Dell S4048T Configuration Manual Download Page 743 | Manualshive

Page: 743 / 1277

background image

OSPFv3 Authentication Using IPsec: Configuration Notes

OSPFv3 authentication using IPsec is implemented according to the specifications in RFC 4552.

• To use IPsec, configure an authentication (using AH) or encryption (using ESP) security policy on an

interface or in an OSPFv3 area. Each security policy consists of a security policy index (SPI) and the key

used to validate OSPFv3 packets. After IPsec is configured for OSPFv3, IPsec operation is invisible to the

user.

• You can only enable one security protocol (AH or ESP) at a time on an interface or for an area.

Enable IPsec AH with the

ipv6 ospf authentication

command; enable IPsec ESP with the

ipv6 ospf encryption

command.

• The security policy configured for an area is inherited by default on all interfaces in the area.
• The security policy configured on an interface overrides any area-level configured security for the

area to which the interface is assigned.

• The configured authentication or encryption policy is applied to all OSPFv3 packets transmitted on

the interface or in the area. The IPsec security associations (SAs) are the same on inbound and

outbound traffic on an OSPFv3 interface.

• There is no maximum AH or ESP header length because the headers have fields with variable

lengths.

• Manual key configuration is supported in an authentication or encryption policy (dynamic key

configuration using the internet key exchange [IKE] protocol is not supported).

• In an OSPFv3 authentication policy:

• AH is used to authenticate OSPFv3 headers and certain fields in IPv6 headers and extension

headers.

• MD5 and SHA1 authentication types are supported; encrypted and unencrypted keys are

supported.

• In an OSPFv3 encryption policy:

• Both encryption and authentication are used.
• IPsec security associations (SAs) are supported only in Transport mode (Tunnel mode is not

supported).

• ESP with null encryption is supported for authenticating only OSPFv3 protocol headers.
• ESP with non-null encryption is supported for full confidentiality.
• 3DES, DES, AES-CBC, and NULL encryption algorithms are supported; encrypted and unencrypted

keys are supported.

NOTE:

To encrypt all keys on a router, use the

service password-encryption

command in Global

Configuration mode. However, this command does not provide a high level of network security. To
enable key encryption in an IPsec security policy at an interface or area level, specify

7

for

[key-

encryption-type]

when you enter the

ipv6 ospf authentication ipsec

or

ipv6 ospf

encryption ipsec

command.

• To configure an IPsec security policy for authenticating or encrypting OSPFv3 packets on a physical,

port-channel, or VLAN interface or OSPFv3 area, perform any of the following tasks:

•

Configuring IPsec Authentication on an Interface

•

Configuring IPsec Encryption on an Interface

•

Configuring IPsec Authentication for an OSPFv3 Area

•

Configuring IPsec Encryption for an OSPFv3 Area

•

Displaying OSPFv3 IPsec Security Policies

Open Shortest Path First (OSPFv2 and OSPFv3)

743

«
...
741
742
743
744
745
...
»

Summary of Contents for S4048T

Page 1: ...Dell Configuration Guide for the S4048T ON System 9 10 0 1 ...

Page 2: ... the problem WARNING A WARNING indicates a potential for property damage personal injury or death 2016 Dell Inc All rights reserved This product is protected by U S and international copyright and intellectual property laws Dell and the Dell logo are trademarks of Dell Inc in the United States and or other jurisdictions All other marks and names mentioned herein may be trademarks of their respecti...

Page 3: ... Accessing the CLI Interface and Running Scripts Using SSH 52 Entering CLI commands Using an SSH Connection 52 Executing Local CLI Scripts Using an SSH Connection 53 Default Configuration 53 Configuring a Host Name 53 Accessing the System Remotely 54 Accessing the System Remotely 54 Configure the Management Port IP Address 54 Configure a Management Route 55 Configuring a Username and Password 55 C...

Page 4: ...Buffer and the Logging Configuration 76 Setting Up a Secure Connection to a Syslog Server 77 Sending System Messages to a Syslog Server 78 Track Login Activity 78 Restrictions for Tracking Login Activity 79 Configuring Login Activity Tracking 79 Display Login Statistics 79 Limit Concurrent Login Sessions 81 Restrictions for Limiting the Number of Concurrent Sessions 81 Configuring Concurrent Sessi...

Page 5: ...96 5 802 1ag 99 Ethernet CFM 99 Maintenance Domains 100 Maintenance Points 101 Maintenance End Points 101 Implementation Information 102 Configuring the CFM 102 Related Configuration Tasks 103 Enable Ethernet CFM 103 Creating a Maintenance Domain 103 Creating a Maintenance Association 104 Create Maintenance Points 104 Creating a Maintenance End Point 104 Creating a Maintenance Intermediate Point 1...

Page 6: ...ring ACL VLAN Groups 131 Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters 132 Configuring ACL VLAN Groups 132 Configuring FP Blocks for VLAN Parameters 133 Viewing CAM Usage 134 Allocating FP Blocks for VLAN Processes 135 8 Access Control Lists ACLs 137 IP Access Control Lists ACLs 138 CAM Usage 139 Implementing ACLs on Dell Networking OS 140 Important Points to Remember 1...

Page 7: ...nfiguring ACL Logging 168 Configuring ACL Logging 168 Flow Based Monitoring Support for ACLs 169 Behavior of Flow Based Monitoring 169 Enabling Flow Based Monitoring 171 Configuring UDF ACL 172 9 Bidirectional Forwarding Detection BFD 176 How BFD Works 176 BFD Packet Format 178 BFD Sessions 180 BFD Three Way Handshake 180 Session State Changes 182 Important Points to Remember 182 Configure BFD 183...

Page 8: ... MIB 224 Important Points to Remember 224 Configuration Information 225 BGP Configuration 226 Enabling BGP 227 Configuring AS4 Number Representations 230 Configuring Peer Groups 232 Configuring BGP Fast Fall Over 235 Configuring Passive Peering 236 Maintaining Existing AS Numbers During an AS Migration 237 Allowing an AS Number to Appear in its Own AS Path 238 Enabling Graceful Restart 239 Enablin...

Page 9: ...Continue 262 Enabling MBGP Configurations 263 BGP Regular Expression Optimization 263 Debugging BGP 264 Storing Last and Bad PDUs 265 Capturing PDUs 266 PDU Counters 267 Sample Configurations 267 11 Content Addressable Memory CAM 274 CAM Allocation 274 Test CAM Usage 276 View CAM ACL Settings 277 View CAM Usage 279 CAM Optimization 279 Troubleshoot CAM Profiling 279 QoS CAM Region Limitation 279 1...

Page 10: ...d Packets 309 Configuration Example for DSCP and PFC Priorities 310 Using PFC to Manage Converged Ethernet Traffic 311 Configure Enhanced Transmission Selection 311 ETS Prerequisites and Restrictions 311 Creating an ETS Priority Group 312 ETS Operation with DCBx 313 Configuring Bandwidth Allocation for DCBx CIN 314 Configuring ETS in a DCB Map 315 Hierarchical Scheduling in ETS Output Policies 316...

Page 11: ...351 Configure the System to be a DHCP Client 353 Configuring the DHCP Client System 354 DHCP Client on a Management Interface 355 DHCP Client Operation with Other Features 356 Configure the System for User Port Stacking Option 230 357 Configure Secure DHCP 357 Option 82 357 DHCP Snooping 358 Drop DHCP Packets on Snooped VLANs Only 362 Dynamic ARP Inspection 362 Configuring Dynamic ARP Inspection 3...

Page 12: ...Value 384 Configure a Port for a Bridge to Bridge Link 385 Configure a Port for a Bridge to FCF Link 385 Impact on Other Software Features 385 FIP Snooping Restrictions 386 Configuring FIP Snooping 386 Displaying FIP Snooping Information 387 FCoE Transit Configuration Example 393 17 FIPS Cryptography 395 Configuration Tasks 395 Preparing the System 396 Enabling FIPS Mode 396 Generating Host Keys 3...

Page 13: ...416 RPM Redundancy 417 20 High Availability HA 418 Component Redundancy 418 Automatic and Manual Stack Unit Failover 419 Synchronization between Management and Standby Units 420 Forcing an Stack Unit Failover 420 Specifying an Auto Failover Limit 420 Disabling Auto Reboot 421 Manually Synchronizing Management and Standby Units 421 Pre Configuring a Stack Unit Slot 421 Removing a Provisioned Logica...

Page 14: ...and Disabling Management Egress Interface Selection 442 Handling of Management Route Configuration 444 Handling of Switch Initiated Traffic 444 Handling of Switch Destined Traffic 445 Handling of Transit Traffic Traffic Separation 446 Mapping of Management Applications and Traffic Type 446 Behavior of Various Applications for Switch Initiated Traffic 447 Behavior of Various Applications for Switch...

Page 15: ...Interface to a Port Channel 467 Reassigning an Interface to a New Port Channel 469 Configuring the Minimum Oper Up Links in a Port Channel 470 Adding or Removing a Port Channel from a VLAN 470 Assigning an IP Address to a Port Channel 472 Deleting or Disabling a Port Channel 472 Load Balancing Through Port Channels 472 Changing the Hash Algorithm 473 Bulk Configuration 473 Interface Range 473 Bulk...

Page 16: ... Addresses 498 Assigning IP Addresses to an Interface 499 Configuring Static Routes 500 Configure Static Routes for the Management Interface 501 IPv4 Path MTU Discovery Overview 501 Using the Configured Source IP Address in ICMP Messages 502 Configuring the ICMP Source Interface 502 Configuring the Duration to Establish a TCP Connection 503 Enabling Directed Broadcast 503 Resolution of Host Names ...

Page 17: ...n 519 IPv6 Headers 520 IPv6 Header Fields 520 Extension Header Fields 522 Addressing 523 Implementing IPv6 with Dell Networking OS 524 ICMPv6 527 Path MTU Discovery 527 IPv6 Neighbor Discovery 528 IPv6 Neighbor Discovery of MTU Packets 529 Configuration Task List for IPv6 RDNSS 529 Configuring the IPv6 Recursive DNS Server 530 Debugging IPv6 RDNSS Information Sent to the Host 530 Displaying IPv6 R...

Page 18: ...SI Optimization 548 Default iSCSI Optimization Values 549 iSCSI Optimization Prerequisites 549 Configuring iSCSI Optimization 549 Displaying iSCSI Optimization Information 552 27 Intermediate System to Intermediate System 554 IS IS Protocol Overview 554 IS IS Addressing 555 Multi Topology IS IS 555 Transition Mode 556 Interface Support 556 Adjacencies 556 Graceful Restart 556 Timers 557 Implementa...

Page 19: ...8 Configure a LAG on ALPHA 588 29 Layer 2 597 Manage the MAC Address Table 597 Clearing the MAC Address Table 597 Setting the Aging Time for Dynamic Entries 597 Configuring a Static MAC Address 598 Displaying the MAC Address Table 598 MAC Learning Limit 598 Setting the MAC Learning Limit 599 mac learning limit Dynamic 599 mac learning limit mac address sticky 600 mac learning limit station move 60...

Page 20: ...ewing the LLDP Configuration 626 Viewing Information Advertised by Adjacent LLDP Agents 626 Configuring LLDPDU Intervals 627 Configuring Transmit and Receive Mode 628 Configuring the Time to Live Value 629 Debugging LLDP 630 Relevant Management Objects 631 31 Microsoft Network Load Balancing 637 NLB Unicast Mode Scenario 637 NLB Multicast Mode Scenario 638 Limitations of the NLB Feature 638 Micros...

Page 21: ...looding 663 Specifying the RP Address Used in SA Messages 663 MSDP Sample Configurations 666 33 Multiple Spanning Tree Protocol MSTP 669 Protocol Overview 669 Spanning Tree Variations 671 Implementation Information 671 Configure Multiple Spanning Tree Protocol 671 Related Configuration Tasks 671 Enable Multiple Spanning Tree Globally 672 Adding and Removing Interfaces 672 Creating Multiple Spannin...

Page 22: ...v3 708 Protocol Overview 708 Autonomous System AS Areas 709 Area Types 710 Networks and Neighbors 710 Router Types 710 Designated and Backup Designated Routers 712 Link State Advertisements LSAs 713 Router Priority and Cost 714 OSPF with Dell Networking OS 715 Graceful Restart 716 Fast Convergence OSPFv2 IPv4 Only 717 Multi Process OSPFv2 with VRF 717 OSPF ACK Packing 718 Setting OSPF Adjacency wi...

Page 23: ... 770 Apply a Redirect list to an Interface using a Redirect group 772 Sample Configuration 774 Create the Redirect List GOLDAssign Redirect List GOLD to Interface 2 11View Redirect List GOLD 775 38 PIM Sparse Mode PIM SM 779 Implementation Information 779 Protocol Overview 779 Requesting Multicast Traffic 779 Refuse Multicast Traffic 780 Send Multicast Traffic 780 Configuring PIM SM 781 Related Co...

Page 24: ... a typical Dell Networking OS 806 Decapsulation of ERPM packets at the Destination IP Analyzer 807 41 Private VLANs PVLAN 809 Private VLAN Concepts 809 Using the Private VLAN Commands 810 Configuration Task List 811 Creating PVLAN ports 812 Creating a Primary VLAN 813 Creating a Community VLAN 814 Creating an Isolated VLAN 814 Private VLAN Configuration Example 816 Inspecting the Private VLAN Conf...

Page 25: ...ofiles 853 Applying a WRED Profile to Traffic 854 Displaying Default and Configured WRED Profiles 854 Displaying WRED Drop Statistics 854 Displaying egress queue Statistics 855 Pre Calculating Available QoS CAM Space 855 Configuring Weights and ECN for WRED 856 Global Service Pools With WRED and ECN Settings 857 Configuring WRED and ECN Attributes 858 Guidelines for Configuring ECN for Classifying...

Page 26: ...iguring RMON Collection Statistics 890 Configuring the RMON Collection History 890 46 Rapid Spanning Tree Protocol RSTP 892 Protocol Overview 892 Configuring Rapid Spanning Tree 892 Related Configuration Tasks 892 Important Points to Remember 893 RSTP and VLT 893 Configuring Interfaces for Layer 2 Mode 893 Enabling Rapid Spanning Tree Protocol Globally 894 Adding and Removing Interfaces 896 Modify...

Page 27: ...a Software Image 924 Removing the RSA Host Keys and Zeroizing Storage 926 Configuring When to Re generate an SSH Key 926 Configuring the SSH Server Key Exchange Algorithm 926 Configuring the HMAC Algorithm for the SSH Server 927 Configuring the SSH Server Cipher List 928 Secure Shell Authentication 928 Troubleshooting SSH 931 Telnet 931 VTY Line and Access Class Configuration 932 VTY Line Local Au...

Page 28: ...ol Tunneling 966 Specifying a Destination MAC Address for BPDUs 966 Setting Rate Limit BPDUs 966 Debugging Layer 2 Protocol Tunneling 967 Provider Backbone Bridging 967 50 sFlow 969 Overview 969 Implementation Information 970 Important Points to Remember 970 Enabling Extended sFlow 971 Enabling and Disabling sFlow on an Interface 972 Enabling sFlow Max Header Size Extended 972 sFlow Show Commands ...

Page 29: ...Startup Config Files to the Server via TFTP 995 Copy a Binary File to the Startup Configuration 996 Additional MIB Objects to View Copy Statistics 996 Obtaining a Value for MIB Objects 997 MIB Support to Display the Available Memory Size on Flash 998 Viewing the Available Flash Memory Size 998 MIB Support to Display the Software Core Files Generated by the System 999 Viewing the Software Core File...

Page 30: ... Stack 1033 Managing Redundancy on a Stack 1034 Resetting a Unit on a Stack 1034 Enabling Mixed mode Stacking 1035 Verify a Stack Configuration 1035 Displaying the Status of Stacking Ports 1035 Remove Units or Front End Ports from a Stack 1037 Removing a Unit from a Stack 1037 Removing Front End Port Stacking 1038 Troubleshoot a Stack 1039 Recover from Stack Link Flaps 1039 Recover from a Card Pro...

Page 31: ... 1063 Configuring SupportAssist Manually 1063 Configuring SupportAssist Activity 1065 Configuring SupportAssist Company 1067 Configuring SupportAssist Person 1068 Configuring SupportAssist Server 1069 Viewing SupportAssist Configuration 1069 56 System Time and Date 1072 Network Time Protocol 1072 Protocol Overview 1073 Configure the Network Time Protocol 1074 Enabling NTP 1074 Configuring NTP Broa...

Page 32: ...re Detection 1096 59 Upgrade Procedures 1098 Get Help with Upgrades 1098 60 Virtual LANs VLANs 1099 Default VLAN 1100 Port Based VLANs 1100 VLANs and Port Tagging 1101 Configuration Task List 1101 Creating a Port Based VLAN 1102 Assigning Interfaces to a VLAN 1102 Moving Untagged Interfaces 1104 Assigning an IP Address to a VLAN 1105 Configuring Native VLANs 1105 Enabling Null VLAN as the Default ...

Page 33: ...nfiguration Example 1143 eVLT Configuration Step Examples 1144 PIM Sparse Mode Configuration Example 1146 Verifying a VLT Configuration 1147 Additional VLT Sample Configurations 1150 Troubleshooting VLT 1152 Reconfiguring Stacked Switches as VLT 1154 Specifying VLT Nodes in a PVLAN 1154 Association of VLTi as a Member of a PVLAN 1155 MAC Synchronization for VLT Nodes in a PVLAN 1156 PVLAN Operatio...

Page 34: ...nfiguring and Controlling VXLAN from the NVP Controller GUI 1178 Configuring VxLAN Gateway 1181 Connecting to an NVP Controller 1181 Advertising VXLAN Access Ports to Controller 1182 Displaying VXLAN Configurations 1184 VXLAN Service nodes for BFD 1185 Examples of the show bfd neighbors command 1185 64 Virtual Routing and Forwarding VRF 1186 VRF Overview 1186 VRF Configuration Notes 1187 DHCP 1190...

Page 35: ...tics 1237 Trace Logs 1241 Auto Save on Crash or Rollover 1241 Last Restart Reason 1241 Hardware Watchdog Timer 1241 Using the Show Hardware Commands 1242 Enabling Environmental Monitoring 1243 Recognize an Overtemperature Condition 1244 Troubleshoot an Over temperature Condition 1245 Recognize an Under Voltage Condition 1245 Troubleshoot an Under Voltage Condition 1246 Buffer Tuning 1247 Deciding ...

Page 36: ...rotocols 1264 General IPv4 Protocols 1265 General IPv6 Protocols 1267 Border Gateway Protocol BGP 1269 Open Shortest Path First OSPF 1270 Intermediate System to Intermediate System IS IS 1270 Routing Information Protocol RIP 1271 Multicast 1271 Network Management 1272 MIB Location 1277 9 10 0 1 36 ...

Page 37: ...instructions in this guide cite relevant RFCs The Standards Compliance chapter contains a complete list of the supported RFCs and management information base files MIBs Topics Audience Conventions Related Documents Audience This document is intended for system administrators who are responsible for configuring and maintaining networks and assumes knowledge in Layer 2 L2 and Layer 3 L3 networking t...

Page 38: ... about the Dell Networking switches see the following documents Dell Networking OS Command Line Reference Guide Dell Networking OS Installation Guide Dell Networking OS Quick Start Guide Dell Networking OS Release Notes About this Guide 38 ...

Page 39: ...ion NOTE Due to differences in hardware architecture and continued system development features may occasionally differ between the platforms Differences are noted in each CLI description and related documentation Topics Accessing the Command Line CLI Modes The do Command Undoing Commands Obtaining Help Entering and Editing Commands Command History Filtering show Command Outputs Multiple Users in C...

Page 40: ...ure security features time settings set logging and SNMP functions configure static ARP and MAC addresses and set line cards on the system Beneath CONFIGURATION mode are submodes that apply to interfaces protocols and features The following example shows the submode command structure Two sub CONFIGURATION modes are important when configuring the chassis for the first time INTERFACE submode is the ...

Page 41: ... ADDRESS FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE SUPPORTASSIST TRACE LIST VLT DOMAIN VRRP UPLINK STATE GROUP uBoot Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode The following table lists the CLI mode its prompt and information about how to access and exit the CLI mode Move linearly through the command modes except for the end command which ta...

Page 42: ...group interface INTERFACE modes Interface Range Dell conf if range interface INTERFACE modes Loopback Interface Dell conf if lo 0 interface INTERFACE modes Management Ethernet Interface Dell conf if ma 1 1 interface INTERFACE modes Null Interface Dell conf if nu 0 interface INTERFACE modes Port channel Interface Dell conf if po 1 interface INTERFACE modes Tunnel Interface Dell conf if tu 1 interfa...

Page 43: ...uter_bgp_af for IPv4 Dell conf routerZ_bgpv6_af for IPv6 address family ipv4 multicast ipv6 unicast ROUTER BGP Mode ROUTER ISIS Dell conf router_isis router isis ISIS ADDRESS FAMILY Dell conf router_isis af_ipv6 address family ipv6 unicast ROUTER ISIS Mode ROUTER OSPF Dell conf router_ospf router ospf ROUTER OSPFV3 Dell conf ipv6router_ospf ipv6 router ospf ROUTER RIP Dell conf router_rip router r...

Page 44: ... group PRIORITY GROUP Dell conf pg priority group PROTOCOL GVRP Dell config gvrp protocol gvrp QOS POLICY Dell conf qos policy out ets qos policy output SUPPORTASSIST Dell support assist support assist VLT DOMAIN Dell conf vlt domain vlt domain VRRP Dell conf if interface type slot port vrid vrrp group id vrrp group u Boot Dell Press any key when the following line appears on the console during a ...

Page 45: ...sent Power Supplies Unit Bay Status Type FanStatus FanSpeed rpm 1 1 up AC absent 0 1 2 absent absent 0 Fan Status Unit Bay TrayStatus Fan0 Speed Fan1 Speed 1 1 up up 0 up 0 1 2 up up 0 up 0 1 3 up up 0 up 0 Speed in RPM Undoing Commands When you enter a command the command line is added to the running configuration file running config To disable a command and remove it from the running config ente...

Page 46: ...anage the system clock Enter after a partial keyword lists all of the keywords that begin with the specified letters Dell conf cl class map clock Dell conf cl Enter space after a keyword lists all of the keywords that can follow the specified keyword Dell conf clock summer time Configure summer daylight savings time timezone Configure time zone Dell conf clock Entering and Editing Commands Notes f...

Page 47: ...commands in the history buffer after recalling commands with CTRL P or the UP arrow key CNTL P Recalls commands beginning with the last command CNTL R Re enters the previous command CNTL U Deletes the line CNTL W Deletes the previous word CNTL X Deletes the line CNTL Z Ends continuous scrolling of command outputs Esc B Moves the cursor back one word Esc F Moves the cursor forward one word Esc D De...

Page 48: ...combination with the show system brief command Example of the grep Keyword Dell conf do show system brief grep 0 0 not present NOTE Dell Networking OS accepts a space or no space before and after the pipe To filter a phrase with spaces underscores or ranges enclose the phrase with double quotation marks The except keyword displays text that does not match the specified text The following example s...

Page 49: ...name type of connection console or VTY and in the case of a VTY connection the IP address of the terminal on which the connection was established For example On the system that telnets into the switch this message appears Warning The following users are currently configuring the system User username on line console0 On the system that is connected over the console this message appears Warning User...

Page 50: ...e console monitor displays the EXEC mode prompt For details about using the command line interface CLI refer to the Accessing the Command Line section in the Configuration Fundamentals chapter Topics Console Access Accessing the CLI Interface and Running Scripts Using SSH Default Configuration Configuring a Host Name Accessing the System Remotely Configuring the Enable Password Configuration File ...

Page 51: ...ng the Console Port To access the console port follow these steps For the console port pinout refer to Accessing the RJ 45 Console Port with a DB 9 Adapter 1 Install an RJ 45 copper cable into the console port Use a rollover crossover cable to connect the S4810 console port to a terminal server 2 Connect the other end of the cable to the DTE terminal server 3 Terminal settings on the console port ...

Page 52: ... 6 3 3 TxD NC 7 2 4 DTR CTS 8 1 7 RTS Accessing the CLI Interface and Running Scripts Using SSH In addition to the capability to access a device using a console connection or a Telnet session you can also use SSH for secure protected communication with the device You can open an SSH session and run commands or script files This method of connectivity is supported with S4810 S4048 ON S3048 ON S4820...

Page 53: ...ctive command in the SSH session the behavior may not really be interactive In some cases when you use an SSH session when certain show commands such as show tech support produce large volumes of output sometimes few characters from the output display are truncated and not displayed This may cause one of the commands to fail for syntax error In such cases if you add few newline characters before t...

Page 54: ...motely Configuring the system for remote access is a three step process as described in the following topics 1 Configure an IP address for the management port Configure the Management Port IP Address 2 Configure a management route with a default gateway Configure a Management Route 3 Configure a username and password Configure a Username and Password Configure the Management Port IP Address To acc...

Page 55: ...llowing command Configure a username and password to access the system remotely CONFIGURATION mode username username password encryption type password encryption type specifies how you are inputting the password is 0 by default and is not required 0 is for inputting the password in clear text 7 is for inputting a password that is already encrypted using a Type 7 hash Obtaining the encrypted passwo...

Page 56: ...tax for copying files is similar to UNIX The copy command uses the format copy source file url destination file url NOTE For a detailed description of the copy command refer to the Dell Networking OS Command Reference To copy a local file to a remote system combine the file origin syntax for a local file location with the file destination syntax for a remote file location To copy a remote file to ...

Page 57: ...le system This file system is visible on the device and you can execute all file commands that are available on conventional file systems such as a Flash file system Before executing any CLI command to perform file operations you must first mount the NFS file system to a mount point on the device Since multiple mount points exist on a device it is mandatory to specify the mount point to which you ...

Page 58: ...e name test c User name to login remote host username Example of Logging in to Copy from NFS Mount Dell copy nfsmount test flash Destination file name test test2 5592 bytes successfully copied Dell Dell copy nfsmount test txt ftp 10 16 127 35 Destination file name test txt User name to login remote host username Password to login remote host Example of Copying to NFS Mount Dell copy flash test txt...

Page 59: ...onfig ftp username password hostip hostname filepath filename Save the running configuration to a TFTP server EXEC Privilege mode copy running config tftp hostip hostname filepath filename Save the running configuration to an SCP server EXEC Privilege mode copy running config scp hostip hostname filepath filename NOTE When copying to a server a host name can only be used if a DNS server is configu...

Page 60: ...iag 12 rw 7276 Jul 20 2007 01 52 40 startup config bak 13 rw 7341 Jul 20 2007 15 34 46 startup config 14 rw 27674906 Jul 06 2007 19 52 22 boot image 15 rw 27674906 Jul 06 2007 02 23 22 boot flash More View Configuration Files Configuration files have three commented lines at the beginning of the file as shown in the following example to help you track the last time any user made a change to the fi...

Page 61: ...ssed and write memory compressed The compressed configuration will group all the similar looking configuration thereby reducing the size of the configuration For this release the compression will be done only for interface related configuration VLAN physical interfaces The following table describes how the standard and the compressed configuration differ Table 6 Standard and Compressed Configurati...

Page 62: ...1 1 16 shutdown interface Vlan 2 no ip address no shutdown interface Vlan 3 tagged te 1 1 no ip address shutdown Interface group TenGigabitEthernet 1 2 4 TenGigabitEthernet 1 10 no ip address shutdown interface TenGigabitEthernet 1 34 ip address 2 1 1 1 16 shutdown interface group Vlan 2 Vlan 100 no ip address no shutdown interface group Vlan 3 5 tagged te 1 1 no ip address shutdown interface Vlan...

Page 63: ...the startup config file in the compressed mode In stacking scenario it will also take care of syncing it to all the standby and member units The following is the sample output Dell write memory compressed Jul 30 08 50 26 STKUNIT0 M CP FILEMGR 5 FILESAVED Copied running config to startup config in flash by default copy compressed config Copy one file after optimizing and reducing the size of the co...

Page 64: ... or memory To change the default directory use the following command Change the default directory EXEC Privilege mode cd directory Enabling Software Features on Devices Using a Command Option The capability to activate software applications or components on a device using a command is supported on this platform Starting with Release 9 4 0 0 you can enable or disable specific software features or a...

Page 65: ...r to the following Feature State VRF Enabled View Command History The command history trace feature captures all commands entered by all users of the system with a time stamp and writes these messages to a dedicated trace log buffer The system generates a trace message for each executed command No password information is saved to the file To view the command history trace use the show command hist...

Page 66: ...ou can include the published hash in the verify md5 sha256 command which displays whether it matches the calculated hash of the indicated file To validate a software image 1 Download Dell Networking OS software image file from the iSupport page to the local FTP or TFTP server The published hash for that file displays next to the software image file on the iSupport page 2 Go on to the Dell Networki...

Page 67: ...ter the keyword startup config To copy a file on the USB device enter usbflash followed by the filename In the Dell Networking OS release 9 8 0 0 HTTP services support the VRF aware functionality If you want the HTTP server to use a VRF table that is attached to an interface configure that HTTP server to use a specific routing table You can use the ip http vrf command to inform the HTTP server to ...

Page 68: ...le an HTTP client to look up the VRF table corresponding to either management VRF or any nondefault VRF use the ip http vrf command in CONFIGURATION mode Configure an HTTP client with a VRF that is used to connect to the HTTP server CONFIGURATION MODE Dell conf ip http vrf management vrf name Getting Started 68 ...

Page 69: ...meout for EXEC Privilege Mode Using Telnet to get to Another Network Device Lock CONFIGURATION Mode Restoring the Factory Default Settings Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line There are 16 privilege levels of which three are pre defined The default privilege level is 1 Level Description Level 0 Access to the system begins at EXEC ...

Page 70: ...EC Privilege Mode to EXEC Mode To move a command from EXEC Privilege to EXEC mode for a privilege level use the privilege exec command from CONFIGURATION mode In the command specify the privilege level of the user or terminal line and specify all keywords in the command to which you want to allow access Allowing Access to CONFIGURATION Mode Commands To allow access to CONFIGURATION mode use the pr...

Page 71: ...imum of privilege level 4 moves the capture bgp pdu max buffer size command from EXEC Privilege to EXEC mode by requiring a minimum privilege level 3 which is the configured level for VTY 0 allows access to CONFIGURATION mode with the banner command allows access to INTERFACE tengigabitethernet and LINE modes are allowed with no commands Remove a command from the list of available commands in EXEC...

Page 72: ...erface to configure line Configure a terminal line linecard Set line card type Dell conf interface fastethernet Fast Ethernet interface gigabitethernet Gigabit Ethernet interface loopback Loopback interface managementethernet Management Ethernet interface null Null interface port channel Port channel interface range Configure interface range sonet SONET interface tengigabitethernet TenGigabit Ethe...

Page 73: ...nd 15 access to the system begins at EXEC mode but the prompt is hostname rather than hostname Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages By default Dell Networking OS logs these messages on the internal buffer console and terminal lines any configured syslog servers To disable logging use the following commands Disable all logging except...

Page 74: ...following User logins to the switch System events for network issues or system issues Users making configuration changes The switch logs who made the configuration changes and the date and time of the change However each specific change on the configuration is not logged Only that the configuration was modified is logged with the user ID date and time of the change Uncontrolled shutdown Security L...

Page 75: ...e show logging auditlog Command For information about the logging extended command see Enabling Audit and Security Logs Dell show logging auditlog May 12 12 20 25 Dell CLI 6 logging extended by admin from vty0 10 14 1 98 May 12 12 20 42 Dell CLI 6 configure terminal by admin from vty0 10 14 1 98 May 12 12 20 42 Dell CLI 6 service timestamps log datetime by admin from vty0 10 14 1 98 Example of the...

Page 76: ...e card 0 present CHMGR 5 CARDDETECTED Line card 2 present CHMGR 5 CARDDETECTED Line card 4 present CHMGR 5 CARDDETECTED Line card 5 present CHMGR 5 CARDDETECTED Line card 8 present CHMGR 5 CARDDETECTED Line card 10 present CHMGR 5 CARDDETECTED Line card 12 present TSM 6 SFM_DISCOVERY Found SFM 0 TSM 6 SFM_DISCOVERY Found SFM 1 TSM 6 SFM_DISCOVERY Found SFM 2 TSM 6 SFM_DISCOVERY Found SFM 3 TSM 6 S...

Page 77: ... the port forwarding to securely connect to a syslog server Figure 2 Setting Up a Secure Connection to a Syslog Server Pre requisites To configure a secure connection from the switch to the syslog server 1 On the switch enable the SSH server Dell conf ip ssh server enable Management 77 ...

Page 78: ...erhards and Adiscon GmbH March 2009 obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over UDP Specify the server to which you want to send system messages You can configure up to eight syslog servers CONFIGURATION mode logging ip address ipv6 address hostname udp port tcp port You can export system logs to an external server that is connected through a different VRF Track Login Acti...

Page 79: ...tional Configure the number of days for which the system stores the user login statistics The range is from 1 to 30 CONFIGURATION mode login statistics time period days Example of Configuring Login Activity Tracking The following example enables login activity tracking The system stores the login activity details for the last 30 days Dell config login statistics enable The following example enable...

Page 80: ...ogin 0 Unsuccessful login attempt s in last 30 day s 3 Successful login attempt s in last 30 day s 2 User admin2 Last login time 12 49 27 UTC Tue Mar 22 2016 Last login location Line vty0 10 16 127 145 Unsuccessful login attempt s since the last successful login 0 Unsuccessful login attempt s in last 30 day s 3 Successful login attempt s in last 30 day s 2 User admin3 Last login time 13 18 42 UTC ...

Page 81: ...were 4 successful login attempt s for user admin in last 30 day s Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY auxiliary and console lines You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions By default you can use all 10 VTY lines one console line and o...

Page 82: ...ons The following example enables you to clear your existing login sessions Dell config login concurrent session clear line enable Example of Clearing Existing Sessions When you try to log in the following message appears with all your existing concurrent sessions providing an option to close any one of the existing sessions telnet 10 11 178 14 Trying 10 11 178 14 Connected to 10 11 178 14 Escape ...

Page 83: ...Configuration Task List for System Log Management There are two configuration tasks for system log management Disable System Logging Send System Messages to a Syslog Server Disabling System Logging By default logging is enabled and log messages are sent to the logging buffer all terminal lines the console and the syslog servers To disable system logging use the following commands Disable all loggi...

Page 84: ...adding the following lines to etc syslog conf on the UNIX system and assigning write permissions to the file Add line on a 4 1 BSD UNIX system local7 debugging var log ftos log Add line on a 5 7 SunOS UNIX system local7 debugging var adm ftos log In the previous lines local7 is the logging facility level and debugging is the severity level Changing System Logging Settings You can change the defaul...

Page 85: ...tion use the show running config logging command in privilege mode as shown in the example for Configure a UNIX Logging Facility Level Display the Logging Buffer and the Logging Configuration To display the current contents of the logging buffer and the logging settings for the system use the show logging command in EXEC privilege mode When RBAC is enabled the security logs are filtered based on t...

Page 86: ... portpipe 0 OK portpipe 1 N A CHMGR 5 LINECARDUP Line card 12 is up IFMGR 5 CSTATE_UP changed interface Physical state to up So 12 8 IFMGR 5 CSTATE_DN changed interface Physical state to down So 12 8 To view any changes made use the show running config logging command in EXEC privilege mode Configuring a UNIX Logging Facility Level You can save system log messages with a UNIX system logging facili...

Page 87: ...zing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output Only the messages with a severity at or below the set level appear This feature works on the terminal and console connections available on the system 1 Enter LINE mode CONFIGURATION mode line console 0 vty number end number aux 0 Configure the...

Page 88: ...in EXEC privilege mode To disable time stamping on syslog messages use the no service timestamps log debug command File Transfer Services With Dell Networking OS you can configure the system to transfer files over the network using the file transfer protocol FTP One FTP application is copying the system image files over an interface on to the system however FTP is not supported on virtual local ar...

Page 89: ... enable Example of Viewing FTP Configuration Dell show running ftp ftp server enable ftp server username nairobi password 0 zanzibar Dell Configuring FTP Server Parameters After you enable the FTP server on the system you can configure different parameters To specify the system logging settings use the following commands Specify the directory for users using FTP to reach the system CONFIGURATION m...

Page 90: ...3 For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 CONFIGURATION mode ip ftp source interface interface Configure a password CONFIGURATION mode ip ftp password password Enter a username to use on the FTP client CONFIGURATION mode ip ftp username name To view the FTP configuration use the show running...

Page 91: ... types of access classes with each class processing either IPv4 or IPv6 rules separately To apply an IP ACL to a line Use the following command Apply an ACL to a VTY line LINE mode access class access list name ipv4 ipv6 NOTE If you already have configured generic IP ACL on a terminal line then you cannot further apply IPv4 or IPv6 specific filtering on top of this configuration Similarly if you h...

Page 92: ...rminal line Configure a password for the terminal line to which you assign a method list that contains the line authentication method Configure a password using the password command from LINE mode local Prompt for the system username and password none Do not authenticate the user radius Prompt for a username and password and use a RADIUS server to authenticate tacacs Prompt for a username and pass...

Page 93: ... EXEC timeout is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines To set timeout use the following commands Set the number of minutes and seconds The default is 10 minutes on the console and 30 minutes on VTY Disable EXEC time out by setting the timeout period to 0 LINE mode exec timeout minutes seconds Return to the default t...

Page 94: ...he telnet Command for Device Access Dell telnet 10 11 80 203 Trying 10 11 80 203 Connected to 10 11 80 203 Exit character is Login Login admin Password Dell exit Dell telnet 2200 2200 2200 2200 2200 2201 Trying 2200 2200 2200 2200 2200 2201 Connected to 2200 2200 2200 2200 2200 2201 Exit character is FreeBSD i386 freebsd2 force10networks com ttyp1 login admin Dell Lock CONFIGURATION Mode Dell Netw...

Page 95: ...le a lock is in place the following appears on their terminal message 1 Error User on line console0 is in exclusive configuration mode If any user is already in CONFIGURATION mode when while a lock is in place the following appears on their terminal message 2 Error Can t lock configuration mode exclusively since the following users are currently configuring the system User admin on line vty1 10 1 ...

Page 96: ...oot up the chassis after restoring factory default settings Ideally these locations contain valid images using which the chassis boots up When you restore factory default settings you can either use a flash boot procedure or a network boot procedure to boot the switch When you use the flash boot procedure to boot the device the boot loader checks if the primary or the secondary partition contains ...

Page 97: ...d and reinsert it 2 Hit any key to abort the boot process You enter uBoot immediately the prompt indicates success during bootup press any key 3 Assign the new location to the Dell Networking OS image it uses when the system reloads uBoot mode setenv primary_boot f10boot Boot variable f10boot can take the following values flash0 to boot from flash partition A flash1 to boot from flash partition B ...

Page 98: ... saveenv 7 Reload the system uBoot mode reset Management 98 ...

Page 99: ... Messages and Responses Enabling CFM SNMP Traps Displaying Ethernet CFM Statistics Ethernet CFM Ethernet CFM is an end to end per service instance Ethernet OAM scheme which enables proactive connectivity monitoring fault verification and fault isolation The service instance with regard to OAM for Metro Carrier Ethernet is a virtual local area network VLAN This service is sold to an end customer by...

Page 100: ... not clearly defined using IP troubleshooting tools There is a need for Layer 2 equivalents to manage and troubleshoot native Layer 2 Ethernet networks With these tools you can identify isolate and repair faults quickly and easily which reduces operational cost of running the network OAM also increases availability and reduces mean time to recovery which allows for tighter service level agreements...

Page 101: ...y linktrace and loopback messages You can configure MIPs to snoop continuity check Messages CCMs to build a MIP CCM database These roles define the relationships between all devices so that each device can monitor the layers under its responsibility Maintenance points drop all lower level frames and forward all higher level frames Figure 4 Maintenance Points Maintenance End Points A maintenance en...

Page 102: ...address for all physical LAG interfaces and hence only one MEP is allowed per MA per VLAN or per MD level Configuring the CFM To configure the CFM follow these steps 1 Configure the ecfmacl CAM region using the cam acl command 2 Enable Ethernet CFM 3 Create a Maintenance Domain 4 Create a Maintenance Association 5 Create Maintenance Points 6 Use CFM tools a Continuity Check Messages b Loopback Mes...

Page 103: ...ance Domain Connectivity fault management CFM divides a network into hierarchical maintenance domains as shown in Maintenance Domains 1 Create maintenance domain ETHERNET CFM mode domain name md level number The range is from 0 to 7 2 Display maintenance domain information EXEC Privilege mode show ethernet cfm domain name brief Example of Viewing Configured Maintenance Domains Dell show ethernet c...

Page 104: ...te points of an Maintenance Entity ME An ME is a point to point relationship between two MEPs within a single domain These roles define the relationships between all devices so that each device can monitor the layers under its responsibility Creating a Maintenance End Point A maintenance endpoint MEP is a logical entity that marks the endpoint of a domain There are two types of MEPs defined in 802...

Page 105: ... a single domain A MIP is not associated with any MA or service instance and it belongs to the entire MD 1 Create a MIP INTERFACE mode ethernet cfm mip domain name level ma name name 2 Display configured MEPs and MIPs EXEC Privilege mode show ethernet cfm maintenance points local mep mip Example of Viewing Configured MIPs Dell show ethernet cfm maintenance points local mip MPID Domain Name Level T...

Page 106: ...sistence To set the database persistence use the following command Set the amount of time that data from a missing MEP is kept in the continuity check database ECFM DOMAIN database hold time minutes The default is 100 minutes The range is from 100 to 65535 minutes Continuity Check Messages Continuity check messages CCM are periodic hellos Continuity check messages discover MEPs and MIPs within a m...

Page 107: ...ree consecutive CCMs from any of the remote MEP which indicates a network failure Reception of a CCM with an incorrect CCM transmission interval which indicates a configuration error Reception of a CCM with an incorrect MEP ID or MAID which indicates a configuration or cross connect error This error could happen when different VLANs are cross connected due to a configuration error Reception of a C...

Page 108: ...a remote MEP to come up before the cross check operation is started ETHERNET CFM mode mep cross check start delay number Sending Loopback Messages and Responses Loopback message and response LBM LBR also called Layer 2 Ping is an administrative echo transmitted by MEPs to verify reachability to another MEP or MIP within the maintenance domain LBM and LBR are unicast frames Send a Loopback message ...

Page 109: ...get MEP Figure 6 MPLS Core Link trace messages carry a unicast target address the MAC address of an MIP or MEP inside a multicast frame The destination group address is based on the MD level of the transmitting MEP 01 80 C2 00 00 3 8 to F The MPs on the path to the target MAC address reply to the LTM with an LTR and relays the LTM towards the target MAC until the target MAC is reached or TTL equal...

Page 110: ...f the Link Trace Cache ETHERNET CFM mode traceroute cache size entries The default is 100 The range is from 1 to 4095 entries Display the Link Trace Cache EXEC Privilege mode show ethernet cfm traceroute cache Delete all Link Trace Cache entries EXEC Privilege mode clear ethernet cfm traceroute cache Example of Viewing the Link Trace Cache Dell show ethernet cfm traceroute cache Traceroute to 00 0...

Page 111: ... at Level 7 VLAN 1000 RDI defect ECFM 5 ECFM_RDI_ALARM RDI Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 Three values are given within the trap messages MD Index MA Index and MPID You can reference these values against the output of the show ethernet cfm domain and show ethernet cfm maintenance points local mep commands To enable CFM SNMP traps use the following command Enable ...

Page 112: ... Privilege mode show ethernet cfm port statistics interface Example of Viewing CFM Statistics Dell show ethernet cfm statistics Domain Name Customer Domain Level 7 MA Name My_MA MPID 300 CCMs Transmitted 1503 RcvdSeqErrors 0 LTRs Unexpected Rcvd 0 LBRs Received 0 Rcvd Out Of Order 0 Received Bad MSDU 0 Transmitted 0 Example of viewing CFM statistics by port Dell show ethernet cfm port statistics i...

Page 113: ...Total CFM Pkts 10303 CCM Pkts 0 LBM Pkts 0 LTM Pkts 3 LBR Pkts 0 LTR Pkts 0 802 1ag 113 ...

Page 114: ...fer a device s credentials to an authentication server typically RADIUS using a mandatory intermediary network access device in this case a Dell Networking switch The network access device mediates all communication between the end user device and the authentication server so that the network remains secure The network access device uses EAP over Ethernet EAPOL to communicate with the end user dev...

Page 115: ... The device attempting to access the network is the supplicant The supplicant is not allowed to communicate on the network until the authenticator authorizes the port It can only communicate with the authenticator in response to 802 1X requests The device with which the supplicant communicates is the authenticator The authenticator is the gate keeper of the network It translates and forwards reque...

Page 116: ...s begins when the authenticator senses that a link status has changed from down to up 1 When the authenticator senses a link state change it requests that the supplicant identify itself using an EAP Identity Request frame 2 The supplicant responds with its identity in an EAP Response Identity frame 3 The authenticator decapsulates the EAP response from the EAPOL frame encapsulates it in a RADIUS A...

Page 117: ...Access Reject frame If the port state remains unauthorized the authenticator forwards an EAP Failure frame Figure 9 EAP Port Authentication 802 1X 117 ...

Page 118: ...2 1X triggered Access Request messages Attribute 31 Calling station id relays the supplicant MAC address to the authentication server Attribute 41 NAS Port Type NAS port physical port type 15 indicates Ethernet Attribute 61 NAS Port the physical port number by which the authenticator is connected to the supplicant Attribute 81 Tunnel Private Group ID associate a tunneled session with a particular ...

Page 119: ...Remember Dell Networking OS supports 802 1X with EAP MD5 EAP OTP EAP TLS EAP TTLS PEAPv0 PEAPv1 and MS CHAPv2 with PEAP All platforms support only RADIUS as the authentication server If the primary RADIUS server becomes unresponsive the authenticator begins using a secondary RADIUS server if configured 802 1X is not supported on port channels or port channel members 802 1X 119 ...

Page 120: ...gure 11 802 1X Enabled 1 Enable 802 1X globally CONFIGURATION mode dot1x authentication 2 Enter INTERFACE mode on an interface or a range of interfaces INTERFACE mode interface range 3 Enable 802 1X on the supplicant interface only 802 1X 120 ...

Page 121: ...the show dot1x interface command In the following example the bold lines show that 802 1X is enabled on all ports unauthorized by default Dell show dot1x interface TenGigabitEthernet 2 1 802 1x information on Te 2 1 Dot1x Status Enable Port Control AUTO Port Auth Status UNAUTHORIZED Re Authentication Disable Untagged VLAN id None Guest VLAN Disable Guest VLAN id NONE Auth Fail VLAN Disable Auth Fa...

Page 122: ...30 Configure the maximum number of times the authenticator re transmits a Request Identity frame INTERFACE mode dot1x max eap req number The range is from 1 to 10 The default is 2 The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for which the authenticator re transmits an EAP Request Identity frame after 90 seconds and re transmits ...

