportassist pers...

Page 943: ...SupportAssist configurations use the following commands 1 Display information on the SupportAssist feature status including any activities status of communication last time communication sent and so on EXEC Privilege mode show support assist status Dell show support assist status SupportAssist Service Installed EULA Accepted Server default Enabled Yes URL https stor g3 ph dell com Server Dell Enab...

Page 944: ...iguration information host server configuration performance information and related data Collected Data and transmits this information to Dell By downloading SupportAssist and agreeing to be bound by these terms and the Dell end user license agreement available at www dell com aeula you agree to allow Dell to provide remote monitoring services of your IT environment and you give Dell the right to ...

Page 945: ...hree products clock offset roundtrip delay and dispersion all of which are relative to a selected reference clock Clock offset represents the amount to adjust the local clock to bring it into correspondence with the reference clock Roundtrip delay provides the capability to launch a message to arrive at the reference clock at a specified time Dispersion represents the maximum error of the local cl...

Page 946: ...king device propagates the time information throughout its local network Protocol Overview The NTP messages to one or more servers and processes the replies as received The server interchanges addresses and ports fills in or overwrites certain fields in the message recalculates the checksum and returns it immediately Information included in the NTP message allows each client server peer to determi...

Page 947: ... time is CD63BCC2 0CBBD000 16 54 26 049 UTC Thu Mar 12 2009 clock offset is 997 529984 msec root delay is 0 00098 sec root dispersion is 10 04271 sec peer dispersion is 10032 715 msec peer mode is client To display the calculated NTP synchronization variables received from the server that the system uses to synchronize its clock use the show ntp associations command from EXEC Privilege mode R6_E30...

Page 948: ...from 0 to 16383 For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 To view the configuration use the show running config ntp command in EXEC privilege mode refer to the example in Configuring NTP Authentication Configuring NTP Authentication NTP authentication and the corresponding trusted key provide ...

Page 949: ...he format 0000 0000 0000 0000 0000 0000 0000 0000 Elision of zeros is supported key keyid Configure a text string as the key exchanged between the NTP server and the client prefer Enter the keyword prefer to set this NTP server as the preferred server version number Enter a number as the NTP version The range is from 1 to 4 5 Configure the switch as NTP master CONFIGURATION mode ntp master stratum...

Page 950: ...lay to the primary reference source at the root of the synchronization subnet in seconds This variable can take on both positive and negative values depending on clock precision and skew Root Dispersion sys rootdispersion peer rootdispersion pkt rootdispersion a signed fixed point number indicating the maximum error relative to the primary reference source at the root of the synchronization subnet...

Page 951: ... Once Setting Recurring Daylight Saving Time Setting the Time and Date for the Switch Software Clock You can change the order of the month and day parameters to enter the time and date as time day month year You cannot delete the software clock The software clock runs only when the software is up The clock restarts based on the hardware clock when the switch reboots To set the software clock use t...

Page 952: ...e or on a recurring basis every year Setting Daylight Saving Time Once Set a date and time zone on which to convert the switch to daylight saving time on a one time basis To set the clock for daylight savings time once use the following command Set the clock to the appropriate timezone and daylight saving time CONFIGURATION mode clock summer time time zone date start month start day start year sta...

Page 953: ... end time week number Enter a number from 1 to 4 as the number of the week in the month to start daylight saving time first Enter the keyword first to start daylight saving time in the first week of the month last Enter the keyword last to start daylight saving time in the last week of the month start month Enter the name of one of the 12 months in English You can enter the name of a day to change...

Page 954: ...at Mar 14 2009 Summer time ends 00 00 00 pacific Sat Nov 7 2009 NOTE If you enter CR after entering the recurring command parameter and you have already set a one time daylight saving time date the system uses that time and date as the recurring setting The following example shows the clock summer time recurring parameters Dell conf clock summer time pacific recurring 1 4 Week number to start firs...

Page 955: ...e either an IPv6 address or an IPv4 address for the logical address of the tunnel but in IPv6IP mode the logical address must be an IPv6 address The following sample configuration shows a tunnel configured in IPv6 mode carries IPv6 and IPv4 traffic Dell conf interface tunnel 1 Dell conf if tu 1 tunnel source 30 1 1 1 Dell conf if tu 1 tunnel destination 50 1 1 1 Dell conf if tu 1 tunnel mode ipip ...

Page 956: ...tion shows how to use the tunnel keepalive command Dell conf if te 1 12 show config interface TenGigabitEthernet 1 12 ip address 40 1 1 1 24 ipv6 address 500 10 1 64 no shutdown Dell conf if te 1 12 Dell conf interface tunnel 1 Dell conf if tu 1 ipv6 address 1abd 1 64 Dell conf if tu 1 ip address 1 1 1 1 24 Dell conf if tu 1 tunnel source 40 1 1 1 Dell conf if tu 1 tunnel destination 40 1 1 2 Dell...

Page 957: ...configure a tunnel allow remote address Dell conf interface tunnel 1 Dell conf if tu 1 ipv6 address 1abd 1 64 Dell conf if tu 1 ip address 1 1 1 1 24 Dell conf if tu 1 tunnel source 40 1 1 1 Dell conf if tu 1 tunnel mode ipip decapsulate any Dell conf if tu 1 tunnel allow remote 40 1 1 2 Dell conf if tu 1 no shutdown Dell conf if tu 1 show config interface Tunnel 1 ip address 1 1 1 1 24 ipv6 addre...

Page 958: ... interface Tunnel 1 ip address 1 1 1 1 24 ipv6 address 1abd 1 64 tunnel source anylocal tunnel allow remote 40 1 1 2 tunnel mode ipip decapsulate any no shutdown 958 Tunneling ...

Page 959: ...wnstream links Failures on the downstream links allow downstream devices to recognize the loss of upstream connectivity For example as shown in the following illustration Switches S1 and S2 both have upstream connectivity to Router R1 and downstream connectivity to the server UFD operation is shown in Steps A through C In Step A the server configuration uses the connection to S1 as the primary pat...

Page 960: ...nterface or a port channel LAG aggregation of physical interfaces An enabled uplink state group tracks the state of all assigned upstream interfaces Failure on an upstream interface results in the automatic disabling of downstream interfaces in the uplink state group As a result downstream devices can execute the protection or recovery procedures they have in place to establish alternate connectiv...

Page 961: ...e associated downstream link port to the server To continue to transmit traffic upstream the server with NIC teaming detects the disabled link and automatically switches over to the backup link in order Important Points to Remember When you configure UFD the following conditions apply You can configure up to 16 uplink state groups By default no uplink state groups are created An uplink state group...

Page 962: ...up id group id values are from 1 to 16 To delete an uplink state group use the no uplink state group group id command 2 Assign a port or port channel to the uplink state group as an upstream or downstream interface UPLINK STATE GROUP mode upstream downstream interface For interface enter one of the following interface types 10 Gigabit Ethernet enter tengigabitethernet slot port subport slot port r...

Page 963: ... types For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a port channel interface enter port channel 1 512 port channel range Where port range and port channel range specify a range of ports separated by a dash and or individual ports port...

Page 964: ...e state to up Fo 3 49 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interface state to up Fo 3 50 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interface state to up Fo 3 51 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interface state to up Fo 3 52 Displaying Uplink Failure Detection To display information on the UFD feature use any of the following commands Display status information on a specified...

Page 965: ...5 Dis Uplink State Group 6 Status Enabled Up Upstream Interfaces Downstream Interfaces Uplink State Group 7 Status Enabled Up Upstream Interfaces Downstream Interfaces Uplink State Group 16 Status Disabled Up Upstream Interfaces Te 1 4 Dwn Po 8 Dwn Downstream Interfaces Te 1 10 Dwn The following example shows viewing the interface status with UFD information Dell show interfaces tengigabitethernet...

Page 966: ... follows Configure uplink state group 3 Add downstream links Tengigabitethernet 1 1 1 2 1 5 1 9 1 11 and 1 12 Configure two downstream links to be disabled if an upstream link fails Add upstream links Tengigabitethernet 1 3 and 1 4 Add a text description for the group Verify the configuration with various show commands Example of Configuring UFD Dell conf uplink state group 3 00 08 11 STKUNIT0 M C...

Page 967: ...Ethernet 1 1 2 5 9 11 12 upstream TenGigabitEthernet 1 3 4 Dell show uplink state group 3 Uplink State Group 3 Status Enabled Up Dell show uplink state group detail Up Interface up Dwn Interface down Dis Interface disabled Uplink State Group 3 Status Enabled Up Upstream Interfaces Te 1 3 Up Te 1 4 Dwn Downstream Interfaces Te 1 1 Dis Te 1 2 Dwn Te 1 5 Dwn Te 1 9 Dwn Te 1 11 Dwn Te 1 12 Dwn Uplink ...

Page 968: ...ystem type follow the procedures in the Dell Networking OS Release Notes Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center You can reach Technical Support On the web http www dell com support By email Dell Force10_Technical_Support Dell com By phone US and Canada 866 965 5800 International 408 965 5800 59 96...

Page 969: ...2 1Q Virtual Bridged Local Area Networks In this guide also refer to Bulk Configuration in the Interfaces chapter VLAN Stacking in the Service Provider Bridging chapter For a complete listing of all commands related to Dell Networking OS VLANs refer to these Dell Networking OS Command Reference Guide chapters Interfaces 802 1X GARP VLAN Registration Protocol GVRP Service Provider Bridging Per VLAN...

Page 970: ... to multiple VLANs remove the tagged interface from all VLANs using the no tagged interface command Only after the interface is untagged and a member of the Default VLAN can you use the no switchport command to remove the interface from Layer 2 mode For more information refer to VLANs and Port Tagging Example of Configuring an Interface for Layer 2 Belonging to the Default VLAN Dell conf interface...

Page 971: ...rioritize traffic and to forward information to ports associated with a specific VLAN ID Tagged interfaces can belong to multiple VLANs while untagged interfaces can belong only to one VLAN Configuration Task List This section contains the following VLAN configuration tasks Creating a Port Based VLAN mandatory Assigning Interfaces to a VLAN optional Assigning an IP Address to a VLAN optional Enabl...