Page 123: ...30 seconds Server Timeout 30 seconds Re Auth Interval 3600 seconds Max EAP Req 10 Auth Type SINGLE_HOST Auth PAE State Initialize Backend State Initialize Forcibly Authorizing or Unauthorizing a Port The 802 1X ports can be placed into any of the three states ForceAuthorized an authorized state A device connected to this port in this state is never subjected to the authentication process but is al...

Page 124: ...th Max 2 Supplicant Timeout 30 seconds Server Timeout 30 seconds Re Auth Interval 3600 seconds Max EAP Req 10 Auth Type SINGLE_HOST Auth PAE State Initialize Backend State Initialize Auth PAE State Initialize Backend State Initialize Re Authenticating a Port You can configure the authenticator for periodic re authentication After the supplicant has been authenticated and the port has been authoriz...

Page 125: ...riod 90 seconds Quiet Period 120 seconds ReAuth Max 10 Supplicant Timeout 30 seconds Server Timeout 30 seconds Re Auth Interval 7200 seconds Max EAP Req 10 Auth Type SINGLE_HOST Auth PAE State Initialize Backend State Initialize Auth PAE State Initialize Backend State Initialize Configuring Timeouts If the supplicant or the authentication server is unresponsive the authenticator terminates the aut...

Page 126: ...id NONE Auth Fail Max Attempts NONE Tx Period 90 seconds Quiet Period 120 seconds ReAuth Max 10 Supplicant Timeout 15 seconds Server Timeout 15 seconds Re Auth Interval 7200 seconds Max EAP Req 10 Auth Type SINGLE_HOST Auth PAE State Initialize Backend State Initialize Enter the tasks the user should do after finishing this task optional Configuring Dynamic VLAN Assignment with Port Authentication...

Page 127: ...VLAN Assignment with Port Authentication 2 Make the interface a switchport so that it can be assigned to a VLAN 3 Create the VLAN to which the interface will be assigned 4 Connect the supplicant to the port configured for 802 1X 5 Verify that the port has been authorized and placed in the desired VLAN refer to the illustration in Dynamic VLAN Assignment with Port Authentication Guest and Authentic...

Page 128: ... VLAN and the authentication process begins Configuring a Guest VLAN If the supplicant does not respond within a determined amount of time reauth max 1 tx period the system assumes that the host does not have 802 1X capability and the port is placed in the Guest VLAN NOTE For more information about configuring timeouts refer to Configuring Timeouts Configure a port to be placed in the Guest VLAN a...

Page 129: ...itchport dot1x authentication dot1x guest vlan 200 dot1x auth fail vlan 100 max attempts 5 no shutdown Dell conf if Te 2 1 Example of Viewing Configured Authentication View your configuration using the show config command from INTERFACE mode as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode 802 1x information on Te 2 1 Dot1x Stat...

Page 130: ...CL separately on the VLAN interface each ACL has a mapping with the VLAN and you use more CAM space To maximize CAM space create an ACL VLAN group and attach the ACL with the VLAN members The ACL manager application on the router processor RP1 contains all the state information about all the ACL VLAN groups that are present The ACL handler on the control processor CP and the ACL agent on the line ...

Page 131: ...nly one ACL to an interface at a time When you attach an ACL VLAN group to the same interface validation performs to determine whether the ACL is applied directly to an interface If you previously applied an ACL separately to the interface an error occurs when you attempt to attach an ACL VLAN group to the same interface The maximum number of members in an ACL VLAN group is determined by the type ...

Page 132: ...guring FP Blocks for VLAN Parameters This section describes how to optimize CAM blocks by configuring ACL VLAN groups that you can attach to VLAN interfaces It also describes how to configure FP blocks for different VLAN operations Configuring ACL VLAN Groups You can create an ACL VLAN group and attach the ACL with the VLAN members The optimization is applicable only when you create an ACL VLAN gr...

Page 133: ...ated for the ACL in VLAN contentaware processor VCAP ACL VLAN groups or CAM optimization is not enabled by default You also must allocate the slices for CAM optimization 1 Allocate the number of FP blocks for VLAN operations CONFIGURATION mode cam acl vlan vlanopenflow 0 2 2 Allocate the number of FP blocks for VLAN iSCSI counters CONFIGURATION mode cam acl vlan vlaniscsi 0 2 3 Allocate the number...

Page 134: ...97 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 2 0 IN L2 ACL 1536 0 1536 IN L3 ACL 1024 1 1023 IN L3 FIB 49152 3 49149 IN V6 ACL 0 0 0 IN NLB ACL 0 0 0 IPMAC ACL 0 0 0 OUT L2 ACL 206 9 197 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 3 0 IN L2 ACL 1536 0 1536 IN L3 ACL 1024 1 1023 IN L3 FIB 49152 3 49149 IN V6 ACL 0 0 0 IN NLB ACL 0 0 0 IPMAC ACL 0 0 0 OUT L2 ACL 206 9 197 OUT L3 ACL 178 9 169 OUT V6 A...

Page 135: ...tion Total CAM Used CAM Available CAM 1 0 IN L3 FIB 49152 3 49149 IN L3 ACL 1024 1 1023 IN V6 ACL 0 0 0 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 2 0 IN L3 FIB 49152 3 49149 IN L3 ACL 1024 1 1023 IN V6 ACL 0 0 0 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 3 0 IN L3 FIB 49152 3 49149 IN L3 ACL 1024 1 1023 IN V6 ACL 0 0 0 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 Codes cam usage is above 90 Allocating...

Page 136: ... default use the no version of these commands By default zero groups are allocated for the ACL in VCAP ACL VLAN groups or CAM optimization is not enabled by default You must also allocate the slices for CAM optimization To display the number of FP blocks that is allocated for the different VLAN services use the show cam acl vlan command After you configure the ACL VLAN groups reboot the system to ...

Page 137: ...er to User Configurable CAM Allocation and CAM Optimization For complete CAM profiling information refer to Content Addressable Memory CAM You can configure ACLs on VRF instances In addition to the existing qualifying parameters Layer 3 ACLs also incorporate VRF ID as one of the parameters Using this new capability you can also configure VRF based ACLs on interfaces NOTE You can apply Layer 3 VRF ...

Page 138: ...s to Remember IP Fragment Handling Configure a Standard IP ACL Configure an Extended IP ACL Configure Layer 2 and Layer 3 ACLs Assign an IP ACL to an Interface Applying an IP ACL Configure Ingress ACLs Configure Egress ACLs IP Prefix Lists ACL Resequencing Route Maps Logging of ACL Processes Flow Based Monitoring Support for ACLs Configuring UDF ACL IP Access Control Lists ACLs In Dell Networking ...

Page 139: ...bes CAM allocation and CAM optimization User Configurable CAM Allocation CAM Optimization User Configurable CAM Allocation Allocate space for IPV6 ACLs by using the cam acl command in CONFIGURATION mode The CAM space is allotted in filter processor FP blocks The total space allocated must equal 13 FP blocks There are 16 FP blocks but System Flow requires three blocks that cannot be reallocated Ent...

Page 140: ...nfigured those counters are reset when a new rule which is inserted or prepended or appended requires a hardware shift in the flow table Resetting the counters to 0 is transient as the proginal counter values are retained after a few seconds If there is no need to shift the flow in the hardware the counters are not affected This is applicable to the following features L2 Ingress Access list L2 Egr...

Page 141: ... to apply ACL rules The order can range from 0 to 254 Dell Networking OS writes to the CAM ACL rules with lower order numbers order numbers closer to 0 before rules with higher order numbers so that packets are matched as you intended By default all ACL rules have an order of 255 Example of the order Keyword to Determine ACL Sequence Dell conf ip access list standard acl1 Dell config std nacl perm...

Page 142: ...n because all three contain filters but route map filters do not contain the permit and deny actions found in ACLs and prefix lists Route map filters match certain routes and set or specific values To create a route map use the following command Create a route map and assign it a unique name The optional permit and deny keywords are the actions of the route map CONFIGURATION mode route map map nam...

Page 143: ...rent route map instance To view all instances of a specific route map use the show route map command Dell show route map dilling route map dilling permit sequence 10 Match clauses Set clauses route map dilling permit sequence 15 Match clauses interface Loopback 23 Set clauses tag 3444 Dell To delete a route map use the no route map map name command in CONFIGURATION mode Configure Route Map Filters...

Page 144: ...ce 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000 In this scenario Dell Networking OS scans all the instances of the route map for any permit statement If there is a match anywhere the route is permitted However other instances of the route map deny it Example of the match Command to Permit and Deny Routes Dell conf route map force...

Page 145: ...p next hop access list name prefix list prefix list name Match next hop routes specified in a prefix list IPv6 CONFIG ROUTE MAP mode match ipv6 next hop access list name prefix list prefix list name Match source routes specified in a prefix list IPv4 CONFIG ROUTE MAP mode match ip route source access list name prefix list prefix list name Match source routes specified in a prefix list IPv6 CONFIG ...

Page 146: ...buted routes CONFIG ROUTE MAP mode set level backbone level 1 level 1 2 level 2 stub area Specify a value for the BGP route s LOCAL_PREF attribute CONFIG ROUTE MAP mode set local preference value Specify a value for redistributed routes CONFIG ROUTE MAP mode set metric metric value Specify an OSPF or ISIS type for redistributed routes CONFIG ROUTE MAP mode set metric type external internal type 1 ...

Page 147: ... to match specific routes and set or change more attributes when redistributing those routes In the following example the redistribute command calls the route map static ospf to redistribute only certain static routes into OSPF According to the route map static ospf only routes that have a next hop of Tengigabitethernet interface 1 1 and that have a metric of 255 are redistributed into the OSPF ba...

Page 148: ... commu comm list1 set community 1 1 1 2 1 3 set as path prepend 1 2 3 4 5 continue 30 IP Fragment Handling Dell Networking OS supports a configurable option to explicitly deny IP fragmented packets particularly second and subsequent packets It extends the existing ACL command syntax with the fragments keyword for all Layer 3 rules applicable to all Layer protocols permit deny ip tcp udp icmp Both ...

Page 149: ...nted packets with destination IP 10 1 1 1 Dell conf ip access list extended ABC Dell conf ext nacl deny ip any 10 1 1 1 32 fragments Dell conf ext nacl permit ip any 10 1 1 1 32 Dell conf ext nacl Layer 4 ACL Rules Examples The following examples show the ACL commands for Layer 4 packet filtering Permit an ACL line with L3 information only and the fragments keyword is present If a packet s L3 info...

Page 150: ...CL filters packets it looks at the fragment offset FO to determine whether it is a fragment FO 0 means it is either the first fragment or the packet is a non fragment FO 0 means it is dealing with the fragments of the original packet Configure a Standard IP ACL To configure an ACL use commands in IP ACCESS LIST mode and INTERFACE mode For a complete list of all the commands related to IP ACLs refe...

Page 151: ... number command in IP ACCESS LIST mode If you are creating a standard ACL with only one or two filters you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured The software assigns filters in multiples of 5 Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters you can let Dell Networking OS assign ...

Page 152: ...dp host 10 21 126 226 10 4 5 0 28 seq 45 permit udp 10 8 0 0 16 10 50 188 118 31 range 1812 1813 seq 50 permit tcp 10 8 0 0 16 10 50 188 118 31 eq 49 seq 55 permit udp 10 15 1 0 24 10 50 188 118 31 range 1812 1813 To delete a filter enter the show config command in IP ACCESS LIST mode and locate the sequence number of the filter you want to delete Then use the no seq sequence number command in IP ...

Page 153: ...e an extended IP ACL and assign it a unique name CONFIGURATION mode ip access list extended access list name 2 Configure an extended IP ACL filter for UDP packets CONFIG EXT NACL mode seq sequence number deny permit tcp source mask any host ip address count byte order fragments Example of the seq Command When you create the filters with a specific sequence number you can create the filters in any ...

Page 154: ...gs details about the packets that match Depending on how many packets match the log entry and at what rate the CP may become busy as it has to log these packets details The following example shows an extended IP ACL in which the sequence numbers were assigned by the software The filters were assigned sequence numbers based on the order in which they were configured for example the first filter was...

Page 155: ...Deny Permit L3 ACL permits Permit Deny L3 ACL denies Permit Permit L3 ACL permits NOTE If you configure an interface as a vlan stack access port only the L2 ACL filters the packets The L3 ACL applied to such a port does not affect traffic That is existing rules for other features such as trace list policy based routing PBR and QoS are applied to the permitted traffic For information about MAC ACLs...

Page 156: ...ss list name in implicit permit vlan vlan range vrf vrf range NOTE The number of entries allowed per ACL is hardware dependent For detailed specification about entries allowed per ACL refer to your line card documentation 4 Apply rules to the new ACL INTERFACE mode ip access list standard extended name To view which IP ACL is applied to an interface use the show config command in INTERFACE mode or...

Page 157: ...applying the ACL rules to the newly created access group and viewing the access list Example of Applying ACL Rules to Ingress Traffic and Viewing ACL Configuration To specify ingress use the in keyword Begin applying rules to the ACL with the ip access list extended abcd command To view the access list use the show command Dell conf interface tengigabitethernet 1 1 Dell conf if te1 1 ip access gro...

Page 158: ...s traffic Example of Applying ACL Rules to Egress Traffic and Viewing ACL Configuration To specify ingress use the out keyword Begin applying rules to the ACL with the ip access list extended abcd command To view the access list use the show command Dell conf interface TenGigabitEthernet 1 1 Dell conf if te 1 1 ip access group abcd out Dell conf if te 1 1 show config TenGigabitEthernet 1 1 no ip a...

Page 159: ...ment protocol IGMP packets are not affected when you enable egress ACL filtering for CPU traffic Packets sent by the CPU with the source address as the VRRP virtual IP address have the interface MAC address instead of VRRP virtual MAC address IP Prefix Lists IP prefix lists control routing policy An IP prefix list is a series of sequential filters that contain a matching criterion examine IP route...

Page 160: ...st OSPF and border gateway protocol BGP NOTE It is important to know which protocol your system supports prior to implementing prefix lists Configuration Task List for Prefix Lists To configure a prefix list use commands in PREFIX LIST ROUTER RIP ROUTER OSPF and ROUTER BGP modes Create the prefix list in PREFIX LIST mode and assign that list to commands in ROUTER RIP ROUTER OSPF and ROUTER BGP mod...

Page 161: ...x list Juba contains a permit all statement By including this line in a prefix list you specify that all routes not matching any criteria in the prefix list are forwarded To delete a filter use the no seq sequence number command in PREFIX LIST mode If you are creating a standard prefix list with only one or two filters you can let Dell Networking OS assign a sequence number based on the order in w...

Page 162: ...fix lists EXEC Privilege mode show ip prefix list summary prefix name Examples of the show ip prefix list Command The following example shows the show ip prefix list detail command Dell show ip prefix detail Prefix list with the last deletion insertion filter_ospf ip prefix list filter_in count 3 range entries 3 sequences 5 10 seq 5 deny 1 102 0 0 16 le 32 hit count 0 seq 6 deny 2 1 0 0 16 ge 23 h...

Page 163: ...ed CONFIG ROUTER RIP mode distribute list prefix list name out interface connected static ospf Example of Viewing Configured Prefix Lists ROUTER RIP mode To view the configuration use the show config command in ROUTER RIP mode or the show running config rip command in EXEC mode Dell conf router_rip show config router rip distribute list prefix juba out network 10 0 0 0 Dell conf router_rip router ...

Page 164: ...bered in increments of 1 You cannot place new rules between these packets so apply resequencing to create numbering space as shown in the second table In the same example apply resequencing if more than two rules must be placed between rules 7 and 10 You can resequence IPv4 and IPv6 ACLs prefixes and MAC ACLs No CAM writes happen as a result of resequencing so there is no packet loss the behavior ...

Page 165: ...mark corresponds to permit any host 1 1 1 1 seq 5 permit ip any host 1 1 1 1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1 1 1 2 seq 10 permit ip any host 1 1 1 2 seq 15 permit ip any host 1 1 1 3 seq 20 permit ip any host 1 1 1 4 Dell end Dell resequence access list ipv4 test 2 2 Dell show running config acl ip access list extended test remark 2 XYZ remark 4 this remark c...

Page 166: ... or forward the packet or traffic Route maps process routes for route redistribution For example a route map can be called to filter only specific routes and to add a metric Route maps also have an implicit deny Unlike ACLs and prefix lists however where the packet or traffic is dropped in route maps if a route does not match any of the route map conditions the route is not redistributed The imple...

Page 167: ...log generation stops When the interval at which ACL logs are configured to be recorded expires a fresh interval timer starts and the packet count for that new interval commences from zero If ACL logging was stopped previously because the configured threshold has exceeded it is reenabled for this new interval The ACL application sends the ACL logging configuration information and other details such...

Page 168: ...ivated in a specific interval owing to the threshold having exceeded the count of packets that exceeded the logging threshold value during that interval is logged when the subsequent log record in the next interval is generated for that ACL entry When you delete an ACL entry the logging settings associated with it are also removed ACL logging is supported for standard and extended IPv4 ACLs IPv6 A...

Page 169: ...oming packets that matches the ACL rules applied on the ingress port and forwards mirrors them to another port The source port is the monitored port MD and the destination port is the monitoring port MG The port mirroring application maintains and performs all the monitoring operations on the chassis ACL information is sent to the ACL manager which in turn notifies the ACL agent to add entries in ...

Page 170: ... packets that match the specified criterion The ACL agent maintains data on the source port the destination port and the endpoint to which the packet must be forwarded when a match occurs with the ACL entry If you configure the flow based enable command and do not apply an ACL on the source port or the monitored port both flow based monitoring and port mirroring do not function Flow based monitori...

Page 171: ...yer 3 ingress and egress traffic You can specify traffic using standard or extended access lists 1 Enable flow based monitoring for a monitoring session MONITOR SESSION mode flow based enable 2 Define access list rules that include the keyword monitor Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor CONFIGURATION mode ip access list For more inf...

Page 172: ...do show monitor session 0 SessID Source Destination Dir Mode Source IP Dest IP 0 Te 1 1 Te 1 2 rx Flow N A N A Configuring UDF ACL To configure a User Defined Field UDF ACL 1 Enable UDF ACL feature on a switch CONFIGURATION mode feature udf acl Dell conf feature udf acl 2 Change the default CAM allocation settings or reconfigure new CAM allocation settings and enable IPV4 UDF CONFIGURATION mode ca...

Page 173: ...Qos 2 0 L2Qos 1 2 L2PT 0 0 IpMacAcl 0 0 VmanQos 0 0 EcfmAcl 2 0 FcoeAcl 4 0 iscsiOptAcl 0 0 ipv4pbr 0 0 vrfv4Acl 0 0 Openflow 0 0 fedgovacl 0 0 nlbclusteracl 0 0 Dell 4 Create a UDF packet format in the UDF TCAM table CONFIGURATION mode udf tcam name seq number Dell conf udf tcam ipnip seq 1 5 Configure a UDF ID to parse packet headers using the specified number of offset and required bytes CONFIG...

Page 174: ... assign values to UDF IDs CONFIGURATION UDF TCAM mode udf qualifier value name Dell conf udf tcam udf qualifier value ipnip_val1 10 Assign a value to a UDF ID CONFIGURATION UDF Qualifier Value Profile mode udf id 1 12 value mask Dell conf udf tcam qual val udf id 1 aa ff 11 Associate the UDF qualifier value with a UDF packet profile in an IP access list CONFIGURATION STANDARD ACCESS LIST mode CONF...

Page 175: ...seq 5 permit ip any any udf pkt format ipnip udf qualifier value ipnip_val1 Dell config ext nacl Access Control Lists ACLs 175 ...

Page 176: ...es the use of multiple protocol dependent timers and methods BFD also carries less overhead than routing protocol hello mechanisms Control packets can be encapsulated in any form that is convenient and on Dell Networking routers BFD agents maintain sessions that reside on the line card which frees resources on the route processor Only session state changes are reported to the BFD Manager on the ro...

Page 177: ...ol packet to the neighbor that indicates the state change though it might not be received if the link or receiving interface is faulty The BFD manager notifies the routing protocols that are registered with it clients that the forwarding path is down and a link state change is triggered in all protocols NOTE A session state change from Up to Down is the only state change that triggers a link state...

Page 178: ...cket Figure 13 BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed State The current local session state Refer to BFD Sessions Flag A bit that indicates packet function If the poll bit is set the receiving system must respond as soon as possible without regard to its transmit interval The responding Bidirectional Forwarding Detection BFD 178 ...

Page 179: ...ired Min Echo RX The minimum rate at which the local system would like to receive echo packets NOTE Dell Networking OS does not currently support the echo function Authentication Type Authentication Length Authentication Data An optional method for authenticating control packets NOTE Dell Networking OS does not currently support the BFD authentication function Two important parameters are calculat...

Page 180: ...Networking OS supports Asynchronous mode only A session can have four states Administratively Down Down Init and Up State Description Administratively Down The local system does not participate in a particular session Down The remote system is not sending control packets or at least not within the detection time for a particular session Init The local system is communicating Up Both systems are ex...

Page 181: ...receives the response from the passive system and changes its session state to Up It then sends a control packet indicating this state change This is the third and final part of the handshake Now the discriminator values have been exchanged and the transmit intervals have been negotiated 4 The passive system receives the control packet and changes its state to Up Both systems agree that a session ...

Page 182: ...nit Figure 15 Session State Changes Important Points to Remember Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3 and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4 Enable BFD on both ends of a link Demand mode authentication and the Echo function are not supported BFD is not supported on ...

Page 183: ... the remote system fails the local system does not remove the connected route until the first failed attempt to send a packet When you enable BFD the local system removes the route as soon as it stops receiving periodic control packets from the remote system Configuring BFD for a physical port is a two step process 1 Enable BFD globally 2 Establish a session with a next hop neighbor Related Config...

Page 184: ...on both ends of the link as shown in the following illustration The configuration parameters do not need to match Figure 16 Establishing a BFD Session on Physical Ports 1 Enter interface mode CONFIGURATION mode interface 2 Assign an IP address to the interface if one is not already assigned INTERFACE mode ip address ip address 3 Identify the neighbor that the interface participates with the BFD se...

Page 185: ... packets received from neighbor 1775 Number of packets sent to neighbor 1775 Number of state changes 1 Number of messages from IFA about port state change 0 Number of messages communicated b w Manager and Agent 4 Log messages display when you configure both interfaces for BFD R1 conf if te 4 24 00 36 01 RPM0 P RP2 BFDMGR 1 BFD_STATE_CHANGE Changed session state to Down for neighbor 2 2 2 2 on inte...

Page 186: ...t message example and the remote systems are notified of the session state change the second message example To disable and re enable BFD on an interface use the following commands Disable BFD on an interface INTERFACE mode no bfd enable Enable BFD on an interface INTERFACE mode bfd enable If you disable BFD on a local interface this message displays R1 conf if te 4 24 01 00 52 RPM0 P RP2 BFDMGR 1...

Page 187: ...ghbors that are the next hop of a static route Figure 17 Establishing Sessions for Static Routes To establish a BFD session use the following command Establish BFD sessions for all neighbors that are the next hop of a static route CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes use the sho...

Page 188: ... To view session parameters use the show bfd neighbors detail command as shown in the examples in Displaying BFD for BGP Information Disabling BFD for Static Routes If you disable BFD all static route BFD sessions are torn down A final Admin Down packet is sent to all neighbors on the remote systems and those neighbors change to the Down state To disable BFD for static routes use the following com...

Page 189: ...ic interface Sessions are only established when the OSPF adjacency is in the Full state Figure 18 Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface use the following commands Establish sessions with all OSPF neighbors ROUTER OSPF mode bfd all neighbors Bidirectional Forwarding Detection BFD 189 ...

Page 190: ...ighbors sessions If you change a parameter at the interface level the change affects all OSPFv3 sessions on that interface To change parameters for all OSPFv3 sessions or for OSPFv3 sessions on a single interface use the following commands To view session parameters use the show bfd neighbors detail command as shown in the example in Displaying BFD for BGP Information Change parameters for all OSP...

Page 191: ...Sessions are only established when the OSPFv3 adjacency is in the Full state To establish BFD with all OSPFv3 neighbors or with OSPFv3 neighbors on a single interface use the following commands Establish sessions with all OSPFv3 neighbors ROUTER OSPFv3 mode bfd all neighbors Establish sessions with OSPFv3 neighbors on a single interface INTERFACE mode ipv6 ospf bfd all neighbors To view the establ...

Page 192: ...sions on the interface are torn down and sessions on the remote system are placed in a Down state Disabling BFD does not trigger a change in BFD clients a final Admin Down packet is sent before the session is terminated To disable BFD sessions use the following commands Disable BFD sessions with all OSPF neighbors ROUTER OSPF mode no bfd all neighbors Disable BFD sessions with all OSPF neighbors o...

Page 193: ...hbors at once or sessions can be established for all neighbors out of a specific interface Figure 19 Establishing Sessions with IS IS Neighbors To establish BFD with all IS IS neighbors or with IS IS neighbors on a single interface use the following commands Establish sessions with all IS IS neighbors ROUTER ISIS mode bfd all neighbors Bidirectional Forwarding Detection BFD 193 ...

Page 194: ...er at the interface level the change affects all IS IS sessions on that interface To change parameters for all IS IS sessions or for IS IS sessions on a single interface use the following commands To view session parameters use the show bfd neighbors detail command as shown in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors Command in Displaying BFD for BGP Information Chang...

Page 195: ...E 40GE port channel and VLAN interfaces BFD for BGP does not support IPv6 and the BGP multihop feature Prerequisites Before configuring BFD for BGP you must first configure the following settings 1 Configure BGP on the routers that you want to interconnect as described in Border Gateway Protocol IPv4 BGPv4 2 Enable fast fall over for BGP neighbors to reduce convergence time the neighbor fall over ...

Page 196: ...uter are assigned to the highest priority egress queue to minimize transmission delays Incoming BFD control packets received from the BGP neighbor are assigned to the highest priority queue within the control plane policing COPP framework to avoid BFD packets drops due to queue congestion BFD notifies BGP of any failure conditions that it detects on the link Recovery actions are initiated by BGP B...

Page 197: ... passive OR neighbor ip address peer group name bfd NOTES When you establish a BFD session with a specified BGP neighbor or peer group using the neighbor bfd command the default BFD session parameters are used interval 100 milliseconds min_rx 100 milliseconds multiplier 3 packets and role active When you explicitly enable or disable a BGP neighbor for a BFD session with the neighbor bfd or neighbo...

Page 198: ...d for the peer group to which the neighbor belongs The neighbor inherits only the global timer values that are configured with the bfd all neighbors command interval min_rx and multiplier If you explicitly enable or disable a peer group for BFD that has no BFD parameters configured for example advertisement interval using the neighbor peer group name bfd command the peer group inherits any BFD set...

Page 199: ...ts 1 1 1 3 1 1 1 2 Te 6 1 Up 100 100 3 B 2 2 2 3 2 2 2 2 Te 6 2 Up 100 100 3 B 3 3 3 3 3 3 3 2 Te 6 3 Up 100 100 3 B The following example shows viewing BFD neighbors with full detail The bold lines show the BFD session parameters TX packet transmission RX packet reception and multiplier maximum number of missed packets R2 show bfd neighbors detail Session Discriminator 9 Neighbor Discriminator 10...

Page 200: ...ms Multiplier 3 Role Active Delete session on Down True Client Registered BGP Uptime 00 02 22 Statistics Number of packets received from neighbor 1428 Number of packets sent to neighbor 1428 Number of state changes 1 Number of messages from IFA about port state change 0 Number of messages communicated b w Manager and Agent 4 The following example shows viewing configured BFD counters R2 show bfd c...

Page 201: ...session with a BGP neighbor using the neighbor ip address bfd command Message displays when you enable a BGP neighbor in a peer group for which you enabled a BFD session using the neighbor peer group name bfd command R2 show ip bgp neighbors 2 2 2 2 BGP neighbor is 2 2 2 2 remote AS 1 external link BGP version 4 remote router ID 12 0 0 4 BGP state ESTABLISHED in this state for 00 05 33 Last read 0...

Page 202: ... 0 0 4 BGP state ESTABLISHED in this state for 00 05 33 Neighbor is using BGP peer group mode BFD configuration Peer active in peer group outbound optimization Configure BFD for VRRP When using BFD with VRRP the VRRP protocol registers with the BFD manager on the route processor module RPM BFD sessions are established with all neighboring interfaces participating in VRRP If a neighboring interface...

Page 203: ... bfd all neighbors Establishing VRRP Sessions on VRRP Neighbors The master router does not care about the state of the backup router so it does not participate in any VRRP BFD sessions VRRP BFD sessions on the backup router cannot change to the UP state Configure the master router to establish an individual VRRP session the backup router To establish a session with a particular VRRP neighbor use t...

Page 204: ...v sent 933 Gratuitous ARP sent 3 Virtual MAC address 00 00 5e 00 01 01 Virtual IP address 2 2 5 4 Authentication none BFD Neighbors RemoteAddr State 2 2 5 2 Up Changing VRRP Session Parameters BFD sessions are configured with default intervals and a default role The parameters that you can configure are Desired TX Interval Required Min RX Interval Detection Multiplier and system role You can chang...

Page 205: ...P group VRRP mode bfd disable Disable a particular VRRP session on an interface INTERFACE mode no vrrp bfd neighbor ip address Configuring Protocol Liveness Protocol liveness is a feature that notifies the BFD manager when a client protocol is disabled When you disable a client all BFD sessions for that protocol are torn down Neighbors on the remote system receive an Admin Down control packet and ...

Page 206: ...hbor 2 2 2 2 on interface Te 4 24 diag 0 The following example shows hexadecimal output from the debug bfd packet command RX packet dump 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00 34 13 Sent packet for session with neighbor 2 2 2 2 on Te 4 24 TX packet dump 20 c0 03 18 00 00 00 04 00 00 00 05 00 01 86 a0 00 01 86 a0 00 00 00 00 00 34 14 Received packet for session w...

Page 207: ...ultiple paths from one router to another Topics Autonomous Systems AS Sessions and Peers Route Reflectors BGP Attributes Multiprotocol BGP Implement BGP with Dell Networking OS Configuration Information BGP Configuration Enabling MBGP Configurations BGP Regular Expression Optimization Debugging BGP Sample Configurations Autonomous Systems AS BGP autonomous systems ASs are a collection of nodes und...

Page 208: ...al Border Gateway Protocol When BGP operates between ASs AS1 and AS2 it is called External BGP EBGP External Border Gateway Protocol IBGP provides routers inside the AS with the knowledge to reach routers external to the AS EBGP routers exchange information with other EBGP routers as well as IBGP routers to maintain connectivity and accessibility Figure 22 Internal BGP BGP version 4 BGPv4 supports...

Page 209: ... peers each six routers have five peers each and eight routers in full mesh have seven peers each Figure 23 BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially Network management quickly becomes impossible Border Gateway Protocol IPv4 BGPv4 209 ...

Page 210: ...ctive state when the timer expires Active The router resets the ConnectRetry timer to zero and returns to the Connect state OpenSent After successful OpenSent transition the router sends an Open message and waits for one in return OpenConfirm After the Open message parameters are agreed between peers the neighbor relation is established and is in the OpenConfirm state This is when the router recei...

Page 211: ...w these rules affect routing refer to the following illustration and the following steps Routers B C D E and G are members of the same AS AS100 These routers are also in the same Route Reflection Cluster where Router D is the Route Reflector Router E and H are client peers of Router D Routers B and C and nonclient peers of Router D Figure 24 BGP Router Rules 1 Router B receives an advertisement fr...

Page 212: ...eighboring external AS number BGP best path selection is deterministic by default which means the bgp non deterministic med command is NOT applied The best path in each group is selected based on specific criteria Only one best path is selected at a time If any of the criteria results in more than one path BGP moves on to the next option in the list For example two paths may have the same weights ...

Page 213: ...e illustration details the path selection criteria Figure 25 BGP Best Path Selection Best Path Selection Details 1 Prefer the path with the largest WEIGHT attribute 2 Prefer the path with the largest LOCAL_PREF attribute 3 Prefer the path that was locally Originated via a network command redistribute command or aggregate address command a Routes originated with the Originated via a network or redi...

Page 214: ...f the Router ID is the same for multiple paths because the routes were received from the same route skip this step b if the Router ID is NOT the same for multiple paths prefer the path that was first received as the Best Path The path selection algorithm returns without performing any of the checks detailed here 11 Prefer the external path originated from the BGP router with the lowest router ID I...

Page 215: ... LOCAL_PREF is one of the criteria used to determine the best path so keep in mind that other criteria may impact selection as shown in the illustration in Best Path Selection Criteria For this example assume that thelocal preference LOCAL_PREF is the only attribute applied In the following illustration AS100 has two possible paths to AS 200 Although the path through Router A is shorter one hop in...

Page 216: ... 100 and the MED for its OC3 exit point to 50 This sets up a path preference through the OC3 link The MEDs are advertised to AS100 routers so they know which is the preferred path MEDs are non transitive attributes If AS100 sends an MED to AS200 AS200 does not pass it on to AS300 or AS400 The MED is a locally relevant attribute to the two participating ASs AS100 and AS200 NOTE The MEDs are adverti...

Page 217: ...icates an origin code of IGP shown in bold Example of Viewing Origin Codes Dell show ip bgp BGP table version is 0 local router ID is 10 101 15 13 Status codes s suppressed d damped h history valid best Path source I internal a aggregate c confed external r redistributed n network Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 7 0 0 0 29 10 114 8 33 0 0 18508 7 0 0 ...

Page 218: ...not sent to the neighbor You can enable this feature using the neighbor sender side loopdetect command NOTE For EBGP neighbors the next hop address corresponding to a BGP route is not resolved if the next hop address is not the same as the neighbor IP address NOTE The connection between a router and its next hop BGP neighbor terminates immediately only if the router has received routes from the BG...

Page 219: ...e defined metric as MED value Use the set metric type internal command in a route map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes The configured set metric value overwrites the default IGP cost By using the redistribute command with the route map command you can specify whether a peer advertises the standard MED or uses the IGP cost as the MED When config...

Page 220: ...a new BGP capability 4 BYTE AS in the OPEN message If a 4 Byte BGP speaker has sent and received this capability from another speaker all the messages will be 4 octet The behavior of a 4 Byte BGP speaker is different with the peer depending on whether the peer is a 4 Byte or 2 Byte BGP speaker Where the 2 Byte format is 1 65535 the 4 Byte format is 1 4294967295 Enter AS numbers using the tradition...

Page 221: ...s larger than 65535 is represented using ASDOT notation as higher 2 bytes in decimal lower 2 bytes in decimal For example AS 65546 is represented as 1 10 ASDOT representation combines the ASPLAIN and ASDOT representations AS numbers less than 65536 appear in integer format asplain AS numbers equal to or greater than 65536 appear in the decimal format asdot For example the AS number 65526 appears a...

Page 222: ..._bgp sho conf router bgp 100 neighbor 172 30 1 250 local as 65057 Dell conf router_bgp do show ip bgp BGP table version is 28093 local router ID is 172 30 1 57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress When migrating one AS to another p...

Page 223: ...tion the Local AS does not prepend to the updates received from the eBGP peer If you do not select no prepend the default the Local AS is added to the first AS segment in the AS PATH If an inbound route map is used to prepend the as path to the update from the peer the Local AS is added first For example consider the topology described in the previous illustration If Router B has an inbound route ...

Page 224: ...d in the peer capability lookup Configure inbound BGP soft reconfiguration on a peer for f10BgpM2PrefixInPrefixesRejected to display the number of prefixes filtered due to a policy If you do enable BGP soft reconfig the denied prefixes are not accounted for F10BgpM2AdjRibsOutRoute stores the pointer to the NLRI in the peer s Adj Rib Out PA Index f10BgpM2PathAttrIndex field in various tables is use...

Page 225: ... RIB are not supported and are set to zero in the SNMP query response The f10BgpM2NlriIndex and f10BgpM2AdjRibsOutIndex fields are not used Carrying MPLS labels in BGP is not supported The f10BgpM2NlriOpaqueType and f10BgpM2NlriOpaquePointer fields are set to zero 4 byte ASN is supported The f10BgpM2AsPath4byteEntry table contains 4 byte ASN related parameters based on the configuration If a recei...

Page 226: ...or peer group enter the neighbor ip address peer group name no shutdown command The following table displays the default values for BGP on Dell Networking OS Table 12 BGP Default Values Item Default BGP Neighbor Adjacency changes All BGP neighbor changes are logged Fast External Fallover feature Disabled Graceful Restart feature Disabled Local preference 100 MED 0 Route Flap Damping Parameters hal...

Page 227: ...reachable NOTE Sample Configurations for enabling BGP routers are found at the end of this chapter 1 Assign an AS number and enter ROUTER BGP mode CONFIGURATION mode router bgp as number as number from 0 to 65535 2 Byte or from 1 to 4294967295 4 Byte or 0 1 to 65535 65535 Dotted format Only one AS is supported per system NOTE If you enter a 4 Byte AS number 4 Byte AS support is enabled automatical...

Page 228: ...ry with a 4 byte AS number using the show ip bgp summary command displays a 4 byte AS number in bold The following example shows the show ip bgp summary command output 2 byte AS number displays R2 show ip bgp summary BGP router identifier 192 168 10 2 local AS number 65123 BGP table version is 1 main routing table version 1 1 network entrie s using 132 bytes of memory 1 paths using 72 bytes of mem...

Page 229: ...ple displays two neighbors one is an external internal BGP neighbor and the second one is an internal BGP neighbor The first line of the output for each neighbor displays the AS number and states whether the link is an external or internal shown in bold The third line of the show ip bgp neighbors output contains the BGP State If anything other than ESTABLISHED is listed the neighbor is not exchang...

Page 230: ...work 10 10 32 0 24 network 100 10 92 0 24 network 192 168 10 0 24 bgp four octet as support neighbor 10 10 21 1 remote as 65123 neighbor 10 10 21 1 filter list ISP1in neighbor 10 10 21 1 no shutdown neighbor 10 10 32 3 remote as 65123 neighbor 10 10 32 3 no shutdown neighbor 100 10 92 9 remote as 65192 neighbor 100 10 92 9 no shutdown neighbor 192 168 10 1 remote as 65123 neighbor 192 168 10 1 upd...

Page 231: ... AS Number representation CONFIG ROUTER BGP mode bgp asnotation asdot Enable ASDOT AS Number representation CONFIG ROUTER BGP mode bgp asnotation asdot Examples of the bgp asnotation Commands The following example shows the bgp asnotation asplain command output Dell conf router_bgp bgp asnotation asplain Dell conf router_bgp sho conf router bgp 100 bgp four octet as support neighbor 172 30 1 250 r...

Page 232: ...iguration properties of the group and share same update policy A maximum of 256 peer groups are allowed on the system Create a peer group by assigning it a name then adding members to the peer group After you create a peer group you can configure route policies for it For information about configuring route policies for a peer group refer to Filtering BGP Routes NOTE Sample Configurations for enab...

Page 233: ...r group if it has any of the following commands configured neighbor advertisement interval neighbor distribute list out neighbor filter list out neighbor next hop self neighbor route map out neighbor route reflector client neighbor send community A neighbor may keep its configuration after it was added to a peer group if the neighbor s configuration is more specific than the peer group s and if th...

Page 234: ...oup is maintained but it is not applied to the peer group members When you disable a peer group all the peers within the peer group that are in the ESTABLISHED state move to the IDLE state To view the status of peer groups use the show ip bgp peer group command in EXEC Privilege mode as shown in the following example Dell show ip bgp peer group Peer group zanzibar remote AS 65535 BGP version 4 Min...

Page 235: ...FIG ROUTER BGP mode neighbor ip address peer group name fall over Examples of Verifying that Fast fall Over is Enabled on a BGP Neighbor and a Peer Group To verify that you enabled fast fall over on a particular BGP neighbor use the show ip bgp neighbors command Because fast fall over is disabled by default it appears only if it has been enabled shown in bold Dell sh ip bgp neighbors BGP neighbor ...

Page 236: ...umber of peers in this group 1 Peer group members outbound optimized 100 100 100 100 Dell router bgp 65517 neighbor test peer group neighbor test fall over neighbor test no shutdown neighbor 100 100 100 100 remote as 65517 neighbor 100 100 100 100 fall over neighbor 100 100 100 100 update source Loopback 0 neighbor 100 100 100 100 no shutdown Dell Configuring Passive Peering When you enable a peer...

Page 237: ...sage sent on the subnet does its BGP state change to ESTABLISHED After the peer group is ESTABLISHED the peer group is the same as any other peer group For more information about peer groups refer to Configure Peer Groups Maintaining Existing AS Numbers During an AS Migration The local as feature smooths out the BGP network migration operation and allows you to maintain existing ASNs during a BGP ...

Page 238: ...92 168 10 1 no shutdown neighbor 192 168 12 2 remote as 65123 neighbor 192 168 12 2 update source Loopback 0 neighbor 192 168 12 2 no shutdown R2 conf router_bgp Allowing an AS Number to Appear in its Own AS Path This command allows you to set the number of times a particular AS number can occur in the AS path The allow as feature permits a BGP speaker to allow the ASN to be present for a specifie...

Page 239: ... and or by peer or peer group NOTE By default BGP graceful restart is disabled The default role for BGP is as a receiving or restarting peer If you enable BGP when a peer that supports graceful restart resumes operating Dell Networking OS performs the following tasks Continues saving routes received from the peer if the peer advertised it had graceful restart capability Continues forwarding traffi...

Page 240: ...or Graceful Restart BGP graceful restart is active only when the neighbor becomes established Otherwise it is disabled Graceful restart applies to all neighbors with established adjacency With the graceful restart feature Dell Networking OS enables the receiving restarting mode by default In Receiver Only mode graceful restart saves the advertised routes of peers that support this capability when ...

Page 241: ... on the number in its AS_PATH AS PATH ACLs use regular expressions to search AS_PATH values AS PATH ACLs have an implicit deny This means that routes that do not meet a deny or match filter are dropped To configure an AS PATH ACL to filter a specific AS_PATH value use these commands in the following sequence 1 Assign a name to a AS PATH ACL and enter AS PATH ACL mode CONFIGURATION mode ip as path ...

Page 242: ...2ffe884 0 1 18508 701 3561 9116 21350 i 0x2ff7284 0 99 18508 701 1239 577 855 0x2ff7ec4 0 4 18508 209 3561 4755 17426 i 0x2ff8544 0 3 18508 701 5743 2648 i 0x736c144 0 1 18508 701 209 568 721 1494 i 0x3b8d224 0 10 18508 209 701 2019 i 0x5eb1e44 0 1 18508 701 8584 16158 i 0x5cd891c 0 9 18508 209 6453 4759 i More Regular Expressions as Filters Regular expressions are used to filter AS paths or commu...

Page 243: ... list command in EXEC Privilege mode For more information about this command and route filtering refer to Filtering BGP Routes The following example applies access list Eagle to routes inbound from BGP peer 10 5 5 2 Access list Eagle uses a regular expression to deny routes originating in AS 32 The first lines shown in bold create the access list and filter The second lines shown in bold are the r...

Page 244: ... specify the name of a configured route map Include specific ISIS routes in BGP ROUTER BGP or CONF ROUTER_BGPv6_ AF mode redistribute isis level 1 level 1 2 level 2 metric value route map map name Configure the following parameters level 1 level 1 2 or level 2 Assign all redistributed routes to a level The default is level 2 metric value The value is from 0 to 16777215 The default is 0 map name na...

Page 245: ...In Dell Networking OS you can assign a COMMUNITY attribute to BGP routers by using an IP community list After you create an IP community list you can apply routing decisions to all routers meeting the criteria in the IP community list IETF RFC 1997 defines the COMMUNITY attribute and the predefined communities of INTERNET NO_EXPORT_SUBCONFED NO_ADVERTISE and NO_EXPORT All BGP routes belong to the ...

Page 246: ...he list regexp then a regular expression Example of the show ip community lists Command To view the configuration use the show config command in CONFIGURATION COMMUNITY LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip community lists extcommunity list command in EXEC Privilege mode Dell show ip community lists ip community list standard 1 deny 701 20 deny 702 20 deny 703 20 deny 704 20 ...

Page 247: ...show ip community lists extcommunity list command in EXEC Privilege mode Dell show ip community lists ip community list standard 1 deny 701 20 deny 702 20 deny 703 20 deny 704 20 deny 705 20 deny 14551 20 deny 701 112 deny 702 112 deny 703 112 deny 704 112 deny 705 112 deny 14551 112 deny 701 667 deny 702 667 deny 703 667 deny 704 666 deny 705 666 deny 14551 666 Dell Filtering Routes with Communit...

Page 248: ...based on the values of the COMMUNITY attributes you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information By default Dell Networking OS does not send the COMMUNITY attribute To send the COMMUNITY attribute to BGP neighbors use the following command Enable the software to send the router s COMMUNITY attribute to the BGP neighbor or peer group speci...

Page 249: ...mmand in CONFIGURATION ROUTER BGP mode To view a route map configuration use the show route map command in EXEC Privilege mode To view BGP routes matching a certain community number or a pre defined BGP community use the show ip bgp community command in EXEC Privilege mode Dell show ip bgp community BGP table version is 3762622 local router ID is 10 114 8 48 Status codes s suppressed d damped h hi...

Page 250: ... learned from BGP confederations missing as best Treat a path missing an MED as the most preferred one To view the nondefault values use the show config command in CONFIGURATION ROUTER BGP mode Changing the LOCAL_PREFERENCE Attribute In Dell Networking OS you can change the value of the LOCAL_PREFERENCE attribute To change the default values of this attribute for all routes received by the router ...

Page 251: ...ange how the NEXT_HOP attribute is used enter the first command To view the BGP configuration use the show config command in CONFIGURATION ROUTER BGP mode or the show running config bgp command in EXEC Privilege mode You can also use route maps to change this and other BGP attributes For example you can include the second command in a route map to specify the next hop address Disable next hop proc...

Page 252: ...ware allows one path to a destination You can enable multipath to allow up to 64 parallel paths to a destination NOTE Dell Networking recommends not using multipath and add path simultaneously in a route reflector To allow more than one path use the following command The show ip bgp network command includes multipath information for that network Enable multiple parallel paths CONFIG ROUTER BGP mod...

Page 253: ... to ensure the changes are made always reset the neighbor or peer group by using the clear ip bgp command in EXEC Privilege mode To filter routes using prefix lists use the following commands 1 Create a prefix list and assign it a name CONFIGURATION mode ip prefix list prefix name 2 Create multiple prefix list filters with a deny or permit action CONFIG PREFIX LIST mode seq sequence number deny pe...

Page 254: ...ode To view a prefix list configuration use the show ip prefix list detail or show ip prefix list summary commands in EXEC Privilege mode Filtering BGP Routes Using Route Maps To filter routes using a route map use these commands 1 Create a route map and assign it a name CONFIGURATION mode route map map name permit deny sequence number 2 Create multiple route map filters with a match or set action...

Page 255: ...nter ROUTER BGP mode CONFIGURATION mode router bgp as number 5 Filter routes based on the criteria in the configured route map CONFIG ROUTER BGP mode neighbor ip address peer group name filter list as path name in out Configure the following parameters ip address or peer group name enter the neighbor s IP address or the peer group s name as path name enter the name of a configured AS PATH ACL in a...