Page 972: ...Ns are configured and two interfaces are assigned to VLAN 2 The Q column in the show vlan command example notes whether the interface is tagged T or untagged U For more information about this command refer to the Layer 2 chapter of the Dell Networking OS Command Reference Guide To tag frames leaving an interface in Layer 2 mode assign that interface to a port based VLAN to tag it with that VLAN ID...

Page 973: ...another VLAN use the following commands 1 Access INTERFACE VLAN mode of the VLAN to which you want to assign the interface CONFIGURATION mode interface vlan vlan id 2 Configure an interface as untagged INTERFACE mode untagged interface This command is available only in VLAN interfaces Move an Untagged Interface to Another VLAN The no untagged interface command removes the untagged interface from a...

Page 974: ... the interface the shutdown command only prevents Layer 3 traffic from traversing over the interface NOTE You cannot assign an IP address to the Default VLAN VLAN 1 To assign another VLAN ID to the Default VLAN use the default vlan id vlan id command In Dell Networking OS you can place VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic For more information refer ...

Page 975: ...interface INTERFACE mode 2 Configure the interface for Hybrid mode INTERFACE mode portmode hybrid 3 Configure the interface for Switchport mode INTERFACE mode switchport 4 Add the interface to a tagged or untagged VLAN VLAN INTERFACE mode tagged untagged Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment service providers who perform frequent reconfiguration...

Page 976: ...s to prevent loops in the network Although loops are prevented bandwidth of all links is not effectively utilized by the connected devices Figure 134 Traditional switched topology VLT not only overcomes this caveat but also provides a multipath to the connected devices In the example shown below the two physical VLT peers appear as a single logical device to the connected devices As the connected ...

Page 977: ...thing creating redundancy through increased bandwidth enabling multiple parallel paths between nodes and load balancing traffic where alternate paths exist L2 L3 control plane protocols and system management features function normally in VLT mode Features such as VRRP and internet group management protocol IGMP snooping require state information coordination between the two VLT chassis The IGMP an...

Page 978: ...ame time unexpected behavior may occur As shown in the following example VLT presents a single logical Layer 2 domain from the perspective of attached devices that have a virtual link trunk terminating on separate chassis in the VLT domain However the two VLT chassis are independent Layer2 Layer3 L2 L3 switches for devices in the upstream network L2 L3 control plane protocols and system management...

Page 979: ...ynchronization of L2 L3 control planes across the two VLT peer switches A separate backup link maintains heartbeat messages across an out of band OOB management network The backup link ensures that node failure conditions are correctly detected and are not confused with failures of the VLT interconnect VLT ensures that local traffic on a chassis does not traverse the VLTi and takes the shortest pa...

Page 980: ...een VLT peers VLT 10 PEER 1 show mac address table count MAC Entries for all vlans Dynamic Address Count 1007 Static Address User defined Count 1 Sticky Address Count 0 Total Synced Mac from Peer N 503 Total MAC Addresses in Use 1008 VLT 10 PEER 1 show vlt counter mac Total MAC VLT counters L2 Total MAC Address Count 1007 VLT 10 PEER 1 show mac address table Codes N VLT Peer Synced MAC VlanId Mac ...

Page 981: ...ultiple racks with the same VLAN With routed VLT you can configure a VLAN as layer 3 in a VLT domain and as layer 2 VLAN in all other VLT domains By configuring a VLAN as layer 3 in a VLT domain and as layer 2 VLAN in all other VLT domains you can confine the ARP entries to one particular VLT domain At the core aggregation layer VLT domain you can configure common layer 3 VLANs for inter VLAN rout...

Page 982: ...ers connected by a standard link aggregation control protocol LACP LAG to form a loop free Layer 2 topology in the aggregation layer This configuration supports a maximum of four switches increasing the number of available ports and allowing for dual redundancy of the VLT The following example shows how the core aggregation port density in the Layer 2 topology is increased using eVLT For inter VLA...

Page 983: ...node To avoid this scenario configure the VLT LAGs to the ToR and the ToR port channel to the VLT peers with LACP If supported by the ToR enable the lacp ungroup feature on the ToR using the lacp ungroup member independent port channel command If the lacp ungroup feature is not supported on the ToR reboot the VLT peers one at a time After rebooting verify that VLTi ICL is active before attempting ...

Page 984: ... and traffic does not reach half of the hosts To mitigate this issue ensure that you configure the following settings on both the Peers Peer1 and Peer2 arp learn enable and mac address table station move refresh arp In a topology in which two VLT peer nodes that are connected by a VLTi link and are connected to a ToR switch using a VLT LAG interface if you configure an egress IP ACL and apply it o...

Page 985: ...wing software features are supported on VLTi link layer discovery protocol LLDP flow control port monitoring jumbo frames and data center bridging DCB When you enable the VLTi link the link between the VLT peer switches is established if the following configured information is true on both peer switches the VLT system MAC address matches the VLT unit id is not identical NOTE If you configure the V...

Page 986: ...ls In a VLT domain the following software features are supported on VLT port channels 802 1p ingress and egress ACLs BGP DHCP relay IS IS OSPF active active PIM SM PIM SSM VRRP Layer 3 VLANs LLDP flow control port monitoring jumbo frames IGMP snooping sFlow ingress and egress ACLs and Layer 2 control protocols RSTP and PVST only NOTE Peer VLAN spanning tree plus PVST passthrough is supported in a ...

Page 987: ...vice available in the network In either case after recovery of the peer link or reestablishment of message forwarding across the interconnect trunk the two VLT peers resynchronize any MAC addresses learned while communication was interrupted and the VLT system continues normal data forwarding If the primary chassis fails the secondary chassis takes on the operational role of the primary The SNMP M...

Page 988: ... shown in the following message and an SNMP trap STKUNIT0 M CP VLTMGR 6 VLT LAG ICL Overall Bandwidth utilization of VLT ICL LAG port channel 25 reaches below threshold Bandwidth usage 74 VLT show remote port channel status VLT and Stacking You cannot enable stacking on the units with VLT If you enable stacking on a unit on which you want to enable VLT you must first remove the unit from the exist...

Page 989: ...l members in the port channel The default is 90 seconds To change the duration of the configurable timer use the delay restore command If you enable IGMP snooping IGMP queries are also sent out on the VLT ports at this time allowing any receivers to respond to the queries and update the multicast table on the new node This delay in bringing up the VLT ports also applies when the VLTi link recovers...

Page 990: ... first hop or last hop routers the peer node can also act as an intermediate router On a VLT enabled PIM router if any PIM neighbor is reachable through a Spanned Layer 3 L3 VLAN interface this must be the only PIM enabled interface to reach that neighbor A Spanned L3 VLAN is any L3 VLAN configured on both peers in a VLT domain This does not apply to server side L2 VLT ports because they do not co...

Page 991: ...n IP addresses to these VLANs VLT Unicast and VLT Multicast routing protocols require VLAN IP interfaces for operation Protocols such as BGP ISIS OSPF and PIM are compatible with VLT Unicast Routing and VLT Multicast Routing Layer 2 protocols from the ToR devices to the server are intra rack and inter rack Although no spanning tree is required interoperability with spanning trees at the aggregatio...

Page 992: ...e image below Even though the gateway address of the packet is different Peer 1 routes the packet to its destination on behalf of Peer 2 to avoid sub optimal routing Figure 142 Packets with peer routing enabled Benefits of Peer Routing Avoids sub optimal routing Reduces latency by avoiding another hop in the traffic path 992 Virtual Link Trunking VLT ...

Page 993: ...mand output If you enable VLT unicast routing the following actions occur L3 routing is enabled on any new IP address IPv6 address configured for a VLAN interface that is up L3 routing is enabled on any VLAN with an admin state of up NOTE If the CAM is full do not enable peer routing NOTE The peer routing and peer routing timeout is applicable for both IPv6 IPv4 Configuring VLT Unicast To enable a...

Page 994: ...interfaces over non VLT VLAN interfaces When using factory default settings on a new switch deployed as a VLT node packet loss may occur due to the requirement that all ports must be open ECMP is not compatible on VLT nodes using VLT multicast You must use a single VLAN Configuring VLT Multicast To enable and configure VLT multicast follow these steps 1 Enable VLT on a switch then configure a VLT ...

Page 995: ...y secondary roles are determined To prevent the interfaces in the VLT interconnect trunk and RSTP enabled VLT ports from entering a Forwarding state and creating a traffic loop in a VLT domain take the following steps 1 Configure RSTP in the core network and on each peer switch as described in Rapid Spanning Tree Protocol RSTP Disabling RSTP on one VLT peer may result in a VLT domain failure 2 Ena...

Page 996: ...LT domain The primary and secondary switch roles in the VLT domain are automatically assigned after you configure both sides of the VLTi NOTE If you use a third party ToR unit to avoid potential problems if you reboot the VLT peers Dell recommends using static LAGs on the VLTi between VLT peers 2 Enable VLT and create a VLT domain ID VLT automatically selects a system MAC address 3 Configure a bac...

Page 997: ...e VLT MAC address for the domain To disable VLT use the no vlt domain command NOTE Do not use MAC addresses such as reserved or multicast 2 Configure the IP address of the management interface on the remote VLT peer to be used as the endpoint of the VLT backup link for sending out of band hello messages VLT DOMAIN CONFIGURATION mode back up destination ipv4 address ipv6 address interval seconds Yo...

Page 998: ...d 1 Specify the management interface to be used for the backup link through an out of band management network CONFIGURATION mode interface managementethernet slot port Enter the slot 0 1 and the port 0 2 Configure an IPv4 address A B C D or IPv6 address X X X X X and mask x on the interface MANAGEMENT INTERFACE mode ip address ipv4 address mask ipv6 address ipv6 address mask This is the IP address...

Page 999: ... lower priority later comes back online it is assigned the secondary role there is no preemption 3 Optional When you create a VLT domain on a switch Dell Networking OS automatically creates a VLT system MAC address used for internal system operations VLT DOMAIN CONFIGURATION mode system mac mac address mac address To explicitly configure the default MAC address for the domain by entering a new MAC...

Page 1000: ... Ensure that the port channel is active INTERFACE PORT CHANNEL mode no shutdown 6 Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device INTERFACE PORT CHANNEL mode vlt peer lag port channel id number 7 Repeat Steps 1 to 6 on the VLT peer switch to configure the same port channel as part of the VLT domain 8 On an attached switch or...

Page 1001: ...ecify one of the following interface types For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information 3 Enter VLT domain configuration mode for a specified VLT domain CONFIGURATION mode vlt domain domain id The range of domain IDs is from 1 to 1000 4 E...

Page 1002: ...hannel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port channel id number Enter the same port channel number configured with the peer link port channel command in the Enabling VLT and Creating a VLT Domain 9 Place the interface in Layer 2 mode INTERFACE PORT CHANNEL mode switchport 10 Associate the port channel to the corr...

Page 1003: ...LTs used as facing hosts switches with LACP Ensure both peers use the same port channel ID 4 Configure the peer link port channel in the VLT domains of each peer unit INTERFACE PORTCHANNEL mode channel member 5 Configure the backup link between the VLT peer units shown in the following example 6 Configure the peer 2 management ip interface ip for which connectivity is present in VLT peer 1 EXEC Pr...

Page 1004: ...el member TenGigabitEthernet 1 4 1 7 Dell 4 conf interface port channel 1 Dell 4 conf if po 1 channel member TenGigabitEthernet 1 4 1 7 Configure the backup link between the VLT peer units 1 Configure the peer 2 management ip interface ip for which connectivity is present in VLT peer 1 2 Configure the peer 1 management ip interface ip for which connectivity is present in VLT peer 2 Dell 2 show run...

Page 1005: ...G Mode Status Uptime Ports L 2 L2L3 up 03 33 14 Te 1 4 Up In the ToR unit configure LACP on the physical ports s60 1 show running config interface tengigabitethernet 1 8 interface TenGigabitEthernet 1 8 no ip address port channel protocol LACP port channel 100 mode active no shutdown s60 1 show running config interface tengigabitethernet 1 30 interface TenGigabitEthernet 1 30 no ip address port ch...

Page 1006: ...m PVST instances running in the Primary Peer control the VLT LAGs on both Primary and Secondary peers Only the Primary VLT switch determines the PVST roles and states on VLT ports and ensures that the VLT interconnect link is never blocked The PVST instance in Primary peer sends the role state of VLT LAGs for all VLANs to the Secondary peer The Secondary peer uses this information to program the h...

Page 1007: ... 9b79 128 233 Interface Name Role PortID Prio Cost Sts Cost Link type Edge Po 1 Desg 128 2 128 188 FWD 0 vltI P2P No Po 2 Desg 128 3 128 2000 FWD 0 vlt P2P No Te 1 10 Desg 128 230 128 2000 FWD 0 P2P Yes Te 1 13 Desg 128 233 128 2000 FWD 0 P2P No Dell Peer Routing Configuration Example This section provides a detailed explanation of how to configure peer routing in a VLT domain In the following exa...

Page 1008: ...w run find protocol protocol spanning tree pvst no disable vlan 1 20 800 900 bridge priority 0 The following output shows the existing VLANs Dell 1 show vlan find NUM NUM Status Description Q Ports 1 Active U Po10 Te 0 0 1 U Te 0 4 47 20 Active OSPF PEERING VLAN U Po1 Te 0 6 V Po10 Te 0 0 1 800 Active Client VLAN V Po10 Te 0 0 1 900 Active Client VLAN 2 V Po10 Te 0 0 1 1008 Virtual Link Trunking V...

Page 1009: ...te that configuration on the VLTi links does not contain the switchport command Dell 1 sh run int po10 interface Port channel 10 description VLTi Port Channel no ip address channel member TenGigabitEthernet 0 0 1 no shutdown Te 0 4 connects to the access switch A1 Dell 1 sh run int te0 4 interface TenGigabitEthernet 0 4 description To_Access_Switch_A1_fa0 13 no ip address port channel protocol LAC...

Page 1010: ...g command enables peer routing between VLT peers in VLT domain 1 The IP address configured with the backup destination command is the management IP address of the VLT peer Dell 2 Dell 1 sh run find vlt vlt domain 1 peer link port channel 10 back up destination 10 10 10 2 primary priority 4096 system mac MAC address 90 b1 1c f4 01 01 unit id 0 peer routing Verify if VLT on Dell 1 is functional Dell...

Page 1011: ...cies The following output displays that Dell 1 forms neighborship with Dell 2 and R1 Dell 1 show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface Area 172 16 1 2 1 FULL BDR 00 00 31 192 168 20 2 Vl 20 0 172 15 1 1 1 FULL DROTHER 00 00 39 192 168 20 3 Vl 20 0 The following output displays the routes learned using OSPF Dell 1 show ip route ospf Destination Gateway Dist Metric Last ...

Page 1012: ...ir destinations without being sent to the peer switch Dell 2 Switch Configuration In the following output RSTP is enabled with a bridge priority of 32768 which is the second lowest in this topology This ensures that Dell 2 becomes the root bridge if Dell 1 fails Dell 2 sh run find protocol protocol spanning tree pvst no disable vlan 1 20 800 900 bridge priority 32768 The following output shows the...

Page 1013: ...col LACP port channel 1 mode active no shutdown Port channel 1 connects the uplink switch R1 Dell 2 sh run int po1 interface Port channel 1 description port channel_to_R1 no ip address switchport vlt peer lag port channel 1 no shutdown Port channel 2 connects the access switch A1 Dell 2 sh run int po2 interface Port channel 2 description port channel_to_access_switch_A1 no ip address portmode hybr...

Page 1014: ... 1c f4 29 f1 Remote System MAC address 90 b1 1c f4 2c bb Configured System MAC address 90 b1 1c f4 01 01 Remote system version 6 3 Delay Restore timer 90 seconds Peer routing Enabled Peer routing Timeout timer 0 seconds Multicast peer routing timeout 150 seconds Verify if the heartbeat mechanism is operational on Dell 2 Dell 2 sh vlt backup link VLT Backup Link Destination 10 10 10 1 Peer HeartBea...

Page 1015: ...of all interfaces in the system All interfaces physical and virtual have the same MAC address This is the address used for peer routing Dell 2 show interfaces grep Hardware Hardware is DellEth address is 90 b1 1c f4 29 f3 Hardware is DellEth address is 90 b1 1c f4 29 f3 Hardware is DellEth address is 90 b1 1c f4 29 f3 Hardware is DellEth address is 90 b1 1c f4 29 f3 Output truncated for brevity Ve...

Page 1016: ... 24 110 2 via 192 168 20 2 02 02 34 Port channel1 110 2 via 192 168 20 1 02 02 34 Port channel1 OSPF learned route back to client subnet VLAN 800 4 0 0 0 24 is subnetted 1 subnets C 4 4 4 0 is directly connected Loopback4 O 192 168 9 0 24 110 2 via 192 168 20 2 02 02 34 Port channel1 110 2 via 192 168 20 1 02 02 34 Port channel1 OSPF learned route back to client subnet 2 VLAN 900 172 17 0 0 24 is ...

Page 1017: ...ns Domain 1 consists of Peer 1 and Peer 2 Domain 2 consists of Peer 3 and Peer 4 as shown in the following example In Domain 1 configure Peer 1 fist then configure Peer 2 When that is complete perform the same steps for the peer nodes in Domain 2 The interface used in this example is TenGigabitEthernet Figure 144 eVLT Configuration Example eVLT Configuration Step Examples In Domain 1 configure the...

Page 1018: ...2 conf if range te 1 28 29 port channel protocol LACP Domain_1_Peer2 conf if range te 1 28 29 port channel 100 mode active Domain_1_Peer2 conf if range te 1 28 29 no shutdown In Domain 2 configure the VLT domain and VLTi on Peer 3 Domain_2_Peer3 configure Domain_2_Peer3 conf interface port channel 1 Domain_2_Peer3 conf if po 1 channel member TenGigabitEthernet 1 8 1 9 Domain_1_Peer3 no shutdown Do...

Page 1019: ... Examples of Configuring PIM Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally VLT_Peer1 conf ip multicast routing The following example shows how to enable PIM on the VLT port VLANs VLT_Peer1 conf interface vlan 4001 VLT_Peer1 conf if vl 4001 ip address 140 0 0 1 24 VLT_Peer1 conf if vl 4001 ip pim sparse mode VLT_Peer1 conf if vl 4001 tagged por...

Page 1020: ...the switch EXEC mode show running config vlt Display statistics on VLT operation EXEC mode show vlt statistics Display the RSTP configuration on a VLT peer switch including the status of port channels used in the VLT interconnect trunk and to connect to access devices EXEC mode show spanning tree rstp Display the current status of a port or port channel interface used in the VLT domain EXEC mode s...

Page 1021: ...ystem version 6 3 Delay Restore timer 90 seconds Delay Restore Abort Threshold 60 seconds Peer Routing Disabled Peer Routing Timeout timer 0 seconds Multicast peer routing timeout 150 seconds Dell The following example shows the show vlt detail command Dell_VLTpeer1 show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active VLANs 100 100 UP UP 10 20 30 127 2 UP UP 20 30 Dell_VLTpeer2...

Page 1022: ...bold section displays the RSTP state of port channels in the VLT domain Port channel 100 is used in the VLT interconnect trunk VLTi to connect to VLT peer2 Port channels 110 111 and 120 are used to connect to access switches or servers vlt Dell_VLTpeer1 show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0 Address 0001 e88a dff8 Root Bridge hello time 2 ...

Page 1023: ...runk VLTi Dell_VLTpeer1 conf vlt domain 999 Dell_VLTpeer1 conf vlt domain peer link port channel 100 Dell_VLTpeer1 conf vlt domain back up destination 10 11 206 35 Dell_VLTpeer1 conf vlt domain exit Configure the backup link Dell_VLTpeer1 conf interface ManagementEthernet 1 1 Dell_VLTpeer1 conf if ma 1 1 ip address 10 11 206 23 Dell_VLTpeer1 conf if ma 1 1 no shutdown Dell_VLTpeer1 conf if ma 1 1 ...

Page 1024: ...re the port channel to an attached device Dell_VLTpeer2 conf interface port channel 110 Dell_VLTpeer2 conf if po 110 no ip address Dell_VLTpeer2 conf if po 110 switchport Dell_VLTpeer2 conf if po 110 channel member fortyGigE 1 53 Dell_VLTpeer2 conf if po 110 no shutdown Dell_VLTpeer2 conf if po 110 vlt peer lag port channel 110 Dell_VLTpeer2 conf if po 110 end Verify that the port channels used in...