Page 256: ...tor client When you enable a route reflector Dell Networking OS automatically enables route reflection to all clients To disable route reflection between all clients in this reflector use the no bgp client to client reflection command in CONFIGURATION ROUTER BGP mode All clients must be fully meshed before you disable route reflection To view a route reflector configuration use the show config com...

Page 257: ...ing many IBGP peering sessions per router Basically when you configure BGP confederations you break the AS into smaller sub AS and to those outside your network the confederations appear as one AS Within the confederation sub AS the IBGP neighbors are fully meshed and the MED NEXT_HOP and LOCAL_PREF attributes are maintained between confederations To configure BGP confederations use the following ...

Page 258: ...g CONFIG ROUTER BGP mode bgp dampening half life reuse suppress max suppress time route map map name Enter the following optional parameters to configure route dampening parameters half life the range is from 1 to 45 Number of minutes after which the Penalty is decreased After the router assigns a Penalty of 1024 to a route the Penalty is decreased by half after the half life period expires The de...

Page 259: ... regular express to match on By default the path selection in Dell Networking OS is deterministic that is paths are compared irrespective of the order of their arrival You can change the path selection method to non deterministic that is paths are compared in the order in which they arrived starting with the most recent Furthermore in non deterministic mode the software may not compare MED attribu...

Page 260: ...3 79977 780266 0 2 00 38 51 118904 10 114 8 33 18508 117265 25069 780266 0 20 00 38 50 102759 Dell To view which routes are dampened non active use the show ip bgp dampened routes command in EXEC Privilege mode Changing BGP Timers To configure BGP timers use either or both of the following commands Timer values configured with the neighbor timers command override the timer values configured with t...

Page 261: ...r ip bgp soft in command the update database stored in the router is replayed and updates are reevaluated With this command the replay and update process is triggered only if a route refresh request is not negotiated with the peer If the request is indeed negotiated after execution of clear ip bgp soft in BGP sends a route refresh request to the neighbor and receives all of the peer s updates To u...

Page 262: ...e Clause The continue feature can exist without a match clause Without a match clause the continue clause executes and jumps to the specified route map entry With a match clause and a continue clause the match clause executes first and the continue clause next in a specified route map entry The continue clause launches only after a successful match The behavior is A successful match with a continu...

Page 263: ... and withdrawn routes respectively If the peer has not been activated in any AFI SAFI the peer remains in Idle state Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command For a detailed description of the MBGP commands refer to the Dell Networking OS Command Line Interface Reference Guide Enables support for the IPv4 mul...

Page 264: ...ations in out View information about BGP updates and filter by prefix name EXEC Privilege mode debug ip bgp ip address peer group peer group name updates in out prefix list name Enable soft reconfiguration debug EXEC Privilege mode debug ip bgp ip address peer group name soft reconfiguration To enhance debugging of soft reconfig use the bgp soft reconfig backup command only when route refresh is n...

Page 265: ... before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 Capabilities advertised to neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 For address family IPv4 Unicast BGP table version 1395 neighbor version 1394 Prefixes accepted 1 consume 4 bytes 0 withdrawn by peer Prefi...

Page 266: ...and To view the captured PDUs use the show capture bgp pdu neighbor command Dell show capture bgp pdu neighbor 20 20 20 2 Incoming packet capture enabled for BGP neighbor 20 20 20 2 Available buffer size 40958758 26 packet s captured using 680 bytes PDU 1 len 101 captured 00 34 51 ago ffffffff ffffffff ffffffff ffffffff 00650100 00000013 00000000 00000000 419ef06c 00000000 00000000 00000000 000000...

Page 267: ...Ver InQ OutQ Up Down State Pfx 1 1 1 2 2 17 18966 0 0 0 00 08 19 Active 172 30 1 250 18508 243295 25 313511 0 0 00 12 46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors These are seen in the output of the show ip bgp neighbor command Sample Configurations The following example configurations show how to enable BGP and s...

Page 268: ...o 0 int te 1 21 R1 conf if te 1 21 ip address 10 0 1 21 24 R1 conf if te 1 21 no shutdown R1 conf if te 1 21 show config interface TengigabitEthernet 1 21 ip address 10 0 1 21 24 no shutdown R1 conf if te 1 21 int te 1 31 R1 conf if te 1 31 ip address 10 0 3 31 24 R1 conf if te 1 31 no shutdown R1 conf if te 1 31 show config interface TengigabitEthernet 1 31 ip address 10 0 3 31 24 no shutdown Bor...

Page 269: ...ig interface Loopback 0 ip address 192 168 128 2 24 no shutdown R2 conf if lo 0 int te 2 11 R2 conf if te 2 11 ip address 10 0 1 22 24 R2 conf if te 2 11 no shutdown R2 conf if te 2 11 show config interface TengigabitEthernet 2 11 ip address 10 0 1 22 24 no shutdown R2 conf if te 2 11 int te 2 31 R2 conf if te 2 31 ip address 10 0 2 2 24 R2 conf if te 2 31 no shutdown R2 conf if te 2 31 show confi...

Page 270: ... 1 update source loop 0 R3 conf router_bgp neighbor 192 168 128 2 remote 99 R3 conf router_bgp neighbor 192 168 128 2 no shut R3 conf router_bgp neighbor 192 168 128 2 update loop 0 R3 conf router_bgp show config Example of Enabling Peer Groups Router 1 conf R1 conf router bgp 99 R1 conf router_bgp network 192 168 128 0 24 R1 conf router_bgp neighbor AAA peer group R1 conf router_bgp neighbor AAA ...

Page 271: ...ation History Connection Reset Sent 1 Recv 0 Last notification len 21 sent 00 00 57 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host 192 168 128 1 Local port 179 Foreign host 192 168 128 2 Foreign port 65464 BGP neighbor is 192 168 128 3 remote AS 100 external link Member of peer group BBB for session parameters BGP version 4 remote router ID 192 168 128 3 BGP state ESTABLISHED...

Page 272: ...eer group R3 conf router_bgp neighbor AAA no shutdown R3 conf router_bgp neighbor CCC peer group R3 conf router_bgp neighbor CCC no shutdown R3 conf router_bgp neighbor 192 168 128 2 peer group BBB R3 conf router_bgp neighbor 192 168 128 2 no shutdown R3 conf router_bgp neighbor 192 168 128 1 peer group BBB R3 conf router_bgp neighbor 192 168 128 1 no shutdown R3 conf router_bgp R3 conf router_bgp...

Page 273: ...awn 0 from peer Connections established 6 dropped 5 Last reset 00 12 01 due to Closed by neighbor Notification History HOLD error Timer expired Sent 1 Recv 0 Connection Reset Sent 2 Recv 2 Last notification len 21 received 00 12 01 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host 192 168 128 2 Local port 65464 Foreign host 192 168 128 1 Foreign port 179 BGP neighbor is 192 168 ...

Page 274: ...ON mode The CAM space is allotted in field processor FP blocks The total space allocated must equal 13 FP blocks The following table lists the default CAM allocation settings NOTE There are 16 FP blocks but the system flow requires three blocks that cannot be reallocated The following table displays the default CAM allocation settings To display the default CAM allocation enter the show cam acl co...

Page 275: ...ctor of 2 2 4 6 8 10 All other profile allocations can use either even or odd numbered ranges NOTE You can only have one odd number of blocks in the CLI configuration the other blocks must be in factors of 2 For example a CLI configuration of 5 4 2 1 1 blocks is not supported a configuration of 6 4 2 1 blocks is supported For the new settings to take effect you must save the new CAM settings to th...

Page 276: ...alue is 0 3 Execute write memory and verify that the new settings are written to the CAM on the next boot EXEC Privilege mode show cam acl 4 Reload the system EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service policy use the test cam usage command To verify the actual CAM space required create a Class Map with all required ACL rules...

Page 277: ...0 fedgovacl 0 0 Stack unit 0 Current Settings in block sizes Next Boot in block sizes 1 block 128 entries L2Acl 6 4 Ipv4Acl 4 2 Ipv6Acl 0 0 Ipv4Qos 2 2 L2Qos 1 1 L2PT 0 0 IpMacAcl 0 0 VmanQos 0 0 VmanDualQos 0 0 EcfmAcl 0 0 FcoeAcl 0 0 iscsiOptAcl 0 0 ipv4pbr 0 2 vrfv4Acl 0 2 Openflow 0 0 fedgovacl 0 0 Dell conf Example of Viewing CAM ACL Settings NOTE If you change the cam acl setting from CONFIG...

Page 278: ...zes 1 block 128 entries L2Acl 6 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 IpMacAcl 0 VmanQos 0 VmanDualQos 0 EcfmAcl 0 FcoeAcl 0 iscsiOptAcl 0 ipv4pbr 0 vrfv4Acl 0 Openflow 0 fedgovacl 0 Stack unit 7 Current Settings in block sizes 1 block 128 entries L2Acl 6 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 IpMacAcl 0 VmanQos 0 VmanDualQos 0 EcfmAcl 0 FcoeAcl 0 iscsiOptAcl 0 ipv4pbr 0 vrfv4Acl 0 Op...

Page 279: ...L and or DSCP ip precedence rules is applied to more than one physical interface on the same port pipe only a single copy of the policy is written only one FP entry is used When you disable this command the system behaves as described in this chapter Troubleshoot CAM Profiling The following section describes CAM profiling troubleshooting QoS CAM Region Limitation To store QoS service policies the ...

Page 280: ...m flow region 2 Allocate more entries in the IPv4Flow region to QoS Dell Networking OS supports the ability to view the actual CAM usage before applying a service policy The test cam usage service policy command provides this test framework For more information refer to Pre Calculating Available QoS CAM Space Content Addressable Memory CAM 280 ...

Page 281: ... the system control plane rate limits traffic to an acceptable level CoPP increases security on the system by protecting the routing processor from unnecessary or DoS traffic giving priority to important control plane and management traffic CoPP uses a dedicated control plane configuration through the ACL and QoS command line interfaces CLIs to provide filtering and rate limiting capabilities for ...

Page 282: ...tion shows an example of the difference between having CoPP implemented and not having CoPP implemented Figure 30 Control Plane Policing Figure 31 CoPP Implemented Versus CoPP Not Implemented Control Plane Policing CoPP 282 ...

Page 283: ...P policies are assigned on a per protocol or a per queue basis and are assigned in CONTROL PLANE mode to each port pipe CoPP policies are configured by creating extended ACL rules and specifying rate limits through QoS policies The ACLs and QoS policies are assigned as service policies Configuring CoPP for Protocols This section lists the commands necessary to create and enable the service policie...

Page 284: ...ntrol plane Enabling this command on a port pipe automatically enables the ACL and QoS rules creates with the cpu qos keyword CONTROL PLANE mode service policy rate limit protocols Examples of Configuring CoPP for Different Protocols The following example shows creating the IP IPv6 MAC extended ACL Dell conf ip access list extended ospf cpu qos Dell conf ip acl cpuqos permit ospf Dell conf ip acl ...

Page 285: ...s matching the QoS class map to the QoS policy Dell conf policy map input egressFP_rate_policy cpu qos Dell conf policy map in cpuqos class map class_ospf qos policy rate_limit_500k Dell conf policy map in cpuqos class map class_bgp qos policy rate_limit_400k Dell conf policy map in cpuqos class map class_lacp qos policy rate_limit_200k Dell conf policy map in cpuqos class map class ipv6 qos polic...

Page 286: ... cpuq_2 Dell conf qos policy in rate police 5000 80 peak 600 50 Dell conf qos policy in exit The following example shows assigning the QoS policy to the queues Dell conf policy map input cpuq_rate_policy cpu qos Dell conf qos policy in service queue 5 qos policy cpuq_1 Dell conf qos policy in service queue 6 qos policy cpuq_2 Dell conf qos policy in service queue 7 qos policy cpuq_1 The following ...

Page 287: ...nown protocol streams that have to share these 4 CMIC queues Before 9 4 0 0 Dell Networking OS used only 8 queues most of the queues are shared to multiple protocols So increasing the number of CMIC queues will reduce the contention among the protocols for the queue bandwidth Currently there are 4 Queues for data and 4 for control in both front end and back plane ports In stacked systems the contr...

Page 288: ...st be ensured even in case of stand alone systems and there is no dependency with stacking Policing provides a method for protecting CPU bound control plane packets by policing packets transmited to CPU with a specified rate and from undesired or malicious traffic This is done at each CPU queue on each unit FP Entries for Distribution of NDP Packets to Various CPU Queues At present generic mac bas...

Page 289: ...case NDP packets intended to peer VLT chassis taken to CPU and tunnel to peer The following table describes the protocol to queue mapping with the CPU queues increased to be 12 Table 15 Redirecting Control Traffic to 12 CPU queues CPU Queue Weights Rate pps Protocol 0 100 1300 BFD 1 1 300 MC 2 2 300 TTL0 TTL1 IP with options Mac limit violation Hyper pull L3 with Bcast MacDA Unknown L3 ARP unresol...

Page 290: ...Multicast traffic L3 packets with Broadcast MAC address The catch all route poses a risk of overloading the CPU with unknown unicast packets This CLI knob to turn off the catch all route is of use in networks where the user does not want to generate Destination Unreachable messages and have the CPU queue s bandwidth available for higher priority control plane traffic Configuring CoPP for OSPFv3 Yo...

Page 291: ...des show commands to display the protocol traffic assigned to each control plane queue and the current rate limit applied to each queue Other show commands display statistical information for trouble shooting CoPP operation To view the rates for each queue use the show cpu queue rate cp command Viewing Queue Rates Example of Viewing Queue Rates Dell show cpu queue rate cp Service Queue Rate PPS Q0...

Page 292: ...Port Rate kbps ARP any 0x0806 Q5 Q6 CP _ FRRP 01 01 e8 00 00 10 11 any Q7 CP _ LACP 01 80 c2 00 00 02 0x8809 Q7 CP _ LLDP any 0x88cc Q7 CP _ GVRP 01 80 c2 00 00 21 any Q7 CP _ STP 01 80 c2 00 00 00 any Q7 CP _ ISIS 01 80 c2 00 00 14 15 any Q7 CP _ 09 00 2b 00 00 04 05 any Q7 CP Dell To view the queue mapping for IPv6 protocols use the show ipv6 protocol queue mapping command Example of Viewing Que...

Page 293: ...PFC to Manage Converged Ethernet Traffic Configure Enhanced Transmission Selection Hierarchical Scheduling in ETS Output Policies Using ETS to Manage Converged Ethernet Traffic Applying DCB Policies in a Switch Stack Configure a DCBx Operation Verifying the DCB Configuration QoS dot1p Traffic Classification and Queue Assignment Configuring the Dynamic Buffer Method Sample DCB Configuration Etherne...

Page 294: ...quirements while certain applications such as streaming video are more sensitive to latency Ethernet functions as a best effort network that may drop packets in the case of network congestion IP networks rely on transport protocols for example TCP for reliable data transmission with the associated cost of greater processing overhead and performance impact LAN traffic consists of a large number of ...

Page 295: ...traffic on a link according to the 802 1p priority set on a traffic type You can create lossless flows for storage and server traffic while allowing for loss in case of LAN traffic congestion on the same physical interface The following illustration shows how PFC handles traffic congestion by pausing the transmission of incoming traffic with dot1p priority 4 Figure 32 Illustration of Traffic Conge...

Page 296: ...s in multiprotocol Ethernet FCoE SCSI links ETS allows you to divide traffic according to its 802 1p priority into different priority groups traffic classes and configure bandwidth allocation and queue scheduling for each group to ensure that each traffic type is correctly prioritized and receives its required bandwidth For example you can prioritize low latency storage or server cluster traffic i...

Page 297: ...uration information PFC and ETS use DCBx to exchange and negotiate parameters with peer devices DCBx capabilities include Discovery of DCB capabilities on peer device connections Determination of possible mismatch in DCB configuration on a peer link Configuration of a peer device over a DCB link DCBx requires the link layer discovery protocol LLDP to provide the path to exchange DCB parameters wit...

Page 298: ...CEE Priority based flow control Enhanced transmission selection Data center bridging exchange protocol FCoE initialization protocol FIP snooping DCB processes virtual local area network VLAN tagged packets and dot1p priority values Untagged packets are treated with a dot1p priority of 0 For DCB to operate effectively you can classify ingress traffic according to its dot1p priority so that it maps ...

Page 299: ...dled with strict priority scheduling You can enable PFC on a maximum of two priority queues on an interface Enabling PFC for dot1p priorities makes the corresponding port queue lossless The sum of all allocated bandwidth percentages in all groups in the DCB map must be 100 Strict priority traffic is serviced first Afterwards you can configure either the peak rates or the committed rates The bandwi...

Page 300: ...PFC and ETS parameters are applied on the interfaces This change may create a DCB mismatch with peer DCB devices and interrupt network operation Data Center Bridging Default Configuration Before you configure PFC and ETS on a switch see the priority group setting taken into account the following default settings DCB is enabled PFC and ETS are globally enabled by default The default dot1p priority ...

Page 301: ...iable can have a maximum of 32 characters 2 Create a PFC group CONFIGURATION mode priority group group num bandwidth bandwidth strict priority pfc on The range for priority group is from 0 to 7 Set the bandwidth in percentage The percentage range is from 1 to 100 in units of 1 Committed and peak bandwidth is in megabits per second The range is from 0 to 40000 Committed and peak burst size is in ki...

Page 302: ...erved on Port B since traffic flow on priorities is mapped to loss less queues Port B acting as Ingress If the traffic congestion is on PORT B Egress DROP is on PORT A or C as the PFC is not enabled on PORT B Refer the following configuration for queue to dot1p mapping NOTE Although each port on the S4810 S4820T and S5000 devices support 8 QoS queues you can configure only 4 QoS queues 0 3 to mana...

Page 303: ... CoS priority values of the traffic that needs to be stopped DCBx provides the link level exchange of PFC parameters between peer devices PFC allows network administrators to create zero loss links for SAN traffic that requires no drop service while at the same time retaining packet drop congestion management for LAN traffic On a switch PFC is enabled by default on Ethernet ports pfc mode on comma...

Page 304: ...ities result in more than two lossless queues When you apply a DCB map an error message is displayed if link level flow control is already enabled on an interface You cannot enable PFC and link level flow control at the same time on an interface In a switch stack configure all stacked ports with the same PFC configuration Dell Networking OS allows you to change the default dot1p priority queue ass...

Page 305: ...N 2 Apply the DCB map on the Ethernet port to configure it with the PFC and ETS settings in the map for example Dell interface tengigabitEthernet 1 1 Dell config if te 1 1 dcb map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port You cannot apply a DCB map on an interface that has been already configured for PFC using thepfc priority command or which is already configure...

Page 306: ...e PFC using the pfc priority command on an interface on which a DCB map has been applied or which is already configured for lossless queues pfc no drop queues command pfc priority priority range INTERFACE Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is disabled in a DCB map apply the map on the interface The configuration o...

Page 307: ...nts By default no lossless queues are configured on a port A limit of two lossless queues is supported on a port If the number of lossless queues configured exceeds the maximum supported limit per port two an error message is displayed Reconfigure the value to a smaller number of queues If you configure lossless queues on an interface that already has a DCB map with PFC enabled pfc on an error mes...

Page 308: ... a sending device transmits a pause frame the recipient acknowledges this frame by temporarily halting the transmission of data packets The sending device requests the recipient to restart the transmission of data traffic when the congestion eases and reduces The time period that is specified in the pause frame defines the duration for which the flow of data packets is halted When the time period ...

Page 309: ... if a PFC priority is configured and applied on the interface The number of lossless queues supported on the system is dependent on the availability of total buffers for PFC The default configuration in the system guarantees a minimum of 52 KB per queue if all the 128 queues are congested However modifying the buffer allocation per queue impacts this default behavior By default the total available...

Page 310: ... 1 Create class maps to group the DSCP subsets class map match any dscp pfc 1 match ip dscp 0 5 10 15 class map match any dscp pfc 2 match ip dscp 20 25 30 35 2 Associate above class maps to Queues Queue assignment as below NOTE Although each port on the S4810 S4820T and S5000 devices support 8 QoS queues you can configure only 4 QoS queues 0 3 to manage data traffic The remaining 4 queues 4 7 are...

Page 311: ...c is latency sensitive ETS allows different traffic types to coexist without interruption in the same converged link by Allocating a guaranteed share of bandwidth to each priority group Allowing each group to exceed its minimum guaranteed bandwidth if another group is not fully using its allotted bandwidth ETS Prerequisites and Restrictions The following prerequisites and restrictions apply when y...

Page 312: ...affic on which you want to apply an ETS output policy PRIORITY GROUP mode priority list value The range is from 0 to 7 The default is none Separate priority values with a comma Specify a priority range with a dash For example priority list 3 5 7 4 Exit priority group configuration mode PRIORITY GROUP mode exit 5 Repeat Steps 1 to 4 to configure all remaining dot1p priorities in an ETS priority gro...

Page 313: ...tion with peer ETS devices ETS configuration is handled as follows ETS TLVs are supported in DCBx versions CIN CEE and IEEE2 5 The DCBx port role configurations determine the ETS operational parameters refer to Configure a DCBx Operation ETS configurations received from TLVs from a peer are validated If there is a hardware limitation or TLV error DCBx operation on an ETS port goes down New ETS con...

Page 314: ...RATION mode Dell conf qos policy output test12 The maximum 32 alphanumeric characters 2 Configure the percentage of bandwidth to allocate to the dot1p priority queue traffic in the associated L2 class map QoS OUTPUT POLICY mode Dell conf qos policy out bandwidth percentage 100 The default is none 3 Repeat Step 2 to configure bandwidth percentages for other priority queues on the port QoS OUTPUT PO...

Page 315: ... control queues Dell Networking OS supports hierarchical scheduling on an interface The control traffic on Dell Networking OS is redirected to control queues as higher priority traffic with strict priority scheduling After the control queues drain out the remaining data traffic is scheduled to queues according to the bandwidth and scheduler configuration in the DCB map The available bandwidth calc...

Page 316: ...miting because these parameters are not negotiated by DCBx with peer devices you can apply a QoS output policy with WRED and or rate shaping on a DCBx CIN enabled interface In this case the WRED or rate shaping configuration in the QoS output policy must take into account the bandwidth allocation or queue scheduler configured in the DCB map Priority Group Configuration Notes When you configure pri...

Page 317: ...ree bandwidth remains up to the 20 30 Strict priority groups If two priority groups have strict priority scheduling traffic assigned from the priority group with the higher priority queue number is scheduled first However when three priority groups are used and two groups have strict priority scheduling such as groups 1 and 3 in the example the strict priority group whose traffic is mapped to one ...

Page 318: ...that is when DCB features are not compatibly configured on a peer device and the local switch Mis configuration detection is feature specific because some DCB features support asymmetric configuration Reconfigures a peer device with the DCB configuration from its configuration source if the peer device is willing to accept configuration Accepts the DCB configuration from a peer if a DCBx port is i...

Page 319: ...ation the link with the DCBx peer is enabled If the received peer configuration is not compatible with the currently configured port configuration the link with the DCBx peer port is disabled and a syslog message for an incompatible configuration is generated The network administrator must then reconfigure the peer device so that it advertises a compatible DCB configuration The internally propagat...

Page 320: ...es to match against the received application priority Otherwise these ports use their locally configured PFC priorities in application priority TLVs If no configuration source is configured auto upstream and auto downstream ports check to see that the locally configured PFC priorities match the priorities in a received application priority TLV On manual ports an application priority TLV is adverti...

Page 321: ...ts receiving auto configuration information from the configuration source ignore their current settings and use the configuration source information Propagation of DCB Information When an auto upstream or auto downstream port receives a DCB configuration from a peer the port acts as a DCBx client and checks if a DCBx configuration source exists on the switch If a configuration source is found the ...

Page 322: ... If a DCBx frame with a different version is received a syslog message is generated and the peer version is recorded in the peer status table If the frame cannot be processed it is discarded and the discard counter is incremented NOTE Because DCBx TLV processing is best effort it is possible that CIN frames may be processed when DCBx is configured to operate in CEE mode and vice versa In this case...

Page 323: ...LDP is shut down The CIN version of DCBx supports only PFC ETS and FCOE it does not support iSCSI backward congestion management BCN logical link down LLDF and network interface virtualization NIV Configuring DCBx To configure DCBx follow these steps For DCBx to advertise DCBx TLVs to peers enable LLDP For more information refer to Link Layer Discovery Protocol LLDP Configure DCBx operation at the...

Page 324: ...rom auto upstream ports auto downstream configures the port to accept the internally propagated DCB configuration from a configuration source config source configures the port to serve as the configuration source on the switch manual configures the port to operate only on administer configured DCB parameters The port does not accept a DCB configuration received from a peer or a local configuration...

Page 325: ...he DCBx operation on a switch follow these steps 1 Enter Global Configuration mode EXEC PRIVILEGE mode configure 2 Enter LLDP Configuration mode to enable DCBx operation CONFIGURATION mode no protocol lldp 3 Configure the DCBx version used on all interfaces not already configured to exchange DCB information PROTOCOL LLDP mode no DCBx version auto cee cin ieee v2 5 auto configures all ports to oper...

Page 326: ...Vs are enabled and advertise FCoE and iSCSI NOTE To disable TLV transmission use the no form of the command for example no advertise DCBx appln tlv iscsi 6 Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs PROTOCOL LLDP mode no fcoe priority bits priority bitmap The priority bitmap range is from 1 to FF The default is 0x8 7 Configure the iSCSI priority adver...

Page 327: ...ging operations auto detect timer enables traces for DCBx auto detect timers config exchng enables traces for DCBx configuration exchanges fail enables traces for DCBx failures mgmt enables traces for DCBx management frames resource enables traces for DCBx system resource frames sem enables traces for the DCBx state machine tlv enables traces for DCBx TLVs Verifying the DCB Configuration To displa...

Page 328: ...ll stack ports all pfc details Displays the PFC configuration applied to ingress traffic including priorities and link delay show stack unit 0 11 all stack ports all ets details Displays the ETS configuration applied to ingress traffic on stack links including priorities and link delay Examples of the show Commands The following example shows the show dot1p queue mapping command Dell conf show qos...

Page 329: ...fc detail Interface TenGigabitEthernet 1 4 Admin mode is on Admin is enabled Remote is enabled Remote Willing Status is enabled Local is enabled Oper status is recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quanta Application Priority TLV Parameters FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE Pr...

Page 330: ...e received from peer Internally propagated PFC configuration parameters were received from configuration source PFC DCBx Oper status Operational status for exchange of PFC configuration on local port match up or mismatch down State Machine Type Type of state machine used for DCBx exchanges of PFC parameters Feature for legacy DCBx versions Symmetric for an IEEE version TLV Tx Status Status of PFC ...

Page 331: ...mber of PFC pause frames received The following example shows the show interface pfc statistics command Dell show interfaces te 1 1 pfc statistics Interface TenGigabitEthernet 1 1 Interface Priority Rx XOFF Frames Rx Total Frames Tx Total Frames Te 1 1 P0 0 0 0 Te 1 1 P1 0 0 0 Te 1 1 P2 0 0 0 Te 1 1 P3 0 0 0 Te 1 1 P4 0 0 0 Te 1 1 P5 0 0 0 Te 1 1 P6 0 0 0 Te 1 1 P7 0 0 0 The following example show...

Page 332: ... command Dell conf show interfaces tengigabitethernet 1 1 ets detail Interface TenGigabitEthernet 1 1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 0 ETS 2 0 ETS 3 0 ETS 4 0 ETS 5 0 ETS 6 0 ETS 7 0 ETS Priority Bandwidth TSA 0 13 ETS 1 13 ETS 2 13 ETS 3 13 ETS 4 12 ETS 5 12 ET...

Page 333: ...onfigured Admin mode ETS mode on or off Admin Parameters ETS configuration on local port including priority groups assigned dot1p priorities and bandwidth allocation Remote Parameters ETS configuration on remote peer port including Admin mode enabled if a valid TLV was received or disabled priority groups assigned dot1p priorities and bandwidth allocation If the ETS Admin mode is enabled on the re...

Page 334: ...following example shows the show stack unit all stack ports all pfc details command Dell conf show stack unit all stack ports all pfc details stack unit 1 stack port all Admin mode is On Admin is enabled Priority list is 4 5 Local is enabled Priority list is 4 5 Link Delay 45556 pause quantum 0 Pause Tx pkts 0 Pause Rx pkts stack unit 2 stack port all Admin mode is On Admin is enabled Priority lis...

Page 335: ...ets details Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 2 3 4 5 6 7 8 Stack unit 2 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 ...

Page 336: ...Error ETS Conf TLV Pkts 1 Input ETS Reco TLV pkts 1 Output ETS Reco TLV pkts 0 Error ETS Reco TLV Pkts The following example shows the show interface DCBx detail command legacy CEE Dell conf if te 1 17 lldp do sho int te 1 14 dc d E ETS Configuration TLV enabled e ETS Configuration TLV disabled R ETS Recommendation TLV enabled r ETS Recommendation TLV disabled P PFC Configuration TLV enabled p PFC...

Page 337: ...DCB configuration as compatible In auto upstream mode a port can only received a DCBx version supported on the remote peer Local DCBx Configured mode DCBx version configured on the port CEE CIN IEEE v2 5 or Auto port auto configures to use the DCBx version received from a peer Peer Operating version DCBx version that the peer uses to exchange DCB parameters Local DCBx TLVs Transmitted Transmission...

Page 338: ...1p command in INTERFACE configuration mode Layer 2 class maps You can use dot1p priorities to classify traffic in a class map and apply a service policy to an ingress port to map traffic to egress queues NOTE Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS However Dell Networking does recommend using Ingress traffic classification using the s...

Page 339: ...ow control using dynamic buffer spaces is supported on the switch To configure the dynamic buffer capability perform the following steps 1 Enable the DCB application By default DCB is enabled and link level flow control is disabled on all interfaces CONFIGURATION mode dcb enable 2 Configure the shared PFC buffer size and the total buffer size A maximum of 4 lossless queues are supported CONFIGURAT...

Page 340: ...6 Assign the DCB policy to the DCB buffer threshold profile CONFIGURATION mode Dell conf dcb policy buffer threshold stack unit all stack ports all dcb policy name 7 Assign the DCB policy to the DCB buffer threshold profile on interfaces This setting takes precedence over the default buffer threshold setting INTERFACE mode conf if te dcb policy buffer threshold buffer threshold 8 Configuring Globa...

Page 341: ...d has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table For more information refer to QoS dot1p Traffic Classification and Queue Assignment The following describes the dot1p priority class group assignment dot1p Value in the Incoming Frame Priority Group Assignment 0 LAN Data Center Bridging DCB 341 ...

Page 342: ...r traffic 1 Enabling DCB Dell conf dcb enable 2 Configure DCB map and enable PFC and ETS Dell conf service class dynamic dot1p Or Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 service class dynamic dot1p 3 Apply DCB map to relevant interface dcb map test priority group 1 bandwidth 50 pfc on priority group 2 bandwidth 45 pfc off priority group 3 bandwidth 5 pfc on priority pgid 2 2...

Page 343: ...Client This is a network device requesting configuration parameters from the server Relay Agent This is an intermediary network device that passes DHCP messages between the client and server when the server is not on the same subnet as the host Topics DHCP Packet Format and Options Assign an IP Address using DHCP Implementation Information Configure the System to be a DHCP Server Configure the Sys...

Page 344: ...rve as the client s default gateway Domain Name Server Option 6 Specifies the domain name servers DNSs that are available to the client Domain Name Option 15 Specifies the domain name that clients should use when resolving hostnames via DNS IP Address Lease Time Option 51 Specifies the amount of time that the client is allowed to use an assigned IP address DHCP Message Type Option 53 1 DHCPDISCOVE...

Page 345: ...ng DHCP The following section describes DHCP and the client in a network When a client joins a network 1 The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers This message includes the parameters that the client requires and might include suggested values for those parameters 2 Servers unicast or broadcast a DHCPOFFER message in response to the DHC...

Page 346: ...ng Implementation Information The following describes DHCP implementation Dell Networking implements DHCP based on RFC 2131 and RFC 3046 IP source address validation is a sub feature of DHCP Snooping the Dell Networking OS uses access control lists ACLs internally to implement this feature and as such you cannot apply ACLs to an interface which has IP source address validation If you configure IP ...

Page 347: ...configuration parameters to clients upon request Servers typically serve many clients making host management much more organized and efficient The following table lists the key responsibilities of DHCP servers Table 25 DHCP Server Responsibilities DHCP Server Responsibilities Description Address Storage and Management DHCP servers are the owners of the addresses used by DHCP clients The server sto...

Page 348: ...r the network portion of the address you specify The prefix length range is from 17 to 31 4 Display the current pool configuration DHCP POOL mode show config After an IP address is leased to a client only that client may release the address Dell Networking OS performs a IP MAC source address validation to ensure that no client can release another clients address This validation is a default behavi...

Page 349: ...P mode excluded address Specifying an Address Lease Time To specify an address lease time use the following command Specify an address lease time for the addresses in a pool DHCP POOL lease days hours minutes infinite The default is 24 hours Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client To specify a default gateway follow this step Spe...

Page 350: ...ame server address 2 Specify the NetBIOS node type for a Microsoft DHCP client Dell Networking recommends specifying clients as hybrid DHCP POOL mode netbios node type type Creating Manual Binding Entries An address binding is a mapping between the IP address and the media access control MAC address of a client The DHCP server assigns the client an available IP address automatically and then creat...

Page 351: ...ands Clear DHCP binding entries for the entire binding table EXEC Privilege mode clear ip dhcp binding Clear a DHCP binding entry for an individual IP address EXEC Privilege mode clear ip dhcp binding ip address Configure the System to be a Relay Agent DHCP clients and servers request and offer configuration information via broadcast DHCP messages Routers do not forward broadcasts so if there are ...

Page 352: ...address as the relay device Responses from the server are unicast back to the relay agent on port 67 and the relay agent rewrites the destination address and forwards the packet to the client subnet via broadcast or unicast depending whether the client has set or cleared the BROADCAST flag in the DHCP Client PDUs NOTE DHCP Relay is not available on Layer 2 interfaces and VLANs on the Z Series and ...

Page 353: ...namic IP address from a DHCP client is for a limited period or until the client releases the address A DHCP server manages and assigns IP addresses to clients from an address pool stored on the server For more information refer to Configuring the Server for Automatic Address Allocation Dynamically assigned IP addresses are supported on Ethernet VLAN and port channel interfaces The public out of ba...

Page 354: ... a new DHCP server assigned address remains in the running configuration for the interface To acquire a new IP address use the renew DHCP command in EXEC Privilege mode or the ip address dhcp command in INTERFACE Configuration mode To manually configure a static IP address on an interface use the ip address command A prompt displays to release an existing dynamically acquired IP address If you con...

Page 355: ...HCP Client on a Management Interface These conditions apply when you enable a management interface to operate as a DHCP client The management default route is added with the gateway as the router IP address received in the DHCP ACK packet It is required to send and receive traffic to and from other subnets on the external network The route is added irrespective when the DHCP client and server are ...

Page 356: ...ion and behavior are the same on Virtual LAN VLAN and port channel LAG interfaces as on a physical interface DHCP Snooping A DHCP client can run on a switch simultaneously with the DHCP snooping feature as follows If you enable DHCP snooping globally on a switch and you enable a DHCP client on an interface the trust port source MAC address and snooping table validations are not performed on the in...

Page 357: ...Define the configuration parameters on the DHCP server for each chassis based on the chassis MAC address Configure the following parameters unit number priority stack group ID The received stacking configuration is always applied on the master stack unit option 230 unit number 3 priority 2 stack group 14 Configure Secure DHCP DHCP as defined by RFC 2131 provides no authentication or security mecha...

Page 358: ...gent and the DHCP server enter the trust downstream option Manually reset the remote ID for Option 82 CONFIGURATION mode ip dhcp relay information option remote id DHCP Snooping DHCP snooping protects networks from spoofing In the context of DHCP snooping ports are either trusted or not trusted By default all ports are not trusted Trusted ports are ports through which attackers cannot connect Manu...

Page 359: ...ries new IP address assignments are allowed NOTE DHCP server packets are dropped on all not trusted interfaces of a system configured for DHCP snooping To prevent these packets from being dropped configure ip dhcp snooping trust on the server connected port Enabling DHCP Snooping To enable DHCP snooping use the following commands 1 Enable DHCP snooping globally CONFIGURATION mode ip dhcp snooping ...

Page 360: ...nterface number lease value Clearing the Binding Table To clear the binding table use the following command Delete all of the entries in the binding table EXEC Privilege mode clear ip dhcp snooping binding Clearing the DHCP IPv6 Binding Table To clear the DHCP IPv6 binding table use the following command Delete all of the entries in the binding table EXEC Privilege mode clear ipv6 dhcp snooping bi...

Page 361: ...ping Enabled Vlans Vl 10 List of DAI Trust ports Te 1 4 Displaying the Contents of the DHCPv6 Binding Table To display the contents of the DHCP IPv6 binding table use the following command Display the contents of the binding table EXEC Privilege mode show ipv6 dhcp snooping biniding Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp sno...

Page 362: ...d 57 f2 50 172800 D Vl 10 Te 1 2 10 1 1 252 00 00 4d 57 e6 f6 172800 D Vl 10 Te 1 1 10 1 1 253 00 00 4d 57 f8 e8 172740 D Vl 10 Te 1 3 10 1 1 254 00 00 4d 69 e8 f2 172740 D Vl 10 Te 1 5 Total number of Entries in the table 4 Dynamic ARP Inspection Dynamic address resolution protocol ARP inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding...

Page 363: ...AI You can configure 10 to 16 DAI enabled VLANs by allocating more CAM space to the L2SysFlow region before enabling DAI SystemFlow has 102 entries by default This region is comprised of two sub regions L2Protocol and L2SystemFlow L2Protocol has 87 entries L2SystemFlow has 15 entries Six L2SystemFlow entries are used by Layer 2 protocols leaving nine for DAI L2Protocol can have a maximum of 100 en...

Page 364: ...stics command Dell show arp inspection statistics Dynamic ARP Inspection DAI Statistics Valid ARP Requests 0 Valid ARP Replies 1000 Invalid ARP Requests 1000 Invalid ARP Replies 0 Dell Bypassing the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted which is useful in multi switch environments ARPs received on trusted ports bypass validation against...

Page 365: ...ddresses the DHCP servers assign with the port or the port channel interface on which the requesting client is attached and the VLAN the client belongs to When you enable IP source address validation on a port the system verifies that the source IP address is one that is associated with the incoming port and optionally that the client belongs to the permissible VLAN If an attacker is impostering a...

Page 366: ...Address Validation IP source address validation SAV validates the IP source address of an incoming packet and optionally the VLAN ID of the client against the DHCP snooping binding table IP MAC SAV ensures that the IP source address and MAC source address are a legitimate pair rather than validating each attribute individually You cannot configure IP MAC SAV with IP SAV 1 Allocate at least one FP ...

Page 367: ...deny vlan 20 count 0 packets The following output of the show ip dhcp snooping source address validation discard counters interface interface command displays the number of SAV dropped packets on a particular interface Dell show ip dhcp snooping source address validation discard counters interface TenGigabitEthernet 1 1 deny access list on TenGigabitEthernet 1 1 Total cam count 2 deny vlan 10 coun...

Page 368: ...th Dell Networking OS version 8 2 1 2 the default hash algorithm is 24 Enabling Deterministic ECMP Next Hop Deterministic ECMP next hop arranges all ECMPs in order before writing them into the content addressable memory CAM For example suppose the RTM learns eight ECMPs in the order that the protocols and interfaces came up In this case the forwarding information base FIB and CAM sorts them so tha...

Page 369: ...ation the hash seed does not return to the original factory default setting To configure the hash algorithm seed use the following command Specify the hash algorithm seed CONFIGURATION mode hash algorithm seed value stack unit stack unit number port set number The range is from 0 to 4095 Link Bundle Monitoring Link bundle monitoring allows the system to monitor the use of multiple links for an une...

Page 370: ...ink Bundle Monitoring Dell show link bundle distribution ecmp group 1 Link bundle trigger threshold 60 ECMP bundle 1 Utilization In Percent 44 Alarm State Active Interface Line Protocol Utilization In Percent Te 1 1 Up 36 Te 1 1 Up 52 Managing ECMP Group Paths To avoid path degeneration configure the maximum number of paths for an ECMP route that the L3 CAM can hold When you do not configure the m...

Page 371: ...de interface interface 3 Enable monitoring for the bundle CONFIGURATION ECMP GROUP mode link bundle monitor enable Modifying the ECMP Group Threshold You can customize the threshold percentage for monitoring ECMP group bundles To customize the ECMP group bundle threshold and to view the changes use the following commands Modify the threshold for monitoring ECMP group bundles CONFIGURATION mode lin...

Page 372: ... using the RTAG7 hashing which is designed to have the member links used efficiently as the traffic profile gets more diverse Hashing based load balancing is used in the following applications L3 ECMP LAGs HiGig trunking The RTAG7 hash scheme generates a hash that consists of the following two portions The first portion is primarily generated from packet headers to identify micro flows in the traf...

Page 373: ... crc16cc CRC16_CCITT 16 bit CRC16 using CRC16 CCITT polynomial crc32LSB CRC32_LOWER LSB 16 bits of computed CRC32 crc32MSB CRC32_UPPER MSB 16 bits of computed CRC32 default crc upper Use Upper 32 bits of key for hash computation flow based hashing Enable flow based hashing dest ip Use Destination IP for ECMP hashing lsb Always return the LSB of the key as the hash xor1 CRC16_BISYNC_AND_XOR1 Upper ...

Page 374: ...fic goes through the same path to router D while no traffic is redirected to router E Some of the anti polarization techniques used generally to mitigate unequal traffic distribution in LAG ECMP as follows 1 Configuring different hash seed values at each node Hash seed is the primary parameter in hash computations that determine distribution of traffic among the ECMP paths The ECMP path can be con...

Page 375: ...level of randomness in hash selection CLI to enable flow based hashing is shown in the given example Dell_GW1 conf hash algorithm ecmp flow based hashing crc16 CRC16_BISYNC 16 bit CRC16 bisync polynomial default crc16cc CRC16_CCITT 16 bit CRC16 using CRC16 CCITT polynomial crc32MSB CRC32_UPPER MSB 16 bits of computed CRC32 crc32LSB CRC32_LOWER LSB 16 bits of computed CRC32 xor1 CRC16_BISYNC_AND_XO...

Page 376: ...ng flow based hashing When the flow based hashing is enabled at all the nodes in the multi tier network traffic distribution is balanced at all tiers of the network nullifying the polarization effect Traffic occurs by the randomness for the flow based hashing algorithm across multiple nodes in a given network Equal Cost Multi Path ECMP 376 ...

Page 377: ... bridging DCB to support lossless no drop SAN and LAN traffic In addition DCB provides flexible bandwidth sharing for different traffic types such as LAN and SAN according to 802 1p priority classes of service DCBx should be enabled on the system before the FIP snooping feature is enabled For more information refer to the Data Center Bridging DCB chapter Ensure Robustness in a Converged Ethernet N...

Page 378: ...ables FCoE devices to discover one another initialize and maintain virtual links over an Ethernet network and access storage devices in a storage area network SAN FIP satisfies the Fibre Channel requirement for point to point connections by creating a unique virtual link for each connection between an FCoE end device and an FCF via a transit switch FIP provides functionality for discovering and lo...

Page 379: ...CoE traffic to be transmitted between an FCoE end device and an FCF An Ethernet bridge that provides these functions is called a FIP snooping bridge FSB On a FIP snooping bridge ACLs are created dynamically as FIP login frames are processed The ACLs are installed on switch ports configured for ENode mode for server facing ports and FCF mode for a trusted port directly connected to an FCF Enable FI...

Page 380: ... to bridge links Port based ACLs take precedence over global ACLs FCoE generated ACLs These take precedence over user configured ACLs A user configured ACL entry cannot deny FCoE and FIP snooping frames The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network The top of rack ToR switch operates as an FCF for FCoE traffic Converged LAN and SAN traffic ...

Page 381: ...ribe how to configure the FIP snooping feature on a switch Allocate CAM resources for FCoE Perform FIP snooping allowing and parsing FIP frames globally on all VLANs or on a per VLAN basis To assign a MAC address to an FCoE end device server ENode or storage device after a server successfully logs in set the FCoE MAC address prefix FC MAP value an FCF uses The FC MAP value is used in the ACLs inst...

Page 382: ...orks VLANs or individual VLANs on a FIP snooping bridge 3 Configure the FC Map value applied globally by the switch on all VLANs or an individual VLAN 4 Configure FCF mode for a FIP snooping bridge to FCF link For a sample FIP snooping configuration refer to FIP Snooping Configuration Example Statistical information is available for FIP Snooping related information For available commands refer to ...

Page 383: ...e to bridge port mode interface for any FIP snooping enabled VLAN You can configure multiple FCF trusted interfaces in a VLAN When you disable FIP snooping ACLs are not installed FIP and FCoE traffic is not blocked and FIP packets are not processed The existing per VLAN and FIP snooping configuration is stored The configuration is re applied the next time you enable the FIP snooping feature You mu...

Page 384: ...ified VLAN When you enable FIP snooping on VLANs FIP frames are allowed to pass through the switch on the enabled VLANs and are processed to generate FIP snooping ACLs FCoE traffic is allowed on VLANs only after a successful virtual link initialization fabric login FLOGI between an ENode and an FCF All other FCoE traffic is dropped You must configure at least one interface for FCF FCoE Forwarder m...

Page 385: ... of the configured FC MAP value for the VLAN FLOGI and fabric discovery FDISC request response packets are trapped to the CPU They are forwarded after the necessary ACLs are installed Impact on Other Software Features When you enable FIP snooping on a switch other software features are impacted The following table lists the impact of FIP snooping Table 28 Impact of Enabling FIP Snooping Impact Des...

Page 386: ... FCoE VLAN By default FIP snooping is disabled To enable FCoE transit on the switch and configure the FCoE transit parameters on ports follow these steps 1 Configure FCoE FCoE configuration copy flash CONFIG_TEMPLATE FCoE_DCB_Config running config The configuration files are stored in the flash memory in the CONFIG_TEMPLATE file NOTE DCB DCBx is enabled when either of these configurations is appli...

Page 387: ...dress VLAN ID and FC ID show fip snooping fcf fcf mac address Displays information on the FCFs in FIP snooped sessions including the FCF interface and MAC address FCF interface VLAN ID FC MAP value FKA advertisement period and number of ENodes connected clear fip snooping database interface vlan vlan id fcoe mac address enode mac address fcf mac address Clears FIP snooping information on a VLAN fo...

Page 388: ...c 00 01 00 04 01 00 04 41 00 0e fc 00 00 00 02 21 00 0e fc 00 00 00 00 0e fc 00 01 00 05 01 00 05 41 00 0e fc 00 00 00 03 21 00 0e fc 00 00 00 00 The following table describes the show fip snooping sessions command fields Table 30 show fip snooping sessions Command Description Field Description ENode MAC MAC address of the ENode ENode Interface Slot port number of the interface connected to the EN...

Page 389: ...N FC MAP FKA_ADV_PERIOD No of Enodes 54 7f ee 37 34 40 Po 22 100 0e fc 00 4000 2 The following table describes the show fip snooping fcf command fields Table 32 show fip snooping fcf Command Description Field Description FCF MAC MAC address of the FCF FCF Interface Slot port number of the interface to which the FCF is connected VLAN VLAN ID number used by the session FC MAP FC Map value advertised...