Page 1025: ...how vlt brief commands to view the VLT port channel status information Spanning tree mismatch at global level All VLT port channels go down on both VLT peers A syslog error message is generated No traffic is passed on the port channels A one time informational syslog message is generated During run time a loop may occur as long as the mismatch lasts To resolve enable RSTP on both VLT peers Spannin...

Page 1026: ... are terminated on two different nodes PVLAN configuration of VLT VLANs and VLT LAGs are symmetrical and identical on both the VLT peers PVLANs provide Layer 2 isolation between ports within the same VLAN A PVLAN partitions a traditional VLAN into sub domains identified by a primary and secondary VLAN pair With VLT being a Layer 2 redundancy mechanism support for configuration of VLT nodes in a PV...

Page 1027: ...d to cause the VLTi to be a member of that VLAN Whenever a change in the VLAN mode on one of the peers occurs the information is synchronized with the other peer and VLTi is either added or removed from the VLAN based on the validation of the VLAN parity For VLT VLANs the association between primary VLAN and secondary VLANs is examined on both the peers Only if the association is identical on both...

Page 1028: ...atches or PVLAN port mode mismatches occur Also you can view these discrepancies if any occur by using the show vlt mismatch command Interoperation of VLT Nodes in a PVLAN with ARP Requests When an ARP request is received and the following conditions are applicable the IP stack performs certain operations The VLAN on which the ARP request is received is a secondary VLAN community or isolated VLAN ...

Page 1029: ...Secondary Isolated No No Access Access Secondary Community Secondary Isolated No No Primary X Primary X Yes Yes Promiscuous Promiscuous Primary Primary Yes Yes Secondary Community Secondary Community Yes Yes Secondary Isolated Secondary Isolated Yes Yes Promiscuous Trunk Primary Normal No No Promiscuous Trunk Primary Primary Yes No Access Access Secondary Community Secondary Community Yes Yes Prim...

Page 1030: ...e port channel for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port channel id number Enter the same port channel number configured with the peer link port channel command as described in Enabling VLT and Creating a VLT Domain NOTE To be included in the VLTi the port channel must be in Default mode no switchport or VLAN assigned 2 Remove...

Page 1031: ...the PVLAN mode INTERFACE mode switchport mode private vlan host promiscuous trunk host isolated or community VLAN port promiscuous intra VLAN communication port trunk inter switch PVLAN hub port 5 Access INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces CONFIGURATION mode interface vlan vlan id 6 Enable the VLAN INTERFACE VLAN mode no shutdown 7 To obtain maximum VL...

Page 1032: ...hes node 1 node 1 does not perform the ARP request for 20 1 1 2 Proxy ARP is supported only for the IP address that belongs to the received interface IP network Proxy ARP is not supported if the ARP requested IP address is different from the received interface IP subnet For example if you configure VLAN 100 and 200 on the VLT peers and if you configured the VLAN 100 IP address as 10 1 1 0 24 and y...

Page 1033: ...he device For the S G routes that are synchronized from the VLT peer after the RP starts receiving multicast traffic via these routes these S G routes are considered valid and are downloaded to the device Only S G routes are used to forward the multicast traffic from the source to the receiver You can configure VLT nodes which function as RP as Multicast source discovery protocol MSDP peers in dif...

Page 1034: ...1 11 Dell conf vlt domain unit id 0 Dell conf vlt domain Dell show running config vlt vlt domain 1 peer link port channel 1 back up destination 10 16 151 116 primary priority 100 system mac mac address 00 00 00 11 11 11 unit id 0 Dell Configure the VLT LAG as VLAN Stack Access or Trunk Port Dell conf interface port channel 10 Dell conf if po 10 switchport Dell conf if po 10 vlt peer lag port chann...

Page 1035: ...agged x Dot1x untagged X Dot1x tagged o OpenFlow untagged O OpenFlow tagged G GVRP tagged M Vlan stack i Internal untagged I Internal tagged v VLT untagged V VLT tagged NUM Status Description Q Ports 50 Active M Po10 Te 1 8 M Po20 Te 1 12 V Po1 Te 1 30 32 Dell Sample Configuration of VLAN Stack Over VLT Peer 2 Configure the VLT domain Dell conf vlt domain 1 Dell conf vlt domain peer link port chan...

Page 1036: ... conf interface vlan 50 Dell conf if vl 50 vlan stack compatible Dell conf if vl 50 stack member port channel 10 Dell conf if vl 50 stack member port channel 20 Dell conf if vl 50 stack Dell show running config interface vlan 50 interface Vlan 50 vlan stack compatible member Port channel 10 20 shutdown Dell Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN Stack VLAN De...

Page 1037: ...ation NS and ND messages These NS or neighbor advertisement NA messages can be either destined to the VLT node or to any nodes on the same network as the VLT interface These learned neighbor entries are propagated to another VLT node so that the peer does not need to relearn the entries IPv6 Peer Routing When you enable peer routing on VLT nodes the MAC address of the peer VLT node is stored in th...

Page 1038: ...ll tunneling process involves the VLT nodes that are connected from the ToR through a LAG The following illustration is a basic VLT setup which describes the communication between VLT nodes to tunnel the NA from one VLT node to its peer NA messages can be sent in two scenarios NA messages are almost always sent in response to an NS message from a node In this case the solicited NA has the destinat...

Page 1039: ... domain using an ICL or VLTi link To the south of the VLT domain Unit1 and Unit2 are connected to a ToR switch named Node B Also Unit1 is connected to another node Node A and Unit2 is linked to a node Node C The network between the ToR and the VLT nodes is Layer 2 Servers or hosts that are connected to the ToR Node B generate Layer 3 control data traffic from the South or lower end of the vertical...

Page 1040: ...T interface which is destined to VLT node1 node 2 lifts the NA packet to CPU using an ACL entry then it adds a tunnel header to the received NA and forwards the packet to VLT node1 over ICL When VLT node1 receives NA over ICL with tunnel header it learns the Host MAC address on VLT port channel interface This learned neighbor entry is synchronized to VLT node2 as it is learned on VLT interface of ...

Page 1041: ...ct for peers LLA VLT host to North Bound traffic flow One of the VLT peer is configured as the default gateway router on VLT hosts If the VLT node receives Layer 3 traffic intended for the other VLT peer it routes the traffic to next hop instead of forwarding the traffic to the VLT peer If the neighbor entry is not present the VLT node resolves the next hop There may be traffic loss during the nei...

Page 1042: ...outer advertisement on VLT interface non VLT interface it consumes the packets VLT node will drop the RA message if it is received over ICL interface Upgrading from Releases That Do Not Support IPv6 Peer Routing During an upgrade to Release 9 4 0 0 from earlier releases VLT peers might contain different versions of FTOS You must upgrade both the VLT peers to Release 9 4 0 0 to leverage the benefit...

Page 1043: ...ive migration of running virtual machines VMs from one host to another without downtime For example consider a square VLT connecting two data centers If a VM VM1 on Server Rack 1 has C as its default gateway and VM1 performs a virtual movement to Server Rack 2 with no change in default gateway In this case L3 packets destined for C can be routed either by C1 or D1 locally To do this install the lo...

Page 1044: ...ou must maintain VLAN symmetry within a VLT domain The connection between DCs must be a L3 VLT in eVLT format For more information refer to the eVLT Configuration Example The trace route across the DCs can show extra hops To ensure no traffic drops you must maintain route symmetry across the VLT domains When the routing table across DCs is not symmetrical there is a possibility of a routing miss b...

Page 1045: ...xy gateway Configuration mode Specify the port channel interface of the square VLT link on which LLDP packets are sent using thepeer domain link port channel command Configuring the proxy gateway lldp and the peer domain link port channel LLDP sets TLV flags on the interfaces for receiving and transmitting private TLV packets After defining these organizational TLV settings LLDP encodes the local ...

Page 1046: ...roxy gateway and you must enable both transmission and reception You must connect both units of the remote VLT domain by the port channel member If you connect more than one port to a unit of the remote VLT domain the connection must be completed by the time you enable the proxy gateway LLDP You cannot have other conflicting configurations for example you cannot have a static proxy gateway configu...

Page 1047: ...y Gateway LLDP mode in both C and D VLT domain 1 and C1 and D1 VLT domain 2 This behavior is applicable only in the LLDP configuration and not required in the static configuration Sample Configuration Dell conf vlt domain proxy gateway lldp Dell conf vlt domain pxy gw lldp vlt peer mac transmit Assume the inter chassis link ICL between C1 and D1 is shutdown and if D1 is the secondary VLT one half ...

Page 1048: ... following configurations in the Core L3 Routers C and D in local VLT domain and C1 and D1 in the remote VLT domain 1 Configure proxy gateway static in VLT Domain Configuration mode 2 Configure remote mac address mac address in VLT Domain Proxy Gateway LLDP mode Configure the system mac addresses of both C and D in C1 and also in D1 in the remote VLT domain and vice versa Sample Static Configurati...

Page 1049: ...1 3 primary priority 4096 system mac mac address 02 01 e8 d8 93 e3 unit id 0 peer routing proxy gateway static remote mac address 00 01 e8 8b ff 4f remote mac address 00 01 e8 d8 93 04 The MAC addresses configured using the remote mac address command belong to Dell 3 and Dell 4 interface TenGigabitEthernet 0 8 description To DELL 3 10Gb no ip address interface TenGigabitEthernet 0 9 description To...

Page 1050: ...etwork 10 10 100 0 30 area 0 network 10 10 101 0 30 area 0 The following output shows that Dell 2 and VLT domain 110 form OSPF neighborship with Dell 1 Dell 1 show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface Area 2 2 2 2 1 FULL 00 00 39 10 10 100 2 Vl 100 0 3 3 3 3 1 FULL 00 00 32 10 10 101 2 Vl 101 0 Dell 2 VLT Configuration vlt domain 120 peer link port channel 120 back up...

Page 1051: ...0 8 description To Dell 1 10Gb no ip address interface TenGigabitEthernet 0 9 description To Dell 1 10Gb no ip address port channel protocol LACP port channel 50 mode active no shutdown interface Port channel 50 description mVLT port channel to Dell 1 no ip address switchport no spanning tree STP is disabled between sites vlt peer lag port channel 50 no shutdown interface Vlan 101 description ospf...

Page 1052: ... 00 01 e8 d8 93 e5 These MAC addresses are the system L2 interface addresses for each switch at the remote site Dell 1 and Dell 2 interface Vlan 102 description ospf peering vlan to DELL 3 ip address 10 10 102 2 30 ip ospf network point to point no shutdown The following is the OSPF configuration on Dell 4 router ospf 1 router id 1 1 1 1 network 10 10 102 0 30 area 0 The following output shows tha...

Page 1053: ...tualized servers is transparently transported over an existing legacy network Figure 150 VXLAN Gateway Topics Components of VXLAN network Functional Overview of VXLAN Gateway VXLAN Frame Format Configuring and Controlling VXLAN from the NVP Controller GUI Configuring VxLAN Gateway Displaying VXLAN Configurations VXLAN Service nodes for BFD Static Virtual Extensible LAN VXLAN Preserving 802 1 p val...

Page 1054: ...with NSX Dell Networking OS supports physical interface or Port channel as access port Dell supports only physical interface as network port and does not support Port channel VLAN as network port NOTE Dell Networking OS supports only NSX as the controller for VXLAN and does not support Nuage controllers VTEP VXLAN Tunnel End Point VTEPs work as the open vSwitch running on the hypervisor on a virtu...

Page 1055: ...s the network orchestrator VXLAN communicates with the VTEP using a standard protocol called OvsDb Protocol The protocol uses the JSON RPC based message format The VTEP acts according to the TOR schema defined by VMWare The solution is very specific to VMWare based orchestration platforms and does not work with other orchestration platforms VXLAN Frame Format VXLAN provides a mechanism to extend a...

Page 1056: ...the following components Source Port Entropy of the inner frame The entropy could be based on the Inner L2 header or Inner L3 header VXLAN Port IANA assigned VXLAN Port 4789 UDP Checksum The UDP checksum field is transmitted as zero When a packet is received with a UDP checksum of zero it is accepted for decapsulation VXLAN Header VXLAN Flags Reserved bits set to zero except bit 3 the first bit wh...

Page 1057: ...ecLIgmgYjKu2E0uC3URpuydoN7UwPSeigXWeR3JyhzfFVEr5LtyXVpo9zS2JGyygKtzZBpke1wIDAQABoy8wLTAM BgNVHRMEBTADAQH MB0GA1UdDgQWBBTaOaPuXmtLDTJVv VYBiQr9gHCTANBgkqhkiG9w0BAQUFAAOCAQEAn5E w3BLQrX3e3Jv3EUFftGV0NABXOQxb ODH4doA 68nQcvW7GZgpwoxe77YQH C uBNFwSBFxsu9ZkXhKu2q8wrCd cnuaNu7Kq2V0DGSdR7eIkDTHkflttHbMmRfStHLetk3bA0HgXTW5c vFn79EX nJqxIvkl5ADT7k5JZR j6i9eskgUlvBuV5OOZKzh29Gy4sjXvdYL5GirZFon8iZNY5FON Wlpc...

Page 1058: ... GW to logical network VXLAN and VLAN Figure 155 Create Logical Switch Port NOTE For more details about NVP controller configuration refer to the NVP user guide from VMWare Configuring VxLAN Gateway To configure the VxLAN gateway on the switch follow these steps 1 Connecting to NVP controller 2 Advertising VXLAN access ports to controller Connecting to an NVP Controller To connect to an NVP contro...

Page 1059: ...database and hardware flows resources 7 no shut VxLAN INSTANCE mode Advertising VXLAN Access Ports to Controller To advertise the access ports to the controller use the following command In INTERFACE mode vxlan instance command configures a VXLAN Access Port into a VXLAN instance INTERFACE mode vxlan instance Examples of the show vxlan instance Command Dell show vxlan vxlan instance 1 Instance 1 A...

Page 1060: ...nce unicast mac local command Dell show vxlan vxlan instance 1 unicast mac local Total Local Mac Count 5 VNI MAC PORT VLAN 4656 00 00 02 00 03 00 Te 1 17 0 4656 00 00 02 00 03 01 Te 1 17 0 4656 00 00 02 00 03 02 Te 1 17 0 4656 00 00 02 00 03 03 Te 1 17 0 4656 00 00 02 00 03 04 Te 1 17 0 The following example shows the show vxlan vxlan instance unicast mac remote command Dell show vxlan vxlan insta...

Page 1061: ...ocator Instance 1 Tunnel count 1 36 1 1 1 vxlan_over_ipv4 up The following example shows the show vxlan vxlan instance unicast mac local command Dell show vxlan vxlan instance 1 unicast mac local Total Local Mac Count 5 VNI MAC PORT VLAN 4656 00 00 02 00 03 00 Te 0 17 0 4656 00 00 02 00 03 01 Te 0 17 0 4656 00 00 02 00 03 02 Te 0 17 0 4656 00 00 02 00 03 03 Te 0 17 0 4656 00 00 02 00 03 04 Te 0 17...

Page 1062: ... using the Controller Once you create a VXLAN instance in the static mode you can create a VNI profile associate a VNID to the VNI profile associate a remote VTEP to the VNID and associate the VNID to a VLAN using the CLIs Configuring Static VXLAN Port VLAN bindings in the context of VXLAN is achieved by associating a port to VLAN using tagged or untagged interface CLIs If a VLAN has VNID associat...

Page 1063: ...c VXLAN is not supported in Stacking and VLT environments Routing over VXLAN is not supported SNMP and REST API are not supported for VXLAN configurations Multicast over VXLAN is not supported Only 4K VNIs are supported while configuring static VXLAN In multicast and broadcast traffic even though the remote VTEP is reachable through the ECMP path load balancing is not supported The 802 1p QOS mark...

Page 1064: ... example displays VXLAN statistics for the specified VXLAN tunnel Dell show vxlan vxlan instance 1 statistics remote vtep ip 1 1 1 1 Statistics for Remote vtep ip 1 1 1 1 Unicast Rx Packets 0 Rx Bytes 0 Tx Packets 0 Tx Bytes 0 Non Unicast Tx Packets 0 Tx Bytes 0 Use the following command to clear the remote VTEP and access port statistics Dell clear vxlan vxlan instance 1 statistics Preserving 802...

Page 1065: ...PNs for customers VRF is also referred to as VPN routing and forwarding VRF acts like a logical router while a physical router may include many routing tables a VRF instance uses only a single routing table VRF uses a forwarding table that designates the next hop for each data packet a list of devices that may be called upon to forward the packet and a set of rules and routing protocols that gover...

Page 1066: ... on following types of interface Physical Ethernet interfaces Port channel interfaces static dynamic using LACP VLAN interfaces Loopback interfaces VRF supports route redistribution between routing protocols including static routes only when the routes are within the same VRF Dell Networking OS uses both the VRF name and VRF ID to manage VRF instances The VRF name and VRF ID number are assigned us...

Page 1067: ...n physical and logical interfaces Yes Yes NOTE RIP is not supported on non default VRF Dynamic Port channel LACP on VLAN port or a Layer 3 port Yes Yes Static Port channel as VLAN port or a Layer 3 port Yes Yes Encapsulated Remote Port Monitoring Yes No BFD on physical and logical interfaces Yes No Multicast protocols PIM SM MSDP Yes Yes NOTE MSDP is not supported in non default VRF PIM DM No No L...

Page 1068: ...F Instance Information Connect an OSPF Process to a VRF Instance Configure VRRP on a VRF Loading VRF CAM Load CAM memory for the VRF feature CONFIGURATION feature vrf After you load VRF CAM CLI parameters that allow you to configure non default VRFs are made available on the system Creating a Non Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances 1 to ...

Page 1069: ...ement VRF perform the following steps 1 Enter the front end interface that you want to assign to a management interface CONFIGURATION interface tengigabitethernet 1 1 2 Assign the interface to management VRF INTERFACE CONFIGURATION ip vrf forwarding management Before assigning a front end port to a management VRF ensure that no IP address is configured on the interface 3 Assign an IPv4 address to ...

Page 1070: ...elong to a VRF instance In a virtualized network that consists of multiple VRFs various overlay networks can exist on a shared physical infrastructure Nodes hosts and servers that are part of the VRFs can be configured with IP static routes for reaching specific destinations through a given gateway in a VRF VRRP provides high availability and protection for next hop static routes by eliminating a ...

Page 1071: ... originated by the router ipv6 nd managed config flag Hosts should use DHCP for address config ipv6 nd max ra interval Set IPv6 Max Router Advertisement Interval ipv6 nd mtu Configure MTU advertisements in RA packets ipv6 nd other config flag Hosts should use DHCP for non address config ipv6 nd prefix Configure IPv6 Routing Prefix Advertisement ipv6 nd ra guard Configure IPv6 ra guard ipv6 nd ra l...

Page 1072: ... management route to point to a front end port in case of the management VRF For example management route 2 64 tengigabitethernet 1 1 Configure a static entry in the IPv6 neighbor discovery CONFIGURATION ipv6 neighbor vrf management 1 1 tengigabitethernet 1 1 xx xx xx xx xx xx Sample VRF Configuration The following configuration illustrates a typical VRF set up Figure 157 Setup OSPF and Static Rou...

Page 1073: ...range 2 ip vrf green 3 interface TenGigabitEthernet 3 1 no ip address switchport no shutdown interface TenGigabitEthernet 1 1 ip vrf forwarding blue ip address 10 0 0 1 24 no shutdown interface TenGigabitEthernet 1 2 ip vrf forwarding orange ip address 20 0 0 1 24 no shutdown interface TenGigabitEthernet 1 3 Virtual Routing and Forwarding VRF 1073 ...

Page 1074: ... router id 2 0 0 1 network 2 0 0 0 24 area 0 network 20 0 0 0 24 area 0 ip route vrf green 31 0 0 0 24 3 0 0 2 Router 2 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface TenGigabitEthernet 3 1 no ip address switchport no shutdown interface TenGigabitEthernet 2 1 ip vrf forwarding blue ip address 11 0 0 1 24 no shutdown interface TenGigabitEthernet 2 2 ip vrf forwarding orange ip address 21 0 ...

Page 1075: ... Te 1 2 Vl 192 green 3 Te 1 3 Vl 256 Dell show ip ospf 1 neighbor Neighbor ID Pri State Dead Time Address Interface Area 1 0 0 2 1 FULL DR 00 00 32 1 0 0 2 Vl 128 0 Dell sh ip ospf 2 neighbor Neighbor ID Pri State Dead Time Address Interface Area 2 0 0 2 1 FULL DR 00 00 37 2 0 0 2 Vl 192 0 Dell show ip route vrf blue Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally...