Page 390: ...er of FLOGO 0 Number of Enode Keep Alive 4416 Number of VN Port Keep Alive 3136 Number of Multicast Discovery Advertisement 0 Number of Unicast Discovery Advertisement 0 Number of FLOGI Accepts 0 Number of FLOGI Rejects 0 Number of FDISC Accepts 0 Number of FDISC Rejects 0 Number of FLOGO Accepts 0 Number of FLOGO Rejects 0 Number of CVL 0 Number of FCF Discovery Timeouts 0 Number of VN Port Sessi...

Page 391: ...d FLOGI request frames received on the interface Number of FDISC Number of FIP snooped FDISC request frames received on the interface Number of FLOGO Number of FIP snooped FLOGO frames received on the interface Number of ENode Keep Alives Number of FIP snooped ENode keep alive frames received on the interface Number of VN Port Keep Alives Number of FIP snooped VN port keep alive frames received on...

Page 392: ... Port Session Timeouts Number of VN port session timeouts that occurred on the interface Number of Session failures due to Hardware Config Number of session failures due to hardware configuration that occurred on the interface The following example shows the show fip snooping system command Dell show fip snooping system Global Mode Enabled FCOE VLAN List Operational 1 100 FCFs 1 Enodes 2 Sessions ...

Page 393: ...n FCF facing port is configured for DCBx in an auto upstream or configuration source role The DCBx configuration on the FCF facing port is detected by the server facing port and the DCB PFC configuration on both ports is synchronized For more information about how to configure DCBx and PFC on a port refer to the Data Center Bridging DCB chapter The following example shows how to configure FIP snoo...

Page 394: ... for bridge ENode links Example of Configuring the FCF Facing Port Dell conf interface tengigabitethernet 1 5 Dell conf if te 1 5 portmode hybrid Dell conf if te 1 5 switchport Dell conf if te 1 5 fip snooping port mode fcf Dell conf if te 1 5 protocol lldp Dell conf if te 1 5 lldp dcbx port role auto upstream Example of Configuring FIP Snooping Ports as Tagged Members of the FCoE VLAN Dell conf i...

Page 395: ...lidated cryptography module Certificate 1747 running on NetBSD 5 1 per FIPS 140 2 Implementation Guidance section G 5 guidelines NOTE Only the following features use the embedded FIPS 140 2 validated cryptography module SSH Client SSH Server RSA Host Key Generation SCP File Transfers Currently other features using cryptography do not use the embedded FIPS 140 2 validated cryptography module Topics...

Page 396: ...nd it is re enabled for version 2 only If you re enable the SSH server a new RSA host key pair is generated automatically You can also manually create this key pair using the crypto key generate command NOTE Under certain unusual circumstances it is possible for the fips enable command to indicate a failure This failure occurs if any of the self tests fail when you enable FIPS mode This failure oc...

Page 397: ...ommand to view the status of the current FIPS mode show fips status show system Examples of the show fips status and show system Commands The following example shows the show fips status command Dell show fips status FIPS Mode Enabled for the system using the show system command The following example shows the show system command Disabling FIPS Mode When you disable FIPS mode the following changes...

Page 398: ...e no fips mode enable The following Warning message displays WARNING Disabling FIPS mode will close all SSH Telnet connections restart those servers and destroy all configured host keys Proceed y n FIPS Cryptography 398 ...

Page 399: ...Overview Implementing FRRP FRRP Configuration Troubleshooting FRRP Sample Configuration and Topology Protocol Overview FRRP is built on a ring topology You can configure up to 255 rings on a system FRRP uses one Master node and multiple Transit nodes in each ring There is no limit to the number of nodes on a ring The Master node is responsible for the intelligence of the Ring and monitors the stat...

Page 400: ... and continues normal operation If the Master node does not receive the RHF before the fail period timer expires a configurable timer the Master node moves from the Normal state to the Ring Fault state and unblocks its Secondary port The Master node also clears its forwarding table and sends a control frame to all other nodes instructing them to also clear their forwarding tables Immediately after...

Page 401: ...iple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system More than the recommended number of rings may cause interface instability You can configure multiple rings with a single switch connection a single ring can have multiple FRRP groups multiple rings can be connected with a common link The platform supports up to 32 rings on a system including stacked ...

Page 402: ...ngle Switch Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks The Master node originates a high speed frame that circulates around the ring This frame appropriately sets up or breaks down the ring The Master node transmits ring status check frames at specified intervals You can run multiple physical rings on the same switc...

Page 403: ... has two ports for each ring Primary and Secondary The Master node Primary port generates RHFs The Master node Secondary port receives the RHFs On Transit nodes there is no distinction between a Primary and Secondary interface when operating in the Normal state Ring Interface State Each interface port that is part of the ring maintains one of four states Blocking State Accepts ring protocol packet...

Page 404: ...h node of the ring TCRHFs are sent out the Master Node s Primary and Secondary interface when the ring is declared in a Failed state with the same sequence number on any topology change to ensure that all Transit nodes receive it There is no periodic transmission of TCRHFs The TCRHFs are sent on triggered events of ring failure or ring restoration only Implementing FRRP FRRP is media and speed ind...

Page 405: ...onfiguring the Control VLAN Control and member VLANS are configured normally for Layer 2 Their status as control or member is determined at the FRRP group commands For more information about configuring VLANS in Layer 2 mode refer to Layer 2 Be sure to follow these guidelines All VLANS must be in Layer 2 mode You can only add ring nodes to the VLAN A control VLAN can belong to one FRRP group only ...

Page 406: ...ace primary interface secondary interface control vlan vlan id Interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information 4 Configure the Master node CONFIG FRRP mode mode master 5 Identify the Member VLANs for this FRRP group CONFIG FRRP mod...

Page 407: ...information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information 3 Assign the Primary and Secondary ports and the Control VLAN for the ports on the ring CONFIG FRRP mode interface primary interface secondary interface control vlan vlan id Interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport informati...

Page 408: ...RRP counters use one of the following commands Clear the counters associated with this Ring ID EXEC PRIVELEGED mode clear frrp ring id Ring ID the range is from 1 to 255 Clear the counters associated with all FRRP groups EXEC PRIVELEGED mode clear frrp Viewing the FRRP Configuration To view the configuration for the FRRP group use the following command Show the configuration for this FRRP group CO...

Page 409: ...disabled on both Primary and Secondary interfaces when you enable FRRP When the interface ceases to be a part of any FRRP process if you enable Spanning Tree globally also enable it explicitly for the interface The maximum number of rings allowed on a chassis is 255 Sample Configuration and Topology The following example shows a basic FRRP topology Example of R1 MASTER interface TenGigabitEthernet...

Page 410: ...4 31 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 2 14 secondary TenGigabitEthernet 2 31 control vlan 101 member vlan 201 mode transit no disable Example of R3 TRANSIT interface TenGigabitEthernet 3 14 no ip address switchport no shutdown interface TenGigabitEthernet 3 21 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 3 14 21 n...

Page 411: ...mode transit no disable Force10 Resilient Ring Protocol FRRP 411 ...

Page 412: ...e idea is to configure switches at the edge and have the information dynamically propagate into the core As such the edge ports must still be statically configured with VLAN membership information and they do not run GVRP It is this information that is propagated to create dynamic VLAN membership in the core of the network Important Points to Remember GVRP propagates VLAN membership throughout a n...

Page 413: ...PVST running Cannot enable GVRP Error MSTP running Cannot enable GVRP Topics Configure GVRP Enabling GVRP Globally Enabling GVRP on a Layer 2 Interface Configure GVRP Registration Configure a GARP Timer RPM Redundancy GARP VLAN Registration Protocol GVRP 413 ...

Page 414: ...witch basis Enable GVRP on each port that connects to a switch where you want GVRP information exchanged In the following example GVRP is configured on VLAN trunk ports Figure 46 Global GVRP Configuration Example Basic GVRP configuration is a two step process 1 Enabling GVRP Globally 2 Enabling GVRP on a Layer 2 Interface GARP VLAN Registration Protocol GVRP 414 ...

Page 415: ...rief command Enabling GVRP on a Layer 2 Interface To enable GVRP on a Layer 2 interface use the following command Enable GVRP on a Layer 2 interface INTERFACE mode gvrp enable Example of Enabling GVRP on an Interface Dell conf if te 1 21 switchport Dell conf if te 1 21 gvrp enable Dell conf if te 1 21 no shutdown Dell conf if te 1 21 show config interface TenGigabitEthernet 1 21 no ip address swit...

Page 416: ...istration fixed 34 35 Dell conf if te 1 21 gvrp registration forbidden 45 46 Dell conf if te 1 21 show conf interface TenGigabitEthernet 1 21 no ip address switchport gvrp enable gvrp registration fixed 34 35 gvrp registration forbidden 45 46 no shutdown Dell conf if te 1 21 Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP There ar...

Page 417: ...l conf garp timers join 300 Error Leave timer should be 3 Join timer RPM Redundancy The current version of Dell Networking OS supports 1 1 hitless route processor module RPM redundancy The primary RPM performs all routing switching and control operations while the standby RPM monitors the primary RPM In the event that the primary RPM fails the standby RPM can assume control of the system without r...

Page 418: ... Networking OS release Table 34 Boot Code Requirements Component Boot Code S4048 ON 1 2 0 3 The features in this collection are Component Redundancy Hitless Behavior Graceful Restart Software Resiliency Hot Lock Behavior Topics Component Redundancy Pre Configuring a Stack Unit Slot Removing a Provisioned Logical Stack Unit Hitless Behavior Graceful Restart Software Resiliency Hot Lock Behavior Com...

Page 419: ...ole Primary Stack unit State Active Stack unit SW Version 9 6 0 0 Link to Peer Down Peer Stack unit not present Stack unit Redundancy Configuration Primary Stack unit mgmt id 0 Auto Data Sync Full Failover Type Hot Failover Auto reboot Stack unit Enabled Auto failover limit 3 times in 60 minutes Stack unit Failover Record Failover Count 0 Last failover timestamp None Last failover Reason None Last...

Page 420: ...e redundancy force failover stack unit Example of the redundancy force failover stack unit Command Dell redundancy force failover stack unit System configuration has been modified Save yes no yes Proceed with Stack unit hot failover confirm yes no yes Dell Specifying an Auto Failover Limit When a non recoverable fatal error is detected an automatic failover occurs However Dell Networking OS is con...

Page 421: ...gure an empty stack unit slot with a logical stack unit To pre configure an empty stack unit slot use the following command Pre configure an empty stack unit slot with a logical stack unit CONFIGURATION mode stack unit unit_id provisionS4048 ON Example of Viewing a Logical Configuration of a Pre Configured Stack Unit After creating the logical stack unit you can configure the interfaces on the sta...

Page 422: ... hitless end result if the hitless behavior involves multiple protocols all protocols must be hitless For example if OSPF is hitless but bidirectional forwarding detection BFD is not OSPF operates hitlessly and BFD flaps upon an RPM failover The following protocols are hitless Link aggregation control protocol Spanning tree protocol Refer to Configuring Spanning Trees as Hitless Graceful Restart G...

Page 423: ...reshold can be used to initiate recovery mechanism Failure and Event Logging Dell Networking systems provide multiple options for logging failures and events Trace Log Developers interlace messages with software code to track the execution of a program These messages are called trace messages and are primarily used for debugging and to provide lower level information then event messages which syst...

Page 424: ...tors diagnostics and auditing information Dell Networking OS sends event messages to the internal buffer all terminal lines the console and optionally to a syslog server For more information about event messages and configurable options refer to Management Hot Lock Behavior Dell Networking OS hot lock features allow you to append and delete their corresponding content addressable memory CAM entrie...

Page 425: ... RFCs 1112 2236 and 3376 respectively Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet IGMP on Dell Networking OS supports an unlimited number of groups Dell Networking systems cannot serve as an IGMP host or an IGMP version 1 IGMP Querier Dell Networking OS automatically enables IGMP on interfaces on which you enable a multicast routing protocol Topics IGM...

Page 426: ...y response timer several times the value of the query interval to expire before it stops forwarding traffic To receive multicast traffic from a particular source a host must join the multicast group to which the source is sending traffic A host that is a member of a group is called a receiver A host may join many groups and may join or leave any group at any time A host joins and leaves a multicas...

Page 427: ...cific Query to determine whether there are any remaining hosts in the group There must be at least one receiver in a group on a subnet for a router to forward multicast traffic for that group to the subnet 3 Any remaining hosts respond to the query according to the delay timer mechanism refer to Adjusting Query and Response Timers If no hosts respond because there are none remaining in the group t...

Page 428: ... host indicates that it wants to receive traffic for group 224 1 1 1 2 The host s second report indicates that it is only interested in traffic from group 224 1 1 1 source 10 11 1 1 Include messages prevents traffic from all other sources in the group from reaching the subnet Before recording this request the querier sends a group and source query to verify that there are no hosts interested in an...

Page 429: ...ssage indicates that it is only interested in traffic from sources 10 11 1 1 and 10 11 1 2 Because this request again prevents all other sources from reaching the subnet the router sends another group and source query so that it can satisfy all other hosts There are no other interested hosts so the request is recorded Figure 50 Membership Reports Joining and Filtering Internet Group Management Pro...

Page 430: ...es sends a group and source query to see if any other host is interested in these two sources queries for state changes are retransmitted multiple times If any are they respond with their current state information and the querier refreshes the relevant state information 3 Separately in the following illustration the querier sends a general query to 224 0 0 1 4 Host 2 responds to the periodic gener...

Page 431: ...d with PIM SM are automatically enabled with IGMP To view IGMP enabled interfaces use the following command View IGMP enabled interfaces EXEC Privilege mode show ip igmp interface Example of the show ip igmp interface Command Dell show ip igmp interface TenGigabitEthernet 3 10 Inbound IGMP access group is not set Internet address is 165 87 34 5 24 IGMP is up on the interface IGMP query interval is...

Page 432: ... interval is 60 seconds IGMP querier timeout is 125 seconds IGMP max query response time is 10 seconds IGMP last member query response interval is 1000 ms IGMP immediate leave is disabled IGMP activity 0 joins 0 leaves 0 channel joins 0 channel leaves IGMP querying router is 1 1 1 1 this system IGMP version is 3 Viewing IGMP Groups To view both learned and statically configured IGMP groups use the...

Page 433: ... querier waits for a response to a query before taking further action The querier advertises this value in the query refer to the illustration in IGMP Version 2 Lowering this value decreases leave latency but increases response burstiness because all host membership reports must be sent before the maximum response time expires Inversely increasing this value decreases burstiness at the expense of ...

Page 434: ...fter entering your first deny rule the Dell Networking OS clears the multicast routing table and re learns all groups even those not covered by the rules in the access list because there is an implicit deny all rule at the end of all access lists Therefore configuring an IGMP join request filter in this order might result in data loss If you must enter the ip igmp access group command before creat...

Page 435: ...enting a Host from Joining a Group The following table lists the location and description shown in the previous illustration Table 35 Preventing a Host from Joining a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 Internet Group Management Protocol IGMP 435 ...

Page 436: ...Ethernet 2 31 ip pim sparse mode ip address 10 11 23 1 24 no shutdown 3 1 Interface TenGigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode...

Page 437: ...oping IGMP snooping enables switches to use information in IGMP packets to generate a forwarding table that associates ports with multicast groups so that when they receive multicast frames they can forward them only to interested receivers Multicast packets are addressed with multicast MAC addresses which represent a group of devices rather than one unique device Switches forward multicast frames...

Page 438: ... enable View the configuration CONFIGURATION mode show running config Disable snooping on a VLAN INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks Removing a Group Port Association Disabling Multicast Flooding Specifying a Port as Connected to a Multicast Router Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell conf ip igmp snooping enable Dell con...

Page 439: ...mp snooping flood Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN use the following commands Statically specify a port in a VLAN as connected to a multicast router INTERFACE VLAN mode ip igmp snooping mrouter View the ports that are connected to multicast routers EXEC Privilege mode show ip igmp snooping mrouter Configuring the Switch as Querier ...

Page 440: ...ng table Adjust the last member query interval INTERFACE VLAN mode ip igmp snooping last member query interval Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change Dell Networking OS sends a general query out of all ports except the multicast router ports The host sends a response to the general query and the for...

Page 441: ...ent protocols must exit out of the management port In this chapter all the references to traffic indicate switch initiated traffic and responses to switch destined traffic with management port IP address as the source IP address In customer deployment topologies it might be required that the traffic for certain management applications needs to exit out of the management port only You can use EIS t...

Page 442: ...e after a packet is sent The switch also processes user specified port numbers for applications such as RADIUS TACACS SSH and sFlow The OS maintains a list of configured management applications and their port numbers You can configure two default routes one configured on the management port and the other on the front end port Two tables namely Egress Interface Selection routing table and default r...

Page 443: ...management port IP address the response to the request is sent out of the management port by performing a route lookup in the EIS routing table If the SSH request is received on the front end port destined for the front end IP address the response traffic is sent by doing a route lookup in the default routing table only If the management port is down or route lookup fails in the management EIS rou...

Page 444: ...ucture in the in_selectsrc call which is called as part of the connect system call or in the ip_output function If the destination TCP UDP port number belongs to a configured management application then sin_port of destination sockaddr structure is set to Management EIS ID 2 so that route lookup can be done in the management EIS routing table To ensure that protocol separation is done only for swi...

Page 445: ...he response traffic and hence is sent out of the management port In this case the source IP address is a management port IP address only if the traffic was originally destined to the management port IP ICMP based applications like ping and traceroute are exceptions to the preceding logic since we do not have TCP UDP port number So if source IP address of the packet matches the management port IP a...

Page 446: ... when the management egress interface selection feature is enabled Table 37 Mapping of Management Applications and Traffic Type Traffic type Application type Switch initiated traffic Switch destined traffic Transit Traffic EIS Management Application Management is the preferred egress port selected based on route lookup in EIS table If the management port is down or the route lookup fails packets a...

Page 447: ...rom the switch 1 Management Applications Applications that are configured as management applications The management port is an egress port for management applications If the management port is down or the destination is not reachable through the management port next hop ARP is not resolved and so on and if the destination is reachable through a data port then the management application traffic is ...

Page 448: ... Default Behavior tacacs EIS Behavior Default Behavior telnet EIS Behavior Default Behavior tftp EIS Behavior Default Behavior icmp ping and traceroute EIS Behavior for ICMP Default Behavior Behavior of Various Applications for Switch Destined Traffic This section describes the different system behaviors that occur when traffic is terminated on the switch Traffic has not originated from the switch...

Page 449: ...avior Default Behavior Snmp snmp mib response EIS Behavior Default Behavior telnet EIS Behavior Default Behavior icmp ping and traceroute EIS Behavior for ICMP Default Behavior Interworking of EIS With Various Applications Stacking The management EIS is enabled on the master and the standby unit Because traffic can be initiated from the Master unit only the preference to management EIS table for s...

Page 450: ... if sFlow is configured in stacking environment Designating a Multicast Router Interface To designate an interface as a multicast router interface use the following command Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non zero IP source address All IGMP control...

Page 451: ...n Interface Types View Basic Interface Information Enabling a Physical Interface Physical Interfaces Management Interfaces VLAN Interfaces Loopback Interfaces Null Interfaces Port Channel Interfaces Advanced Interface Configuration Bulk Configuration Defining Interface Range Macros Monitoring and Maintaining Interfaces Splitting QSFP Ports to SFP Ports Link Dampening Link Bundle Monitoring Etherne...

Page 452: ...P or QSFP Port to an SFP or SFP Port Link Dampening Link Bundle Monitoring Using Ethernet Pause Frames for Flow Control Configure the MTU Size on an Interface Port Pipes Auto Negotiation on Ethernet Interfaces View Advanced Interface Information Dynamic Counters Interface Types The following table describes different interface types Table 40 Different Types of Interfaces Interface Type Modes Possi...

Page 453: ...played as 0 zero for the Rx Tx power values To obtain the correct power information perform a simple network management protocol SNMP query Examples of the show Commands The following example shows the configuration and status information for one interface Dell show interfaces tengigabitethernet 1 1 TenGigabitEthernet 1 1 is up line protocol is up Hardware is Force10Eth address is 00 01 e8 05 f3 6...

Page 454: ...dministratively down down TenGigabitEthernet 1 2 unassigned NO Manual administratively down down TenGigabitEthernet 1 3 unassigned YES Manual up up TenGigabitEthernet 1 4 unassigned YES Manual up up TenGigabitEthernet 1 5 unassigned YES Manual up up TenGigabitEthernet 1 6 10 10 10 1 YES Manual up up TenGigabitEthernet 1 7 unassigned NO Manual administratively down down TenGigabitEthernet 1 8 unass...

Page 455: ...ory default state CONFIGURATION mode default interface interface type Dell conf default interface tengigabitethernet 1 5 3 Verify the configuration INTERFACE mode show config Dell conf if te 1 5 show config interface TenGigabitEthernet 1 5 no ip address shutdown All the applied configurations are removed and the interface is set to the factory default state Enabling a Physical Interface After dete...

Page 456: ...o become part of virtual interfaces such as virtual local area networks VLANs or port channels For more information about VLANs refer to Bulk Configuration For more information on port channels refer to Port Channel Interfaces Dell Networking OS Behavior The system uses a single MAC address for all physical interfaces Configuration Task List for Physical Interfaces By default all interfaces are op...

Page 457: ...ta Link Mode Do not configure switching or Layer 2 protocols such as spanning tree protocol STP on an interface unless the interface has been set to Layer 2 mode To set Layer 2 data transmissions through an individual interface use the following command Enable Layer 2 data transmissions through an individual interface INTERFACE mode switchport Example of a Basic Layer 2 Interface Configuration Del...

Page 458: ...able Layer 3 on an individual interface INTERFACE mode ip address ip address Enable the interface INTERFACE mode no shutdown Example of Error Due to Issuing a Layer 3 Command on a Layer 2 Interface If an interface is in the incorrect layer mode for a given command an error message is displayed shown in bold In the following example the ip address command triggered an error message because the inte...

Page 459: ...led ICMP redirects are not sent ICMP unreachables are not sent Egress Interface Selection EIS EIS allows you to isolate the management and front end port domains by preventing switch initiated traffic routing between the two domains This feature provides additional security by preventing flooding attacks on front end ports The following protocols support EIS DNS FTP NTP RADIUS sFlow SNMP SSH Syslo...

Page 460: ...ncoming SNMP packets as the source address for outgoing SNMP responses for security Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port You can use either method to connect to the system Configuring Management Interfaces The dedicated Management interface provides management access to the system You can configure this interface ...

Page 461: ...rrent address is 00 01 e8 a0 bf f3 Pluggable media not present Interface index is 302006472 Internet address is 10 16 130 5 16 Link local IPv6 address fe80 201 e8ff fea0 bff3 64 Global IPv6 address 1 1 Global IPv6 address 2 1 64 Virtual IP is not set Virtual IP IPv6 address is not set MTU 1554 bytes IP MTU 1500 bytes LineSpeed 1000 Mbit Mode full duplex ARP type ARPA ARP Timeout 04 00 00 Last clea...

Page 462: ...y management interface IP and virtual IP must be in the same subnet To view the Primary RPM Management port use the show interface Managementethernet command in EXEC Privilege mode If there are two RPMs you cannot view information on that interface Configuring a Management Interface on an Ethernet Port You can manage the system through any port using remote access such as Telnet To configure an IP...

Page 463: ...g on the same VLAN Dell Networking OS supports Inter VLAN routing Layer 3 routing in VLANs You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used For more information about configuring different routing protocols refer to the chapters on the specific protocol A consideration for including VLANs in routing protocols is that you must ...

Page 464: ...nterface CONFIGURATION mode interface loopback number The range is from 0 to 16383 View Loopback interface configurations EXEC mode show interface loopback number Delete a Loopback interface CONFIGURATION mode no interface loopback number Many of the commands supported on physical interfaces are also supported on a Loopback interface Null Interfaces The Null interface is another virtual interface ...

Page 465: ... including easy management link redundancy and sharing Port channels are transparent to network configurations and can be modified and managed as one interface For example you configure one IP address for the group and that IP address is used for all routed traffic on the port channel With this feature you can create larger capacity interfaces by utilizing a group of lower speed links For example ...

Page 466: ...ces The common speed is determined when the port channel is first enabled Then the software checks the first interface listed in the port channel configuration If you enabled that interface its speed configuration becomes the common speed of the port channel If the other interfaces configured in that port channel are configured with a different speed Dell Networking OS disables them Port channels ...

Page 467: ...ng or configuring protocols or assigning access control lists Adding a Physical Interface to a Port Channel The physical interfaces in a port channel can be on any line card in the chassis but must be the same physical type NOTE Port channels can contain a mix of Ethernet interfaces but Dell Networking OS disables the interfaces that are not the same speed of the first channel member in the port c...

Page 468: ...00 06 03 Te 1 7 Up Te 1 8 Up Te 1 13 Up Te 1 14 Up Dell The following example shows the port channel s mode L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2 port channel assigned to a routed VLAN the status and the number of interfaces belonging to the port channel Dell show interface port channel 20 Port channel 20 is up line protocol is up Hardware address is 00 01 e8 01 46 fa Internet a...

Page 469: ... 6 is part of port channel 5 which is in Layer 2 mode and an error message appeared when an IP address was configured Dell conf if portch show config interface Port channel 5 no ip address switchport channel member TenGigabitEthernet 1 6 Dell conf if portch int Te 1 6 Dell conf if ip address 10 56 4 4 24 Error Port is part of a LAG Te 1 6 Dell conf if Reassigning an Interface to a New Port Channel...

Page 470: ...to consider the port channel to be in oper up status To set the oper up status of your links use the following command Enter the number of links in a LAG that must be in oper up status INTERFACE mode minimum links number The default is 1 Example of Configuring the Minimum Oper Up Links in a Port Channel Dell config t Dell conf int po 1 Dell conf if po 1 minimum links 5 Dell conf if po 1 Adding or ...

Page 471: ...orm the following 1 Configure VLAN membership on individual ports INTERFACE mode Dell conf if vlan tagged 2 3 4 2 Use the switchport command in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell conf if switchport 3 Verify the manually configured VLAN membership show interfaces switchport interface command EXEC mode Dell conf interface tengigabi...

Page 472: ...ionally down also Load Balancing Through Port Channels Dell Networking OS uses hash algorithms for distributing traffic evenly over channel members in a port channel LAG The hash algorithm distributes traffic among Equal Cost Multi path ECMP paths and LAG members The distribution is based on a flow except for packet based hashing A flow is identified by the hash and is assigned to one link In pack...

Page 473: ...more information about algorithm choices refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide Change to another algorithm CONFIGURATION mode hash algorithm ecmp crc16 crc16cc crc32LSB crc32MSB crc upper dest ip lsb xor1 xor2 xor4 xor8 xor16 Example of the hash algorithm Command The hash algorithm command is specific to ECMP group The default ECMP...

Page 474: ...at are part of interface range You can avoid specifying spaces between the range of interfaces separated by commas that you configure by using the interface range command For example if you enter a list of interface ranges such as interface range fo 2 50 2 53 te 1 1 this configuration is considered valid The comma separated list is not required to be separated by spaces in between the ranges You c...

Page 475: ...itethernet 2 1 2 23 gigab 2 1 2 10 Dell conf if range te 2 1 2 23 Overlap Port Ranges The following is an example showing how the interface range prompt extends a port range from the smallest start port number to the largest end port number when port ranges overlap handles overlapping port ranges Example of the Interface Range Prompt for Overlapping Port Ranges Dell conf interface range tengigabit...

Page 476: ...t Ethernet interfaces 5 1 through 5 4 Example of the define interface range Command for Macros Dell config define interface range test tengigabitethernet 5 1 5 4 Choosing an Interface Range Macro To use an interface range macro use the following command Selects the interfaces range to be configured using the values saved in a named interface range macro CONFIGURATION mode interface range macro nam...

Page 477: ...t Dell monitor interface Te 3 1 Dell uptime is 1 day s 4 hour s 31 minute s Monitor time 00 00 00 Refresh Intvl 2s Interface Te 3 1 Disabled Link is Down Linespeed is 1000 Mbit Traffic statistics Current Rate Delta Input bytes 0 0 Bps 0 Output bytes 0 0 Bps 0 Input packets 0 0 pps 0 Output packets 0 0 pps 0 64B packets 0 0 pps 0 Over 64B packets 0 0 pps 0 Over 127B packets 0 0 pps 0 Over 255B pack...

Page 478: ... the TenGigabitEthernet cable EXEC Privilege mode tdr cable test tengigabitethernet slot port subport Between two ports do not start the test on both ends of the cable Enable the interface before starting the test Enable the port to run the test or the test prints an error message 2 Displays TDR test results EXEC Privilege mode show tdr tengigabitethernet slot port subport Non Dell Qualified Trans...

Page 479: ... ignore these error messages Similarly such error messages are displayed during a reload after you configure the four individual 10G ports to be stacked as a single 40G port To split a single 40G port into four 10G ports use the following command Split a single 40G port into four 10G ports CONFIGURATION mode stack unit stack unit number port number portmode quad number enter the port number of the...

Page 480: ...four fanned out 10 Gigabit ports have plugged in SFP or SFP optical cables However the link UP event happens only for the first 10 Gigabit port and you can use only that port for data transfer As a result only the first fanned out port is identified as the active 10 Gigabit port with a speed of 10G or 1G depending on whether you insert an SFP or SFP cable respectively NOTE Although it is possible ...

Page 481: ...stic Information SFP 1 Rx Power measurement type OMA SFP 1 Temp High Alarm threshold 0 000C SFP 1 Voltage High Alarm threshold 0 000V SFP 1 Bias High Alarm threshold 0 000mA NOTE In the following show interfaces tengigbitethernet commands the ports 1 2 and 3 are inactive and no physical SFP or SFP connection actually exists on these ports However Dell Networking OS still perceives these ports as v...

Page 482: ...lapping by imposing a penalty for each interface flap and decaying the penalty exponentially After the penalty exceeds a certain threshold the interface is put in an Error Disabled state and for all practical purposes of routing the interface is deemed to be down After the interface becomes stable and the penalty decays below a certain threshold the interface comes up again and the routing protoco...

Page 483: ...4 Te 1 2 Up 0 0 1 2 3 4 Te 1 2 Up 0 0 1 2 3 4 Dell To view a dampening summary for the entire system use the show interfaces dampening summary command from EXEC Privilege mode Dell show interfaces dampening summary 20 interfaces are configured with dampening 3 interfaces are currently suppressed Following interfaces are currently suppressed Te 1 2 Te 3 1 Te 4 2 Dell Clearing Dampening Counters To ...

Page 484: ... for each transmission media Transmission Media MTU Range in bytes Ethernet 592 9216 link MTU 576 9398 IP MTU Link Bundle Monitoring Monitoring linked LAG bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time A threshold of 60 is defined as an acceptable amount of traffic on a member link Links are monitored in 15 second intervals for three...

Page 485: ... equal to egress port speed The globally assigned 48 bit Multicast address 01 80 C2 00 00 01 is used to send and receive pause frames To allow full duplex flow control stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to this multicast address The PAUSE frame is defined by IEEE 802 3x and uses MAC Control frames to carry the PAU...

Page 486: ...ow control frames on this port rx off enter the keywords rx off to ignore the received flow control frames on this port tx on enter the keywords tx on to send control frames from this port to the connected device when a higher rate of traffic is received tx off enter the keywords tx off so that flow control frames are not sent from this port to the connected device when a higher rate of traffic is...

Page 487: ...bers For example if the members have a link MTU of 2100 and an IP MTU 2000 the port channel s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU VLANs All members of a VLAN must have the same IP MTU value Members can have different Link MTU values Tagged members must have a link MTU 4 bytes higher than untagged members to account for the packet tag The VLAN link MTU and IP...

Page 488: ...s arise from interoperability issues Setting the Speed and Duplex Mode of Ethernet Interfaces To discover whether the remote and local interface requires manual speed synchronization and to manually synchronize them if necessary use the following command sequence 1 Determine the local interface status Refer to the following example EXEC Privilege mode show interfaces interface stack unit stack uni...

Page 489: ...Mbit Auto 1 Te 1 2 Down Auto Auto 1 Te 1 3 Down Auto Auto Te 1 4 Force10Port Up 1000 Mbit Auto 30 130 Te 1 5 Down Auto Auto Te 1 6 Down Auto Auto Te 1 7 Up 1000 Mbit Auto 1502 1504 1506 1508 1602 Te 1 8 Down Auto Auto Te 1 9 Down Auto Auto Te 1 10 Down Auto Auto Te 1 11 Down Auto Auto Te 1 12 Down Auto Auto output omitted In the previous example several ports display Auto in the Speed field In the...

Page 490: ...ter mode forced slave Force port to slave mode Dell conf if te 1 1 autoneg For details about the speed duplex and negotiation auto commands refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces use the keepalive command The interface sends keepalive messages to itself ...

Page 491: ...r it supports IEEE 802 1Q tagging or not and the VLANs to which the interface belongs Dell show interfaces switchport Name TenGigabitEthernet 3 1 802 1QTagged True Vlan membership Vlan 2 Name TenGigabitEthernet 3 2 802 1QTagged True Vlan membership Vlan 2 Name TenGigabitEthernet 3 3 802 1QTagged True Vlan membership Vlan 2 Name TenGigabitEthernet 3 4 802 1QTagged True Vlan membership Vlan 2 More C...

Page 492: ...ackets sec 0 00 of line rate Output 00 00 Mbits sec 0 packets sec 0 00 of line rate Time since last interface status change 1d23h40m Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 rate interval 100 Dell show interfaces TenGigabitEthernet 1 1 is down line protocol is down Hardware is Force10Eth address is 00 01 e8 01 9e d9 Internet address is not set MTU 1554 bytes IP MTU 1500 bytes...

Page 493: ...s use the following the command Clear the counters used in the show interface commands for all VRRP groups VLANs and physical interfaces or selected ones Without an interface specified the command clears all interface counters EXEC Privilege mode clear counters interface vrrp vrid learning limit OPTIONAL Enter the following interface keywords and slot port or number information For a 10 Gigabit Et...

Page 494: ...s SA drop counters when you configure the MAC learning limit on the interface enter the keywords learning limit Example of the clear counters Command When you enter this command confirm that you want Dell Networking OS to clear the interface counters for that interface Dell clear counters te 1 1 Clear counters on TenGigabitEthernet 1 1 confirm Dell Interfaces 494 ...

Page 495: ...the IP header Typically used when creating virtual private networks VPNs NOTE Due to performance limitations on the control processor you cannot enable IPSec on all packets in a communication session IPSec uses the following protocols Authentication Headers AH Disconnected integrity and origin authentication for IP packets Encapsulating Security Payload ESP Confidentiality authentication and data ...

Page 496: ...myXform set session key inbound esp 256 auth key encrypt key session key outbound esp 257 auth key encrypt key match 0 tcp a 1 128 0 a 2 128 23 match 1 tcp a 1 128 23 a 2 128 0 match 2 tcp a 1 128 0 a 2 128 21 match 3 tcp a 1 128 21 a 2 128 0 match 4 tcp 1 1 1 1 32 0 1 1 1 2 32 23 match 5 tcp 1 1 1 1 32 23 1 1 1 2 32 0 match 6 tcp 1 1 1 1 32 0 1 1 1 2 32 21 match 7 tcp 1 1 1 1 32 21 1 1 1 2 32 0 3...

Page 497: ...an Interface Configuring Static Routes Configure Static Routes for the Management Interface IPv4 Path MTU Discovery Overview Using the Configured Source IP Address in ICMP Messages Configuring the Duration to Establish a TCP Connection Enabling Directed Broadcast Resolution of Host Names Enabling Dynamic Resolution of Host Names Specifying the Local System Domain and a List of Domains Configuring ...

Page 498: ...nted in dotted decimal format For example 00001010110101100101011110000011 is represented as 10 214 87 131 For more information about IP addressing refer to RFC 791 Internet Protocol Implementation Information You can configure any IP address as a static route except IP addresses already assigned to interfaces NOTE Dell Networking OS supports 31 bit subnet masks 31 or 255 255 255 254 as defined by...

Page 499: ...ormation For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For the Management interface on the stack unit enter the keyword ManagementEthernet then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 2 Enable the interface INTERFACE mode no shutd...

Page 500: ...type then the slot port information distance the range is from 1 to 255 optional permanent keep the static route in the routing table if you use the interface option even if you disable the interface with the route optional tag tag value the range is from 1 to 4294967295 optional Example of the show ip route static Command To view the configured routes use the show ip route static command Dell sho...

Page 501: ...ign a static route to point to the management interface or forwarding router CONFIGURATION mode management route ip address mask forwarding router address ManagementEthernet slot port Example of the show ip management route Command To view the configured static routes for the management port use the show ip management route command in EXEC privilege mode Dell show ip management route Destination G...

Page 502: ...and IPv6 traffic are applied the same MTU size you cannot specify different MTU values for IPv4 and IPv6 packets Using the Configured Source IP Address in ICMP Messages ICMP error or unreachable messages are now sent with the configured IP address of the source interface instead of the front end port IP address as the source IP address Enable the generation of ICMP unreachable messages through the...

Page 503: ...l to a higher value depending on the complexity of your network and the configuration attributes To configure the duration for which the device waits for the ACK packet to be sent from the requesting host to establish the TCP connection perform the following steps 1 Define the wait duration in seconds for the TCP connection to be established CONFIGURATION mode Dell conf ip tcp reduced syn ack wait...

Page 504: ...nd a List of Domains Configuring DNS with Traceroute Name server Domain name and Domain list are VRF specific The maximum number of Name servers and Domain lists per VRF is six Enabling Dynamic Resolution of Host Names By default dynamic resolution of host names DNS is disabled To enable DNS use the following commands Enable dynamic resolution of host names CONFIGURATION mode ip domain lookup Spec...

Page 505: ... to 63 characters to configure one domain name CONFIGURATION mode ip domain name name Enter up to 63 characters to configure names to complete unqualified host names CONFIGURATION mode ip domain list name Configure this command up to six times to specify a list of possible domain names Dell Networking OS searches the domain names in the order they were configured until a match is found or the list...

Page 506: ...P ARP runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network Over time Dell Networking OS creates a forwarding table mapping the MAC addresses to their corresponding IP address This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time For more information about ARP refer to RFC 826 An Ethernet Addres...

Page 507: ...ess IP address in dotted decimal format A B C D mac address MAC address in nnnn nnnn nnnn format interface enter the interface type slot port information For 10G interfaces enter the slot port information Example of the show arp Command These entries do not age and can only be removed manually To remove a static ARP entry use the no arp ip address command To view the static entries in the ARP cach...

Page 508: ...et then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 NOTE Transit traffic may not be forwarded during the period when deleted ARP entries are resolved again and re inst...

Page 509: ...ons prior to 8 3 1 0 Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface This is the case when a host is attempting to resolve the gateway address If the target IP does not match the incoming interface the packet is dropped If there is an existing entry for the requesting host it is updated Figure 53 ARP ...

Page 510: ...tries The default backoff interval remains at 20 seconds On the device the time between ARP resend is configurable This timer is an exponential backoff timer Over the specified period the time between ARP requests increases This time increase reduces the potential for the system to slow down while waiting for a multitude of ARP responses To set and display ARP retries use the following commands Se...

Page 511: ...e Dell Networking OS Command Line Reference Guide Enabling ICMP Unreachable Messages By default ICMP unreachable messages are disabled When enabled ICMP unreachable messages are created and sent out all interfaces To disable and re enable ICMP unreachable messages use the following commands To disable ICMP unreachable messages INTERFACE mode no ip unreachable Set Dell Networking OS to create and s...

Page 512: ...r is compatible with IP helper ip helper address UDP broadcast traffic with port number 67 or 68 are unicast to the dynamic host configuration protocol DHCP server per the ip helper address configuration whether or not the UDP port list contains those ports If the UDP port list contains ports 67 or 68 UDP broadcast traffic is forwarded on those ports Enabling UDP Helper To enable UDP helper use th...

Page 513: ...e8 0d b9 7a Interface index is 1107787876 Internet address is 1 1 0 1 24 IP UDP Broadcast address is 1 1 255 255 MTU 1554 bytes IP MTU 1500 bytes LineSpeed auto ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 07 44 Queueing strategy fifo Input Statistics 0 packets 0 bytes Time since last interface status change 00 07 44 Configurations Using UDP Helper When you enable...

Page 514: ...nd 101 If you do not configure an IP broadcast address using the ip udp broadcast address command on VLANs 100 or 101 the packet is forwarded using the original destination IP address 255 255 255 255 Packet 2 sent from a host on VLAN 101 has a broadcast MAC address and IP address In this case 1 It is flooded on VLAN 101 without changing the destination address because the forwarding process is Lay...

Page 515: ...P address of 1 1 1 255 In this case it is flooded on VLAN 101 in its original condition as the forwarding process is Layer 2 Figure 56 UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces In the following illustratio...

Page 516: ...stination IP address that matches the subnet broadcast address of any interface the unaltered packet is routed to the matching interfaces Troubleshooting UDP Helper To display debugging information for troubleshooting use the debug ip udp helper command Example of the debug ip udp helper Command Dell conf debug ip udp helper 01 20 22 Pkt rcvd on Te 5 1 with IP DA 0xffffffff will be sent on Te 5 2 ...

Page 517: ...OTREQUEST Forwarded BOOTREQUEST for 00 02 2D 8D 46 DC to 137 138 17 6 2005 11 05 11 59 36 RELAY I PACKET BOOTP REPLY Unicast received at interface 194 12 129 98 BOOTP Reply XID 0x9265f901 secs 0 hwaddr 00 02 2D 8D 46 DC giaddr 172 21 50 193 hops 2 2005 07 05 11 59 36 RELAY I BOOTREPLY Forwarded BOOTREPLY for 00 02 2D 8D 46 DC to 128 141 128 90 Packet 0 0 0 0 68 255 255 255 255 67 TTL 128 IPv4 Rout...

Page 518: ...rms refer to Implementing IPv6 with Dell Networking OS NOTE Even though Dell Networking OS listens to all ports you can only use the ports starting from 1024 for IPv6 traffic Ports from 0 to 1023 are reserved for internal use and you cannot use them for IPv6 traffic Topics Protocol Overview Implementing IPv6 with Dell Networking OS ICMPv6 Path MTU Discovery IPv6 Neighbor Discovery Configuration Ta...

Page 519: ...ganization changes its service provider NOTE As an alternative to stateless autoconfiguration network hosts can obtain their IPv6 addresses using the dynamic host control protocol DHCP servers via stateful auto configuration NOTE Dell Networking OS provides the flexibility to add prefixes on Router Advertisements RA to advertise responses to Router Solicitations RS By default RA response messages ...

Page 520: ...There can be no extension headers one extension header or more than one extension header in an IPv6 packet Extension headers are defined in the Next Header field of the preceding IPv6 header IPv6 Header Fields The 40 bytes of the IPv6 header are ordered as shown in the following illustration Figure 58 IPv6 Header Fields Version 4 bits The Version field always contains the number 6 referring to the...

Page 521: ... packet payload be 64 KB However the Jumbogram option type Extension header supports larger packet sizes when required Next Header 8 bits The Next Header field identifies the next header s type If an Extension header is used this field contains the type of Extension header as shown in the following table If the next header is a transmission control protocol TCP or user datagram protocol UDP header...

Page 522: ...e viewed only by the destination router identified in the Destination Address field If the Destination Address is a multicast address the Extension headers are examined by all the routers in that multicast group However if the Destination Address is a Hop by Hop options header the Extension header is examined by every forwarding router along the packet s route The Hop by Hop options header must im...

Page 523: ...IPv6 address If one or more four digit group s is 0000 the zeros may be omitted and replaced with two colons For example 2001 0db8 0000 0000 0000 0000 1428 57ab can be shortened to 2001 0db8 1428 57ab Only one set of double colons is supported in a single address Any number of consecutive 0000 groups may be reduced to two colons as long as there is only one double colon used in an address Leading ...

Page 524: ...y implement dynamically assigned static IPv6 addresses In this case a DHCP server is used but it is specifically configured to always assign the same IPv6 address to a particular computer and never to assign that IP address to another computer This allows static IPv6 addresses to be configured in one place without having to specifically configure each computer on the network in a different way In ...

Page 525: ...and IPv6 BGP chapters in the Dell Networking OS Command Line Reference Guide Multiprotocol BGP extensions for IPv6 9 7 0 1 IPv6 BGP in the Dell Networking OS Command Line Reference Guide IPv6 BGP MD5 Authentication 9 7 0 1 IPv6 BGP in the Dell Networking OS Command Line Reference Guide IS IS for IPv6 9 7 0 1 Intermediate System to Intermediate System IPv6 IS IS in the Dell Networking OS Command Li...

Page 526: ...Line Reference Guide Telnet server over IPv6 inbound Telnet 9 7 0 1 Configuring Telnet with IPv6 Control and Monitoring in the Dell Networking OS Command Line Reference Guide Secure Shell SSH client support over IPv6 outbound SSH Layer 3 only 9 7 0 1 Secure Shell SSH Over an IPv6 Transport Secure Shell SSH server support over IPv6 inbound SSH Layer 3 only 9 7 0 1 Secure Shell SSH Over an IPv6 Tran...

Page 527: ...Exceeded and Parameter Problem messages Informational messages provide diagnostic functions and additional host functions such as Neighbor Discovery and Multicast Listener Discovery These messages also include Echo Request and Echo Reply messages The Dell Networking OS ping and traceroute commands extend to support IPv6 addresses These commands use ICMPv6 Type 2 messages Path MTU Discovery Path MT...

Page 528: ...an IPv6 device learns the link layer addresses for neighbors known to reside on attached links quickly purging cached values that become invalid NOTE If a neighboring node does not have an IPv6 address assigned it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node NOTE To avoid problems with network discovery Dell Networking recommends configurin...

Page 529: ... interface The ipv6 nd mtu command sets the value advertised to routers It does not set the actual MTU rate For example if you set ipv6 nd mtu to 1280 the interface still passes 1500 byte packets if that is what is set with the mtu command Configuration Task List for IPv6 RDNSS This section describes how to configure the IPv6 Recursive DNS Server This sections contains the following configuration ...

Page 530: ...on in the IPv6 RDNSS configuration a DNS error is displayed Example for Configuring an IPv6 Recursive DNS Server The following example configures a RDNNS server with an IPv6 address of 1000 1 and a lifetime of 1 second Dell conf if te 1 1 ipv6 nd dns server X X X X X Recursive DNS Server s RDNSS IPv6 address Dell conf if te 1 1 ipv6 nd dns server 1000 1 0 4294967295 Max lifetime sec which RDNSS ad...

Page 531: ...ates that the IPv6 RDNSS was correctly configured on interface te 1 1 Dell show ipv6 interface te 1 1 TenGigabitEthernet 1 1 is up line protocol is up IPV6 is enabled Link Local address fe80 201 e8ff fe8b 7570 Global Unicast address es 1212 12 subnet is 1212 64 MANUAL Remaining lifetime infinite Global Anycast address es Joined Group address es ff02 1 ff02 2 ff02 1 ff00 12 ff02 1 ff8b 7570 ND MTU ...

Page 532: ...ide Configuration Tasks for IPv6 The following are configuration tasks for the IPv6 protocol Adjusting Your CAM Profile Assigning an IPv6 Address to an Interface Assigning a Static IPv6 Route Configuring Telnet with IPv6 SNMP over IPv6 Showing IPv6 Information Clearing IPv6 Routes Adjusting Your CAM Profile Although adjusting your CAM profile is not a mandatory step if you plan to implement IPv6 A...

Page 533: ...d IPv4 ACL The total number of groups is 4 Assigning an IPv6 Address to an Interface Essentially IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces You can use IPv6 and IPv4 together on a system but be sure to differentiate that usage carefully To assign an IPv6 address to an interface use the ipv6 address command You can configure up to two IP...

Page 534: ...g Enter the keyword interface then the type of interface and slot port information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For a port channel interface...

Page 535: ... Line Interface Reference Guide snmp server host snmp server user ipv6 snmp server community ipv6 snmp server community access list name ipv6 snmp server group ipv6 snmp server group access list name ipv6 Displaying IPv6 Information View specific IPv6 configuration with the following commands List the IPv6 show options EXEC mode or EXEC Privileged mode show ipv6 Example of show ipv6 Command Option...

Page 536: ...er from 1 to 4094 Example of the show ipv6 interface Command Dell show ipv6 int ManagementEthernet 1 1 ManagementEthernet 1 1 is up line protocol is up IPV6 is enabled Stateless address autoconfiguration is enabled Link Local address fe80 201 e8ff fe8b 386e Global Unicast address es Actual address is 400 201 e8ff fe8b 386e subnet is 400 64 Actual address is 412 201 e8ff fe8b 386e subnet is 412 64 ...

Page 537: ...tes enter static To display information about an IPv6 Prefix lists enter list and the prefix list name Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command Dell show ipv6 route summary Route Source Active Routes Non active Routes connected 5 0 static 0 0 Total 5 0 The following example shows the show ipv6 route command Dell show ipv6 route Codes ...

Page 538: ...information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For the Management interface on the stack unit enter the keyword ManagementEthernet then the slot port information Example of the show running config interface Command Dell show run...

Page 539: ...de ipv6 nd ra guard policy policy name 4 Define the role of the device attached to the port POLICY LIST CONFIGURATION mode device role host router Use the keyword host to set the device role as host Use the keyword router to set the device role as router 5 Set the hop count limit POLICY LIST CONFIGURATION mode hop limit maximum minimum limit The hop limit range is from 0 to 254 6 Set the managed a...

Page 540: ...e advertised reachability time POLICY LIST CONFIGURATION mode reachable time value The reachability time range is from 0 to 3 600 000 milliseconds 14 Set the advertised retransmission time POLICY LIST CONFIGURATION mode retrans timer value The retransmission time range is from 100 to 4 294 967 295 milliseconds 15 Display the configurations applied on the RA guard policy mode POLICY LIST CONFIGURAT...

Page 541: ...a guard policy policy name The policy name string can be up to 140 characters Example of the show ipv6 nd ra guard policy Command Dell show ipv6 nd ra guard policy test ipv6 nd ra guard policy test device role router hop limit maximum 1 match ra ipv6 access list access other config flag on router preference maximum medium trusted port Interfaces Te 1 1 Dell Monitoring IPv6 RA Guard To debug IPv6 R...

Page 542: ...ns that enables optimization of the network for better storage traffic throughput iSCSI is disabled by default iSCSI optimization also provides a means of monitoring iSCSI sessions and applying quality of service QoS policies on iSCSI traffic When enabled iSCSI optimization allows a switch to monitor snoop the establishment and termination of iSCSI connections The switch uses the snooped informati...

Page 543: ...luding port information and iSCSI session information iSCSI QoS A user configured iSCSI class of service CoS profile is applied to all iSCSI traffic Classifier rules are used to direct the iSCSI data traffic to queues that can be given preferential QoS treatment over other data passing through the switch Preferential treatment helps to avoid session interruptions during times of congestion that wo...

Page 544: ...trap iSCSI protocol packets to the CPU for examination Devices that initiate iSCSI sessions usually use well known TCP ports 3260 or 860 to contact targets When you enable iSCSI optimization by default the switch identifies IP packets to or from these ports as iSCSI traffic You can configure the switch to monitor traffic for additional port numbers or a combination of port number and target IP add...

Page 545: ...re re marked to contain the configured VLAN priority tag or IP DSCP when forwarded through the switch NOTE On a switch in which a large proportion of traffic is iSCSI CoS queue assignments may interfere with other network control plane traffic such as ARP or LACP Balance preferential treatment of iSCSI traffic against the needs of other critical data in the network Information Monitored in iSCSI T...

Page 546: ...o Configuration for Dell EqualLogic Arrays The iSCSI optimization feature includes auto provisioning support with the ability to detect directly connected Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic flows The switch uses the link layer discovery protocol LLDP to discover Dell EqualLogic devices on the network LLDP is enabled by default For mor...

Page 547: ... to the maximum for all interfaces on all ports and port channels if it is not already enabled Spanning tree portfast is enabled on the interface Unicast storm control is disabled on the interface Enter the iscsi profile compellent command in INTERFACE Configuration mode for example Dell conf if te o 50 iscsi profile compellent Synchronizing iSCSI Sessions Learned on VLT Lags with VLT Peer The fol...

Page 548: ...etect EqualLogic arrays The following message displays when you enable iSCSI on a switch and describes the configuration changes that are automatically performed STKUNIT0 M CP IFMGR 5 IFM_ISCSI_ENABLE iSCSI has been enabled causing flow control to be enabled on all interfaces EQL detection and enabling iscsi profile compellent on an interface may cause some automatic configurations to occur like j...

Page 549: ...k setting DSCP None user configurable Remark Not configured iSCSI session aging time 10 minutes iSCSI optimization target ports iSCSI well known ports 3260 and 860 are configured as default with no IP address or name but can be removed as any other configured target iSCSI session monitoring Disabled The CAM allocation for iSCSI is set to zero 0 iSCSI Optimization Prerequisites The following are iS...

Page 550: ...he flash memory in the CONFIG_TEMPLATE file NOTE DCB DCBx is enabled when you apply the iSCSI configuration in step 3 If you manually apply the iSCSI configuration by following steps 1 and 2 enable link layer discovery protocol LLDP before enabling iSCSI in step 2 You cannot disable LLDP if you enable iSCSI 4 Save the configuration on the switch EXEC Privilege mode write memory 5 Reload the switch...

Page 551: ...ith dotp1 priority 4 without remark disable disables the application of preferential QoS treatment to iSCSI frames dot1p vlan priority value specifies the virtual local area network VLAN priority tag assigned to incoming packets in an iSCSI session The range is from 0 to 7 The default is the dot1p value in ingress iSCSI frames is not changed and the same priority is used in iSCSI TLV advertisement...

Page 552: ...pecified iSCSI session enter the session s iSCSI ID show iscsi sessions detailed session isid Display all globally configured non default iSCSI settings in the current Dell Networking OS session show run iscsi Examples of the show iscsi Commands The following example shows the show iscsi command Dell show iscsi iSCSI is enabled iSCSI session monitoring is disabled iSCSI COS dot1p is 4 no remark Se...

Page 553: ...2c Up Time 00 00 01 28 DD HH MM SS Time for aging out 00 00 09 34 DD HH MM SS ISID 806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10 10 0 44 33345 10 10 0 101 3260 0 VLT PEER2 Session 0 Target iqn 2010 11 com ixia ixload iscsi TG1 Initiator iqn 2010 11 com ixia ixload initiator iscsi 2c Up Time 00 00 01 28 DD HH MM SS Time for aging out 00 00 09...

Page 554: ... 1 Level 2 or Level 1 2 systems Level 1 routers only route traffic within an area while Level 2 routers route traffic between areas At its most basic Level 1 systems route traffic within the area and any traffic destined for outside the area is sent to a Level 1 2 system Level 2 systems manage destination paths for external routers Only Level 2 routers can exchange data packets or routing informat...

Page 555: ... an example of the ISO style address to show the address format IS IS uses In this example the first five bytes 47 0005 0001 are the area address The system portion is 000c 000a 4321 and the last byte is always 0 Figure 62 ISO Address Format Multi Topology IS IS Multi topology IS IS MT IS IS allows you to create multiple IS IS topologies on a single router with separate databases Use this feature ...

Page 556: ...gical restrictions of single topology mode are no longer in effect Interface Support MT IS IS is supported on physical Ethernet interfaces physical synchronous optical network technologies SONET interfaces port channel interfaces static and dynamic using LACP and virtual local area network VLAN interfaces Adjacencies Adjacencies on point to point interfaces are formed as usual where IS IS routers ...

Page 557: ...nt of time seconds or a number of attempts The T2 timer is the maximum time that the system waits for LSP database synchronization This timer applies to the database type level 1 level 2 or both The T3 timer sets the overall wait time after which the router determines that it has failed to achieve database synchronization by setting the overload bit in its own LSP You can base this timer on adjace...

Page 558: ...Value Complete sequence number PDU CSNP interval 10 seconds IS to IS hello PDU interval 10 seconds IS IS interface metric 10 Metric style Narrow Designated Router priority 64 Circuit Type Level 1 and Level 2 IS Type Level 1 and Level 2 Equal Cost Multi Paths 16 Configuration Information To use IS IS you must configure and enable IS IS in two or three modes CONFIGURATION ROUTER ISIS CONFIGURATION I...

Page 559: ... For example a Level 1 router never forms an adjacency with a Level 2 router A Level 1 2 router forms Level 1 adjacencies with a neighboring Level 1 router and forms Level 2 adjacencies with a neighboring Level 2 router NOTE Even though you enable IS IS globally enable the IS IS process on an interface for the IS IS process to exchange protocol information and form adjacencies To configure IS IS g...

Page 560: ...pv6 address x x x x x mask The prefix length is from 0 to 128 The IPv6 address must be on the same subnet as other IS IS neighbors but the IP address does not need to relate to the NET address 6 Enable IS IS on the IPv4 interface ROUTER ISIS mode ip router isis tag If you configure a tag variable it must be the same as the tag variable assigned in step 1 7 Enable IS IS on the IPv6 interface ROUTER...

Page 561: ...evel 2 SPF Calculations 29 IS IS LSP checksum errors received 0 IS IS LSP authentication failures 0 Dell You can assign more NET addresses but the System ID portion of the NET address must remain the same Dell Networking OS supports up to six area addresses Some address considerations are In order to be neighbors configure Level 1 routers with at least one common area address A Level 2 router beco...

Page 562: ...d 16 777 215 Configuring IS IS Graceful Restart To enable IS IS graceful restart globally use the following commands Additionally you can implement optional commands to enable the graceful restart settings Enable graceful restart on ISIS processes ROUTER ISIS mode graceful restart ietf Configure the time during which the graceful restart attempt is prevented ROUTER ISIS mode graceful restart inter...

Page 563: ...uter receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option manual allows you to specify a fixed value that the restarting router should use The range is from 50 to 120 seconds The default is 30 seconds Examples of the show isis graceful restart detail Command NOTE If this timer expires before the synchronization has completed the restarting ...

Page 564: ...ello Multiplier 3 CSNP Interval 10 Number of active level 1 adjacencies 1 Level 2 Metric 10 Priority 64 Circuit ID 0000 0000 000B 01 Hello Interval 10 Hello Multiplier 3 CSNP Interval 10 Number of active level 2 adjacencies 1 Next IS IS LAN Level 1 Hello in 4 seconds Next IS IS LAN Level 2 Hello in 6 seconds LSP Interval 33 Next IS IS LAN Level 1 Hello in 4 seconds Next IS IS LAN Level 2 Hello in ...

Page 565: ...erfaces are associated with a cost that is used in the shortest path first SPF calculations The possible cost varies depending on the metric style supported If you configure narrow transition or narrow transition metric style the cost can be a number between 0 and 63 If you configure wide or wide transition metric style the cost can be a number between 0 and 16 777 215 Dell Networking OS supports ...

Page 566: ...etric style narrow transition transition wide transition level 1 level 2 The default is narrow The default is Level 1 and Level 2 level 1 2 To view which metric types are generated and received use the show isis protocol command in EXEC Privilege mode The IS IS matrixes settings are in bold Example of Viewing IS IS Metric Types Dell show isis protocol IS IS Router Null Tag System Id EEEE EEEE EEEE...

Page 567: ...tric level 1 level 2 default metric the range is from 0 to 63 for narrow and transition metric styles The range is from 0 to 16777215 for wide metric styles The default is 10 The default level is level 1 For more information about this command refer to Configuring the IS IS Metric Style The following table describes the correct value range for the isis metric command Metric Sytle Correct Value Ran...

Page 568: ... 1 2 the software maintains two Link State databases one for each level To view the Link State databases use the show isis database command Dell show isis database IS IS Level 1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL B233 00 00 0x00000003 0x07BF 1088 0 0 0 eljefe 00 00 0x00000009 0xF76A 1126 0 0 0 eljefe 01 00 0x00000001 0x68DF 1122 0 0 0 eljefe 02 00 0x00000001 0...

Page 569: ... use the following commands NOTE These commands apply to IPv4 IS IS only To apply prefix lists to IPv6 routes use ADDRESS FAMILY IPV6 mode shown later Apply a configured prefix list to all incoming IPv4 IS IS routes ROUTER ISIS mode distribute list prefix list name in interface Enter the type of interface and the interface information For a 10 Gigabit Ethernet interface enter the keyword TenGigabi...

Page 570: ...annel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Apply a configured prefix list to all outgoing IPv6 IS IS routes ROUTER ISIS AF IPV6 mode distribute list prefix list name out bgp as number connected ospf process id rip static You can configure one of the optional parameters connected for directly connected routes ospf process id for OSPF routes only rip...

Page 571: ...rnal 1 2 match internal metric type external internal route map map name Configure the following parameters process id the range is from 1 to 65535 level 1 level 1 2 or level 2 assign all redistributed routes to a level The default is level 2 metric value the range is from 0 to 16777215 The default is 0 match external the range is from 1 or 2 match internal metric type external or internal map nam...

Page 572: ...rrent IPv4 IS IS configuration use the show config command in ROUTER ISIS mode To view the current IPv6 IS IS configuration use the show config command in ROUTER ISIS ADDRESS FAMILY IPV6 mode Configuring Authentication Passwords You can assign an authentication password for routers in Level 1 and for routers in Level 2 Because Level 1 and Level 2 routers do not communicate with each other you can ...

Page 573: ... ROUTER ISIS mode no set overload bit Example of Viewing the Overload Bit Setting When the bit is set a 1 is placed in the OL column in the show isis database command output The overload bit is set in both the Level 1 and Level 2 database because the IS type for the router is Level 1 2 Dell show isis database IS IS Level 1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL B2...

Page 574: ...nterface Enter the type of interface and slot port information to view IS IS information on that interface only View the events that triggered IS IS shortest path first SPF events for debugging purposes EXEC Privilege mode debug isis spf triggers View sent and received LSPs EXEC Privilege mode debug isis update packets interface To view specific information enter the following optional parameter i...

Page 575: ...anges depending on the metric style The following describes the correct value range for the isis metric command Metric Style Correct Value Range for the isis metric Command wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 Maximum Values in the Routing Table IS IS metric styles support different cost ranges for the route The cost range for...

Page 576: ...ow transition default value 10 if the original value is greater than 63 A message is sent to the console wide wide transition original value narrow wide original value narrow transition original value narrow narrow transition original value narrow wide transition original value transition wide original value transition narrow original value transition narrow original value transition wide transiti...

Page 577: ... Final Metric Value wide transition truncated value wide original value is recovered wide transition transition truncated value wide transition original value is recovered wide transition truncated value narrow default value 10 A message is sent to the logging buffer wide transition transition truncated value narrow transition default value 10 A message is sent to the logging buffer Leaks from One...

Page 578: ...and IPv6 routing is being used You can copy and paste from these examples to your CLI To support your own IP addresses interfaces names and so on be sure that you make the necessary changes NOTE Whenever you make IS IS configuration changes clear the IS IS process re started using the clear isis command The clear isis command must include the tag for the ISIS process The following example shows th...

Page 579: ...figuration Multi topology IS IS Sample Configuration Multi topology Transition The following is a sample configuration for enabling IPv6 IS IS Dell conf if te 3 17 show config interface TenGigabitEthernet 3 17 ip address 24 3 1 1 24 ipv6 address 24 3 1 76 ip router isis ipv6 router isis no shutdown Dell conf if te 3 17 Dell conf router_isis show config router isis metric style wide level 1 metric ...

Page 580: ... router_isis Dell conf if te 3 17 show config interface TenGigabitEthernet 3 17 ipv6 address 24 3 1 76 ipv6 router isis no shutdown Dell conf if te 3 17 Dell conf router_isis show config router isis net 34 0000 0000 AAAA 00 address family ipv6 unicast multi topology transition exit address family Dell conf router_isis Intermediate System to Intermediate System 580 ...

Page 581: ... automatically establishes the LAG between the systems LACP permits the exchange of messages on a link to allow their LACP instances to Reach an agreement on the identity of the LAG to which the link belongs Move the link to that LAG Enable the transmission and reception functions in an orderly manner The Dell Networking OS implementation of LACP is based on the standards specified in the IEEE 802...

Page 582: ...e Off In this state an interface is not capable of being part of a dynamic LAG LACP does not run on any port that is configured to be in this state Active In this state the interface is said to be in the active negotiating state LACP runs on any link that is configured to be in this state A port in Active state also automatically initiates negotiations with other ports by initiating LACP packets P...

Page 583: ...er the number the lower the priority The default is 32768 LACP Configuration Tasks The following configuration tasks apply to LACP Creating a LAG Configuring the LAG Interfaces as Dynamic Setting the LACP Long Timeout Monitoring and Debugging LACP Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel LAG use the following command First you define the LAG and then th...

Page 584: ...e Dell conf interface TenGigabitethernet 4 15 Dell conf if te 4 15 no shutdown Dell conf if te 4 15 port channel protocol lacp Dell conf if te 4 15 lacp port channel 32 mode active Dell conf interface TenGigabitethernet 4 16 Dell conf if te 4 16 no shutdown Dell conf if te 4 16 port channel protocol lacp Dell conf if te 4 16 lacp port channel 32 mode active The port channel 32 mode active command ...

Page 585: ...e Link F Individual Link G IN_SYNC H OUT_OF_SYNC I Collection enabled J Collection disabled K Distribution enabled L Distribution disabled M Partner Defaulted N Partner Non defaulted O Receiver is in expired state P Receiver is not in expired state Port Te 3 6 is enabled LACP is enabled and mode is lacp Actor Admin State ADEHJLMP Key 1 Priority 128 To view the PDU exchanges and the timeout value u...

Page 586: ...G 2 into a single entity called a failover group Configuring Shared LAG State Tracking To configure shared LAG state tracking you configure a failover group NOTE If a LAG interface is part of a redundant pair you cannot use it as a member of a failover group created for shared LAG state tracking 1 Enter port channel failover group mode CONFIGURATION mode port channel failover group 2 Create a fail...

Page 587: ...ber use the show interface port channel command Dell show interface port channel 2 Port channel 2 is up line protocol is down Failover group 1 is down Hardware address is 00 01 e8 05 e8 4c Current address is 00 01 e8 05 e8 4c Interface index is 1107755010 Minimum number of links to bring Port channel up is 1 Port channel is part of failover group 1 Internet address is not set MTU 1554 bytes IP MTU...

Page 588: ...ature its members may still be in the Up state LACP Basic Configuration Example The screenshots in this section are based on the following example topology Two routers are named ALPHA and BRAVO and their hostname prompts reflect those names Figure 66 LACP Basic Configuration Example Configure a LAG on ALPHA The following example creates a LAG on ALPHA Example of Configuring a LAG Alpha conf interf...

Page 589: ... show interface counters 00 02 11 Queueing strategy fifo Input statistics 132 packets 163668 bytes 0 Vlans 0 64 byte pkts 12 over 64 byte pkts 120 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 132 Multicasts 0 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 136 packets 16718 bytes 0 underruns 0 64 byte pkts 15 over 64 byte ...

Page 590: ...Figure 67 Inspecting the LAG Configuration Link Aggregation Control Protocol LACP 590 ...

Page 591: ...Figure 68 Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol LACP 591 ...

Page 592: ... Alpha conf if te 2 31 shutdown Alpha conf if te 2 31 port channel protocol lacp Alpha conf if te 2 31 lacp port channel 10 mode active Alpha conf if te 2 31 lacp no shut Alpha conf if te 2 31 show config interface GigabitEthernet 2 31 no ip address port channel protocol LACP port channel 10 mode active no shutdown Alpha conf if te 2 31 interface Port channel 10 no ip address Link Aggregation Cont...

Page 593: ... 10 exit Bravo conf int tengig 3 21 Bravo conf no ip address Bravo conf no switchport Bravo conf shutdown Bravo conf if te 3 21 port channel protocol lacp Bravo conf if te 3 21 lacp port channel 10 mode active Bravo conf if te 3 21 lacp no shut Bravo conf if te 3 21 end interface TenGigabitEthernet 3 21 no ip address port channel protocol LACP port channel 10 mode active no shutdown Bravo conf if ...

Page 594: ...Figure 70 Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol LACP 594 ...

Page 595: ...Figure 71 Inspecting LAG 10 Using the show interfaces port channel Command Link Aggregation Control Protocol LACP 595 ...

Page 596: ...ed on both synchronous and asynchronous lines and can operate in Half Duplex or Full Duplex mode It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection As its name implies it is for point to point connections between exactly two devices and assumes that frames are sent and received in the same order Link Aggregation Co...

Page 597: ... address all interface vlan address deletes the specified entry all deletes all dynamic entries interface deletes all entries for the specified interface vlan deletes all entries for the specified VLAN Setting the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries which means that they are subject to aging For any dynamic entry if no packet arrives on ...

Page 598: ...ace static vlan address displays the specified entry aging time displays the configured aging time count displays the number of dynamic and static entries for all VLANs and the total number of entries dynamic displays only dynamic entries interface displays only entries for the specified interface static displays only static entries vlan displays only entries for the specified VLAN MAC Learning Li...

Page 599: ...nt from versions 8 2 1 1 and earlier which read Error ACL returned error Error Remove existing limit configuration if it was configured before Setting the MAC Learning Limit To set a MAC learning limit on an interface use the following command Specify the number of MAC addresses that the system can learn off a Layer 2 interface INTERFACE mode mac learning limit address_limit Three options are avai...

Page 600: ...any additional MAC addresses are converted to sticky MACs on that interface To remove all sticky MAC addresses from the running config file disable sticky MAC and use the write config command When you enable sticky mac on an interface dynamically learned MAC addresses do not age even if you enabled mac learning limit dynamic If you configured mac learning limit and mac learning limit dynamic and y...

Page 601: ...rface and a new address is received using one the following options with the mac learning limit command use the following commands Generate a system log message when the MAC learning limit is exceeded INTERFACE mode learn limit violation log Shut down the interface and generate a system log message when the MAC learning limit is exceeded INTERFACE mode learn limit violation shutdown Setting Statio...

Page 602: ... learning limit use the following commands NOTE Alternatively you can reset the interface by shutting it down using the shutdown command and then re enabling it using the no shutdown command Reset interfaces in the ERR_Disabled state caused by a learning limit violation or station move violation EXEC Privilege mode mac learning limit reset Reset interfaces in the ERR_Disabled state caused by a lea...

Page 603: ...over port When the NIC fails the system automatically sends an ARP request for the gateway or host NIC to resolve the ARP and refresh the egress interface When the ARP is resolved the same MAC address is learned on the same port where the ARP is resolved in the previous example this location is Port 0 5 of the switch To ensure that the MAC address is disassociated with one port and reassociated wi...

Page 604: ...witching loops as shown in the following illustration The redundant pairs feature allows you to create redundant links in networks that do not use STP by configuring backup interfaces for the interfaces on either side of the primary link NOTE For more information about STP refer to Spanning Tree Protocol STP Assign a backup interface to an interface using the switchport backup command The backup i...

Page 605: ...p it remains as the backup interface for the redundant pair If the interface is a member link of a LAG the following primary backup interfaces are also supported primary interface is a physical interface the backup interface can be a physical interface primary interface is a physical interface the backup interface can be a static or dynamic LAG primary interface is a static or dynamic LAG the back...

Page 606: ...up link active A message similar to the following message appears whenever you configure a backup port 02 28 04 RPM0 P CP IFMGR 5 L2BKUP_WARN Do not run any Layer2 protocols on Te 3 41 and Te 3 42 02 28 04 RPM0 P CP IFMGR 5 OSTATE_DN Changed interface state to down Te 3 42 02 28 04 RPM0 P CP IFMGR 5 STATE_ACT_STBY Changed interface state to standby te 3 42 Example of Configuring Redundant Layer 2 ...

Page 607: ...rface port channel 2 Apr 9 00 15 13 STKUNIT0 M CP IFMGR 5 L2BKUP_WARN Do not run any Layer2 protocols on Po 1 and Po 2 Apr 9 00 15 13 STKUNIT0 M CP IFMGR 5 OSTATE_DN Changed interface state to down Po 2 Apr 9 00 15 13 STKUNIT0 M CP IFMGR 5 STATE_ACT_STBY Changed interface state to standby Po 2 Dell conf if po 1 Dell Dell show interfaces switchport backup Interface Status Paired Interface Status Po...

Page 608: ... that upper layer protocols can detect the neighbor unavailability faster FEFD State Changes FEFD has two operational modes Normal and Aggressive When you enable Normal mode on an interface and a far end failure is detected no intervention is required to reset the interface to bring it back to an FEFD operational state When you enable Aggressive mode on an interface in the same state manual interv...

Page 609: ...Change When Configuring FEFD Local Event Mode Local State Remote State Local Admin Status Local Protocol Status Remote Admin Status Remote Protocol Status Shutdown Normal Admin Shutdown Unknown Down Down Up Down Shutdown Aggressive Admin Shutdown Err disabled Down Down Up Down FEFD enable Normal Bi directional Bi directional Up Up Up Up FEFD enable Aggressive Bi directional Bi directional Up Up Up...

Page 610: ...e ip address ip address switchport 2 Enable the necessary ports administratively INTERFACE mode no shutdown 3 Enable fefd globally CONFIGURATION mode fefd global interval mode Example of the show fefd Command To display information about the state of each interface use the show fefd command in EXEC privilege mode Dell show fefd FEFD is globally ON interval is 3 seconds mode is Normal INTERFACE MOD...

Page 611: ...evious FEFD configuration which you can enable again at any time To set up and activate two or more connected interfaces use the following commands 1 Setup two or more connected interfaces for Layer 2 or Layer 3 INTERFACE mode ip address ip address switchport 2 Activate the necessary ports administratively INTERFACE mode no shutdown 3 INTERFACE mode fefd disable interval mode Example of Viewing FE...

Page 612: ...Te 4 1 changed from Bi directional to Unknown Dell debug fefd packets Dell 2w1d22h FEFD packet sent via interface Te 1 1 Sender state Bi directional Sender info Mgmt Mac 00 01 e8 14 89 25 Slot Port Te 1 1 Peer info Mgmt Mac 00 01 e8 14 89 25 Slot Port Te 4 1 Sender hold time 3 second 2w1d22h FEFD packet received on interface Te 4 1 Sender state Bi directional Sender info Mgmt Mac 00 01 e8 14 89 25...

Page 613: ...uration information is exchanged in the form of Type Length Value TLV segments Type The kind of information included in the TLV Length The value in octets of the TLV after the Length field Value The configuration information that the agent is advertising The chassis ID TLV is shown in the following illustration Figure 77 Type Length Value TLV Segment TLVs are encapsulated in a frame called an LLDP...

Page 614: ...dentifies a port through which TLVs are sent and received 3 Time to Live An administratively assigned name that identifies a port through which TLVs are sent and received Optional Includes sub types of TLVs that advertise specific configuration information These sub types are Management TLVs IEEE 802 1 IEEE 802 3 and TIA 1057 Organizationally Specific TLVs Figure 78 LLDPDU Frame Optional TLVs The ...

Page 615: ...igure the Dell Networking system to advertise any or all of these TLVs Table 52 Optional TLV Types Type TLV Description Optional TLVs 4 Port description A user defined alphanumeric string that describes the port Dell Networking OS does not currently support this TLV 5 System name A user defined alphanumeric string that identifies the system 6 System description A user defined alphanumeric string t...

Page 616: ...ing of the duplex status and bit rate and whether the current settings are the result of auto negotiation This TLV is not available in the Dell Networking OS implementation of LLDP but is available and mandatory non configurable in the LLDP MED implementation 127 Power via MDI Dell Networking supports the LLDP MED protocol which recommends that Power via MDI TLV be not implemented and therefore De...

Page 617: ...point devices LLDP MED provides network connectivity devices with the ability to manage inventory manage Power over Ethernet PoE identify physical location identify network policy LLDP MED is designed for but not limited to VoIP endpoints TIA Organizationally Specific TLVs The Dell Networking system is an LLDP MED Network Connectivity Device Device Type 4 Network connectivity devices are responsib...

Page 618: ...support these TLVs 127 5 Inventory Hardware Revision Indicates the hardware revision of the LLDP MED device 127 6 Inventory Firmware Revision Indicates the firmware revision of the LLDP MED device 127 7 Inventory Software Revision Indicates the software revision of the LLDP MED device 127 8 Inventory Serial Number Indicates the device serial number of the LLDP MED device 127 9 Inventory Manufactur...

Page 619: ...system is a network connectivity device which is Type 4 When you enable LLDP MED in Dell Networking OS using the advertise med command the system begins transmitting this TLV Figure 80 LLDP MED Capabilities TLV Table 54 Dell Networking OS LLDP MED Capabilities Bit Position TLV Dell Networking OS Support 0 LLDP MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power...

Page 620: ...or which a connection is made In this case configure the signaling application Table 56 Network Policy Applications Type Application Description 0 Reserved 1 Voice Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services 2 Voice Signaling Specify this application type only if voice control packets use a separate network policy tha...

Page 621: ...ary and backup The Dell Networking system is a primary power source which corresponds to a value of 1 based on the TIA 1057 specification Power Priority there are three possible priorities Low High and Critical On Dell Networking systems the default power priority is High which corresponds to a value of 2 based on the TIA 1057 specification You can configure a different power priority through the ...

Page 622: ...ceeds the maximum the system does not configure more than 8000 INTERFACE level configurations override all CONFIGURATION level configurations LLDP is not hitless LLDP Compatibility Spanning tree and force10 ring protocol blocked ports allow LLDPDUs 802 1X controlled ports do not allow LLDPDUs until the connected device is authenticated CONFIGURATION versus INTERFACE Configurations All LLDP configu...

Page 623: ...figuration mode exit Exit from LLDP configuration mode hello LLDP hello configuration mode LLDP mode configuration default rx and tx multiplier LLDP multiplier configuration no Negate a command or set its defaults show Show LLDP configuration Dell conf if te 1 3 lldp Enabling LLDP LLDP is enabled by default Enable and disable LLDP globally or per interface If you enable LLDP globally all UP interf...

Page 624: ... lldp 2 Enter LLDP management interface mode LLDP MANAGEMENT INTERFACE mode management interface 3 Enter the disable command LLDP MANAGEMENT INTERFACE mode To undo an LLDP management port configuration precede the relevant command with the keyword no Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces If you configure the system globa...

Page 625: ...s system capabilities system description For 802 1 TLVs port protocol vlan id port vlan id vlan name For 802 3 TLVs max frame size For TIA 1057 TLVs guest voice guest voice signaling location identification power via mdi softphone voice streaming video video conferencing video signaling voice voice signaling In the following example LLDP is enabled globally R1 and R2 are transmitting periodic LLDP...

Page 626: ...no disable Dell conf lldp Dell conf lldp exit Dell conf interface tengigabitethernet 1 31 Dell conf if te 1 31 show config interface TenGigabitEthernet 1 31 no ip address switchport no shutdown Dell conf if te 1 31 protocol lldp Dell conf if te 1 31 lldp show config protocol lldp Dell conf if te 1 31 lldp Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjace...

Page 627: ... Chassis ID 00 01 e8 06 95 3e Remote Port Subtype Interface name 5 Remote Port ID TeGigabitEthernet 2 11 Local Port ID TeGigabitEthernet 1 21 Locally assigned remote Neighbor Index 4 Remote TTL 120 Information valid for next 120 seconds Time since last information change of this neighbor 01 50 16 Remote MTU 1554 Remote System Desc Dell Networks Real Time Operating System Software Dell Operating Sy...

Page 628: ...de R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Configuring Transmit and Receive Mode After you enable LLDP the system transmits and receives LLDPDUs by default To configure the system to transmit or receive only and return to the...

Page 629: ...g the Time to Live Value The information received from a neighbor expires after a specific amount of time measured in seconds called a time to live TTL The TTL is the product of the LLDPDU transmit interval hello and an integer called a multiplier The default multiplier is 4 which results in a default TTL of 120 seconds Adjust the TTL value CONFIGURATION mode or INTERFACE mode multiplier Return to...

Page 630: ...protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Debugging LLDP You can view the TLVs that your system is sending and receiving To view the TLVs use the following commands View a readable version of the TLVs debug lldp brief View a readable version of the TLVs plus a hexadecimal version of the en...

Page 631: ...t Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802 1AB MIB objects The following tables list the objects associated with received and transmitted TLVs the LLDP configuration on the local agent IEEE 802 1AB Organizationally Specific TLVs received and transmitted LLDP MED TLVs Link Layer Discovery Protocol LLDP 631 ...

Page 632: ... they are enabled for transmission LLDP Statistics statsAgeoutsTotal lldpStatsRxPortAgeoutsTotal Total number of times that a neighbor s information is deleted on the local system due to an rxInfoTTL timer expiration statsFramesDiscardedTotal lldpStatsRxPortFramesDiscar dedTotal Total number of LLDP frames received then discarded statsFramesInErrorsTotal lldpStatsRxPortFramesErrors Total number of...

Page 633: ...e lldpRemPortDesc 5 System Name system name Local lldpLocSysName Remote lldpRemSysName 6 System Description system description Local lldpLocSysDesc Remote lldpRemSysDesc 7 System Capabilities system capabilities Local lldpLocSysCapSuppor ted Remote lldpRemSysCapSupp orted 8 Management Address enabled capabilities Local lldpLocSysCapEnable d Remote lldpRemSysCapEnabl ed management address length Lo...

Page 634: ...dpXdot1LocPortVlan Id Remote lldpXdot1RemPortVla nId 127 Port and Protocol VLAN ID port and protocol VLAN supported Local lldpXdot1LocProtoVla nSupported Remote lldpXdot1RemProtoVl anSupported port and protocol VLAN enabled Local lldpXdot1LocProtoVla nEnabled Remote lldpXdot1RemProtoVl anEnabled PPVID Local lldpXdot1LocProtoVla nId Remote lldpXdot1RemProtoVl anId 127 VLAN Name VID Local lldpXdot1L...

Page 635: ...olicy Application Type Local lldpXMedLocMediaPo licyAppType Remote lldpXMedRemMediaP olicyAppType Unknown Policy Flag Local lldpXMedLocMediaPo licyUnknown Remote lldpXMedLocMediaPo licyUnknown Tagged Flag Local lldpXMedLocMediaPo licyTagged Remote lldpXMedLocMediaPo licyTagged VLAN ID Local lldpXMedLocMediaPo licyVlanID Remote lldpXMedRemMediaP olicyVlanID L2 Priority Local lldpXMedLocMediaPo licy...

Page 636: ...iceType Remote lldpXMedRemXPoED eviceType Power Source Local lldpXMedLocXPoEPS EPowerSource lldpXMedLocXPoEPD PowerSource Remote lldpXMedRemXPoEPS EPowerSource lldpXMedRemXPoEP DPowerSource Power Priority Local lldpXMedLocXPoEPD PowerPriority lldpXMedLocXPoEPS EPortPDPriority Remote lldpXMedRemXPoEPS EPowerPriority lldpXMedRemXPoEP DPowerPriority Power Value Local lldpXMedLocXPoEPS EPortPowerAv ll...

Page 637: ...P with the MAC address cluster MAC address In Multicast mode the cluster IP address maps to a cluster multicast MAC address you configured using a static ARP command After the NLB entry is learned the traffic forwards to all the servers in the VLAN corresponding to the cluster virtual IP address NLB Unicast Mode Scenario Consider a topology in which you configure four servers S1 through S4 as a cl...

Page 638: ...RP header SHA frames a flooding of packets over the relevant VLAN occurs The maximum number of concurrent clusters that is supported is eight Microsoft Clustering To provide transparent failover or balancing Microsoft clustering allows multiple servers using Microsoft Windows to be represented by one MAC address and IP address The Dell Networking OS does not recognize server clusters by default yo...

Page 639: ...ning config command output that displays the ip vlan flooding CLI configuration This is the only output where you see the VLAN flooding status enabled or disabled Configuring a Switch for NLB To enable a switch for Unicast NLB mode perform the following steps Enter the ip vlan flooding command to specify that all Layer 3 unicast routed data traffic going through a VLAN member port floods across al...

Page 640: ... the cluster IP address for the NLB mode of operation of the switch 2 Associate specific MAC or hardware addresses to VLANs CONFIGURATION mode mac address table static multicast mac address vlan vlan id output range interface Microsoft Network Load Balancing 640 ...

Page 641: ...efined by an exterior gateway protocol such as border gateway protocol BGP Each rendezvous point RP peers with every other RP via the transmission control protocol TCP Through this connection peers advertise the sources in their domain 1 When an RP in a PIM SM domain receives a PIM register message from a source it sends a source active SA message to MSDP peers as shown in the following illustrati...

Page 642: ...mbers within the domain interested in any of the advertised sources If there are the receiving RP sends a join message to the originating RP creating a shortest path tree SPT to the source Figure 85 Multicast Source Discovery Protocol MSDP Multicast Source Discovery Protocol MSDP 642 ...

Page 643: ... Discovery Protocol Enable MSDP Manage the Source Active Cache Accept Source Active Messages that Fail the RFP Check Specifying Source Active Messages Limiting the Source Active Messages from a Peer Preventing MSDP from Caching a Local Source Preventing MSDP from Caching a Remote Source Preventing MSDP from Advertising a Local Source Logging Changes in Peership States Terminating a Peership Cleari...

Page 644: ... When a source registers with one RP an SA message is sent to the other RPs informing them that there is an active source for a particular multicast group The result is that each RP is aware of the active sources in the area of the other RPs If any of the RPs fail IP routing converges and one of the RPs becomes the active RP in more than one area New sources register with the backup RP Receivers j...

Page 645: ...RFP Check Specifying Source Active Messages Limiting the Source Active Cache Preventing MSDP from Caching a Local Source Preventing MSDP from Caching a Remote Source Preventing MSDP from Advertising a Local Source Terminating a Peership Clearing Peer Statistics Debugging MSDP MSDP with Anycast RP MSDP Sample Configurations Multicast Source Discovery Protocol MSDP 645 ...

Page 646: ...Figure 87 Configuring Interfaces for MSDP Multicast Source Discovery Protocol MSDP 646 ...

Page 647: ...Figure 88 Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol MSDP 647 ...

Page 648: ...Figure 89 Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol MSDP 648 ...

Page 649: ...Figure 90 Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains 1 Enable MSDP CONFIGURATION mode Multicast Source Discovery Protocol MSDP 649 ...

Page 650: ... 0 1 Local Addr 192 168 0 3 639 Connect Source Lo 0 State Established Up Down Time 00 15 20 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 8 0 SAs learned from this peer 1 SA Filtering Input S G filter none Output S G filter none Manage the Source Active Cache Each SA originating RP caches the sources inside its domain domain local and the sources which it has learned fr...

Page 651: ...ege mode show ip msdp sa limit If the total number of active sources is already larger than the limit when limiting is applied the sources that are already in Dell Networking OS are not discarded To enforce the limit in such a situation use the clear ip msdp sa cache command to clear all existing entries Clearing the Source Active Cache To clear the source active cache use the following command Cl...

Page 652: ...learns all active sources from RP3 but the sources from RP2 and RP4 are rejected because the reverse path to these routers is through Interface A In Scenario 3 RP3 is configured as a default MSDP peer for RP1 and so the RPF check is disregarded for RP3 In Scenario 4 RP1 has a default peer plus an access list The list permits RP4 so the RPF check is disregarded for active sources from it but RP5 an...

Page 653: ...Figure 91 MSDP Default Peer Scenario 2 Multicast Source Discovery Protocol MSDP 653 ...

Page 654: ...Figure 92 MSDP Default Peer Scenario 3 Multicast Source Discovery Protocol MSDP 654 ...

Page 655: ...riginating RP from which all active sources are accepted without regard for the RPF check CONFIGURATION mode ip msdp default peer ip address list If you do not specify an access list the peer accepts all sources that peer advertises All sources from RPs that the ACL denies are subject to the normal RPF check Multicast Source Discovery Protocol MSDP 655 ...

Page 656: ...229 0 50 66 24 0 50 66 200 0 1 50 10 0 50 2 Rpf Fail Limiting the Source Active Messages from a Peer To limit the source active messages from a peer use the following commands 1 OPTIONAL Store sources that are received after the limit is reached in the rejected SA cache CONFIGURATION mode ip msdp cache rejected sa 2 Set the upper limit for the number of sources allowed from an MSDP peer CONFIGURAT...

Page 657: ...p redistribute list mylocalfilter ip msdp cache rejected sa 1000 R1_E600 conf do show run acl ip access list extended mylocalfilter seq 5 deny ip host 239 0 0 1 host 10 11 4 2 seq 10 deny ip any any R1_E600 conf do show ip msdp sa cache R1_E600 conf do show ip msdp sa cache rejected sa MSDP Rejected SA Cache 1 rejected SAs received cache size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Rea...

Page 658: ... msdp peer Peer Addr 192 168 0 1 Local Addr 0 0 0 0 639 Connect Source Lo 0 State Listening Up Down Time 00 01 19 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 0 0 SAs learned from this peer 0 SA Filtering Input S G filter myremotefilter Output S G filter none Preventing MSDP from Advertising a Local Source To prevent MSDP from advertising a local source use the followi...

Page 659: ...N mode ip msdp log adjacency changes Terminating a Peership MSDP uses TCP as its transport protocol In a peering relationship the peer with the lower IP address initiates the TCP session while the peer with the higher IP address listens on port 639 Terminate the TCP connection with a peer CONFIGURATION mode ip msdp shutdown Example of the Verifying that Peering State is Disabled After the relation...

Page 660: ...Local Addr 192 168 0 3 639 Connect Source Lo 0 State Established Up Down Time 00 04 26 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 5 0 SAs learned from this peer 0 SA Filtering Input S G filter myremotefilter Output S G filter none R3 conf do clear ip msdp peer 192 168 0 1 R3 conf do show ip msdp peer Peer Addr 192 168 0 1 Local Addr 0 0 0 0 0 Connect Source Lo 0 Stat...

Page 661: ...t least initially travel over the same part of the network You can load balance source registration between multiple RPs by strategically mapping groups to RPs but this technique is less effective as traffic increases because preemptive load balancing requires prior knowledge of traffic distributions lack of scalable register decasulation With only a single RP per group all joins are sent to that ...

Page 662: ...o configure anycast RP use the following commands 1 In each routing domain that has multiple RPs serving a group create a Loopback interface on each RP serving the group with the same IP address CONFIGURATION mode interface loopback 2 Make this address the RP for the group Multicast Source Discovery Protocol MSDP 662 ...

Page 663: ... creating a mesh group A mesh in this context is a topology in which each RP in a set of RPs has a peership with all other RPs in the set When an RP is a member of the mesh group it forwards active source information only to its peers outside of the group To create a mesh group use the following command Create a mesh group CONFIGURATION mode ip msdp mesh group Specifying the RP Address Used in SA ...

Page 664: ...92 168 0 3 connect source Loopback 1 ip msdp peer 192 168 0 22 connect source Loopback 1 ip msdp mesh group AS100 192 168 0 22 ip msdp originator id Loopback 1 ip pim rp address 192 168 0 1 group address 224 0 0 0 4 The following example shows an R2 configuration for MSDP with Anycast RP ip multicast routing interface TenGigabitEthernet 2 1 ip pim sparse mode ip address 10 11 4 1 24 no shutdown in...

Page 665: ...guration for MSDP with Anycast RP ip multicast routing interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 0 32 24 no shutdown interface TenGigabitEthernet 3 41 ip pim sparse mode ip address 10 11 6 34 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 3 32 no shutdown router ospf 1 network 10 11 6 0 24 area 0 network 192 168 0 3 32 area 0 redistribute st...

Page 666: ...2 1 24 no shutdown interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 1 12 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 1 32 no shutdown router ospf 1 network 10 11 2 0 24 area 0 network 10 11 1 0 24 area 0 network 192 168 0 1 32 area 0 network 10 11 3 0 24 area 0 ip multicast msdp ip msdp peer 192 168 0 3 connect source Loopback 0 ip pim rp addres...

Page 667: ...ip pim rp address 192 168 0 1 group address 224 0 0 0 4 MSDP Sample Configuration R3 Running Config ip multicast routing interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 0 32 24 no shutdown interface TenGigabitEthernet 3 41 ip pim sparse mode ip address 10 11 6 34 24 no shutdown interface ManagementEthernet 1 1 ip address 10 11 80 3 24 no shutdown interface Loopback 0 ip pim s...

Page 668: ...4 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown interface TenGigabitEthernet 4 22 ip address 10 10 42 1 24 no shutdown interface TenGigabitEthernet 4 31 ip pim sparse mode ip address 10 11 6 43 24 no shutdown interface Loopback 0 ip address 192 168 0 4 32 no shutdown router ospf 1 network 10 11 5 0 24 area 0 network 10 11 6 0 24 area 0 network 192 168 0 4 32 area 0 ip pim rp address 192...

Page 669: ...nces Protocol Overview MSTP specified in IEEE 802 1Q 2003 is a rapid spanning tree protocol RSTP based spanning tree variation that improves on per VLAN spanning tree plus PVST MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances In contrast PVST allows a spanning tree instance for each VLAN Thi...

Page 670: ...nning Tree Variations Configure Multiple Spanning Tree Protocol Enable Multiple Spanning Tree Globally Adding and Removing Interfaces Creating Multiple Spanning Tree Instances Influencing MSTP Root Selection Interoperate with Non Dell Bridges Changing the Region Name or Revision Modifying Global Parameters Modifying the Interface Parameters Configuring an EdgePort Flush MAC Addresses after a Topol...

Page 671: ...idges that also use this standard implementation MSTP is compatible with STP and RSTP Dell Networking OS supports only one MSTP region When you enable MSTP all ports in Layer 2 mode participate in MSTP You can configure 64 MSTIs including the default instance 0 CIST Configure Multiple Spanning Tree Protocol Configuring multiple spanning tree is a four step process 1 Configure interfaces for Layer ...