Page 1076: ... E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active route summary route Gateway of last resort is not set Destination Gateway Dist Metric Last Change C 3 0 0 0 24 Direct Vl 256 0 0 00 20 52 C 30 0 0 0 24 Direct Te 1 3 0 0 00 09 45 S 31 0 0 0 24 via 3 0 0 2 Vl 256 1 0 00 09 06 The following shows the output of the show commands on Rout...

Page 1077: ...C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active route summary route Gateway of last resort is not set Destination Gateway Dist Metric Last...

Page 1078: ...iple route import targets because a VRF can accept routes from multiple VRFs After the target VRF learns routes that are leaked by the source VRF the source VRF in turn can leak the export target corresponding to the destination VRFs that have imported its routes The source VRF learns the export target corresponding to the destinations VRF using the ip route import tag or ipv6 route import tag com...

Page 1079: ...f forwarding VRF blue ip address ip address mask A non default VRF named VRF blue is created and the interface 1 12 is assigned to it 7 Configure the import target in VRF blue ip route import 1 1 8 Configure the export target in VRF blue ip route import 3 3 9 Configure VRF green ip vrf vrf green interface type slot port subport ip vrf forwarding VRF green ip address ip address mask A non default V...

Page 1080: ...rect Te 1 4 0 0 00 32 36 Show routing tables of VRFs after route export and route import tags are configured Dell show ip route vrf VRF Red O 11 1 1 1 32 via 111 1 1 1 110 0 00 00 10 C 111 1 1 0 24 Direct Te 1 11 0 0 22 39 59 O 44 4 4 4 32 via VRF shared 144 4 4 4 0 0 00 32 36 C 144 4 4 0 24 Direct VRF shared Te 1 4 0 0 00 32 36 Dell show ip route vrf VRF Blue O 22 2 2 2 32 via 122 2 2 2 110 0 00 ...

Page 1081: ... matches You can use the match source protocol or match ip address commands to specify matching criteria for importing or exporting routes between VRFs NOTE You must use the match source protocol or match ip address commands in conjunction with the route map command to be able to define the match criteria for route leaking Consider a scenario where you have created two VRF tables VRF red and VRF b...

Page 1082: ...otocol ospf This action specifies that the route map contains OSPF as the matching criteria for importing routes into vrf blue 8 Configure the import target in VRF blue with route map import_ospf_protociol ip route import 1 1 import_ospf_protocol When you import routes into VRF blue using the route map import_ospf_protocol only OSPF routes are imported into VRF blue Even though VRF red has leaked ...

Page 1083: ...ort target and import target support only the match protocol and match prefix list options Other options that are configured in the route maps are ignored You can expose a unique set of routes from the Source VRF for Leaking to other VRFs For example in VRF red there is no option for exporting one set of routes for example OSPF to VRF blue and another set of routes for example BGP routes to some o...

Page 1084: ...d allows for up to 255 VRRP routers on a network The following example shows a typical network configuration using VRRP Instead of configuring the hosts on the network 10 10 10 0 with the IP address of either Router A or Router B as their default router their default router is the IP address configured on the virtual router When any host on the LAN segment wants to access the Internet it sends pac...

Page 1085: ...RP group up to 12 virtual IP addresses are supported Virtual IP addresses can belong to the primary or secondary IP address subnet configured on the interface You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet The S Series supports varying number of maximum VRRP groups per interface The supports a total of 2000 VRRP groups on a switch a...

Page 1086: ...een 1200 and 1500 8 seconds 120 VRRP Configuration By default VRRP is not configured Configuration Task List The following list specifies the configuration tasks for VRRP Creating a Virtual Router mandatory Configuring the VRRP Version for an IPv4 Group optional Assign Virtual IP Addresses mandatory Setting VRRP Group Virtual Router Priority optional Configuring VRRP Authentication optional Disabl...

Page 1087: ...l VRRP Version 3 for IPv4 and IPv6 You can also migrate a IPv4 group from VRRPv2 to VRRP3 To configure the VRRP version for IPv4 use the version command in INTERFACE mode Example Configuring VRRP to Use Version 3 The following example configures the IPv4 VRRP 100 group to use VRRP protocol version 3 Dell conf if te 1 1 vrrp group 100 Dell conf if te 1 1 vrid 100 version 2 VRRPv2 3 VRRPv3 both Inte...

Page 1088: ...ses on a single VRRP group VRID The following rules apply to virtual IP addresses The virtual IP addresses must be in the same subnet as the primary or secondary IP addresses configured on the interface Though a single VRRP group can contain virtual IP addresses belonging to multiple IP subnets configured on the interface Dell Networking recommends configuring virtual IP addresses belonging to the...

Page 1089: ...ddress 10 10 10 2 virtual address 10 10 10 3 vrrp group 222 no shutdown The following example shows the same VRRP group VRID 111 configured on multiple interfaces on different subnets Dell show vrrp TenGigabitEthernet 1 1 VRID 111 Version 2 Net 10 10 10 1 VRF 0 default State Master Priority 255 Master 10 10 10 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 17...

Page 1090: ...show vrrp command Dellshow vrrp TenGigabitEthernet 1 1 VRID 111 Net 10 10 10 1 VRF 0 default State Master Priority 255 Master 10 10 10 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 2343 Gratuitous ARP sent 5 Virtual MAC address 00 00 5e 00 01 6f Virtual IP address 10 10 10 1 10 10 10 2 10 10 10 3 10 10 10 10 Authentication none TenGigabitEthernet 1 2 VRID 11...

Page 1091: ...stem to change the MASTER router if another router with a higher priority comes online Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt NOTE You must configure all virtual routers in the VRRP group the same you must configure all with preempt enabled or configure all with preempt disabled Because preempt is enabled by default disable the preem...

Page 1092: ...figured for VRRP version 2 the timer values must be in multiples of whole seconds For example timer value of 3 seconds or 300 centisecs are valid and equivalent However a timer value of 50 centisecs is invalid because it not is not multiple of 1 second If are using VRRP version 3 you must configure the timer values in multiples of 25 centisecs To change the advertisement interval in seconds or cen...

Page 1093: ...port information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 For a virtual group you can also track the status of a configured object the track object id command by entering its object number NOTE You ...

Page 1094: ...ss 10 10 10 1 virtual address 10 10 10 2 virtual address 10 10 10 3 virtual address 10 10 10 10 The following example shows verifying the tracking status Dell show track Track 2 IPv6 route 2040 64 metric threshold Metric threshold is Up STATIC 0 0 5 changes last change 00 02 16 Metric threshold down 255 up 254 First hop interface is TenGigabitEthernet 1 3 Tracked by VRRP TenGigabitEthernet 1 8 IPv...

Page 1095: ...load a VLT node configured for VRRP the local destination address is not seen on the reloaded node causing suboptimal routing Set the delay timer on individual interfaces The delay timer is supported on all physical interfaces VLANs and LAGs When you configure both CLIs the later timer rules VRRP enabling For example if you set vrrp delay reload 600 and vrrp delay minimum 300 the following behavio...

Page 1096: ...n comprehensive directions and is intended to provide guidance for only a typical VRRP configuration You can copy and paste from the example to your CLI To support your own IP addresses interfaces names and so on be sure that you make the necessary changes The VRRP topology was created using the CLI configuration shown in the following example Figure 160 VRRP for IPv4 Topology 1096 Virtual Router ...

Page 1097: ...nt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 817 Gratuitous ARP sent 1 Virtual MAC address 00 00 5e 00 01 63 Virtual IP address 10 1 1 3 Authentication none R2 Router 3 R3 conf interface tengigabitethernet 3 21 R3 conf if te 3 21 ip address 10 1 1 2 24 R3 conf if te 3 21 vrrp group 99 R3 conf if te 3 21 vrid 99 virtual 10 1 1 3 R3 conf if te 3 21 vrid 99 no shut R3 conf if te 3 21 show conf interf...

Page 1098: ...RPv3 group becomes active as soon as you configure the link local address Afterward you can configure the group s virtual IPv6 address The virtual IPv6 address you configure must be the same as the IPv6 subnet to which the interface belongs Although R2 and R3 have the same default priority 100 R2 is elected master in the VRRPv3 group because the TenGigabitethernet 1 1 interface has a higher IPv6 a...

Page 1099: ... 2 vrrp group 10 R2 conf if te 1 2 vrid 10 virtual address fe80 10 R2 conf if te 1 2 vrid 10 virtual address 1 10 R3 conf if te 1 2 vrid 10 no shutdown R3 conf if te 1 2 show config interface TenGigabitEthernet 1 2 ipv6 address 1 2 64 vrrp group 10 priority 100 virtual address fe80 10 virtual address 1 10 no shutdown R3 conf if te 1 2 end R3 show vrrp TenGigabitEthernet 1 2 IPv6 VRID 10 Version 3 ...

Page 1100: ...ere is one MASTER and one backup router for each VRF In VRF 1 and VRF 2 Switch 2 serves as owner master of the VRRP group and Switch 1 serves as the backup On VRF 3 Switch 1 is the owner master and Switch 2 is the backup In VRF 1 and VRF 2 on Switch 2 the virtual IP and node IP address subnet and VRRP group are the same On Switch 1 the virtual IP address subnet and VRRP group are the same in VRF 1...

Page 1101: ...show vrrp tengigabitethernet 2 8 TenGigabitEthernet 2 8 IPv4 VRID 1 Version 2 Net 10 1 1 1 VRF 0 default State Master Priority 100 Master 10 1 1 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 119 Gratuitous ARP sent 1 Virtual MAC address 00 00 5e 00 01 01 Virtual IP address 10 1 1 100 Authentication none Example of Configuring VRRP in a VRF on Switch 2 Non VL...

Page 1102: ...F 1 1 S1 conf ip vrf VRF 2 2 S1 conf ip vrf VRF 3 3 S1 conf interface TenGigabitEthernet 1 1 S1 conf if te 1 1 no ip address S1 conf if te 1 1 switchport S1 conf if te 1 1 no shutdown S1 conf if te 1 1 interface vlan 100 S1 conf if vl 100 ip vrf forwarding VRF 1 S1 conf if vl 100 ip address 10 10 1 5 24 S1 conf if vl 100 tagged TenGigabitethernet 1 1 S1 conf if vl 100 vrrp group 11 Info The VRID u...