Page 672: ...e automatically part of the MSTI 0 Within an MSTI only one path from any bridge to any other bridge is enabled Bridges block a redundant path by disabling one of the link ports 1 Enter PROTOCOL MSTP mode CONFIGURATION mode protocol spanning tree mstp 2 Enable MSTP PROTOCOL MSTP mode no disable Example of Verifying MSTP is Enabled To verify that MSTP is enabled use the show config command in PROTOC...

Page 673: ...ee mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 All bridges in the MSTP region must have the same VLAN to instance mapping To view which instance a VLAN is mapped to use the show spanning tree mst vlan command from EXEC Privilege mode Dell conf mstp name my mstp region Dell conf mstp exit Dell conf do show spanning tree mst config MST region name my mstp region Revision 0 MSTI VID 1 100 2 2...

Page 674: ...encing MSTP Root Selection MSTP determines the root bridge but you can assign one bridge a lower priority to increase the probability that it becomes the root bridge To change the bridge priority use the following command Assign a number as the bridge priority PROTOCOL MSTP mode msti instance bridge priority priority A lower number increases the probability that the bridge becomes the root bridge ...

Page 675: ...on Dell devices that participate in MSTP ensure these values match on all devices NOTE Some non Dell devices may implement a non null default region name SFTOS for example uses the Bridge ID while others may use a MAC address Changing the Region Name or Revision To change the region name or revision use the following commands Change the region name PROTOCOL MSTP mode name name Change the region re...

Page 676: ...hat only experienced network administrators change MSTP parameters Poorly planned modification of MSTP parameters can negatively affect network performance To change the MSTP parameters use the following commands on the root bridge 1 Change the forward delay parameter PROTOCOL MSTP mode forward delay seconds The range is from 4 to 30 The default is 15 seconds 2 Change the hello time parameter PROT...

Page 677: ...y the port is selected to be a forwarding port Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost The following lists the default values for port cost by interface Table 62 Default Values for Port Costs by Interface Port Cost Default Value 100 Mb s Ethernet interfaces 200000 1 Gigabit Ethernet interfaces 20000 ...

Page 678: ...uard shutdown on violation option causes the interface hardware to be shut down when it receives a BPDU When you implement only bpduguard although the interface is placed in an Error Disabled state when receiving the BPDU the physical interface remains up and spanning tree drops packets in the hardware after a BPDU violation BPDUs are dropped in the software after receiving the BPDU violation This...

Page 679: ...at EdgePort is enabled use the show config command from INTERFACE mode Dell conf if te 3 11 spanning tree mstp edge port Dell conf if te 3 11 show config interface TenGigabitEthernet 3 11 no ip address switchport spanning tree mstp edge port spanning tree MSTI 1 priority 144 no shutdown Dell conf if te 3 11 Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address...

Page 680: ...is example uses the following steps 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs 2 Assign Layer 2 interfaces to the MSTP topology 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs Step 1 protocol spanning tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 Step 2 interface TenGigabitEthernet 1 21 no ip a...

Page 681: ...evision map MSTP instances to the VLANs 2 Assign Layer 2 interfaces to the MSTP topology 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs Step 1 protocol spanning tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 Step 2 interface TenGigabitEthernet 2 11 no ip address switchport no shutdown interface TenGigabitEthernet 2 31 no ip address switchport...

Page 682: ...p address switchport no shutdown interface TenGigabitEthernet 3 21 no ip address switchport no shutdown Step 3 interface Vlan 100 no ip address tagged TenGigabitEthernet 3 11 21 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3 11 21 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 3 11 21 no shutdown SFTOS Example Running Configuration This example use...

Page 683: ... exit interface vlan 200 tagged 1 0 31 tagged 1 0 32 exit interface vlan 300 tagged 1 0 31 tagged 1 0 32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration use the following commands Display BPDUs EXEC Privilege mode debug spanning tree mstp bpdu Display MSTP triggered topology change messages debug spanning tree mstp events Examples of Viewing MSTP Configurati...

Page 684: ...un spanning tree mstp protocol spanning tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 The following example shows viewing the debug log of a successful MSTP configuration Dell debug spanning tree mstp bpdu MSTP debug bpdu is ON Dell 4w0d4h MSTP Sending BPDU on Te 2 21 ProtId 0 Ver 3 Bpdu Type MSTP Flags 0x6e CIST Root Bridge Id 32768 0001 e806 953e Ext Path Cost 0 Regional...

Page 685: ...icates MSTP routers are in different regions and are not communicating with each other CIST Root Bridge Id 32768 0001 e806 953e Ext Path Cost 0 Regional Bridge Id 32768 0001 e806 953e CIST Port Id 128 470 Msg Age 0 Max Age 20 Hello 2 Fwd Delay 15 Ver1 Len 0 Ver Name Tahiti Rev 123 Int Root Path Cost 0 Rem Hops 20 Bridge Id 32768 0001 e8d5 cbbd 4w0d4h INST 1 Flags 0x70 Reg Root 32768 0001 e8d5 cbbd...

Page 686: ...C address and multicast control traffic and multicast data traffic might map to the same MAC address the Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic As the upper five bits of an IP Multicast address are dropped in the translation 32 different multicast group IDs map to the same Ethernet address For example 224 0 0 5 is a known ...

Page 687: ...number of multicast routes on a system limit is reached the Dell Networking OS does not process Internet group management protocol IGMP or multicast listener discovery protocol MLD joins to protocol independent multicast PIM though it still processes leave messages until the number of entries decreases below 95 of the limit When the limit falls below 95 after hitting the maximum the system begins ...

Page 688: ... packet For IGMPv2 use the keyword any for source as shown in the following example because the IGMPv2 hosts do not know in advance who the source is for the group in which they are interested To apply the access list use the following command Apply the access list INTERFACE mode ip igmp access group access list name Dell Networking OS Behavior Do not enter the ip igmp access group command before ...

Page 689: ...ure 97 Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration Table 63 Preventing a Host from Joining a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 Multicast Features 689 ...

Page 690: ...TenGigabitEthernet 2 31 ip pim sparse mode ip address 10 11 23 1 24 no shutdown 3 1 Interface TenGigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim s...

Page 691: ...source and group use the following command If the source DR never sends register packets to the RP no hosts can ever discover the source and create a shortest path tree SPT to it Prevent a source from transmitting to a particular group CONFIGURATION mode ip pim register filter In the following example Source 1 and Source 2 are both transmitting packets for groups 239 0 0 1 and 239 0 0 2 R3 has a P...

Page 692: ... table lists the location and description shown in the previous illustration Table 64 Preventing a Source from Transmitting to a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 Multicast Features 692 ...

Page 693: ...TenGigabitEthernet 2 31 ip pim sparse mode ip address 10 11 23 1 24 no shutdown 3 1 Interface TenGigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim s...

Page 694: ...ent to the CPU of both the RP and PIM DR of the source Excessive traffic generates when the join process from the RP back to the source is blocked due to a new source group being permitted in the join filter This results in the new source becoming stuck in registering on the DR and the continuous generation of user datagram protocol UDP encapsulated registration messages between the DR and RP rout...

Page 695: ...holds of IPv4 and IPv6 routes Tracking of IP Hosts In future releases environmental alarms and available free memory will be supported You can configure client applications such as VRRP to receive a notification when the state of a tracked object changes The following example shows how object tracking is performed Router A and Router B are both connected to the internet via interfaces running OSPF...

Page 696: ...before changes in a tracked object s state are reported to a client Track Layer 2 Interfaces You can create an object to track the line protocol state of a Layer 2 interface In this type of object tracking the link level operational status UP or DOWN of the interface is monitored When the link level status goes down the tracked resource status is considered to be DOWN if the link level status goes...

Page 697: ...paring the UP or DOWN threshold for a route s metric with current entries in the route table Track Route Reachability If you configure the reachability of an IP route entry as a tracked object the UP DOWN state of the route is determined by the entry of the next hop address in the ARP cache A tracked route is considered to be reachable if there is an address resolution protocol ARP cache entry for...

Page 698: ...Delays You can configure an optional UP and or DOWN timer for each tracked object to set the time delay before a change in the state of a tracked object is communicated to clients The configured time delay starts when the state changes from UP to DOWN or the opposite way If the state of an object changes back to its former UP DOWN state before the timer expires the timer is cancelled and the clien...

Page 699: ... vlan vlan id where valid VLAN IDs are from 1 to 4094 A line protocol object only tracks the link level UP DOWN status of a specified interface When the link level status goes down the tracked object status is DOWN if the link level status is up the tracked object status is UP To remove object tracking on a Layer 2 interface use the no track object id command To configure object tracking on the st...

Page 700: ...rd vlan then a number from 1 to 4094 For an IPv4 interface a routing object only tracks the UP DOWN status of the specified IPv4 interface the track interface ip routing command The status of an IPv4 interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address The Layer 3 status of an IPv4 interface goes DOWN when its Layer 2 status goes down for a Lay...

Page 701: ...figuring Object Tracking for an IPv4 or IPv6 Interface Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface The following is an example of configuring object tracking for an IPv4 interface Dell conf track 101 interface tengigabitethernet 1 2 ip routing Dell conf track 101 delay up 20 Dell conf track 101 description NYC metro Dell conf track 101 end Dell show track 101 Track 101 In...

Page 702: ...ring the route DOWN By comparing the threshold for a route s metric with current entries in the route table The UP DOWN state of the tracked route is determined by the threshold for the current value of the route metric in the routing table To provide a common tracking interface for different clients route metrics are scaled in the range from 0 to 255 where 0 is connected and 255 is inaccessible T...

Page 703: ... to 128 Optional E Series only For an IPv4 route you can enter a VRF name to specify the virtual routing table to which the tracked route belongs 2 Optional Configure the time delay used before communicating a change in the status of a tracked route OBJECT TRACKING mode delay up seconds down seconds Valid delay times are from 0 to 180 seconds The default is 0 3 Optional Identify the tracked object...

Page 704: ...e the default resolution value used by the specified protocol to scale the metric for IPv4 or IPv6 routes CONFIGURATION mode track resolution ip route ipv6 route isis resolution value ospf resolution value The range of resolution values is ISIS routes 1 to 1000 The default is 1 OSPF routes 1 to 1592 The efault is 1 2 Configure object tracking on the metric of an IPv4 or IPv6 route CONFIGURATION mo...

Page 705: ...isplay the tracking configuration EXEC Privilege mode show track object id Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv4 route Dell conf track 6 ip route 2 1 1 0 24 metric threshold Dell conf track 6 delay down 20 Dell conf track 6 delay up 20 Dell conf track 6 description track ip route metric Dell conf trac...

Page 706: ...pecified object or all objects that are currently configured on the router show running config track object id Examples of Viewing Tracked Objects Dell show track Track 1 IP route 23 0 0 0 8 reachability Reachability is Down route not in route table 2 changes last change 00 16 08 Tracked by Track 2 IPv6 route 2040 64 metric threshold Metric threshold is Up STATIC 0 0 5 changes last change 00 02 16...

Page 707: ...Up CONNECTED 3 changes last change 00 02 39 First hop interface is TenGigabitEthernet 1 4 Example of Viewing Object Tracking Configuration Dell show running config track track 1 ip route 23 0 0 0 8 reachability track 2 ipv6 route 2040 64 metric threshold delay down 3 delay up 5 threshold metric up 200 track 3 ipv6 route 2050 64 reachability track 4 interface TenGigabitEthernet 1 4 ip routing track...

Page 708: ...col Overview OSPF routing is a link state routing protocol that calls for the sending of link state advertisements LSAs to all other routers within the same autonomous system AS areas Information on attached interfaces metrics used and other variables is included in OSPF LSAs As OSPF routers accumulate link state information they use the shortest path first SPF algorithm to calculate the shortest ...

Page 709: ...nterfaces can participate in multiple areas These routers called area border routers ABRs maintain separate databases for each area Areas are a logical grouping of OSPF routers identified by an integer or dotted decimal number Areas allow you to further organize your routers within in the AS One or more areas are required within the AS Areas are valuable in that they allow sub networks to hide wit...

Page 710: ...he backbone It cannot receive external AS information from the backbone or other areas Totally stubby areas are referred to as no summary areas in the Dell Networking OS Networks and Neighbors As a link state protocol OSPF sends routing information to other OSPF routers concerning the state of the links between them The state up or down of those links is important Routers that share a link become ...

Page 711: ...ckbone Router BR A backbone router BR is part of the OSPF Backbone Area 0 This includes all ABRs It can also include any routers that connect only to the backbone and another ABR but are only part of Area 0 such as Router I in the previous example Open Shortest Path First OSPFv2 and OSPFv3 711 ...

Page 712: ...in network traffic and in the size of the topological database The DR maintains a complete topology table of the network and sends the updates to the other routers via multicast All routers in an area form a slave master relationship with the DR Every time a router sends an update the router sends it to the DR and BDR The DR sends the update out to all other routers in the area The BDR is the rout...

Page 713: ...an NSSA do not receive external LSAs from ABRs but are allowed to send external routing information for redistribution They use Type 7 LSAs to tell the ABRs about these external routes which the ABR then translates to Type 5 external LSAs and floods as normal to the rest of the OSPF network Type 8 Link LSA OSPFv3 This LSA carries the IPv6 address information of the local links Type 9 Link Local LS...

Page 714: ...ansmit after 45000ms Mar 15 09 46 06 STKUNIT0 M CP OSPF 4 LSA_BACKOFF OSPF Process 10 Router lsa id 3 3 3 3 rtrid 3 3 3 3 received before 1000ms time NOTE The sequence numbers are reset when previously cleared routes that are waiting for the LSA throttle timer to expire are re enabled Router Priority and Cost Router priority and cost is the method the system uses to rate the routers For example if...

Page 715: ... one OSPFv2 process per VRF Dell Networking OS version 9 7 0 0 and later support OSPFv3 in VRF Also on OSPFv3 Dell Networking OS supports only one OSPFv3 process per VRF OSPFv2 and OSPFv3 can co exist but you must configure them individually Dell Networking OS supports stub areas totally stub no summary and not so stubby areas NSSAs and supports the following LSAs as described earlier Router type ...

Page 716: ...lowing link local Grace LSAs An OSPFv2 router sends Type 9 LSAs An OSPFv3 router sends Type 11 LSAs Type 9 and 11 LSAs include a grace period which is the time period an OSPF router advertises to adjacent neighbor routers as the time to wait for it to return to full control plane functionality During the grace period neighbor OSPFv2 v3 interfaces save the LSAs from the restarting OSPF interface He...

Page 717: ...Fv2 and the show run ospf and show ipv6 ospf database database summary commands for OSPFv3 Fast Convergence OSPFv2 IPv4 Only Fast convergence allows you to define the speeds at which LSAs are originated and accepted and reduce OSPFv2 end to end convergence time Dell Networking OS allows you to accept and originate LSAs as soon as they are available to speed up route information propagation NOTE Th...

Page 718: ...g as the hello interval Changing the hello interval on the Cisco router automatically changes the dead interval To ensure equal intervals between the routers use the following command Manually set the dead interval of the Dell Networking router to match the Cisco configuration INTERFACE mode ip ospf dead interval x Examples of Setting and Viewing a Dead Interval In the following example the dead i...

Page 719: ...rtest Path First version 2 OSPF for IPv4 on the switch Two of the tasks are mandatory others are optional The following configuration tasks include two mandatory tasks and several optional tasks Enabling OSPFv2 mandatory Assigning a Router ID Assigning an OSPFv2 Area mandatory Enable OSPFv2 on Interfaces Configuring Stub Areas Enabling Passive Interfaces Enabling Fast Convergence Changing OSPFv2 P...

Page 720: ...u create four OSPFv2 process IDs you must have four interfaces with Layer 3 enabled 1 Assign an IP address to an interface CONFIG INTERFACE mode ip address ip address mask The format is A B C D M If you are using a Loopback interface refer to Loopback Interfaces 2 Enable the interface CONFIG INTERFACE mode no shutdown 3 Return to CONFIGURATION mode to enable the OSPFv2 process globally CONFIGURATI...

Page 721: ...uting Process ospf 55555 with ID 10 10 10 10 Supports only single TOS TOS0 routes SPF schedule delay 5 secs Hold time between two SPFs 10 secs Number of area in this router is 0 normal 0 stub 0 nssa 0 Dell Assigning an OSPFv2 Area After you enable OSPFv2 assign the interface to an OSPF area Set up OSPF areas and enable OSPFv2 on an interface with the network command You must have at least one AS a...

Page 722: ...to a Layer 3 interface and theno shutdown command ensures that the interface is UP The second bold line assigns the IP address of an interface to an area Example of Enabling OSPFv2 and Assigning an Area to an Interface Dell conf int te 4 14 Dell conf if te 4 14 ip address 10 10 10 10 24 Dell conf if te 4 14 no shutdown Dell conf if te 4 14 ex Dell conf router ospf 1 Dell conf router_ospf 1 network...

Page 723: ... 1 int TenGigabitEthernet 1 23 is up line protocol is up Internet Address 10 168 0 1 24 Area 0 0 0 1 Process ID 1 Router ID 10 168 253 2 Network Type BROADCAST Cost 1 Transmit Delay is 1 sec State DROTHER Priority 1 Designated Router ID 10 168 253 5 Interface address 10 168 0 4 Backup Designated Router ID 192 168 253 3 Interface address 10 168 0 2 Timer intervals configured Hello 10 Dead 40 Wait 4...

Page 724: ... 2 100 Process ID 34 Area ID Router Network S Net S ASBR Type 7 Subtotal 2 2 2 2 1 0 0 0 0 1 3 3 3 3 1 0 0 0 0 1 Dell To view information on areas use the show ip ospf process id command in EXEC Privilege mode Enabling Passive Interfaces A passive interface is one that does not send or receive routing information Enabling passive interface suppresses routing updates on an interface Although the pa...

Page 725: ... 2 100 Interface address 0 0 0 0 Backup Designated Router ID 0 0 0 0 Interface address 0 0 0 0 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 13 39 46 Neighbor Count is 0 Adjacent neighbor count is 0 TenGigabitEthernet 2 1 is up line protocol is down Internet Address 10 1 3 100 24 Area 2 2 2 2 Process ID 34 Router ID 10 1 2 100 Network Type BROADCAST Cost 10 Transmit...

Page 726: ...SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs Min LSA arrival 0 secs Number of area in this router is 0 normal 0 stub 0 nssa 0 Dell The following examples shows how to disable fast convergence Dell conf router_ospf 1 no fast converge Dell conf router_ospf 1 ex Dell conf ex Dell show ip ospf 1 Routing Process ospf 1 with ID 192 168 67 2 Supports only single TOS TOS0 routes SPF schedul...

Page 727: ...he range is from 1 to 255 Key a character string NOTE Be sure to write down or otherwise record the key You cannot learn the key after it is configured You must be careful when changing this key NOTE You can configure a maximum of six digest keys on an interface Of the available six digest keys the switches select the MD5 key that is common The remaining MD5 keys are unused Change the priority of ...

Page 728: ...nterface address 0 0 0 0 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 06 Neighbor Count is 0 Adjacent neighbor count is 0 Dell Enabling OSPFv2 Authentication To enable or change various OSPF authentication parameters use the following commands Set a clear text authentication scheme on the interface CONFIG INTERFACE mode ip ospf authentication key key Configur...

Page 729: ...s neighbors advertises it as fully adjacent regardless of the synchronization state during a graceful restart OSPFv2 terminates this process when the grace period ends 2 Enter the Router ID of the OSPFv2 helper router from which the router does not accept graceful restart assistance CONFIG ROUTEROSPF id mode graceful restart helper reject router id Planned only the OSPFv2 router supports graceful ...

Page 730: ...igure a graceful restart on an OSPFv2 router the show run ospf command displays information similar to the following Dell show run ospf router ospf 1 graceful restart grace period 300 graceful restart role helper only graceful restart mode unplanned only graceful restart helper reject 10 1 1 1 graceful restart helper reject 20 1 1 1 network 10 0 2 0 24 area 0 Dell Creating Filter Routes To filter ...

Page 731: ...e routes use the following command Specify which routes are redistributed into OSPF process CONFIG ROUTEROSPF id mode redistribute bgp connected isis rip static metric metric value metric type type value route map map name tag tag value Configure the following required and optional parameters bgp connected isis rip static enter one of the keywords to redistribute those routes metric metric value t...

Page 732: ...OSPF database Some useful troubleshooting commands are show interfaces show protocols debug IP OSPF events and or packets show neighbors show routes To help troubleshoot OSPFv2 use the following commands View the summary of all OSPF process IDs enables on the router EXEC Privilege mode show running config ospf View the summary information of the IP routes EXEC Privilege mode show ip route summary ...

Page 733: ...mple of Viewing OSPF Configuration Dell show run ospf router ospf 4 router id 4 4 4 4 network 4 4 4 0 28 area 1 ipv6 router ospf 999 default information originate always router id 10 10 10 10 Dell Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2 These examples are not comprehensive directions They are intended to give you some guidance with typical con...

Page 734: ...interface TenGigabitEthernet 1 1 ip address 10 1 11 1 24 no shutdown interface TenGigabitEthernet 1 2 ip address 10 2 12 2 24 no shutdown interface Loopback 10 ip address 192 168 100 100 24 no shutdown OSPF Area 0 Te 3 1 and 3 2 router ospf 33333 network 192 168 100 0 24 area 0 network 10 0 13 0 24 area 0 network 10 0 23 0 24 area 0 interface Loopback 30 ip address 192 168 100 100 24 no shutdown i...

Page 735: ...ress and enabled so that they can send and receive traffic The OSPF process must know about these interfaces To make the OSPF process aware of these interfaces assign them to OSPF areas The OSPFv3 ipv6 ospf area command enables OSPFv3 on the interface and places the interface in an area With OSPFv2 two commands are required to accomplish the same tasks the router ospf command to create the OSPF pr...

Page 736: ...nterface use the following commands 1 Assign an IPv6 address to the interface CONF INT type slot port mode ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits separate each group by a colon The format is A B C F 128 2 Bring up the interface CONF INT type slot port mode no shutdown Assigning Area ID on an Interface To assign the OSPFv3 process to...

Page 737: ... ospf process ID The range is from 0 to 65535 Assign the router ID for this OSPFv3 process CONF IPV6 ROUTER OSPF mode router id number number the IPv4 address The format is A B C D NOTE Enter the router id for an OSPFv3 router as an IPv4 IP address Disable OSPF CONFIGURATION mode no ipv6 router ospf process id Reset the OSPFv3 process EXEC Privilege mode clear ipv6 ospf process Assigning OSPFv3 Pr...

Page 738: ...on an OSPFv3 interface use the following command This command stops the router from sending updates on that interface Specify whether some or all some of the interfaces are passive CONF IPV6 ROUTER OSPF mode passive interface interface type Interface identifies the specific interface that is passive For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport...

Page 739: ...ify the information for the default route use the following command Specify the information for the default route CONF IPV6 ROUTER OSPF mode default information originate always metric metric value metric type type value route map map name Configure the following required and optional parameters always indicate that default route information is always advertised metric metric value The range is fr...

Page 740: ...ode graceful restart mode planned only unplanned only Planned only the OSPFv3 router supports graceful restart only for planned restarts A planned restart is when you manually enter a redundancy force failover rpm command to force the primary RPM over to the secondary RPM During a planned restart OSPFv3 sends out a Grace LSA before the system switches over to the secondary RPM OSPFv3 is notified t...

Page 741: ...ry command Dell show ipv6 ospf database database summary OSPFv3 Router with ID 200 1 1 1 Process ID 1 Process 1 database summary Type Count Status Oper Status 1 Admin Status 1 Area Bdr Rtr Status 0 AS Bdr Rtr Status 1 AS Scope LSA Count 0 AS Scope LSA Cksum sum 0 Originate New LSAS 73 Rx New LSAS 114085 Ext LSA Count 0 Rte Max Eq Cost Paths 5 GR grace period 180 GR mode planned and unplanned Area ...

Page 742: ...ered during transmission and ensures that users are communicating with the intended individual or organization Insert the authentication header after the IP header with a value of 51 AH provides integrity and validation of data origin by authenticating every OSPFv3 packet For detailed information about the IP AH protocol refer to RFC 4302 ESP encapsulating security payload encapsulates data enabli...

Page 743: ...t key exchange IKE protocol is not supported In an OSPFv3 authentication policy AH is used to authenticate OSPFv3 headers and certain fields in IPv6 headers and extension headers MD5 and SHA1 authentication types are supported encrypted and unencrypted keys are supported In an OSPFv3 encryption policy Both encryption and authentication are used IPsec security associations SAs are supported only in...

Page 744: ... encrypted For SHA 1 authentication the key must be 40 hex digits non encrypted or 80 hex digits encrypted Remove an IPsec authentication policy from an interface no ipv6 ospf authentication ipsec spi number Remove null authentication on an interface to allow the interface to inherit the authentication policy configured for the OSPFv3 area no ipv6 ospf authentication null Display the configuration...

Page 745: ...n key is encrypted The valid values are 0 or 7 Remove an IPsec encryption policy from an interface no ipv6 ospf encryption ipsec spi number Remove null encryption on an interface to allow the interface to inherit the encryption policy configured for the OSPFv3 area no ipv6 ospf encryption null Display the configuration of IPsec encryption policies on the router show crypto ipsec policy Display the...

Page 746: ...ion command you enable both IPsec encryption and authentication However when you enable authentication on an area using the area authentication command you do not enable encryption at the same time If you have enabled IPsec authentication in an OSPFv3 area using the area authentication command you cannot use the area encryption command in the area at the same time The configuration of IPsec encryp...

Page 747: ...nfiguration details about a specified policy Display security associations set up for OSPFv3 links in IPsec authentication and encryption policies on the router EXEC Privilege show crypto ipsec sa ipv6 interface interface To display information on the SAs used on a specific interface enter interface interface where interface is one of the following values For a 10 Gigabit Ethernet interface enter ...

Page 748: ...P Auth Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97eb7c0c30808825fb5 Inbound ESP Cipher Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Outbound ESP Cipher Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set esp 128 aes esp sha1 hmac The following example shows the show crypto ipsec sa ipv6 command Dell show crypto ipsec sa...

Page 749: ...e the adjacencies established correctly Did you configure the interfaces for Layer 3 correctly Is the router in the correct area type Did you include the routes in the OSPF database Did you include the OSPF routes in the routing table not just the OSPF database Some useful troubleshooting commands are show ipv6 interfaces show ipv6 protocols debug ipv6 ospf events and or packets show ipv6 neighbor...

Page 750: ...must know about these interfaces To make the OSPF process aware of these interfaces assign them to OSPF areas The OSPFv3 ipv6 ospf area command enables OSPFv3 on the interface and places the interface in an area With OSPFv2 two commands are required to accomplish the same tasks the router ospf command to create the OSPF process then the network area command to enable OSPF on an interface NOTE The ...

Page 751: ...th Specify how the OSPF interface cost is calculated based on the reference bandwidth method The cost of an interface is calculated as Reference Bandwidth Interface speed ROUTER OSPFv3 auto cost reference bandwidth ref bw To return to the default bandwidth or to assign cost based on the interface type use the no auto cost reference bandwidth ref bw command ref bw The range is from 1 to 4294967 The...

Page 752: ...e single command Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3 Assign the OSPFv3 process and an OSPFv3 area to this interface CONF INT type slot port mode ipv6 ospf process id area area id process id the process ID number assigned area id the area ID for this interface Assigning OSPFv3 Process ID and Router ID Globally To assign disable or reset OSPFv3 globally use the f...

Page 753: ... this OSPFv3 process CONF IPV6 ROUTER OSPF mode router id number number the IPv4 address The format is A B C D NOTE Enter the router id for an OSPFv3 router as an IPv4 IP address Disable OSPF CONFIGURATION mode no ipv6 router ospf process id Reset the OSPFv3 process EXEC Privilege mode clear ipv6 ospf process Configuring Stub Areas To configure IPv6 stub areas use the following command Configure t...

Page 754: ...e interface interface command To indicate that hello packets are not transmitted on that interface when you configure a passive interface the show ipv6 ospf interface command adds the words passive interface Redistributing Routes You can add routes from other routing instances or protocols to the OSPFv3 process With the redistribute command you can include RIP static or directly connected routes i...

Page 755: ...er role to help restarting neighbor routers in their graceful restarts when it receives a Grace LSA To enable OSPFv3 graceful restart enter the ipv6 router ospf process id command to enter OSPFv3 configuration mode Then configure a grace period using the graceful restart grace period command The grace period is the time that the OSPFv3 neighbors continue to advertise the restarting router as thoug...

Page 756: ...r the other mode restricts OSPFv3 to the single selected mode Disable OSPFv3 graceful restart CONF IPV6 ROUTER OSPF mode no graceful restart grace period Displaying Graceful Restart To display information on the use and configuration of OSPFv3 graceful restart enter any of the following commands Display the graceful restart configuration for OSPFv2 and OSPFv3 shown in the following example EXEC Pr...

Page 757: ...tr Count 2 AS Bdr Rtr Count 2 LSA count 12010 Summary LSAs 1 Rtr LSA Count 4 Net LSA Count 3 Inter Area Pfx LSA Count 12000 Inter Area Rtr LSA Count 0 Group Mem LSA Count 0 The following example shows the show ipv6 ospf database grace lsa command Dell show ipv6 ospf database grace lsa Type 11 Grace LSA Area 0 LS Age 10 Link State ID 6 16 192 66 Advertising Router 100 1 1 1 LS Seq Number 0x80000001...

Page 758: ... the IP header and before the next layer protocol header in Transport mode It is possible to insert the ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode However Tunnel mode is not supported in Dell Networking OS For detailed information about the IP ESP protocol refer to RFC 4303 In OSPFv3 communication IPsec provides security services between a pair of c...

Page 759: ...does not provide a high level of network security To enable key encryption in an IPsec security policy at an interface or area level specify 7 for key encryption type when you enter the ipv6 ospf authentication ipsec or ipv6 ospf encryption ipsec command To configure an IPsec security policy for authenticating or encrypting OSPFv3 packets on a physical port channel or VLAN interface or OSPFv3 area...

Page 760: ...and enable OSPFv3 on the interface and assign it to an area refer to Configuration Task List for OSPFv3 OSPF for IPv6 NOTE When you configure encryption using the ipv6 ospf encryption ipsec command you enable both IPsec encryption and authentication However when you enable authentication on an interface using the ipv6 ospf authentication ipsec command you do not enable encryption at the same time ...

Page 761: ...e to one IPSec security policy authentication or encryption on the router Configure the same authentication policy the same SPI and key on each interface in an OPSFv3 link If you have enabled IPSec encryption in an OSPFv3 area using the area encryption command you cannot use the area authentication command in the area at the same time The configuration of IPSec authentication on an interface level...

Page 762: ...mber esp encryption algorithm key encryption type key authentication algorithm key authentication type key area area id specifies the area for which OSPFv3 traffic is to be encrypted For area id enter a number or an IPv6 prefix spi number is the security policy index SPI value The range is from 256 to 4294967295 esp encryption algorithm specifies the encryption algorithm used with ESP The valid va...

Page 763: ...yword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Examples of the show crypto ipsec Commands In the first example the keys are not encrypted shown in bold In the second and third examples the keys are encrypted shown in bold The following example shows th...

Page 764: ... 128 aes esp sha1 hmac The following example shows the show crypto ipsec sa ipv6 command Dell show crypto ipsec sa ipv6 Interface TenGigabitEthernet 1 1 Link Local address fe80 201 e8ff fe40 4d10 IPSecv6 policy name OSPFv3 1 500 inbound ah sas spi 500 0x1f4 transform ah md5 hmac in use settings Transport replay detection support N STATUS ACTIVE outbound ah sas spi 500 0x1f4 transform ah md5 hmac i...

Page 765: ... database Did you include the OSPF routes in the routing table not just the OSPF database Some useful troubleshooting commands are show ipv6 interfaces show ipv6 protocols debug ipv6 ospf events and or packets show ipv6 neighbors show ipv6 routes Viewing Summary Information To get general route configuration links status and debug information use the following commands View the summary information...

Page 766: ... information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Open Shortest Path First OSPFv2 and OSPFv3 766 ...

Page 767: ...so on For example a network administrator might want to forward a packet that uses transmission control protocol TCP across a different next hop than packets using Internet control message protocol ICMP In these situations you can a configure switch route packet according to a policy applied to interfaces In another scenario when the packet comes from one source and wants to go to another destinat...

Page 768: ...next hop to be a tunnel interface If you do not provide the tunnel destination IP as the next hop the next hop is treated as an IPv4 next hop and not a tunnel next hop PBR with Multiple Tracking Option PBR with the multiple tracking option enabled extends and introduces the capabilities of object tracking to verify the next hop IP address before forwarding the traffic to the next hop The multiple ...

Page 769: ...direct list to an Interface using a Redirect group PBR Exceptions Permit To create an exception to a redirect list use thepermit command Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy The Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CA...

Page 770: ...edirect list CONF REDIRECT LIST mode seq number redirect ip address tunnel tunnel id track obj id ip protocol number protocol type bit source mask any host ip address destination mask any host ip address number is the number in sequence to initiate this rule ip address is the Forwarding router s address tunnel is used to configure the tunnel settings tunnel id is used to redirect the traffic track...

Page 771: ... 222 1 1 1 32 A B C D Destination address any Any destination host host A single destination host Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 32 77 1 1 1 Mask A B C D or nn Mask in dotted decimal or in slash format Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 32 77 1 1 1 32 Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 32 77 1 1 1 32 Dell conf redirect list do show ip re...

Page 772: ... IP redirect lists are supported on physical interfaces as well as virtual local area network VLAN and port channel interfaces NOTE When you apply a redirect list on a port channel when traffic is redirected to the next hop and the destination port channel is shut down the traffic is dropped However the traffic redirected to the destination port channel is sometimes switched To apply a redirect li...

Page 773: ... show ip redirect list redirect list name 2 View the redirect list entries programmed in the CAM EXEC mode show cam pbr show cam usage List the redirect list configuration using the show ip redirect list redirect list name command The non contiguous mask displays in dotted format x x x x The contiguous mask displays in x format Dell show ip redirect list explicit_tunnel IP redirect list explicit_t...

Page 774: ... 222 222 24 eq 40 ack Next hop reachable via Te 2 1 Applied interfaces Te 2 2 NOTE If you apply the redirect list to an interface the output of the show ip redirect list redirect list name command displays reachability status for the specified next hop Example Showing CAM PBR Configuration Dell show cam pbr stack unit 1 port set 0 TCP Flag Bit 5 URG Bit 4 ACK Bit 3 PSH Bit 2 RST Bit 1 SYN Bit 0 FI...

Page 775: ...riginating in 192 168 2 0 24 seq 15 permit ip any Create the Redirect List GOLD EDGE_ROUTER conf if Te 2 23 ip redirect list GOLD EDGE_ROUTER conf redirect list description Route GOLD traffic to ISP_GOLD EDGE_ROUTER conf redirect list direct 10 99 99 254 ip 192 168 1 0 24 any EDGE_ROUTER conf redirect list redirect 10 99 99 254 ip 192 168 2 0 24 any EDGE_ROUTER conf redirect list seq 15 permit ip ...

Page 776: ...g Explicit Track Objects for Redirect IPs Create Track Objects to track the Redirect IPs Dell configure terminal Dell conf track 3 ip host 42 1 1 2 reachability Dell conf track 3 probe icmp Dell conf track 3 track 4 ip host 43 1 1 2 reachability Dell conf track 4 probe icmp Dell conf track 4 end Create a Redirect list with Track Objects pertaining to Redirect IPs Dell configure terminal Dell conf ...

Page 777: ...ack 3 up Next hop reachable via Vl 20 seq 20 redirect 42 1 1 2 track 3 udp any host 144 144 144 144 Track 3 up Next hop reachable via Vl 20 seq 25 redirect 43 1 1 2 track 4 ip host 7 7 7 7 host 144 144 144 144 Track 4 up Next hop reachable via Vl 20 Applied interfaces Te 2 28 Dell Creating a PBR list using Explicit Track Objects for Tunnel Interfaces Creating steps for Tunnel Interfaces Dell confi...

Page 778: ...t list redirect tunnel 2 track 2 tcp 155 55 2 0 24 222 22 2 0 24 Dell conf redirect list redirect tunnel 2 track 2 tcp any any Dell conf redirect list end Dell Apply the Redirect Rule to an Interface Dell configure terminal Dell conf interface TenGigabitEthernet 2 28 Dell conf if te 2 28 ip redirect group explicit_tunnel Dell conf if te 2 28 exit Dell conf end Verify the Applied Redirect Rules Del...

Page 779: ...e requests in the same message Dell Networking OS supports PIM SM on physical virtual local area network VLAN and port channel interfaces NOTE Multicast routing is supported across default and non default VRFs Protocol Overview PIM SM initially uses unidirectional shared trees to forward multicast traffic that is all multicast traffic must flow only from the rendezvous point RP to the receivers Af...

Page 780: ... about the source and create an SPT to it Then the last hop DR may create an SPT directly to the source 1 The source gateway router first hop DR receives the multicast packets and creates an S G entry in its multicast routing table The first hop DR encapsulates the initial multicast packets in PIM Register packets and unicasts them to the RP 2 The RP decapsulates the PIM Register packets and forwa...

Page 781: ...ng step 2 Select a rendezvous point 3 Enable PIM SM on an interface Enable multicast routing CONFIGURATION mode ip multicast routing Related Configuration Tasks The following are related PIM SM configuration tasks Configuring S G Expiry Timers Configuring a Static Rendezvous Point Configuring a Designated Router Creating Multicast Boundaries and Domains Enable PIM SM You must enable PIM SM on each...

Page 782: ... v2 1 S Dell To display the PIM routing table use the show ip pim tib command from EXEC privilege mode Dell show ip pim tib PIM Multicast Routing Table Flags D Dense S Sparse C Connected L Local P Pruned R RP bit set F Register flag T SPT bit set J Join SPT Timers Uptime Expires Interface state Interface next Hop State Mode 192 1 2 1 uptime 00 29 36 expires 00 03 26 RP 10 87 2 6 flags SCJ Incoming...

Page 783: ...sg expiry timer command but the ACL has not been created or is a standard ACL if the expiry time is specified for an S G entry in a deny rule Dell conf ip access list extended SGtimer Dell config ext nacl permit ip 10 1 2 3 24 225 1 1 0 24 Dell config ext nacl permit ip any 232 1 1 0 24 Dell config ext nacl permit ip 100 1 1 0 16 any Dell config ext nacl show conf ip access list extended SGtimer s...

Page 784: ...mand from EXEC privilege mode Dell show ip pim rp Group RP 225 0 1 40 165 87 50 5 226 1 1 1 165 87 50 5 To display the assigned RP for a group range group to RP mapping use the show ip pim rp mapping command in EXEC privilege mode Dell show ip pim rp mapping PIM Group to RP Mappings Group s 224 0 0 0 4 Static RP 165 87 50 5 v2 Configuring a Designated Router Multiple PIM SM routers might be connec...

Page 785: ...n a common boundary defined by PIM multicast border routers PMBRs PMBRs connect each PIM domain to the rest of the Internet Create multicast boundaries and domains by filtering inbound and outbound bootstrap router BSR messages per interface The following command is applied to the subsequent inbound and outbound updates Timeout removes existing BSR advertisements Create multicast boundaries and do...

Page 786: ...ing systems it is possible to use PIM SM with IGMPv3 to achieve the same result but PIM SSM eliminates the unnecessary protocol overhead PIM SSM also solves the multicast address allocation problem Applications must use unique multicast addresses because if multiple applications use the same address receivers receive unwanted traffic However global multicast address space is limited Currently GLOP...

Page 787: ...for a range of addresses Related Configuration Tasks Use PIM SSM with IGMP Version 2 Hosts Enabling PIM SSM To enable PIM SSM follow these steps 1 Create an ACL that uses permit rules to specify what range of addresses should use SSM CONFIGURATION mode ip access list standard name 2 Enter the ip pim ssm range command and specify the ACL you created CONFIGURATION mode ip pim ssm range acl name Enab...

Page 788: ...his command Dell Networking OS displays an error message If you apply an extended ACL before you create it Dell Networking OS accepts the configuration but when the ACL is later defined Dell Networking OS ignores the ACL and the stated mapping has no effect To display the source to which a group is mapped use the show ip igmp ssm map group command If you use the group option the command displays t...

Page 789: ... 0 0 0 4 ip pim ssm range ssm R1 conf do show run acl ip access list standard map seq 5 permit host 239 0 0 2 ip access list standard ssm seq 5 permit host 239 0 0 2 R1 conf ip igmp ssm map map 10 11 5 2 R1 conf do show ip igmp groups Total Number of Groups 2 IGMP Connected Group Membership Group Address Interface Mode Uptime Expires Last Reporter 239 0 0 2 Vlan 300 IGMPv2 Compat 00 00 07 Never 10...

Page 790: ...address Uptime Expires 10 11 5 2 00 00 01 Never Interface Vlan 400 Group 239 0 0 1 Uptime 00 00 05 Expires Never Router mode INCLUDE Last reporter 10 11 4 2 Last reporter mode INCLUDE Last report received ALLOW Group source list Source address Uptime Expires 10 11 5 2 00 00 05 00 02 04 Member Ports Te 1 2 PIM Source Specific Mode PIM SSM 790 ...

Page 791: ...he normal Port Monitoring feature This feature is generally referred as RPM where mirror traffic is carried over L2 network Encapsulated Remote Port Monitoring ERPM ERPM is a feature to encapsulate mirrored packet using GRE with IP delivery so that it can be sent across a routed network Topics Important Points to Remember Port Monitoring Configuring Port Monitoring Configuring Monitor Multicast Qu...

Page 792: ...t mirroring directions as follows 4 per port pipe if the four destination ports mirror in one direction either rx or tx 2 per port pipe if the two destination ports mirror in bidirection 3 per port pipe if one of the destination port mirrors bidirection and the other two ports mirror in one direction either rx or tx In the following examples ports 1 13 1 14 1 15 and 1 16 all belong to the same por...

Page 793: ... example below 0 25 and 0 26 belong to Port pipe 1 This port pipe has the same restriction of only four destination ports new or used Dell conf mon sess 300 do show mon session SessionID Source Destination Direction Mode Type 0 Te 1 13 Te 1 1 rx interface Port based 10 Te 1 14 Te 1 2 rx interface Port based 20 Te 1 15 Te 1 3 rx interface Port based 30 Te 1 16 Te 1 37 rx interface Port based 100 Te...

Page 794: ...session using the command monitor session from CONFIGURATION mode as shown in the following example CONFIGURATION mode monitor session monitor session type rpm erpm type is an optional keyword required only for rpm and erpm 3 Specify the source and destination port and direction of traffic as shown in the following example MONITOR SESSION mode source Example of Viewing Port Monitoring Configuratio...

Page 795: ... Flow based mirroring Please refer section Enabling Flow Based Monitoring In the following example the host and server are exchanging traffic which passes through the uplink interface 1 1 Port 1 1 is the monitored port and port 1 42 is the destination port which is configured to only monitor traffic received on tengigabitethernet 1 1 host originated traffic Figure 105 Port Monitoring Example Confi...

Page 796: ...ude the keyword monitor For port monitoring Dell Networking OS only considers traffic matching rules with the keyword monitor CONFIGURATION mode ip access list Refer to Access Control Lists ACLs 3 Apply the ACL to the monitored port INTERFACE mode ip access group access list Example of the flow based enable Command To view an access list that you applied to an interface use the show ip accounting ...

Page 797: ...to multiple destination ports on different switches Remote port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a time saving and efficient way In a remote port mirroring session monitored traffic is tagged with a VLAN ID and switched on a user defined non routable L2 VLAN The VLAN is reserved in the network to carry only mirrored traffic whic...

Page 798: ...ate and destination switches and a destination session destination ports connected to analyzers on destination switches Configuration Notes When you configure remote port mirroring the following conditions apply You can configure any switch in the network with source ports and destination ports and allow it to function in an intermediate transport session for a reserved VLAN at the same time for m...

Page 799: ...if the switch has a L3 VLAN configured In a source session used for remote port mirroring You can configure any port as a source port in a remote port monitoring session with a maximum of three source ports per port pipe Maximum number of source sessions supported on a switch 4 Maximum number of source ports supported in a source session 128 You can configure physical ports and port channels as so...

Page 800: ...oring Configurations To display the current configuration of remote port mirroring for a specified session enter the show config command in MONITOR SESSION configuration mode Dell conf mon sess 2 show config monitor session 2 type rpm source fortyGigE 1 52 destination remote vlan 300 direction rx source Port channel 10 destination remote vlan 300 direction rx no disable To display the currently co...

Page 801: ...Specify the source ip address and the destination ip where the packet needs to be sent 6 no flow based enable Specify flow based enable for mirroring on a flow by flow basis and also for vlan as source 7 no enable Optional No disable command is mandatory in order for a rpm session to be active Configuring the sample Source Remote Port Mirroring Dell conf interface vlan 10 Dell conf if vl 10 mode r...

Page 802: ...0 dest remote vlan 30 dir both Dell conf mon sess 3 no disable Dell conf mon sess 3 Dell conf mon sess 3 exit Dell conf end Dell Dell show monitor session SessID Source Destination Dir Mode Source IP Dest IP 1 Te 1 5 remote vlan 10 rx Port N A N A 2 Vl 100 remote vlan 20 rx Flow N A N A 3 Po 10 remote vlan 30 both Port N A N A Dell Configuring the sample Source Remote Port Mirroring Dell conf inte...

Page 803: ... N A N A N A 2 remote vlan 20 Te 1 5 N A N A N A N A 3 remote vlan 30 Te 1 6 N A N A N A N A Dell Configuring RSPAN Source Sessions to Avoid BPD Issues When ever you configure an RPM source session you must ensure the following to avoid BPDU issues 1 Enable control plane egress acl using the following command mac control plane egress acl 2 Create an extended MAC access list and add a deny rule of ...

Page 804: ...data under GRE header IP header and outer MAC header and sends it out at the next hop interface as pointed by the routing table Specify flow based enable in case of source as VLAN or where you need monitoring on a per flow basis Specify the monitor keyword in the access list rules for which you want to mirror The maximum number of source ports that can be defined in a session is 128 The system all...

Page 805: ... no disable Enter the no disable command to activate the ERPM session The following example shows an ERPM configuration Dell conf monitor session 0 type erpm Dell conf mon sess 0 source tengigabitethernet 1 9 direction rx Dell conf mon sess 0 source port channel 1 direction tx Dell conf mon sess 0 erpm source ip 1 1 1 1 dest ip 7 1 1 2 Dell conf mon sess 0 no disable Dell conf monitor session 1 ty...

Page 806: ...sulation of the data received transmitted at the specified source port Port A An ERPM destination session decapsulation of the ERPM packets at the destination Switch are not supported Figure 107 ERPM Behavior As seen in the above figure the packets received transmitted on Port A will be encapsulated with an IP GRE header plus a new L2 header and sent to the destination ip address Port D s ip addre...

Page 807: ...can be converted back into stream and fed to any egress interface b Using Python script Either have a Linux server s ethernet port ip as the ERPM destination ip or connect the ingress interface of the server to the ERPM MirrorToPort The analyzer should listen in the forward egress interface If there is only one interface one can choose the ingress and forward interface to be same and listen in the...

Page 808: ...interface on the Linux server via which the decapsulation packets can Egress In case there is only one interface the ingress interface itself can be specified as Egress and the analyzer can listen in the tx direction Port Monitoring 808 ...

Page 809: ...e same time using the same IP subnet address space for all community and isolated VLANs mapped to the same primary VLAN In more detail community VLANs are especially useful in the service provider environment because multiple customers are likely to maintain servers that must be strictly separated in customer specific groups A set of servers owned by a customer could comprise a community VLAN so t...

Page 810: ...e VLAN is a port in a secondary VLAN The port must first be assigned that role in INTERFACE mode A port assigned the host role cannot be added to a regular VLAN Isolated port a port that in Layer 2 can only communicate with promiscuous ports that are in the same PVLAN Promiscuous port a port that is allowed to communicate with any other port type in the PVLAN A promiscuous port can be part of more...

Page 811: ...EC mode or EXEC Privilege mode show vlan private vlan community interface isolated primary primary_vlan interface interface Display primary secondary VLAN mapping EXEC mode or EXEC Privilege mode show vlan private vlan mapping Set the PVLAN mode of the selected port INTERFACE switchport mode private vlan host promiscuous trunk NOTE Secondary VLANs are Layer 2 VLANs so even if they are operationall...

Page 812: ...the Interfaces chapter NOTE You cannot add interfaces that are configured as PVLAN ports to regular VLANs You also cannot add regular ports ports not configured as PVLAN ports to PVLANs The following example shows the switchport mode private vlan command on a port and on a port channel Dell conf Dell conf interface TenGigabitEthernet 2 1 Dell conf if te 2 1 switchport mode private vlan promiscuous...

Page 813: ...vlan list The list of secondary VLANs can be Specified in comma delimited VLAN ID VLAN ID or hyphenated range format VLAN ID VLAN ID Specified with this command even before they have been created Amended by specifying the new secondary VLAN to be added to the list 5 Add promiscuous ports as tagged or untagged interfaces INTERFACE VLAN mode tagged interface or untagged interface Add PVLAN trunk por...

Page 814: ...VLAN mode private vlan mode community 4 Add one or more host ports to the VLAN INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format either comma delimited slot port port port or hyphenated slot port port You can only add host isolated ports to the VLAN Creating an Isolated VLAN An isolated VLAN is a secondary VLAN of a primary VLAN An is...

Page 815: ...ommands that are used in VLAN INTERFACE mode to configure the PVLAN member VLANs primary community and isolated VLANs Dell conf Dell conf interface vlan 10 Dell conf vlan 10 private vlan mode primary Dell conf vlan 10 private vlan mapping secondary vlan 100 101 Dell conf vlan 10 untagged Te 2 1 Dell conf vlan 10 tagged Te 2 3 Dell conf interface vlan 101 Dell conf vlan 101 private vlan mode commun...

Page 816: ...ssigned to the primary VLAN 4000 Te 1 24 and Te 1 47 are configured as host ports and assigned to the isolated VLAN VLAN 4003 Te 4 1 and Te 23 are configured as host ports and assigned to the community VLAN VLAN 4001 Te 4 24 and Te 4 47 are configured as host ports and assigned to community VLAN 4002 The result is that The ports in community VLAN 4001 can communicate directly with each other and w...

Page 817: ...n one secondary VLAN and destined for host PVLAN ports in the other switch travel through the promiscuous ports in the local VLAN 4000 and then through the trunk ports 1 25 in each switch Inspecting the Private VLAN Configuration The standard methods of inspecting configurations also apply in PVLANs To inspect your PVLAN configurations use the following commands Display the specific interface conf...

Page 818: ...e show vlan private vlan mapping command S50 1 show vlan private vlan mapping Private Vlan Primary 4000 Isolated 4003 Community 4001 NOTE In the following example notice the addition of the PVLAN codes P I and C in the left column The following example shows viewing the VLAN status S50V show vlan Codes Default VLAN G GVRP VLANs P Primary C Community I Isolated Q U Untagged T Tagged x Dot1x untagge...

Page 819: ...e vlan host no shutdown interface TenGigabitEthernet 1 25 no ip address switchport switchport mode private vlan trunk no shutdown interface Vlan 4000 private vlan mode primary private vlan mapping secondary vlan 4001 4003 no ip address tagged TenGigabitEthernet 1 3 25 no shutdown interface Vlan 4001 private vlan mode community Private VLANs PVLAN 819 ...

Page 820: ...ng tree instance for each virtual local area network VLAN Protocol Overview PVST is a variation of spanning tree developed by a third party that allows you to configure a separate spanning tree instance for each virtual local area network VLAN For more information about spanning tree refer to the Spanning Tree Protocol STP chapter 42 Per VLAN Spanning Tree Plus PVST 820 ...

Page 821: ...Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Implementation Information The Dell Networking OS implementation of PVST is based on IEEE Standard 802 1w Per VLAN Spanning Tree Plus PVST 821 ...

Page 822: ...nable PVST 4 Optionally for load balancing select a nondefault bridge priority for a VLAN Related Configuration Tasks Modifying Global PVST Parameters Modifying Interface PVST Parameters Configuring an EdgePort Flush MAC Addresses after a Topology Change Prevent Network Disruptions with BPDU Guard Enabling SNMP Traps for Root Elections and Topology Changes Configuring Spanning Trees as Hitless PVS...

Page 823: ...nterface or remove a PVST parameter configuration INTERFACE mode no spanning tree pvst Example of Viewing PVST Configuration To display your PVST configuration use the show config command from PROTOCOL PVST mode Dell_E600 conf pvst show config verbose protocol spanning tree pvst no disable vlan 100 bridge priority 4096 Per VLAN Spanning Tree Plus PVST 823 ...

Page 824: ...each VLAN This behavior demonstrates how you can use PVST to achieve load balancing Figure 110 Load Balancing with PVST The bridge with the bridge value for bridge priority is elected root Because all bridges use the default priority until configured otherwise the lowest MAC address is used as a tie breaker To increase the likelihood that a bridge is selected as the STP root assign bridges a low n...

Page 825: ...st 0 Number of transitions to forwarding state 2 BPDU sent 1159 received 632 The port is not in the Edge port mode Port 385 TenGigabitEthernet 1 32 is designated Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 385 Designated root has priority 4096 address 0001 e80d b6 d6 Designated bridge has priority 4096 address 0001 e80d b6 d6 Designated port id is 128 385 designated path ...

Page 826: ...ability that a port becomes a forwarding port Port cost a value that is based on the interface type The greater the port cost the less likely the port is selected to be a forwarding port Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost The following tables lists the default values for port cost by interface T...

Page 827: ...t is 128 The values for interface PVST parameters are given in the output of the show spanning tree pvst command as previously shown Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise it does not go thr...

Page 828: ...ee the no spanning tree command in CONFIGURATION mode PVST in Multi Vendor Networks Some non Dell Networking systems which have hybrid ports participating in PVST transmit two kinds of BPDUs an 802 1D BPDU and an untagged PVST BPDU Dell Networking systems do not expect PVST BPDU tagged or untagged on an untagged port If this situation occurs Dell Networking OS places the port in an Error Disable s...

Page 829: ...t do show spanning tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773 Address 0001 e832 73f7 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 32773 priority 32768 sys id ext 5 Address 0001 e832 73f7 We are the root of Vlan 5 Configured hello time 2 max age 20 forward delay 15 PVST Sample Configurations The following examples...

Page 830: ...riority 4096 Example of PVST Configuration R2 interface TenGigabitEthernet 2 12 no ip address switchport no shutdown interface TenGigabitEthernet 2 32 no ip address switchport no shutdown interface Vlan 100 no ip address tagged TenGigabitEthernet 2 12 32 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 2 12 32 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthe...

Page 831: ...gged TenGigabitEthernet 3 12 22 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3 12 22 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 3 12 22 no shutdown protocol spanning tree pvst no disable vlan 300 bridge priority 4096 Per VLAN Spanning Tree Plus PVST 831 ...

Page 832: ...ies on Ingress Traffic Ingress Configure Port based Rate Policing Ingress Configure Port based Rate Shaping Egress Policy Based QoS Configurations Ingress Egress Classify Traffic Ingress Create a Layer 3 Class Map Ingress Set DSCP Values for Egress Packets Based on Flow Ingress Create a Layer 2 Class Map Ingress Create a QoS Policy Ingress Egress Create an Input QoS Policy Ingress Configure Policy...

Page 833: ...icy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict Priority Queueing Weighted Random Early Detection Egress Quality of Service QoS 833 ...

Page 834: ...Policy Based QoS Configurations DSCP Color Maps Enabling QoS Rate Adjustment Enabling Strict Priority Queueing Weighted Random Early Detection Pre Calculating Available QoS CAM Space Configuring Weights and ECN for WRED Configuring WRED and ECN Attributes Guidelines for Configuring ECN for Classifying and Color Marking Packets Quality of Service QoS 834 ...

Page 835: ...ted Services RFC 2597 Assured Forwarding PHB Group RFC 2598 An Expedited Forwarding PHB You cannot configure port based and policy based QoS on the same interface Port Based QoS Configurations You can configure the following QoS features on an interface NOTE You cannot simultaneously use egress rate shaping and ingress rate policing on the same virtual local area network VLAN Setting dot1p Priorit...

Page 836: ...CE entries For more information refer to Mapping dot1p Values to Service Queues NOTE You cannot configure service policy input and service class dynamic dot1p on the same interface Honor dot1p priorities on ingress traffic INTERFACE mode service class dynamic dot1p Example of Configuring an Interface to Honor dot1p Priorities on Ingress Traffic Dell configure terminal Dell conf interface tengigabi...

Page 837: ...onf interface tengigabitethernet 1 1 Dell conf if te 1 1 rate police 100 40 peak 150 50 Dell conf if te 1 1 end Configuring Port Based Rate Shaping Rate shaping buffers rather than drops traffic exceeding the specified rate until the buffer is exhausted If any stream exceeds the configured bandwidth on a continuous basis it can consume all of the buffer space that is allocated to the port Dell Net...

Page 838: ...owing example Figure 113 Constructing Policy Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic For both class maps Layer 2 and Layer 3 Dell Networking OS matches packets against match criteria in the order that you configure them Quality of Service QoS 838 ...

Page 839: ... in CLASS MAP mode Match any class maps allow up to five ACLs Match all class maps allow only one ACL 4 Link the class map to a queue POLICY MAP mode service queue Example of Creating a Layer 3 Class Map Dell conf ip access list standard acl1 Dell config std nacl permit 20 0 0 0 8 Dell config std nacl exit Dell conf ip access list standard acl2 Dell config std nacl permit 20 1 1 0 24 order 0 Dell ...

Page 840: ...map CONFIGURATION mode class map match all 3 Specify your match criteria CLASS MAP mode match mac After you create a class map Dell Networking OS places you in CLASS MAP mode Match any class maps allow up to five access lists Match all class maps allow only one You can match against only one VLAN ID 4 Link the class map to a queue POLICY MAP mode service queue Determining the Order in Which ACLs a...

Page 841: ...s unintended traffic classification In the following example traffic is classified in two Queues 1 and 2 Class map ClassAF1 is match any and ClassAF2 is match all Display all class maps or a specific class map EXEC Privilege mode show qos class map Examples of Traffic Classifications The following example shows incorrect traffic classifications Dell show running config policy map input policy map ...

Page 842: ...0 IP 0x0 0 0 23 64 0 3 32 0 0 0 0 0 12 1 20419 1 10 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 14 1 24511 1 0 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 0 Create a QoS Policy There are two types of QoS policies input and output Input QoS policies regulate Layer 3 and Layer 2 ingress traffic The regulation mechanisms for input QoS policies are rate policing and setting priority values Layer 3 QoS input policies allow you to...

Page 843: ... POLICY IN mode rate police Setting a dot1p Value for Egress Packets To set a dot1p value for egress packets use the following command Set a dscp or dot1p value for egress packets QOS POLICY IN mode set mac dot1p Creating an Output QoS Policy To create an output QoS policy use the following commands 1 Create an output QoS policy CONFIGURATION mode qos policy output 2 After you configure an output ...

Page 844: ... Bandwidth Weights Queue Default Bandwidth Percentage for 4 Queue System Default Bandwidth Percentage for 8 Queue System 0 6 67 1 1 13 33 2 2 26 67 3 3 53 33 4 4 5 5 10 6 25 7 50 NOTE The system supports 8 data queues When you assign a percentage to one queue note that this change also affects the amount of bandwidth that is allocated to other queues Therefore whenever you are allocating bandwidth...

Page 845: ... Class Map or Input QoS Policy to a Queue To apply a class map or input QoS policy to a queue use the following command Assign an input QoS policy to a queue POLICY MAP IN mode service queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map use the following command Apply an input QoS policy to an input policy map POLICY MAP IN mode policy serv...

Page 846: ...te 1 16 31 001XXX AF1 Priority 0 0 15 000XXX BE Best Effort Best Effort 0 0 15 Enable the trust DSCP feature POLICY MAP IN mode trust diffserv Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature The following table specifies the queue to which the classified traffic is sent based on the dot1p value Table 73 Default dot1p t...

Page 847: ...th to dot1p based service queues use the following command Apply this command in the same way as the bandwidth percentage command in an output QoS policy refer to Allocating Bandwidth to Queue The bandwidth percentage command in QOS POLICY OUT mode supersedes the service class bandwidth percentage command Guarantee a minimum bandwidth to queues globally CONFIGURATION mode service class bandwidth p...

Page 848: ... interface Applying an Output QoS Policy to a Queue To apply an output QoS policy to a queue use the following command Apply an output QoS policy to queues INTERFACE mode service queue Specifying an Aggregate QoS Policy To specify an aggregate QoS policy use the following command Specify an aggregate QoS policy POLICY MAP OUT mode policy aggregate Applying an Output Policy Map to an Interface To a...

Page 849: ...ce which will either transmit or drop the packet based on configured queuing behavior Traffic marked as red high drop precedence is dropped Important Points to Remember All DSCP values that are not specified as yellow or red are colored green low drop precedence A DSCP value cannot be in both the yellow and red lists Setting the red or yellow list with any DSCP value that is already in the other l...

Page 850: ...e 1 11 qos dscp color policy bat enclave map Displaying DSCP Color Maps To display DSCP color maps use the show qos dscp color map command in EXEC mode Examples for Creating a DSCP Color Map Display all DSCP color maps Dell show qos dscp color map Dscp color map mapONE yellow 4 7 red 20 30 Dscp color map mapTWO yellow 16 55 Display a specific DSCP color map Dell show qos dscp color map mapTWO Dscp...

Page 851: ...Networking OS does not include the Preamble SFD or the IFG fields These fields are overhead only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations The Ethernet packet format consists of Preamble 7 bytes Preamble Start frame delimiter SFD 1 byte Destination MAC address 6 bytes Source MAC address 6 bytes Ethernet Type Leng...

Page 852: ... buffering resources from being consumed The WRED congestion avoidance mechanism drops packets to prevent buffering resources from being consumed Traffic is a mixture of various kinds of packets The rate at which some types of packets arrive might be greater than others In this case the space on the buffer and traffic manager BTM ingress or egress can be consumed by only one or a few types of traf...

Page 853: ...shold Maximum Threshold Maximum Drop Rate wred_drop 0 0 100 wred_teng_y 467 4671 100 wred_teng_g 467 4671 50 wred_fortyg_y 467 4671 50 wred_fortyg_g 467 4671 25 Creating WRED Profiles To create WRED profiles use the following commands 1 Create a WRED profile CONFIGURATION mode wred profile 2 Specify the minimum and maximum threshold values WRED mode threshold Quality of Service QoS 853 ...

Page 854: ...ecedence Assign a WRED profile to either yellow or green traffic QOS POLICY OUT mode wred Displaying Default and Configured WRED Profiles To display the default and configured WRED profiles use the following command Display default and configured WRED profiles and their threshold values EXEC mode show qos wred profile Displaying WRED Profiles Example of the show qos wred profile Command Dell show ...

Page 855: ...ble to apply to an interface a policy map that requires more entries than are available In this case the system writes as many entries as possible and then generates an CAM full error message shown in the following example The partial policy map configuration might cause unintentional system behavior EX2YD 12 DIFFSERV 2 DSA_QOS_CAM_INSTALL_FAILED Not enough space in L3 Cam PolicyQos for class 2 Te...

Page 856: ...s much of the same information as the test cam usage command but whether a policy map can be successfully applied to an interface cannot be determined without first measuring how many CAM entries the policy map would consume the test cam usage command is useful because it provides this measurement Verify that there are enough available CAM entries test cam usage Example of the test cam usage Comma...

Page 857: ...le a smooth seamless averaging of packets to handle the sudden overload of packets based on the previous time sampling performed You can specify the weight parameter for front end and backplane ports separately in the range of 0 through 15 You can enable WRED and ECN capabilities per queue for granularity You can disable these functionality per queue and you can also specify the minimum and maximu...

Page 858: ...guration Queue Configuration Service Pool Configuration WRED Threshold Relationship Q threshold Q T Service pool threshold SP T Expected Functionality WRED ECN WRED ECN 0 0 X X X WRED ECN not applicable 1 0 0 X X Queue based WRED No ECN marking 1 X Q T SP T SP T Q T SP based WRED No ECN marking 1 1 0 X X Queue based ECN marking above queue threshold ECN marking to shared buffer limits of the servi...

Page 859: ...e Dell conf wred wred profile thresh 2 Dell conf wred threshold min 300 max 400 max drop rate 80 4 Create a global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed mode Dell conf service pool wred green pool0 thresh 1 pool1 thresh 2 Dell conf service pool wred yellow pool0 thresh 3 pool1 thresh 4 Dell conf service p...

Page 860: ...packets as yellow packets ip access list standard ecn_0 seq 5 permit any ecn 0 class map match any ecn_0_cmap match ip access group ecn_0 set color yellow policy map input ecn_0_pmap service queue 0 class map ecn_0_cmap Applying this policy map ecn_0_pmap will mark all the packets with ecn 0 as yellow packets on queue0 default queue Classifying Incoming Packets Using ECN and Color Marking Explicit...

Page 861: ... 8 bit ToS field of the IPv4 header shall be used to classify traffic The Dell Networking OS Release 9 3 0 0 supports the following QOS actions in the ingress policy based QOS 1 Rate Policing 2 Queuing 3 Marking For the L3 Routed packets the DSCP marking is the only marking action supported in the software As a part of this feature the additional marking action to set the color of the traffic will...

Page 862: ...y default Dell Networking OS drops all the RED or violate packets The following combination of marking actions to be specified match sequence of the class map command set a new DSCP for the packet set the packet color as yellow set the packet color as yellow and set a new DSCP for the packet This marking action to set the color of the packet is allowed only on the match any logical operator of the...

Page 863: ...dscp_40 service queue 3 class map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets ip access list standard dscp_50_ecn seq 5 permit any dscp 50 ecn 1 seq 10 permit any dscp 50 ecn 2 seq 15 permit any dscp 50 ecn 3 ip access list standard dscp_40_ecn seq 5 permit any dscp 40 ecn 1 seq 10 permit any dscp 40 ecn 2 seq 15 permit any dscp 40 ecn 3 ip access list standard dscp_5...

Page 864: ... Configure a Layer 2 QoS policy with Layer 2 Dot1p or source MAC based match criteria CONFIGURATION mode Dell conf policy map input l2p layer2 3 Apply the Layer 2 policy on a Layer 3 interface INTERFACE mode Dell conf if fo 1 4 service policy input l2p layer2 Applying DSCP and VLAN Match Criteria on a Service Queue You can configure Layer 3 class maps which contain both a Layer 3 Differentiated Se...

Page 865: ... IN mode Dell conf qos policy in set ip dscp 5 6 Create an input policy map CONFIGURATION mode Dell conf policy map input pp_policmap 7 Create a service queue to associate the class map and QoS policy map POLICY MAP mode Dell conf policy map in service queue 0 class map pp_classmap qos policy pp_qospolicy Classifying Incoming Packets Using ECN and Color Marking Explicit Congestion Notification ECN...

Page 866: ...the 2 bit ECN field of the IPv4 packet will also be available to be configured as one of the match qualifier This way the entire 8 bit ToS field of the IPv4 header shall be used to classify traffic The Dell Networking OS Release 9 3 0 0 supports the following QOS actions in the ingress policy based QOS 1 Rate Policing 2 Queuing 3 Marking For the L3 Routed packets the DSCP marking is the only marki...

Page 867: ... the class map configuration By default all packets are considered as green without the rate policer and trust diffserve configuration and hence support would be provided to mark the packets as yellow alone will be provided By default Dell Networking OS drops all the RED or violate packets The following combination of marking actions to be specified match sequence of the class map command set a ne...

Page 868: ...lt all packets less than PIR would be considered as Green But Green packets matching the specific match criteria for which color marking is configured will be over written and marked as Yellow If two rate three color policer is configured along with this feature then x CIR will be marked as Green CIR x PIR will be marked as Yellow PIR x will be marked as Red But Green packets matching the specific...

Page 869: ... can be achieved using either of the two approaches Approach without explicit ECN match qualifiers for ECN packets ip access list standard dscp_50 seq 5 permit any dscp 50 ip access list standard dscp_40 seq 5 permit any dscp 40 ip access list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ip access list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class map match any class_dsc...

Page 870: ... the tracking of statistical values of buffer spaces at a global level The buffer statistics tracking utility operates in the max use count mode that enables the collection of maximum values of counters To configure the buffer statistics tracking utility perform the following step 1 Enable the buffer statistics tracking utility and enter the Buffer Statistics Snapshot configuration mode CONFIGURAT...

Page 871: ...ERED CELLS MCAST 3 0 Unit 1 unit 3 port 5 interface Fo 1 148 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 9 interface Fo 1 152 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 13 interface Fo 1 156 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 17 interface Fo 1 160 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 21 interface Fo 1 164 Q TYPE Q TOTAL B...

Page 872: ...ormation for a specific interface EXEC EXEC Privilege mode Dell show hardware buffer stats snapshot resource interface fortyGigE 0 0 queue all Unit 0 unit 0 port 1 interface Fo 0 0 Q TYPE Q TOTAL BUFFERED CELLS UCAST 0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0 0 MCAST 1 0 MCAST 2 0 MCAST 3 0 MCAST 4 0 MCAST 5 0 MCAST 6...

Page 873: ...hed after RIP sends out one or more broadcast signals to all adjacent nodes in a network Hop counts of these signals are tracked and entered into the routing table which defines where nodes in the network are located The information that is used to update the routing table is sent as either a request or response message In RIPv1 automatic updates to the routing table are performed as either one ti...

Page 874: ...terfaces The following table lists the defaults for RIP in Dell Networking OS Table 77 RIP Defaults Feature Default Interfaces running RIP Listen to RIPv1 and RIPv2 Transmit RIPv1 RIP timers update timer 30 seconds invalid timer 180 seconds holddown timer 180 seconds flush timer 240 seconds Auto summarization Enabled ECMP paths supported 16 Configuration Information By default RIP is disabled in D...

Page 875: ... mode and enable the RIP process on Dell Networking OS CONFIGURATION mode router rip 2 Assign an IP network address as a RIP network to exchange routing information ROUTER RIP mode network ip address Examples of Verifying RIP is Enabled and Viewing RIP Routes After designating networks with which the system is to exchange RIP information ensure that all devices on that network are configured to ex...

Page 876: ...0 10 12 00 01 22 Fa 1 49 192 162 3 0 24 auto summary To disable RIP globally use the no router rip command in CONFIGURATION mode Configure RIP on Interfaces When you enable RIP globally on the system interfaces meeting certain conditions start receiving RIP routes By default interfaces that you enable and configure with an IP address in the same subnet as the RIP network address receive RIPv1 and ...

Page 877: ...P routes use the following commands Assign a configured prefix list to all incoming RIP routes ROUTER RIP mode distribute list prefix list name in Assign a configured prefix list to all outgoing RIP routes ROUTER RIP mode distribute list prefix list name out To view the current RIP configuration use the show running config command in EXEC mode or the show config command in ROUTER RIP mode Adding R...

Page 878: ...only one or the other version use the ip rip send version or the ip rip receive version commands in INTERFACE mode You can set one RIP version globally on the system using system This command sets the RIP version for RIP traffic on the interfaces participating in RIP unless the interface was specifically configured for a specific RIP version Set the RIP version sent and received on the system ROUT...

Page 879: ...ing both RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example Dell conf if ip rip send version 1 2 Dell conf if ip rip receive version 2 The following example of the show ip protocols command confirms that both versions are sent out that interface This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally shown in bold Dell show ip p...

Page 880: ... and summarizes RIP routes up to the classful network boundary If you must perform routing between discontiguous subnets disable automatic summarization With automatic route summarization disabled subnets are advertised The autosummary command requires no other configuration commands To disable automatic route summarization enter no autosummary in ROUTER RIP mode NOTE If you enable the ip split ho...

Page 881: ... the configuration changes use the show config command in ROUTER RIP mode Debugging RIP The debug ip rip command enables RIP debugging When you enable debugging you can view information on RIP protocol changes or RIP routes To enable RIP debugging use the following command debug ip rip interface database events trigger EXEC privilege mode Enable debugging of RIP Example of the debug ip rip Command...

Page 882: ... 0 Core2 conf router_rip show config router rip network 10 0 0 0 version 2 Core2 conf router_rip Core 2 RIP Output The examples in the section show the core 2 RIP output Examples of the show ip Commands to View Core 2 Information To display Core 2 RIP database use the show ip rip database command To display Core 2 RIP setup use the show ip route command To display Core 2 RIP activity use the show ...

Page 883: ...y Dist Metric Last Change C 10 11 10 0 24 Direct Te 2 11 0 0 00 02 26 C 10 11 20 0 24 Direct Te 2 3 0 0 00 02 02 R 10 11 30 0 24 via 10 11 20 1 Te 2 3 120 1 00 01 20 C 10 200 10 0 24 Direct Te 2 4 0 0 00 03 03 C 10 300 10 0 24 Direct Te 2 5 0 0 00 02 42 R 192 168 1 0 24 via 10 11 20 1 Te 2 3 120 1 00 01 20 R 192 168 2 0 24 via 10 11 20 1 Te 2 3 120 1 00 01 20 Core2 R 192 168 1 0 24 via 10 11 20 1 ...

Page 884: ... show ip rip database command To display Core 3 RIP setup use the show ip route command To display Core 3 RIP activity use the show ip protocols command Examples of the show ip Commands to View Learned RIP Routes on Core 3 The following example shows the show ip rip database command to view the learned RIP routes on Core 3 Core3 show ip rip database Total number of routes in RIP database 7 10 11 1...

Page 885: ...0 01 14 C 192 168 1 0 24 Direct Te 3 23 0 0 00 06 53 C 192 168 2 0 24 Direct Te 3 24 0 0 00 06 26 Core3 The following example shows the show ip protocols command to show the RIP configuration activity on Core 3 Core3 show ip protocols Routing Protocol is RIP Sending updates every 30 seconds next due in 6 Invalid after 180 seconds hold down 180 flushed after 240 Output delay 8 milliseconds between ...

Page 886: ...2 5 ip address 10 250 10 1 24 no shutdown router rip version 2 10 200 10 0 10 300 10 0 10 11 10 0 10 11 20 0 The following example shows viewing the RIP configuration on Core 3 interface TenGigabitEthernet 3 1 ip address 10 11 30 1 24 no shutdown interface TenGigabitEthernet 3 2 ip address 10 11 20 1 24 no shutdown interface TenGigabitEthernet 3 4 ip address 192 168 1 1 24 no shutdown interface Te...

Page 887: ...erfaces may be chosen by using alarms and events with standard management information bases MIBs Topics Implementation Information Fault Recovery Implementation Information Configure SNMP prior to setting up RMON For a complete SNMP implementation description refer to Simple Network Management Protocol SNMP Configuring RMON requires using the RMON CLI and includes the following tasks Setting the r...

Page 888: ...al delta absolute rising threshold value event number falling threshold value event number owner string OR no rmon hc alarm number variable interval delta absolute rising threshold value event number falling threshold value event number owner string Configure the alarm using the following optional parameters number alarm number an integer from 1 to 65 535 the value must be unique in the RMON Alarm...

Page 889: ... falling threshold 0 the alarm is reset and can be triggered again Dell conf rmon alarm 10 1 3 6 1 2 1 2 2 1 20 1 20 delta rising threshold 15 1 falling threshold 0 1 owner nms1 Configuring an RMON Event To add an event in the RMON event table use the rmon event command in GLOBAL CONFIGURATION mode Add an event in the RMON event table CONFIGURATION mode no rmon event number log trap community desc...

Page 890: ...a specified RMON statistics collection use the no form of this command The following command example enables the RMON statistics collection on the interface with an ID value of 20 and an owner of john Dell conf if mgmt rmon collection statistics controlEntry 20 owner john Configuring the RMON Collection History To enable the RMON MIB history group of statistics collection on an interface use the r...

Page 891: ... The value is ranged from 5 to 3 600 Seconds The default is 1 800 as defined in RFC 2819 Example of the rmon collection history Command To remove a specified RMON history group of statistics collection use the no form of this command The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john both the sampling interval and t...

Page 892: ...pports three other variations of spanning tree as shown in the following table Table 78 Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Configuring Rapid Spanning Tree Configuring RSTP is a t...

Page 893: ...e possible topology changes after link or node failure configure it using the following specifications The following recommendations help you avoid these issues and the associated traffic loss caused by using RSTP when you enable VLT on both VLT peers Configure any ports at the edge of the spanning tree s operating domain as edge ports which are directly connected to end stations or server racks P...

Page 894: ...mode are automatically part of the RST topology Only one path from any bridge to any other bridge is enabled Bridges block a redundant path by disabling one of the link ports To enable RSTP globally for all Layer 2 interfaces use the following commands 1 Enter PROTOCOL SPANNING TREE RSTP mode CONFIGURATION mode protocol spanning tree rstp 2 Enable RSTP PROTOCOL SPANNING TREE RSTP mode no disable E...

Page 895: ... 0 We are the root Current root has priority 32768 Address 0001 e801 cbb4 Number of topology changes 4 last change occurred 00 02 17 ago on Te 1 26 Port 377 TenGigabitEthernet 2 1 is designated Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 377 Designated root has priority 32768 address 0001 e801 cbb4 Designated bridge has priority 32768 address 0001 e801 cbb4 Designated por...

Page 896: ...m EXEC privilege mode R3 show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768 Address 0001 e801 cbb4 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 32768 Address 0001 e80f 1dad Configured hello time 2 max age 20 forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID Te 3 1 128 681 128 20000 BLK...

Page 897: ...g Tree group parameters Poorly planned modification of the RSTP parameters can negatively affect network performance The following table displays the default values for RSTP Table 79 RSTP Default Values RSTP Parameter Default Value Forward Delay 15 seconds Hello Time 2 seconds Max Age 20 seconds Port Cost 100 Mb s Ethernet interfaces 1 Gigabit Ethernet interfaces 10 Gigabit Ethernet interfaces 40 ...

Page 898: ...es To enable SNMP traps use the following command Enable SNMP traps for RSTP MSTP and PVST collectively snmp server enable traps xstp Modifying Interface Parameters On interfaces in Layer 2 mode you can set the port cost and port priority values Port cost a value that is based on the interface type The previous table lists the default values The greater the port cost the less likely the port is se...

Page 899: ... bridge To change the bridge priority use the following command Assign a number as the bridge priority or designate it as the primary or secondary root PROTOCOL SPANNING TREE RSTP mode bridge priority priority value priority value The range is from 0 to 65535 The lower the number assigned the more likely this bridge becomes the root bridge The default is 32768 Entries must be multiples of 4096 Exa...

Page 900: ...ew member port is also disabled in the hardware When you remove a physical port from a port channel in the Error Disable state the error disabled state is cleared on this physical port the physical port is enabled in the hardware You can clear the Error Disabled state with any of the following methods Perform an shutdown command on the interface Disable the shutdown on violation command on the int...

Page 901: ...e order of milliseconds PROTOCOL RSTP mode hello time milli second interval The range is from 50 to 950 milliseconds Example of Verifying Hello Time Interval Dell conf rstp do show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0 Address 0001 e811 2233 Root Bridge hello time 50 ms max age 20 forward delay 15 Bridge ID Priority 0 Address 0001 e811 2233 We...

Page 902: ...Software Defined Networking SDN The Dell Networking OS supports software defined networking SDN For more information see the SDN Deployment Guide 47 Software Defined Networking SDN 902 ...

Page 903: ...d to AAA security refer to the Security chapter in the Dell Networking OS Command Reference Guide AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services When you enable AAA accounting the network server reports user activity to the security server in the form of accounting records Each accounting record comprises ac...

Page 904: ...s start stop use for more accounting information to send a start accounting notice at the beginning of the requested event and a stop accounting notice at the end wait start ensures that the TACACS security server acknowledges the start notice before granting the user s process request stop only use for minimal accounting instructs the TACACS server to send a stop record accounting notice at the e...

Page 905: ...g for Terminal Lines To enable AAA accounting with a named method list for a specific terminal line where com15 and execAcct are the method list names use the following commands Configure AAA accounting for terminal lines CONFIG LINE VTY mode accounting commands 15 com15 accounting exec execAcct Example of Enabling AAA Accounting with a Named Method List Dell config line vty accounting commands 15...

Page 906: ...n which they are applied You can define a method list or use the default method list User defined method lists take precedence over the default method list NOTE If a console user logs in with RADIUS authentication the privilege level is applied from the RADIUS server if the privilege level is configured for that user in RADIUS whether you configure RADIUS authorization NOTE RADIUS and TACACS serve...

Page 907: ...rules the enable password command line use the password you defined using the password command in LINE mode local use the username password database defined in the local configuration none no authentication radius use the RADIUS servers configured with the radius server host command tacacs use the TACACS servers configured with the tacacs server host command 2 Enter LINE mode CONFIGURATION mode li...

Page 908: ...ver host x x x x key some password 3 Establish a host address and password CONFIGURATION mode tacacs server host x x x x key some password Examples of the enable commands for RADIUS To get enable authentication from the RADIUS server and use TACACS as a backup issue the following commands The following example shows enabling authentication from the RADIUS server Dell config aaa authentication enab...

Page 909: ... and keys are stored encrypted in the configuration file and by default are displayed in the encrypted form when the configuration is displayed Enabling the service obscure passwords command displays asterisks instead of the encrypted passwords and keys This command prevents a user from reading these passwords and keys by obscuring this information with asterisks Password obscuring masks the passw...

Page 910: ... disable commands Privilege level 15 the default level for the enable command is the highest level In this level you can access any command in Dell Networking OS Privilege levels 2 through 14 are not configured and you can customize them for different users and access After you configure other privilege levels enter those levels by adding the level parameter after the enable command or by configur...

Page 911: ...level The range is from 0 to 15 Secret Specify the secret for the user To view username use the show users command in EXEC Privilege mode Configuring the Enable Password Command To configure Dell Networking OS use the enable command to enter EXEC Privilege level 15 After entering the command Dell Networking OS requests that you enter a password Privilege levels are not assigned to passwords rather...

Page 912: ...custom privilege level use the following commands You must be in privilege level 15 1 Assign a user name and password CONFIGURATION mode username name access class access list name privilege level nopassword password encryption type password Secret Configure the optional and required parameters name Enter a text string up to 63 characters maximum long access class access list name Restrict access ...

Page 913: ...s privilege level 8 Line 3 The configure command is assigned to privilege level 8 because it needs to reach CONFIGURATION mode where the snmp server commands are located Line 4 The snmp server commands in CONFIGURATION mode are assigned to privilege level 8 Dell conf username john privilege 8 password john Dell conf enable password level 8 notjohn Dell conf privilege exec level 8 configure Dell co...

Page 914: ...l for the terminal lines LINE mode privilege level level level level The range is from 0 to 15 Levels 0 1 and 15 are pre configured Levels 2 to 14 are available for custom configuration Specify either a plain text or encrypted password LINE mode password encryption type password Configure the following optional and required parameters encryption type Enter 0 for plain text or 7 for encrypted text ...

Page 915: ...more information about RADIUS refer to RFC 2865 Remote Authentication Dial in User Service RADIUS Authentication Dell Networking OS supports RADIUS for user authentication text password at login and can be specified as one of the login authentication methods in the aaa authentication login command When configuring AAA authorization you can configure to limit the attributes of services available to...

Page 916: ... there is a very long delay for an entry or a denied entry because of an ACL and a message is logged NOTE The ACL name must be a string Only standard ACLs in authorization both RADIUS and TACACS are supported Authorization is denied in cases using Extended ACLs Auto Command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line...

Page 917: ...o authenticate or authorize users on the system create a AAA method list Default method lists do not need to be explicitly applied to the line so they are not mandatory To create a method list use the following commands Enter a text string up to 16 characters long as the name of the method list you wish to use with the RADIUS authentication method CONFIGURATION mode aaa authentication login method...

Page 918: ...obal default values for all RADIUS host are applied To specify multiple RADIUS server hosts configure the radius server host command multiple times If you configure multiple RADIUS server hosts Dell Networking OS attempts to connect with them in the order in which they were configured When Dell Networking OS attempts to authenticate a user the software connects with the RADIUS server hosts one at ...

Page 919: ... key can be up to 42 characters long You cannot use spaces in the key Configure the number of times Dell Networking OS retransmits RADIUS requests CONFIGURATION mode radius server retransmit retries retries the range is from 0 to 100 Default is 3 retries Configure the time interval the system waits for a RADIUS server host response CONFIGURATION mode radius server timeout seconds seconds the range...

Page 920: ...sts specified To use TACACS to authenticate users specify at least one TACACS server for the system to communicate with and configure TACACS as one of your authentication methods To select TACACS as the login authentication method use the following commands 1 Configure a TACACS server host CONFIGURATION mode tacacs server host ip address host Enter the IP address or host name of the TACACS server ...

Page 921: ...ation exec default tacacs none aaa authorization commands 1 default tacacs none aaa authorization commands 15 default tacacs none aaa accounting exec default start stop tacacs aaa accounting commands 1 default start stop tacacs aaa accounting commands 15 default start stop tacacs Dell conf Dell conf do show run tacacs tacacs server key 7 d05206c308f4d35b tacacs server host 10 10 10 10 timeout 1 De...

Page 922: ...ACS Server Host Dell conf Dell conf aaa authentication login tacacsmethod tacacs Dell conf aaa authentication exec tacacsauthorization tacacs Dell conf tacacs server host 25 1 1 2 key Force Dell conf Dell conf line vty 0 9 Dell config line vty login authentication tacacsmethod Dell config line vty end Specifying a TACACS Server Host To specify a TACACS server host and configure its communication p...

Page 923: ...ation failure Command authorization failed for user denyall on vty0 10 11 9 209 Certain TACACS servers do not authenticate the device if you use the aaa authorization commands level default local tacacs command To resolve the issue use the aaa authorization commands level default tacacs local command Protection from TCP Tiny and Overlapping Fragment Attacks Tiny and overlapping fragment attack is ...

Page 924: ... example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting Dell conf ip ssh server version 2 Dell conf do show ip ssh SSH server enabled SSH server version v2 SSH server vrf default SSH server ciphers 3des cbc aes128 cbc aes192 cbc aes256 cbc aes128 ctr aes192 ctr aes256 ctr SSH server macs hmac md5 hmac md5 96 hmac sha1 hmac sha1 9...

Page 925: ...e a user ip ssh connection rate limit configure the maximum number of incoming SSH connections per minute ip ssh hostbased authentication enable enable host based authentication for the SSHv2 server ip ssh key size configure the size of the server generated RSA SSHv1 key ip ssh password authentication enable enable password authentication for the SSH server ip ssh pub key file specify the file the...

Page 926: ...r one of the thresholds is reached To configure the time or volume rekey threshold at which to re generate the SSH key during an SSH session use the ip ssh rekey time rekey interval volume rekey limit command CONFIGURATION mode Configure the following parameters rekey interval time based rekey threshold for an SSH session The range is from 10 to 1440 minutes The default is 60 minutes rekey limit v...

Page 927: ...y Exchange Algorithm The following example shows you how to configure a key exchange algorithm Dell conf ip ssh server kex diffie hellman group exchange sha1 diffie hellman group14 sha1 Configuring the HMAC Algorithm for the SSH Server To configure the HMAC algorithm for the SSH server use the ip ssh server mac hmac algorithm command in CONFIGURATION mode hmac algorithm Enter a space delimited lis...

Page 928: ...es192 ctr aes256 ctr The default cipher list is aes256 ctr aes256 cbc aes192 ctr aes192 cbc aes128 ctr aes128 cbc 3des cbc Example of Configuring a Cipher List The following example shows you how to configure a cipher list Dell conf ip ssh server cipher 3des cbc aes128 cbc aes128 ctr Secure Shell Authentication Secure Shell SSH is enabled by default using the SSH Password Authentication method Ena...

Page 929: ...tes an SSH client based on an RSA key using RSA authentication This method uses SSH version 2 1 On the SSH client Unix machine generate an RSA key as shown in the following example 2 Copy the public key id_rsa pub to the Dell Networking system 3 Disable password authentication if enabled CONFIGURATION mode no ip ssh password authentication enable 4 Enable RSA authentication in SSH CONFIGURATION Mo...

Page 930: ...tication CONFIGURATION mode ip ssh hostbased authentication enable 7 Bind shosts and rhosts to host based authentication CONFIGURATION mode ip ssh pub key file flash filename or ip ssh rhostsfile flash filename Examples of Creating shosts and rhosts The following example shows creating shosts admin Unix_client cd etc ssh admin Unix_client ls moduli sshd_config ssh_host_dsa_key pub ssh_host_key pub...

Page 931: ...erm Enable host based authentication on the server Dell Networking system and the client Unix machine The following message appears if you attempt to log in via SSH and host based is disabled on the client In this case verify that host based authentication is set to Yes in the file ssh_config root permission is required to edit this file permission denied host based If the IP address in the RSA ke...

Page 932: ...ter RADIUS YES NO YES with Dell Networking OS version 6 1 1 0 and later Dell Networking OS provides several ways to configure access classes for VTY lines including VTY Line Local Authentication and Authorization VTY Line Remote Authentication and Authorization VTY Line Local Authentication and Authorization Dell Networking OS retrieves the access class from the local database To use this feature ...

Page 933: ...fig line vty login authentication localmethod Dell config line vty end VTY Line Remote Authentication and Authorization Dell Networking OS retrieves the access class from the VTY line The Dell Networking OS takes the access class from the VTY line and applies it to ALL users Dell Networking OS does not need to know the identity of the incoming user and can immediately apply the access class If the...

Page 934: ...ed Access Control With Role Based Access Control RBAC access and authorization is controlled based on a user s role Users are granted permissions based on their user roles not on their individual user ID User roles are created for job functions and through those roles they acquire the permissions to perform their associated job function This chapter consists of the following sections Overview Priv...

Page 935: ...role commands The role command allows you to change permissions based on the role You can modify the permissions specific to that command and or command option For more information see Modifying Command Permissions for Roles NOTE When you enter a user role you have already been authenticated and authorized You do not need to enter an enable password because you will be automatically placed in EXEC...

Page 936: ...le if you configure the authentication method list in the following order TACACS local Dell Networking recommends that authorization method list is configured in the same order TACACS local 4 Specify authorization method list RADIUS TACACS or Local You must at least specify local authorization For consistency the best practice is to define the same authorization method list across all lines in the...

Page 937: ...rk topology The security administrator commands include FIPS mode enablement password policies inactivity timeouts banner establishment and cryptographic key operations for secure access paths System Administrator sysadmin This role has full access to all the commands in the system exclusive access to commands that manipulate the file system formatting and access to the system shell This role can ...

Page 938: ... and create it again If the user role is in use you cannot delete the user role 1 Create a new user role CONFIGURATION mode userrole name inherit existing role name 2 Verify that the new user role has inherited the security administrator permissions Dell conf do show userroles EXEC Privilege mode 3 After you create a user role configure permissions for the new user role See Modifying Command Permi...

Page 939: ... mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route map Route map configuration mode router Router configuration mode Examples Deny Network Administrator from Using the show users Command The following example denies the netadmin role from using the show users command and then verifies that netadmin cannot access the show users command in exec mode Note t...

Page 940: ...cess to LINE mode and then verifies that the security administrator can no longer access LINE mode using the show role mode configure line command in EXEC Privilege mode Dell conf role configure deleterole secadmin LINE Initial keywords of the command to modify Dell conf role configure deleterole secadmin line Dell conf do show role mode configure Global configuration mode exec Exec Mode interface...

Page 941: ...e following AAA Authentication and Authorization for Roles configuration tasks Configuring AAA Authentication for Roles Configuring AAA Authorization for Roles Configuring TACACS and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination Users with defined roles and users with privileges are authenticated with the s...

Page 942: ...le based only mode To configure AAA authorization use the aaa authorization exec command in CONFIGURATION mode The aaa authorization exec command determines which CLI mode the user will start in for their session for example Exec mode or Exec Privilege mode For information about how to configure authentication for roles see Configure AAA Authentication for Roles aaa authorization exec method list ...

Page 943: ...raaa accounting commands role netadmin ucraaa line vty 9 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa Configuring TACACS and RADIUS VSA Attributes for RBAC For RBAC and privilege levels the Dell Networking OS RADIUS and TACACS implementation supports two vendor specific options privilege level and roles The Dell Networking vendor ID is 6027 and the...

Page 944: ...S user group The user IDs are associated with the user group Role Accounting This section describes how to configure role accounting and how to display active sessions for roles This sections consists of the following topics Configuring AAA Accounting for Roles Applying an Accounting Method to a Role Displaying Active Accounting Sessions for Roles Configuring AAA Accounting for Roles To configure ...

Page 945: ...ord 00 00 26 Elapsed service shell Display Information About User Roles This section describes how to display information about user roles This sections consists of the following topics Displaying User Roles Displaying Information About Roles Logged into the Switch Displaying Active Accounting Sessions for Roles Displaying User Roles To display user roles using the show userrole command in EXEC Pr...

Page 946: ...ow role mode configure interface Role access netadmin sysadmin Dell show role mode configure line Role access netadmin sysadmin Displaying Information About Users Logged into the Switch To display information on all users logged into the switch using the show users command in EXEC Privilege mode The output displays privilege level and or user role The mode is displayed at the start of the output a...

Page 947: ...tions customers and the provider would still share the 4094 available VLANs Instead 802 1ad allows service providers to add their own VLAN tag to frames traversing the provider network The provider can then differentiate customers even if they use the same VLAN ID and providers can map multiple customers to a single VLAN to overcome the 4094 VLAN limitation Forwarding decisions in the provider net...

Page 948: ...raffic add these interfaces to a non default VLAN Stack enabled VLAN Dell Networking cautions against using the same MAC address on different customer VLANs on the same VLAN Stack VLAN You cannot ping across the trunk port link if one or both of the systems is an S4048 ON This limitation becomes relevant if you enable the port as a multi purpose port carrying single tagged and double tagged traffi...

Page 949: ... port on a service provider bridge that connects to another service provider bridge and is a member of multiple service provider VLANs Physical ports and port channels can be access or trunk ports 1 Assign the role of access port to a Layer 2 port on a provider bridge that is connected to a customer INTERFACE mode vlan stack access 2 Assign the role of trunk port to a Layer 2 port on a provider br...