Page 1103: ...ace vlan 100 S2 conf if vl 100 ip vrf forwarding VRF 1 S2 conf if vl 100 ip address 10 10 1 2 24 S2 conf if vl 100 tagged TenGigabitethernet 1 1 S2 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if vl 100 vrid 101 priority 255 S2 conf if vl 100 vrid 101 virtual address 10 10 1 2 S2 conf if vl 100 no shutdown S2 conf if te 1 1 interface vlan 200 S2...

Page 1104: ...Bad pkts rcvd 0 Adv sent 0 Gratuitous ARP sent 0 Virtual MAC address 00 00 5e 00 01 0a Virtual IP address 20 1 1 100 Authentication none Dell show vrrp vrf vrf2 port channel 1 Port channel 1 IPv4 VRID 1 Version 2 Net 10 1 1 1 VRF 2 vrf2 State Master Priority 100 Master 10 1 1 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 419 Gratuitous ARP sent 1 Virtual MAC...

Page 1105: ... has MASTER status the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address Router 2 R2 conf interface tengigabitethernet 1 1 R2 conf if te 1 1 no ip address R2 conf if te 1 1 ipv6 address 1 1 64 R2 conf if te 1 1 vrrp group 10 NOTE You must configure a virtual link local fe80 address for each VRRPv3 group created for an interface The VRRPv3 g...

Page 1106: ...f interface tengigabitethernet 1 2 R3 conf if te 1 2 no ipv6 address R3 conf if te 1 2 ipv6 address 1 2 64 R3 conf if te 1 2 vrrp group 10 R2 conf if te 1 2 vrid 10 virtual address fe80 10 R2 conf if te 1 2 vrid 10 virtual address 1 10 R3 conf if te 1 2 vrid 10 no shutdown R3 conf if te 1 2 show config interface TenGigabitEthernet 1 2 ipv6 address 1 2 64 vrrp group 10 priority 100 virtual address ...

Page 1107: ... fe8a fd76 VRF 1 vrf1 State Backup Priority 90 Master fe80 201 e8ff fe8a e9ed Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 399 Bad pkts rcvd 0 Adv sent 0 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 10 1 1 255 fe80 255 Dell show vrrp vrf vrf2 port channel 1 Port channel 1 IPv6 VRID 255 Version 3 Net fe80 201 e8ff fe8a e9ed ...

Page 1108: ...can only perform offline diagnostics on an offline standalone unit or offline member unit of a stack of three or more You cannot perform diagnostics on the management or standby unit in a stack of two or more if you do a message similar to this displays Running Diagnostics on master standby unit is not allowed on stack Diagnostics only test connectivity not the entire data path Diagnostic results ...

Page 1109: ...on a standalone unit and on a stack member 4 View the results of the diagnostic tests EXEC Privilege mode show file flash TestReport SU stack unit id txt Examples of Running Offline Diagnostics The following example shows the offline stack unit id command The following example shows the show system brief command Dell show system brief Stack MAC 00 01 e8 8b 5d 8c Reload Type normal reload Next boot...

Page 1110: ...STKUNIT1 M CP CHMGR 5 STACKUNITDETECTED Stack unit 2 present 00 09 00 STKUNIT1 M CP CHMGR 5 CHECKIN Checkin from Stack unit 2 type S25P 28 ports 00 09 00 S25P 2 CHMGR 0 PS_UP Power supply 0 in unit 2 is up 00 09 00 STKUNIT1 M CP CHMGR 5 STACKUNITUP Stack unit 2 is up output from the console of the unit in which diagnostics are performed Dell stack member 2 Diagnostic test results are stored on fil...

Page 1111: ...tus information Each trace message provides the date time and name of the Dell Networking OS process All messages are stored in a ring buffer You can save the messages to a file either manually or automatically after failover Auto Save on Crash or Rollover Exception information for MASTER or standby units is stored in the flash TRACE_LOG_DIR directory This directory contains files that save trace ...

Page 1112: ...rol traffic which the CPU must process View the modular packet buffers details per stack unit and the mode of allocation EXEC Privilege mode show hardware stack unit 1 6 buffer total buffer View the modular packet buffers details per unit and the mode of allocation EXEC Privilege mode show hardware stack unit 1 6 buffer unit 0 1 total buffer View the forwarding plane statistics containing the pack...

Page 1113: ...egister View the tables from the bShell through the CLI without going into the bShell EXEC Privilege mode show hardware stack unit 1 6 unit 0 1 table dump table name Enabling Environmental Monitoring The device components use environmental monitoring hardware to detect transmit power readings receive power readings and temperature updates To receive periodic power updates you must enable the follo...

Page 1114: ...QSFP 52 TX4 Bias Current 0 000mA QSFP 52 RX1 Power 0 000mW QSFP 52 RX2 Power 0 000mW QSFP 52 RX3 Power 0 000mW QSFP 52 RX4 Power 0 000mW Recognize an Overtemperature Condition An overtemperature condition occurs for one of two reasons the card genuinely is too hot or a sensor has malfunctioned Inspect cards adjacent to the one reporting the condition to discover the cause If directly adjacent card...

Page 1115: ...HMGR 1 CARD_SHUTDOWN Major alarm stack unit 2 down auto shutdown due to under voltage This message indicates that the specified card is not receiving enough power In response the system first shuts down Power over Ethernet PoE If the under voltage condition persists line cards are shut down then the RPMs Troubleshoot an Under Voltage Condition To troubleshoot an under voltage condition check that ...

Page 1116: ...how hardware ip qos stack unit stack unit number port set 0 show hardware system flow layer2 stack unit stack unit number port set 0 counters pipeline 0 3 show hardware drops interface interface show hardware buffer stats snapshot resource interface interface show hardware buffer inteface interface priority group id all queue id all buffer info show hardware buffer stats snapshot resource interfac...

Page 1117: ...on COS13 0 HOL DROPS on COS14 0 HOL DROPS on COS15 0 HOL DROPS on COS16 0 HOL DROPS on COS17 0 TxPurge CellErr 0 Aged Drops 0 Egress MAC counters Egress FCS Drops 0 Egress FORWARD PROCESSOR Drops IPv4 L3UC Aged Drops 0 TTL Threshold Drops 0 INVALID VLAN CNTR Drops 0 L2MC Drops 0 PKT Drops of ANY Conditions 0 Hg MacUnderflow 0 TX Err PKT Counter 0 Error counters Internal Mac Transmit Errors 0 Unkno...

Page 1118: ...0 16 16 0 0 0 0 0 17 17 2144854 0 124904297 0 0 18 18 0 0 0 0 0 19 19 0 0 0 0 0 20 20 0 0 0 0 0 21 21 0 0 0 0 0 22 22 0 0 0 0 0 23 23 0 0 0 0 0 24 24 0 0 0 0 0 25 25 0 0 0 0 0 26 26 0 0 0 0 0 27 27 0 0 0 0 0 28 28 0 0 0 0 0 29 29 0 0 0 0 0 30 30 0 0 0 0 0 31 31 0 0 0 0 0 32 32 0 0 0 0 0 33 33 0 0 0 0 0 34 34 0 0 0 0 0 35 35 0 0 0 0 0 36 36 0 0 0 0 0 37 37 0 0 0 1118 Debugging and Diagnostics ...

Page 1119: ... 0 48 48 0 0 0 0 0 49 49 0 0 0 0 0 49 50 0 0 0 0 0 49 51 0 0 0 0 0 49 52 0 0 0 0 0 52 61 0 0 0 0 0 52 62 0 0 0 0 0 52 63 0 0 0 0 0 52 64 0 0 0 0 0 53 65 0 0 0 0 0 53 66 0 0 0 0 0 53 67 0 0 0 0 0 53 68 0 0 0 0 0 54 1 69 0 0 0 0 0 54 2 70 0 0 0 0 0 54 3 71 0 0 0 0 0 54 4 72 0 0 0 0 0 Internal 53 0 0 0 0 0 Internal 57 4659499 0 0 0 0 Debugging and Diagnostics 1119 ...

Page 1120: ...are stack unit 1 cpu data plane statistics bc pci driver statistics for device rxHandle 773 noMhdr 0 noMbuf 0 noClus 0 recvd 773 dropped 0 recvToNet 773 rxError 0 rxFwdError 0 rxDatapathErr 0 rxPkt COS0 0 rxPkt COS1 0 rxPkt COS2 0 rxPkt COS3 0 rxPkt COS4 0 rxPkt COS5 0 rxPkt COS6 0 rxPkt COS7 0 rxPkt COS8 773 rxPkt COS9 0 rxPkt COS10 0 rxPkt COS11 0 rxPkt UNIT0 773 transmitted 12698 txRequested 12...

Page 1121: ...isplay internal receive and transmit statistics based on the selected command option The following example is a sample of the output for the counters option Example of Displaying Counter Values for all Interface in the Selected Stack Member and Port Pipe Dell show hardware stack unit 1 unit 0 counters Interface Te 0 0 Description Value RX IPV4 L3 Unicast Frame Counter 0 RX IPV4 L3 routed multicast...

Page 1122: ...ast Frame Counter 0 RX IPV4 L3 routed multicast Packets 0 RX IPV6 L3 Unicast Frame Counter 0 Interface Fo 0 60 Description Value RX IPV4 L3 Unicast Frame Counter 0 RX IPV4 L3 routed multicast Packets 0 RX IPV6 L3 Unicast Frame Counter 0 RX IPV6 L3 routed multicast Packets 0 RX Unicast Packet Counter 0 RX 64 Byte Frame Counter 0 RX 64 to 127 Byte Frame Counter 0 RX 128 to 255 Byte Frame Counter 0 R...

Page 1123: ... Counter 0 RX IPV4 L3 Routed Multicast Packets 0 RX IPV6 L3 Unicast Frame Counter 0 RX IPV6 L3 Routed Multicast Packets 0 RX Unicast Packet Counter 0 RX 64 Byte Frame Counter 0 RX 65 to 127 Byte Frame Counter 0 RX 128 to 255 Byte Frame Counter 0 RX 256 to 511 Byte Frame Counter 0 RX 512 to 1023 Byte Frame Counter 0 RX 1024 to 1518 Byte Frame Counter 0 RX 1519 to 1522 Byte Good VLAN Frame Counter 0...