Page 950: ...king enabled VLAN are marked with an M in column Q Dell show vlan Codes Default VLAN G GVRP VLANs NUM Status Q Ports 1 Active U Te 3 0 5 18 2 Inactive 3 Inactive 4 Inactive 5 Inactive 6 Active M Po1 Te 3 14 15 M Te 3 13 Dell Configuring the Protocol Type Value for the Outer VLAN Tag The tag protocol identifier TPID field of the S Tag is user configurable To set the S Tag TPID use the following com...

Page 951: ...TenGigabitEthernet 1 1 is a trunk port that is configured as a hybrid port and then added to VLAN 100 as untagged VLAN 101 as tagged and VLAN 103 which is a stacking VLAN Dell conf interface tenigabitethernet 1 1 Dell conf if te 1 1 portmode hybrid Dell conf if te 1 1 switchport Dell conf if te 1 1 vlan stack trunk Dell conf if te 1 1 show config interface TenGigabitEthernet 1 1 no ip address port...

Page 952: ...ue for the outer tag TPID Systems may use any 2 byte value Dell Networking OS uses 0x9100 shown in the following while non Dell Networking systems might use a different value If the next hop system s TPID does not match the outer tag TPID of the incoming frame the system drops the frame For example as shown in the following the frame originating from Building A is tagged VLAN RED and then double t...

Page 953: ...ated as untagged This rule applies for both the outer tag TPID of a double tagged frame and the TPID of a single tagged frame For example if you configure TPID 0x9100 the system treats 0x8100 and untagged traffic the same and maps both types to the default VLAN as shown by the frame originating from Building C For the same traffic types if you configure TPID 0x8100 the system is able to differenti...

Page 954: ...Therefore a mismatched TPID results in the port not differentiating between tagged and untagged traffic Figure 118 Single and Double Tag TPID Match Service Provider Bridging 954 ...

Page 955: ...Figure 119 Single and Double Tag First byte TPID Match Service Provider Bridging 955 ...

Page 956: ...Figure 120 Single and Double Tag TPID Mismatch The following table details the outcome of matched and mismatched TPIDs in a VLAN stacking network with the S Series Service Provider Bridging 956 ...

Page 957: ...witch to default VLAN switch to default VLAN Egress Access Point untagged 0xUVWX switch to default VLAN switch to default VLAN double tag 0xUVWX 0xUVWX double tag match switch to VLAN switch to VLAN 0xUVYZ double tag first byte match switch to VLAN switch to default VLAN 0xQRST double tag mismatch switch to default VLAN switch to default VLAN VLAN Stacking Packet Drop Precedence VLAN stacking pack...

Page 958: ... Networking OS drop precedence Precedence can have one of three colors Precedence Description Green High priority packets that are the least preferred to be dropped Yellow Lower priority packets that are treated as best effort Red Lowest priority packets that are always dropped regardless of congestion status Honor the incoming DEI value by mapping it to an Dell Networking OS drop precedence INTER...

Page 959: ...the DEI value on egress according to the color currently assigned to the packet INTERFACE mode dei mark green yellow 0 1 Example of Viewing DEI Marking Configuration To display the DEI marking configuration use the show interface dei mark interface slot port subport in EXEC Privilege mode Dell show interface dei mark Default CFI DEI Marking 0 Interface Drop precedence CFI DEI Te 1 1 Green 0 Te 1 1...

Page 960: ...nt CAM entries each in a different Layer 2 ACL FP block NOTE The ability to map incoming C Tag dot1p to any S Tag dot1p requires installing up to eight entries in the Layer 2 QoS and Layer 2 ACL table for each configured customer VLAN The scalability of this feature is limited by the impact of the 1 8 expansion in these content addressable memory CAM tables Dell Networking OS Behavior For Option A...

Page 961: ...down Mapping C Tag to S Tag dot1p Values To map C Tag dot1p values to S Tag dot1p values and mark the frames accordingly use the following commands 1 Allocate CAM space to enable queuing frames according to the C Tag or the S Tag CONFIGURATION mode cam acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number vman qos vman qos dual fp num...

Page 962: ...te Shaping or Rate Policing Layer 2 Protocol Tunneling Spanning tree bridge protocol data units BPDUs use a reserved destination MAC address called the bridge group address which is 01 80 C2 00 00 00 Only spanning tree bridges on the local area network LAN recognize this address and process the BPDU When you use VLAN stacking to connect physically separate regions of a network BPDUs attempting to ...

Page 963: ...e MAC address BPDUs are treated as normal data frames by the switches in the intermediate network core On egress edge of the intermediate network the MAC address rewritten to the original MAC address and forwarded to the opposing network region shown in the following illustration Dell Networking OS Behavior In Dell Networking OS versions prior to 8 2 1 0 the MAC address that Dell Networking system...

Page 964: ...could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address In Dell Networking OS version 8 2 1 0 and later the L2PT MAC address is user configurable so you can specify an address that non Dell Networking systems can recognize and rewrite the address at egress edge Service Provider Bridging 964 ...

Page 965: ...ing with L2PT Implementation Information L2PT is available for STP RSTP MSTP and PVST BPDUs No protocol packets are tunneled when you enable VLAN stacking L2PT requires the default CAM profile Service Provider Bridging 965 ...

Page 966: ... BPDUs You can configure another value To specify a destination MAC address for BPDUs use the following command Overwrite the BPDU with a user specified destination MAC address when BPDUs are tunneled across the provider network CONFIGURATION mode protocol tunnel destination mac The default is 01 01 e8 00 00 00 Setting Rate Limit BPDUs CAM space is allocated in sections called field processor FP b...

Page 967: ...tween customers and the provider 802 1ad specifies that provider bridges operating spanning tree use a reserved destination MAC address called the Provider Bridge Group Address 01 80 C2 00 00 08 to exchange BPDUs instead of the Bridge Group Address 01 80 C2 00 00 00 originally specified in 802 1Q Only bridges in the service provider network use this destination MAC address so these bridges treat B...

Page 968: ...AC addresses of core switches as opposed to all MAC addresses received from attached customer devices Use the Provider Bridge Group address as the destination MAC address in BPDUs The xstp keyword applies this functionality to STP RSTP and MSTP this functionality is not available for PVST CONFIGURATION Mode bpdu destination mac address xstp gvrp provider bridge group Service Provider Bridging 968 ...

Page 969: ...fic It is designed to provide traffic monitoring for high speed networks with many switches and routers sFlow uses two types of sampling Statistical packet based sampling of switched or routed packet flows Time based sampling of interface counters The sFlow monitoring system consists of an sFlow agent embedded in the switch router and an sFlow collector The sFlow agent resides anywhere within the ...

Page 970: ...non default sampling rate that is 256 To avoid the back off either increase the global sampling rate or configure all the line card ports with the desired sampling rate even if some ports have no sFlow configured Important Points to Remember The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via snmpset By default sFlow collection is supported only on data ports If...

Page 971: ...hat extended information packing is enabled show sflow Examples of Verifying Extended sFlow The bold line shows that extended sFlow settings are enabled on all three types Dell show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate 32768 Global default counter polling interval 20 Global default extended maximum header size 128 byt...

Page 972: ...fault the maximum header size of a packet is 128 bytes When sflow max header size extended is enabled 256 bytes are copied These bytes are useful for VxLAN NvGRE IPv4 and IPv6 tunneled packets NOTE Interface mode configuration takes priority To reset the maximum header size of a packet use the following command no sflow max header size extended View the maximum header size of a packet show running...

Page 973: ... show running config sflow Command Dell show running config sflow sflow collector 100 1 1 12 agent addr 100 1 1 1 sflow enable sflow max header size extended Dell show run int tengigabitEthernet 1 10 interface TenGigabitEthernet 1 10 no ip address switchport sflow ingress enable sflow max header size extended no shutdown sFlow Show Commands Dell Networking OS includes the following sFlow display c...

Page 974: ... 16384 actual rate 16384 sub sampling rate 2 Displaying Show sFlow on an Interface To view sFlow information on a specific interface use the following command Display sFlow configuration information and statistics on a specific interface EXEC mode show sflow interface interface name Examples of the sFlow show Commands The following example shows the show sflow interface command Dell show sflow int...

Page 975: ... both Identify sFlow collectors to which sFlow datagrams are forwarded CONFIGURATION mode sflow collector ip address agent addr ip address number max datagram size number max datagram size number The default UDP port is 6343 The default max datagram size is 1400 Changing the Polling Intervals The sflow polling interval command configures the polling interval for an interface in the maximum number ...

Page 976: ...on LAG ports When a physical port becomes a member of a LAG it inherits the sFlow configuration from the LAG port Enabling Extended sFlow Extended sFlow packs additional information in the sFlow datagram depend on the type of sampled packet The platform supports extended switch information processing only Extended sFlow packs additional information in the sFlow datagram depending on the type of sa...

Page 977: ...0 Global extended information enabled none 0 collectors configured 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected 0 sFlow samples dropped due to sub sampling Important Points to Remember To export extended gateway data BGP must learn the IP destination address If the IP destination address is not learned via BGP the Dell Networking system does not export extended gateway da...

Page 978: ... connected IGP Exported Exported Prior to Dell Networking OS version 7 8 1 0 extended gateway data is not exported because IP DA is not learned via BGP Version 7 8 1 0 allows extended gateway information in cases where the source and destination IP addresses are learned by different routing protocols and for cases where is source is reachable over ECMP BGP BGP Exported Exported Extended gateway da...

Page 979: ...t up SNMP Reading Managed Object Values Writing Managed Object Values Configuring Contact and Location Information using SNMP Subscribing to Managed Object Value Updates using SNMP Enabling a Subset of SNMP Traps Enabling an SNMP Agent to Notify Syslog Server Failure Copy Configuration Files Using SNMP MIB Support to Display the Available Memory Size on Flash MIB Support to Display the Software Co...

Page 980: ...IB RFC 1483 for STP and IEEE 802 1 draft ruzin mstp mib 02 for MSTP SNMPv3 Compliance With FIPS SNMPv3 is compliant with the Federal information processing standard FIPS cryptography standard The Advanced Encryption Standard AES Cipher Feedback CFB 128 bit encryption algorithm is in compliance with RFC 3826 SNMPv3 provides multiple authentication and privacy options for user configuration A subset...

Page 981: ...S mode by using the fips mode enable command in Global Configuration mode You can enable or disable FIPS mode only if SNMPv3 users are not previously set up If previously configured users exist on the system you must delete the existing users before you change the FIPS mode Keep the following points in mind when you configure the AES128 CFB algorithm for SNMPv3 1 SNMPv3 authentication provides onl...

Page 982: ... SNMP As previously stated Dell Networking OS supports SNMP version 1 and version 2 that are community based security models The primary difference between the two versions is that version 2 supports two additional protocol operations informs operation and snmpgetbulk query and one additional object counter64 object SNMP version 3 SNMPv3 is a user based security model that provides password authen...

Page 983: ... Dell show running config snmp snmp server community mycommunity ro Setting Up User Based Security SNMPv3 When setting up SNMPv3 you can set users up with one of the following three types of configuration for SNMP read write operations Users are typically associated to an SNMP group with permissions provided such as OID view noauth no password or privacy Select this option to set up a user with no...

Page 984: ...CONFIGURATION mode snmp server user name group name oid tree auth md5 auth password priv des56 priv password Configure an SNMPv3 view CONFIGURATION mode snmp server view view name oid tree included excluded Select a User based Security Type Dell conf snmp server host 1 1 1 1 traps oid tree version 3 auth Use the SNMPv3 authNoPriv Security Level noauth Use the SNMPv3 noAuthNoPriv Security Level pri...

Page 985: ... sysContact 0 The following example shows reading the value of the many managed objects at one time snmpwalk v 2c c mycommunity 10 11 131 161 1 3 6 1 2 1 1 SNMPv2 MIB sysDescr 0 STRING Dell Real Time Operating System Software Dell Operating System Version 1 0 Dell Application Software Version E_MAIN4 9 4 0 0 Copyright c 1999 2014 by Dell Build Time Mon May 12 14 02 22 PDT 2008 SNMPv2 MIB sysObject...

Page 986: ...ng system Identify the physical location of the system for example San Jose 350 Holger Way 1st floor lab rack A1 1 CONFIGURATION mode snmp server location text You may use up to 55 characters The default is None From a management station Identify the system manager along with this person s contact information for example an email address or phone number CONFIGURATION mode snmpset v version c commu...

Page 987: ...o send notifications to an SNMP server CONFIGURATION mode snmp server host ip address traps informs version 1 2c 3 community string To send trap messages enter the keyword traps To send informational messages enter the keyword informs To send the SNMP version to use for notification messages enter the keyword version To identify the SNMPv1 community string enter the name of the community string 2 ...

Page 988: ... sLine card d is up CARD_MISMATCH Mismatch line card d is type s type s required RPM_STATE RPM1 is in Active State RPM_STATE RPM0 is in Standby State RPM_DOWN RPM 0 down hard reset RPM_DOWN RPM 0 down card removed HOT_FAILOVER RPM Failover Completed SFM_DISCOVERY Found SFM 1 SFM_REMOVE Removed SFM 1 MAJOR_SFM Major alarm Switch fabric down MAJOR_SFM_CLR Major alarm cleared Switch fabric up MINOR_S...

Page 989: ...1 8 transitioned from forwarding to discarding state ecfm ECFM 5 ECFM_XCON_ALARM Cross connect fault detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000 ECFM 5 ECFM_ERROR_ALARM Error CCM Defect detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000 ECFM 5 ECFM_MAC_STATUS_ALARM MAC Status Defect detected by MEP 1 in Domain provider at Level 4 VLAN 3000 ECFM 5 ECFM_REMOTE_ALARM Remote CCM...

Page 990: ...agent service starts the SNMP trap is not sent To enable an SNMP agent to send a trap when the syslog server is not reachable enter the following command CONFIGURATION MODE snmp server enable traps snmp syslog unreachable To enable an SNMP agent to send a trap when the syslog server resumes connectivity enter the following command CONFIGURATION MODE snmp server enable traps snmp syslog reachable T...

Page 991: ... running config file to the startup config file copy configuration files from the Dell Networking system to a server copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses The examples in this section use IPv4 addresses however you can substitute IPv6 addresses for the IPv4 addresses in all of the examples The following ...

Page 992: ...s running config or startup config the default copyDestFileLocatio n is flash If copyDestFileType is a binary you must specify copyDestFileLocatio n and copyDestFileName copyDestFileLocation 1 3 6 1 4 1 6027 3 5 1 1 1 1 6 1 flash 2 slot0 3 tftp 4 ftp 5 scp Specifies the location of destination file If copyDestFileLocatio n is FTP or SCP you must specify copyServerAddress copyUserName and copyUserP...

Page 993: ...the configuration file 3 On the server use the snmpset command as shown in the following example snmpset v snmp version c community name m mib_path f10 copy config mib force10system ip address mib object index i a s object value Every specified object must have an object value and must precede with the keyword i Refer to the previous table index must be unique to all previously executed snmpset co...

Page 994: ...oth cases a unique index number follows the object The following example shows copying configuration files using MIB object names snmpset v 2c r 0 t 60 c private m f10 copy config mib 10 10 10 10 copySrcFileType 101 i 2 copyDestFileType 101 i 3 FTOS COPY CONFIG MIB copySrcFileType 101 INTEGER runningConfig 2 FTOS COPY CONFIG MIB copyDestFileType 101 INTEGER startupConfig 3 The following example sh...

Page 995: ...FileLocation index i 4 copyServerAddress index a server ip address copyUserName index s server login id copyUserPassword index s server login password precede server ip address by the keyword a precede the values for copyUsername and copyUserPassword by the keyword s Example of Copying Configuration Files via FTP From a UNIX Machine snmpset v 2c c private m f10 copy config mib 10 10 10 10 copySrcF...

Page 996: ...set v 2c c public m f10 copy config mib force10system ip address copySrcFileType index i 1 copySrcFileLocation index i 4 copySrcFileName index s filepath filename copyDestFileType index i 3 copyServerAddress index a server ip address copyUserName index s server login id copyUserPassword index s server login password Example of Copying a Binary File From the Server to the Startup Configuration via ...

Page 997: ...s Specifies the state of the copy operation Uses CreateAndGo when you are performing the copy The state is set to active when the copy is completed Obtaining a Value for MIB Objects To obtain a value for any of the MIB objects use the following command Get a copy config MIB object value snmpset v 2c c public m f10 copy config mib force10system ip address OID index mib object index index the index ...

Page 998: ...ticks 1179831 3 16 38 31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory The following table lists the MIB object that contains the available memory size on flash memory Table 88 MIB Objects for Displaying the Available Memory Size on Flash via SNMP MIB Object OID Description chStackUnitFlashUs...

Page 999: ...ains the core file names and the file paths chSysCoresTimeCreated 1 3 6 1 4 1 6027 3 10 1 2 10 1 3 Contains the time at which core files are created chSysCoresStackUnitNumber 1 3 6 1 4 1 6027 3 10 1 2 10 1 4 Contains information that includes which stack unit or processor the core file was originated from chSysCoresProcess 1 3 6 1 4 1 6027 3 10 1 2 10 1 5 Contains information that includes the pro...

Page 1000: ... files generated by the system Manage VLANs using SNMP The qBridgeMIB managed objects in Q BRIDGE MIB defined in RFC 2674 allows you to use SNMP to manage VLANs Creating a VLAN To create a VLAN use the dot1qVlanStaticRowStatus object The snmpset operation shown in the following example creates VLAN 10 by specifying a value of 4 for instance 10 of the dot1qVlanStaticRowStatus object Example of Crea...

Page 1001: ... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 The table that the Dell Networking system sends in response to the snmpget request is a table that contains hexadecimal hex pairs each pair representing a group of eight ports Seven hex pairs represent a stack unit Seven pairs accommodate the greatest number of ports available 64 ports on the device The last stack...

Page 1002: ...a VLAN write the port to the dot1qVlanStaticEgressPorts object To add an untagged port to a VLAN write the port to the dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts objects NOTE Whether adding a tagged or untagged port specify values for both dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts Example of Adding an Untagged Port to a VLAN using SNMP In the following example Po...

Page 1003: ... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Managing Overload on Startup If you are running IS IS you can set a specific amount of time to prevent ingress traffic from being received after a reload and allow the routing protocol upgrade process to complete To prevent ingress traffic on a router while the IS reload is implemented use the following command Set the amount of time ...

Page 1004: ...tch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs NOTE The 802 1q Q BRIDGE MIB defines VLANs regarding 802 1d as 802 1d itself does not define them As a switchport must belong a VLAN the default VLAN or a configured VLAN all MAC address learned on a switchport are associated with a VLAN For this reason ...

Page 1005: ... manager returns the integer 118 Example of Fetching MAC Addresses Learned on the Default VLAN Using SNMP MAC Addresses on Force10 System Dell show mac address table VlanId Mac Address Type Interface State 1 00 01 e8 06 95 ac Dynamic Te 1 21 Active Query from Management Station snmpwalk v 2c c techpubs 10 11 131 162 1 3 6 1 2 1 17 4 3 1 SNMPv2 SMI mib 2 17 4 3 1 1 0 1 232 6 149 172 Hex STRING 00 0...

Page 1006: ...ent the interface type the next 7 bits represent the port number the next 5 bits represent the slot number the next 1 bit is 0 for a physical interface and 1 for a logical interface the next 1 bit is unused For example the index 72925242 is 100010110001100000000111010 in binary The binary interface index for TeGigabitEthernet 1 21 of a 48 port 10 100 1000Base T line card with RJ 45 interface Notic...

Page 1007: ...G 00 01 E8 13 A5 C7 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 2 2 Hex STRING 00 01 E8 13 A5 C8 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 3 1 INTEGER 1107755009 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 3 2 INTEGER 1107755010 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 4 1 INTEGER 1 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 4 2 INTEGER 1 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 5 1 Hex STRING 00 00 SNMPv2 SMI e...

Page 1008: ...OID 0 OID IF MIB linkUp IF MIB ifIndex 33865785 INTEGER 33865785 SNMPv2 SMI enterprises 6027 3 1 1 4 1 2 STRING OSTATE_UP Changed interface state to up Te 1 1 2010 02 10 14 22 40 10 16 130 4 10 16 130 4 SNMPv2 MIB sysUpTime 0 Timeticks 8500934 23 36 49 34 SNMPv2 MIB snmpTrapOID 0 OID IF MIB linkUp IF MIB ifIndex 1107755009 INTEGER 1107755009 SNMPv2 SMI enterprises 6027 3 1 1 4 1 2 STRING OSTATE_UP...

Page 1009: ...mple shows the SNMP trap that is sent when connectivity to the syslog server is resumed DISMAN EVENT MIB sysUpTimeInstance Timeticks 10230 0 01 42 30 SNMPv2 MIB snmpTrapOID 0 OID SNMPv2 SMI enterprises 6027 3 30 1 1 2 SNMPv2 SMI enterprises 6027 3 30 1 1 STRING REACHABLE Syslog server 10 11 226 121 port 9140 is reachable SNMPv2 SMI enterprises 6027 3 6 1 1 2 0 INTEGER 2 Following is the sample aud...

Page 1010: ...kts object in the ICMP table by using the snmpwalk command the echo response output may not be displayed To correctly display ICMP statistics such as echo response use the show ip traffic command Simple Network Management Protocol SNMP 1010 ...

Page 1011: ... are member units Dell Networking OS presents all of the units For example to access Ten GigabitEthernet Port 1 on Stack Unit 1 enter interface tengigabitethernet 1 1 from CONFIGURATION mode Stack Management Roles The stack elects the management units for the stack management Stack master primary management unit also called the master unit Standby secondary management unit Stack units the remainin...

Page 1012: ...ro The unit with the highest priority is elected the master management unit the unit with the second highest priority is elected the standby unit MAC address in case of priority tie The unit with the higher MAC value becomes the master unit The stack takes the MAC address of the master unit and retains it unless it is reloaded To view which switch is the stack master enter the show system command ...

Page 1013: ...No Of MACs 3 Power Supplies Unit Bay Status Type FanStatus FanSpeed rpm 2 1 up UNKNOWN up 10768 2 2 down UNKNOWN down 0 Fan Status Unit Bay TrayStatus Fan1 Speed Fan2 Speed 2 1 up up 10031 up 10031 2 2 up up 10031 up 10031 2 3 up up 10134 up 10031 Speed in RPM Unit 3 Unit Type Member Unit Status online Next Boot online Required Type S4048 ON 54 port TE FG SK ON Current Type S4048 ON 54 port TE FG ...

Page 1014: ... late may have a higher priority configured This happens because the master and standby have already been elected hence the unit that boots up late joins only as a member When an up and running standalone unit or stack is merged with another stack based on election the losing stack reloads and the master unit of the winning stack becomes the master of the merged stack For more details see sections...

Page 1015: ...ues to use the master s chassis MAC address even after a failover The MAC address is not refreshed until the stack is reloaded and a different unit becomes the stack master NOTE If the removed management unit is brought up as a standalone unit or as part of a different stack there is a possibility of MAC address collisions A standalone is added to a stack The standalone and the master unit have th...

Page 1016: ...ing a Standalone with a Lower MAC Address and Equal Priority to a Stack Stacking LAG When multiple links are used between stack units Dell Networking OS automatically bundles them in a stacking LAG to provide aggregated throughput and redundancy The stacking LAG is established automatically and transparently by Dell Networking OS without user configuration after peering is detected and behaves as ...

Page 1017: ...ute processor modules RPM The master unit synchronizes the running configuration and protocol states so that the system fails over in the event of a hardware or software fault on the master unit In such an event or when the master unit is removed the standby unit becomes the stack manager and Dell Networking OS elects a new standby unit Dell Networking OS resets the failed master unit after online...

Page 1018: ... 15 29 58 ACL Mgr succeeded Nov 25 2014 15 29 58 LACP no block sync done STP no block sync done SPAN no block sync done Management Access on Stacks You can access the stack via the console port or VTY line Console access You may access the stack through the console port of the master unit stack manager only Similar to a standby RPM the console port of the standby unit does not provide management c...

Page 1019: ...the S4048T ON as well as the S4048 ON switches However the S4048T ON switches can join a S4048T ON stack without having to enable mixed mode stacking NOTE Even though the S4048 ON and S4048T ON belong to the same family of switches the system detects a card type mismatch during stack insertion if mixed mode stacking is not enabled When a S4048T ON switch on which mixed mode stacking is enabled joi...

Page 1020: ...k use only the 40G ports between the range 49 to 54 You cannot form a mixed mode stack using the 10G ports Because the 10G ports on the S4048T ON are copper ports where as the 10G ports on the S4048 ON are SFP ports It is mandatory to enable mixed mode stacking on the S4048 ON and S4048T ON switches before joining a mixed mode stack Stack election is based on the priority or the MAC address of the...

Page 1021: ...eate a Stack Stacking is enabled on the device using the front end ports No configuration is allowed on front end ports used for stacking Stacking can be made between 10G ports of two units or 40G ports of two units The stack links between the two units are grouped into a single LAG Stack Group Port Numbers By default each unit in Standalone mode is numbered stack unit 1 A maximum of eight 10G sta...

Page 1022: ...ates an SNMP trap if the software version of the new unit predates Dell Networking OS version 8 3 12 0 the management unit puts the new unit into a card problem state and generates a syslog that identifies the unit its Dell Networking OS version and its incompatibility for firmware synchronization NOTE You must enter the stack unit stack unit stack group stack group command when adding units to a ...

Page 1023: ...it will be the management unit and which will be the standby unit Enable the front ports of the units for stacking For more information refer to Enabling Front End Port Stacking To create a new stack use the following commands 1 Power up all units in the stack 2 Verify that each unit has the same Dell Networking OS version prior to stacking them together EXEC Privilege mode show version 3 Manually...

Page 1024: ...t to completely boot and verify that the stack manager detects the unit then power the next unit Example of a Syslog Figure 126 Creating a New Stack In the above example stack unit 1 is the master management unit stack unit 2 is the standby unit The cables are connected to each unit Configure the stack groups on the units in the following order Configure the first stack group on unit 1 stack unit ...

Page 1025: ...tack can be accessed from the management unit To view the stack unit information after the reload use the show system brief command Dell show system brief Stack MAC 34 17 eb f2 94 c4 Reload Type normal reload Next boot normal reload Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 1 Management online S4048 ON S4048 ON 1 0 0 5005 72 2 Standby online S4048 ON S4048 ON 1 0 0 5005 72 3 Memb...

Page 1026: ...nit to an existing stack By merging two stacks If you are adding units to an existing stack you can either allow Dell Networking OS to automatically assign the new unit a position in the stack or manually determine each units position in the stack by configuring each unit to correspond with the stack before connecting it If you add a unit that has a stack number that conflicts with the stack the s...

Page 1027: ...llowing example shows adding a stack unit with a conflicting stack number before Dell show system brief Stack MAC 00 01 e8 8a df e6 Reload Type normal reload Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 1 Management online S4048 ON S4048 ON 9 10 0 0 72 2 Member not present 3 Member not present 4 Standby online S4048 ON S4048 ON 9 10 0 0 72 5 Member not present 6 Member not present T...

Page 1028: ... 6 Save the stacking configuration on the ports EXEC Privilege mode write memory 7 Reload the switch EXEC Privilege mode reload Dell Networking OS automatically assigns a number to the new unit and adds it as member switch in the stack The new unit synchronizes its running and startup configurations with the stack 8 If a standalone switch already has stack groups configured Attach cables to connec...

Page 1029: ... the units are online or offline Each portion of the split stack retains the startup and running configuration of the original stack For a parent stack that is split into two child stacks A and B each with multiple units If one of the new stacks receives the master and the standby management units it is unaffected by the split If one of the new stacks receives only the master unit that unit remain...

Page 1030: ...roceed to renumber confirm yes no yes Creating a Virtual Stack Unit on a Stack Use virtual stack units to configure ports on the stack before adding a new unit Create a virtual stack unit CONFIGURATION mode stack unit stack unit number provision S4048T ON Displaying Information about a Stack To display information about the stack use the following command Display for stack identity status and hard...

Page 1031: ...le yes POE Capable no FIPS Mode disabled Burned In MAC 34 17 eb f2 94 c4 No Of MACs 3 Power Supplies Unit Bay Status Type FanStatus FanSpeed rpm 1 1 up UNKNOWN up 10704 1 2 absent absent 0 Fan Status Unit Bay TrayStatus Fan1 Speed Fan2 Speed 1 1 up up 10134 up 10031 1 2 up up 10031 up 10031 1 3 up up 10031 up 10031 Speed in RPM Unit 2 Unit Type Standby Unit Status online Next Boot online Required ...

Page 1032: ...Mode disabled Burned In MAC 34 17 eb f2 99 c4 No Of MACs 3 Power Supplies Unit Bay Status Type FanStatus FanSpeed rpm 3 1 up UNKNOWN up 10704 3 2 absent absent 0 Fan Status Unit Bay TrayStatus Fan1 Speed Fan2 Speed 3 1 up up 10031 up 10031 3 2 up up 9929 up 10031 3 3 up up 10031 up 10134 Speed in RPM Dell The following is an example of the show system brief command to view the stack summary inform...

Page 1033: ...in RPM Dell The following example shows the show system stack ports command Dell show system stack ports Topology Ring Interface Connection Link Speed Admin Link Trunk Gb s Status Status Group 1 56 3 56 40 up up 1 60 3 60 40 up up 3 48 40 up down 3 52 40 up down 3 56 0 56 40 up up 3 60 0 60 40 up up Influencing Management Unit Selection on a Stack Stack priority is the system variable that Dell Ne...

Page 1034: ...t The range is from 1 to 14 The default is 0 Managing Redundancy on a Stack Use the following commands to manage the redundancy on a stack Reset the current management unit and make the standby unit the new master unit EXEC Privilege mode redundancy force failover stack unit A new standby is elected When the former stack master comes back online it becomes a member unit Prevent the stack master fr...

Page 1035: ...want to reload Proceed confirm yes no 2 Enter yes at this prompt and press the return key The following message appears prompting you to save the configuration System configuration has been modified Save yes no 3 Enter yes again and press the return key Verify a Stack Configuration The light of the LED status indicator on the front panel of the stack identifies the unit s role in the stack Off ind...

Page 1036: ... 0 Hardware Rev 3 0 Num Ports 64 Up Time 1 min 14 sec Dell Networking OS Version 4810 8 3 12 1447 Jumbo Capable yes POE Capable no Boot Flash 1 2 0 2 Memory Size 2147483648 bytes Temperature 44C Voltage ok Serial Number H1DL104400018 Part Number Rev Vendor Id Date Code Country Code Piece Part ID N A PPID Revision N A Service Tag N A Expr Svc Code N A Auto Reboot disabled Burned In MAC 00 01 e8 8c ...

Page 1037: ... Stack Removing Front End Port Stacking Removing a Unit from a Stack The running configuration and startup configuration are synchronized on all stack units A stack member that is disconnected from the stack maintains this configuration To remove a stack member from the stack disconnect the stacking cables from the unit You may do this at any time whether the unit is powered or unpowered online or...

Page 1038: ...7 13 64 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not present 9 Member not present 10 Member not present 11 Member not present Removing Front End Port Stacking To remove the configuration on the front end ports used for stacking use the following commands 1 Remove the stack group configuration that is configured CONFIGURATION mode no stack unit id...

Page 1039: ...Please check the stack cable module and power cycle the stack 10 55 20 STKUNIT1 M CP KERN 2 INT Error Stack Port 50 has flapped 5 times w ithin 10 seconds Shutting down this stack port now 10 55 20 STKUNIT1 M CP KERN 2 INT Error Please check the stack cable module and power cycle the stack STANDBY UNIT 10 55 18 STKUNIT1 M CP KERN 2 INT Error Stack Port 50 has flapped 5 times within 10 seonds Shutt...

Page 1040: ...esent 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not present 9 Member not present 10 Member not present 11 Member not present Power Supplies Unit Bay Status Type FanStatus 0 0 down DC down 0 1 up DC up 1 0 absent absent 1 1 up AC up Fan Status Unit Bay TrayStatus Fan0 Speed Fan1 Speed 0 0 up up 9360 up 9360 0 1 up up 9600 up 9360 1 0 up up 6720 up ...

Page 1041: ...on show storm control broadcast multicast unknown unicast pfc llfc interface command EXEC Privilege To view the storm control multicast configuration use the show storm control broadcast multicast unknown unicast pfc llfc interface command EXEC Privilege Example Dell show storm control multicast Tengigabitethernet 1 1 Multicast storm control configuration Interface Direction Packets Second Te 1 1 ...

Page 1042: ...t receives the PFC LLFC packets more than the configured rate INTERFACE mode storm control pfc llfc pps in shutdown NOTE PFC LLFC storm control enabled interface disables the interfaces if it receives continuous PFC LLFC packets It can be a result of a faulty NIC Switch that sends spurious PFC LLFC packets Configuring Storm Control from CONFIGURATION Mode To configure storm control from CONFIGURAT...

Page 1043: ...m control multicast packets_per_second in Configure the packets per second of unknown unicast traffic allowed in or out of the network CONFIGURATION mode storm control unknown unicast packets_per_second in Storm Control 1043 ...

Page 1044: ...EEE 802 1d that eliminates loops in a bridged topology by enabling only a single path through the network By eliminating loops the protocol improves scalability in a large network and allows you to implement redundant paths which can be activated after the failure of active paths Layer 2 loops which can occur in a network due to poor network design and without enabling protocols like xSTP can caus...

Page 1045: ...ints to Remember STP is disabled by default The Dell Networking OS supports only one spanning tree instance 0 For multiple instances enable the multiple spanning tree protocol MSTP or per VLAN spanning tree plus PVST You may only enable one flavor of spanning tree at any one time All ports in virtual local area networks VLANs and all enabled interfaces in Layer 2 mode are automatically added to th...

Page 1046: ...mode and enabled Figure 127 Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2 use the following command 1 If the interface has been assigned an IP address remove it INTERFACE mode no ip address 2 Place the interface in Layer 2 mode INTERFACE Spanning Tree Protocol STP 1046 ...

Page 1047: ...chport no shutdown Dell conf if te 1 1 Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally it is not enabled by default When you enable STP all physical VLAN and port channel interfaces that are enabled and in Layer 2 mode are automatically part of the Spanning Tree topology Only one path from any bridge to any other bridge participating in STP is enabled Bridges bl...

Page 1048: ...TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces use the disable command from PROTOCOL SPANNING TREE mode To verify that STP is enabled use the show config command from PROTOCOL SPANNING TREE mode Dell conf protocol spanning tree 0 Dell config span show config protocol spanning tree 0 no disable Dell Spanning Tree Protocol STP ...

Page 1049: ...ddress 0001 e80d 2462 Designated port id is 8 496 designated path cost 0 Timers message age 1 forward delay 0 hold 0 Number of transitions to forwarding state 1 BPDU sent 21 received 486 The port is not in the portfast mode Port 290 TenGigabitEthernet 2 2 is Blocking Port path cost 4 Port priority 8 Port Identifier 8 290 More Timers message age 1 forward delay 0 hold 0 Number of transitions to for...

Page 1050: ...ree parameters can negatively affect network performance The following table displays the default values for STP Table 94 STP Default Values STP Parameters Default Value Forward Delay 15 seconds Hello Time 2 seconds Max Age 20 seconds Port Cost 100 Mb s Ethernet interfaces 1 Gigabit Ethernet interfaces 10 Gigabit Ethernet interfaces 40 Gigabit Ethernet interfaces Port Channel with 100 Mb s Etherne...

Page 1051: ... from EXEC privilege mode Refer to the second example in Enabling Spanning Tree Protocol Globally Modifying Interface STP Parameters You can set the port cost and port priority values of interfaces in Layer 2 mode Port cost a value that is based on the interface type The greater the port cost the less likely the port is selected to be a forwarding port Port priority influences the likelihood that ...

Page 1052: ...bled state when receiving the BPDU the physical interface remains up and spanning tree drops packets in the hardware after a BPDU violation BPDUs are dropped in the software after receiving the BPDU violation CAUTION Enable PortFast only on links connecting to an end station PortFast can cause loops if it is enabled on an interface connected to a network To enable PortFast on an interface use the ...

Page 1053: ...ntionally receive a BPDU The port on the Dell Networking system is configured with Portfast If the switch is connected to the hub the BPDUs that the switch generates might trigger an undesirable topology change If you enable BPDU Guard when the edge port receives the BPDU the BPDU is dropped the port is blocked and a console message is generated NOTE Unless you enable the shutdown on violation opt...

Page 1054: ...le message BPDU filtering disables spanning tree on an interface drops all BPDUs at the line card without generating a console message Example of Blocked BPDUs Dell conf if te 1 7 do show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768 Address 0001 e805 fb07 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 32768 Address 0001 e...

Page 1055: ...idge priority priority value primary secondary priority value the range is from 0 to 65535 The lower the number assigned the more likely this bridge becomes the root bridge The primary option specifies a bridge priority of 8192 The secondary option specifies a bridge priority of 16384 The default is 32768 Example of Viewing STP Root Information To view only the root information use the show spanni...

Page 1056: ... is started to connect to the network Because the priority of the bridge in device D is lower than the root bridge in Switch A device D is elected as root causing the link between Switches A and B to enter a Blocking state Network traffic then begins to flow in the directions indicated by the BPDU arrows in the topology If the links between Switches C and A or Switches C and B cannot handle the in...

Page 1057: ...in the CIST the port is also blocked in all other MST instances To enable the root guard on an STP enabled port or port channel interface in instance 0 use the following command Enable root guard on a port or port channel interface INTERFACE mode or INTERFACE PORT CHANNEL mode spanning tree 0 mstp rstp pvst rootguard 0 enables root guard on an STP enabled port assigned to instance 0 mstp enables r...

Page 1058: ...l and an STP port does not receive BPDUs When an STP blocking port does not receive BPDUs it transitions to a Forwarding state This condition can create a loop in the network For example in the following example STP topology 1 upper left Switch A is the root switch and Switch B normally transmits BPDUs to Switch C The link between Switch C and Switch B is in a Blocking state However if there is a ...

Page 1059: ...tate the port returns to a blocking state If you disable STP loop guard on a port in a Loop Inconsistent state the port transitions to an STP blocking state and restarts the max age timer Figure 131 STP Loop Guard Prevents Forwarding Loops Configuring Loop Guard Enable STP loop guard on a per port or per port channel basis The following conditions apply to a port enabled with loop guard Spanning T...

Page 1060: ...n a VLAN interface the port or port channel transitions to a Loop Inconsistent Blocking state only for this VLAN To enable a loop guard on an STP enabled port or port channel interface use the following command Enable loop guard on a port or port channel interface INTERFACE mode or INTERFACE PORT CHANNEL mode spanning tree 0 mstp rstp pvst loopguard 0 enables loop guard on an STP enabled port assi...

Page 1061: ...iewing STP Guard Configuration Dell show spanning tree 0 guard Interface Name Instance Sts Guard type Te 1 1 0 INCON Root Rootguard Te 1 2 0 LIS Loopguard Te 1 3 0 EDS Shut Bpduguard Spanning Tree Protocol STP 1061 ...

Page 1062: ... or reports SupportAssist requires Dell Networking OS 9 9 0 0 and SmartScripts 9 7 or later to be installed on the Dell Networking device For more information on SmartScripts see Dell Networking Open Automation guide Figure 132 SupportAssist NOTE SupportAssist is enabled by default on the system To disable SupportAssist enter the eula consent support assist reject command in Global Configuration m...

Page 1063: ... the SupportAssist service CONFIGURATION mode support assist activate Dell conf support assist activate This command guides you through steps to configure SupportAssist Configuring SupportAssist Manually To manually configure SupportAssist service use the following commands 1 Accept the end user license agreement EULA CONFIGURATION mode eula consent support assist accept reject NOTE Once accepted ...

Page 1064: ...ell and or to Dells affiliates subcontractors or business partners When making such transfers Dell shall ensure appropriate protection is in place to safeguard the Collected Data being transferred in connection with SupportAssist If you are downloading SupportAssist on behalf of a company or other legal entity you are further certifying to Dell that you have appropriate authority to provide this c...

Page 1065: ... Dell conf support assist Dell conf supportassist enable all 7 Trigger an activity event immediately EXEC Privilege mode support assist activity full transfer start now Dell support assist activity full transfer start now Configuring SupportAssist Activity SupportAssist Activity mode allows you to configure and view the action manifest file for a specific activity To configure SupportAssist activi...

Page 1066: ...history_records show logging system_logging_records show tech support tech support_records 3 Configure the action manifest to use for a specific activity SUPPORTASSIST ACTIVITY mode no action manifest install default local file name Dell conf supportassist act full transfer action manifest install default Dell conf supportassist act full transfer 4 Remove the action manifest file for an activity S...

Page 1067: ...upportassist cmpy test 2 Configure the address information for the company SUPPORTASSIST COMPANY mode no address city company city province region state name country company country postalcode zipcode company code Dell conf supportassist cmpy test address city MyCity state MyState country MyCountry Dell conf supportassist cmpy test 3 Configure the street address information for the company SUPPORT...

Page 1068: ...il address Dell conf supportassist pers john_doe email address primary jdoe mycompany com Dell conf supportassist pers john_doe 3 Configure phone numbers of the contact person SUPPORTASSIST PERSON mode no phone primary phone alternate phone Dell conf supportassist pers john_doe phone primary 919999999999 Dell conf supportassist pers john_doe 4 Configure the preferred method for contacting the pers...

Page 1069: ...pv4 address ipv6 address port port number username userid password encryption type password Dell conf supportassist serv default proxy ip address 10 0 0 1 port 90 username test password 0 test1 Dell conf supportassist serv default 3 Enable communication with the SupportAssist server SUPPORTASSIST SERVER mode no enable Dell conf supportassist serv default enable Dell conf supportassist serv default...

Page 1070: ...ess 123 Main Street address city MyCity country MyCountry contact person first john last doe email address primary jdoe mycompany com preferred method email server default enable url https 192 168 1 1 index htm 3 Display the EULA for the feature EXEC Privilege mode show eula consent support assist other feature Dell show eula consent SupportAssist EULA has been Accepted Additional information abou...

Page 1071: ...ormance of all of the various functions of SupportAssist during your entitlement to receive related repair services from Dell You further agree to allow Dell to transmit and store the Collected Data from SupportAssist in accordance with these terms You agree that the provision of SupportAssist may involve international transfers of data from you to Dell and or to Dells affiliates subcontractors or...

Page 1072: ...ources to synchronize to You can combine multiple candidates to minimize the accumulated error Temporarily or permanently insane time sources are detected and avoided Dell Networking recommends configuring NTP for the most accurate time In Dell Networking OS you can configure other time sources the hardware clock and the software clock NTP is designed to produce three products clock offset roundtr...

Page 1073: ...el downwards secondary servers in the hierarchy assigned as one greater than the preceding level Dell Networking OS synchronizes with a time serving host to get the correct time You can set Dell Networking OS to poll specific NTP time serving hosts for the current time From those time serving hosts the system chooses one NTP host with which to synchronize and serve as a client to the NTP host As s...

Page 1074: ...Tasks Configuring NTP Broadcasts Disabling NTP on an Interface Configuring a Source IP Address for NTP Packets optional Enabling NTP NTP is disabled by default To enable NTP specify an NTP server to which the Dell Networking system synchronizes To specify multiple servers enter the command multiple times You may specify an unlimited number of servers at the expense of CPU resources System Time and...

Page 1075: ...sociations command from EXEC Privilege mode R6_E300 conf do show ntp associations remote ref clock st when poll reach delay offset disp 192 168 1 1 LOCL 1 16 16 76 0 98 2 470 879 23 master synced master unsynced selected candidate Configuring NTP Broadcasts With Dell Networking OS you can receive broadcasts of time information You can set interfaces within the system to receive NTP information thr...

Page 1076: ...o 4094 To view the configuration use the show running config ntp command in EXEC privilege mode refer to the example in Configuring NTP Authentication Configuring NTP Authentication NTP authentication and the corresponding trusted key provide a reliable means of exchanging NTP packets with trusted time sources NTP authentication begins when the first NTP packet is created following the configurati...

Page 1077: ... remote device ipv4 address Enter an IPv4 address in dotted decimal format A B C D ipv6 address Enter an IPv6 address in the format 0000 0000 0000 0000 0000 0000 0000 0000 Elision of zeros is supported key keyid Configure a text string as the key exchanged between the NTP server and the client prefer Enter the keyword prefer to set this NTP server as the preferred server version number Enter a num...

Page 1078: ...65 UTC Wed Apr 1 2009 org CD7F5368 D0535000 15 8 24 813 UTC Thu Apr 2 2009 rec CD7F5368 D0000000 15 8 24 812 UTC Thu Apr 2 2009 xmt CD7F5368 D0000000 15 8 24 812 UTC Thu Apr 2 2009 inp CD7F5368 D1974000 15 8 24 818 UTC Thu Apr 2 2009 rtdel root delay rtdsp round trip dispersion refid reference id org rec last receive timestamp xmt transmit timestamp mode 3 client 4 server stratum 1 primary referen...

Page 1079: ...spersion a signed fixed point number indicating the maximum error relative to the primary reference source at the root of the synchronization subnet in seconds Only positive values greater than zero are possible Reference Clock Identifier sys refid peer refid pkt refid This is a 32 bit code identifying the particular reference clock In the case of stratum 0 unspecified or stratum 1 primary referen...

Page 1080: ... restarts based on the hardware clock when the switch reboots To set the software clock use the following command Set the system software clock to the current time and date EXEC Privilege mode clock set time month day year time enter the time in hours minutes seconds For the hour variable use the 24 hour format for example 17 15 00 is 5 15 pm month enter the name of one of the 12 months in English...

Page 1081: ...timezone Pacific 8 Dell conf 01 40 19 RPM0 P CP CLOCK 6 TIME CHANGE Timezone configuration changed from UTC 0 hrs 0 mins to Pacific 8 hrs 0 mins Dell Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year Setting Daylight Saving Time Once Set a date and time zone on which to convert the switch to daylight saving time ...

Page 1082: ...Time Set a date and time zone on which to convert the switch to daylight saving time on a specific day every year If you have already set daylight saving for a one time setting you can set that date and time as the recurring setting with the clock summer time time zone recurring command To set a recurring daylight saving time use the following command Set the clock to the appropriate timezone and ...

Page 1083: ...ommand The following example shows the clock summer time recurring command Dell conf clock summer time pacific recurring Mar 14 2009 00 00 Nov 7 2009 00 00 Dell conf 02 02 13 RPM0 P CP CLOCK 6 TIME CHANGE Summertime configuration changed from none to Summer time starts 00 00 00 Pacific Sat Mar 14 2009 Summer time ends 00 00 00 pacific Sat Nov 7 2009 Dell conf clock summer time pacific recurring Ma...

Page 1084: ...n address must be an IPv4 address If the tunnel mode is IPv6 the tunnel source address and the tunnel destination address must be an IPv6 address If the tunnel mode is IPv6 or IPIP you can use either an IPv6 address or an IPv4 address for the logical address of the tunnel but in IPv6IP mode the logical address must be an IPv6 address The following sample configuration shows a tunnel configured in ...

Page 1085: ... if tu 3 tunnel mode ipv6 Dell conf if tu 3 ip address 3 1 1 1 24 Dell conf if tu 3 ipv6 address