Page 1124: ...ation in the event of a crash Mini core dump files are located in flash root dir The application mini core filename format is f10StkUnit Stack_unit_no Application name acore mini txt The kernel mini core filename format is f10StkUnit Stack_unit_no kcore mini txt The following are sample filenames When a member or standby unit crashes the mini core file gets uploaded to master unit When the master ...

Page 1125: ...mize the number of packets recorded in a file by specifying the snap length to capture the file headers only The tcpdump command has a finite run process When you enable the tcpdump command it runs until the capture duration timer and or the packet count counter threshold is met If you do not set a threshold the system uses a default of a 5 minute capture duration and or a single 1k file as the st...

Page 1126: ...ce MIB Location IEEE Compliance The following is a list of IEEE compliance 802 1AB LLDP 802 1D Bridging STP 802 1p L2 Prioritization 802 1Q VLAN Tagging Double VLAN Tagging GVRP 802 1s MSTP 802 1w RSTP 802 1X Network Access Control Port Authentication 802 3ab Gigabit Ethernet 1000BASE T 802 3ac Frame Extensions for VLAN Tagging 802 3ad Link Aggregation with LACP 802 3ae 10 Gigabit Ethernet 10GBASE...

Page 1127: ...ocol 7 6 1 793 Transmission Control Protocol 7 6 1 854 Telnet Protocol Specification 7 6 1 959 File Transfer Protocol FTP 7 6 1 1321 The MD5 Message Digest Algorithm 7 6 1 1350 The TFTP Protocol Revision 2 7 6 1 1661 The Point to Point Protocol PPP 1989 PPP Link Quality Monitoring 1990 The PPP Multilink Protocol MP 1994 PPP Challenge Handshake Authentication Protocol CHAP 2460 Internationalization...

Page 1128: ... Transparent Subnet Gateways 7 6 1 10 3 5 DOMAIN NAMES IMPLEMENTATION AND SPECIFICATION client 7 6 1 10 42 A Standard for the Transmission of IP Datagrams over IEEE 802 Networks 7 6 1 11 91 Path MTU Discovery 7 6 1 13 0 5 Network Time Protocol Version 3 Specification Implementation and Analysis 7 6 1 15 19 Classless Inter Domain Routing CIDR an Address Assignment and Aggregation Strategy 7 6 1 15 ...

Page 1129: ... 1 31 28 Protection Against a Variant of the Tiny Fragment Attack 7 6 1 General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols Table 117 General IPv6 Protocols RF C Full Name Z Series S Series 188 6 DNS Extensions to support IP version 6 7 8 1 1981 Par tial Path MTU Discovery for IP version 6 7 8 1 246 0 Internet Protocol Version 6 I...

Page 1130: ...ress Format 7 8 1 400 7 IPv6 Scoped Address Architecture 8 3 12 0 429 1 Internet Protocol Version 6 IPv6 Addressing Architecture 7 8 1 444 3 Internet Control Message Protocol ICMPv6 for the IPv6 Specification 7 8 1 486 1 Neighbor Discovery for IPv6 8 3 12 0 486 2 IPv6 Stateless Address Autoconfigurati on 8 3 12 0 517 5 IPv6 Router Advertisement Flags Option 8 3 12 0 1130 Standards Compliance ...

Page 1131: ...onfederations for BGP 7 8 1 4360 BGP Extended Communities Attribute 7 8 1 4893 BGP Support for Four octet AS Number Space 7 8 1 5396 Textual Representation of Autonomous System AS Numbers 8 1 2 draft ietf idrbgp4 20 A Border Gateway Protocol 4 BGP 4 7 8 1 draft ietf idrrestart 06 Graceful Restart Mechanism for BGP 7 8 1 Open Shortest Path First OSPF The following table lists the Dell Networking OS...

Page 1132: ...784 Intermediate System to Intermediate System IS IS Extensions in Support of Generalized Multi Protocol Label Switching GMPLS 5120 MT ISIS Multi Topology MT Routing in Intermediate System to Intermediate Systems IS ISs 5306 Restart Signaling for IS IS 5308 Routing IPv6 with IS IS 8 3 10 0 draft ietf isis igpp2p over lan 06 Point to point operation over LAN in link state routing protocols draft ka...

Page 1133: ...col Specification Revised 7 8 1 PIM SM for IPv4 Network Management The following table lists the Dell Networking OS support per platform for network management protocol Table 123 Network Management RFC Full Name S4810 1155 Structure and Identification of Management Information for TCP IP based Internets 7 6 1 1156 Management Information Base for Network Management of TCP IP based internets 7 6 1 1...

Page 1134: ...Management Protocol SNMP Management Frameworks 7 6 1 2572 Message Processing and Dispatching for the Simple Network Management Protocol SNMP 7 6 1 2574 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMPv3 7 6 1 2575 View based Access Control Model VACM for the Simple Network Management Protocol SNMP 7 6 1 2576 Coexistence Between Version 1 Version 2 and Vers...

Page 1135: ...NMP 7 6 1 3434 Remote Monitoring MIB Extensions for High Capacity Alarms High Capacity Alarm Table 64 bits 7 6 1 3580 IEEE 802 1X Remote Authentication Dial In User Service RADIUS Usage Guidelines 7 6 1 3815 Definitions of Managed Objects for the Multiprotocol Label Switching MPLS Label Distribution Protocol LDP 4001 Textual Conventions for Internet Network Addresses 8 3 12 4292 IP Forwarding Tabl...

Page 1136: ...idr bgp4 mibv2 05 7 8 1 f10 bmp mib Force10 Bare Metal Provisioning MIB 9 2 0 0 FORCE10 FIB MIB Force10 CIDR Multipath Routes MIB The IP Forwarding Table provides information that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue It reports the autonomous system of the next hop multiple next hop support and policy routing support FORCE10 CS CHASSIS ...

Page 1137: ...e Documentation page of iSupport https www force10networks com CSPortal20 KnowledgeBase Documentation aspx You also can obtain a list of selected MIBs and their OIDs at the following URL https www force10networks com CSPortal20 Main Login aspx Some pages of iSupport require a login To request an iSupport account go to https www force10networks com CSPortal20 AccountRequest AccountRequest aspx If y...

Page 1138: ... TLS relies on public key certificates to work X 509v3 certificates A X 509v3 or digital certificate is an electronic document used to prove ownership of a public key It contains information about the key s identity information about the key s owner and the digital signature of an entity that has verified the certificate s content as correct Certificate authority CA The entity that verifies the co...

Page 1139: ...Dell Networking OS supports X 509v3 standards Many organizations or entities need to let their customers know that the connection to their devices and network is secure These organizations pay an internationally trusted Certificate Authorities CAs such as VeriSign DigiCert and so on to sign a certificate for their domain To implement a X 509v3 infrastructure Dell Networking OS recommends you to ac...

Page 1140: ...ust any certificates signed by these CAs NOTE You can download and install CA certificates in one step using the crypto ca cert install command The intermediate CA signs the CSRs and makes the resulting certificates available for download through FTP root or otherwise Alternatively the Intermediate CA can also generate private keys and certificates for the hosts The CA then makes the private key o...

Page 1141: ...er then the certificate is signed by another CA farther up the chain These certificates are also called intermediate certificates If a higher CA certificate is installed on the switch then the system verifies the downloaded certificate with the CA s public key The system repeats this process until the root certificate is reached The certificate is rejected if the signature verification fails If a ...

Page 1142: ...t 5 is NOT be set The ExtendedKeyUsage fields indicate serverAuth and clientAuth The attribute CA FALSE is set in the Extensions section of the certificate The certificate is NOT used to validate other certificates The CSR is then copied out to the CA server It can be copied from flash to a destination like usbflash TFTP FTP or SCP The CA server signs the CSR with its private key The CA server the...

Page 1143: ...ver implementations NOTE There are three modern versions of the TLS protocol 1 0 1 1 and 1 2 Older versions are called SSL v1 v2 and v3 and should not be supported The TLS protocol implementation in Dell Networking OS takes care of the following activities Session negotiation and shutdown Protocol Version Cryptographic algorithm selection Session resumption and renegotiation Certificate revocation...

Page 1144: ...rmation is specified in the authorityInfoAccess extension A CA can verify the revocation status of a certificate with multiple OCSP responders When multiple OCSP responders exist you can configure the order or preference the CA takes while contacting various OCSP responders for verification Upon receiving a presented certificate the system sends an OCSP request to an OCSP responder through HTTP Th...

Page 1145: ...P revocation settings In CONFIGURATION mode enter the following command crypto x509 revocation ocsp accept reject The default behavior is to accept certificates if either an OCSP responder is unavailable or if no responder is identified Configuring OSCP responder preference You can configure the preference or order that the CA or a device follows while contacting multiple OCSP responders Enter the...

Page 1146: ...ield in the server certificate Verifying Client Certificates Verifying client certificates is optional in the TLS protocol and is not explicitly required by Common Criteria However TLS protected Syslog and RADIUS protocols mandate that certificate based mutual authentication be performed Event logging The system logs the following events A CA certificate is installed or deleted A self signed certi...

Reviews:

No comments

Related manuals for S4048T-ON

Brand: Accuphase Pages: 2

Brand: ADTRAN Pages: 2

AMB-VDX3H1 Series

Brand: Acrosser Technology Pages: 4

OXTOPUS EIA-709

Brand: OCCITALINA Pages: 54

Anybus Communicator ABC4021

Brand: HMS Networks Pages: 60

Brand: Zonet Pages: 53

Brand: 3Ware Pages: 4

System Storage DS3200

Brand: IBM Pages: 2

Brand: ADTRAN Pages: 2

Brand: CalAmp Pages: 115

Brand: KYLAND Technology Pages: 24

Network Adapter ADZIFCF

Brand: Addonics Technologies Pages: 1

Brand: Juniper Pages: 396

Brand: Stepper Motor Canada Pages: 5

Brand: Jetter Pages: 20

EK-Quantum Vector TUF RX 6800

Brand: ekwb Pages: 14

STM32MP157 Series

Brand: ST Pages: 47

Brand: Patton electronics Pages: 40

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands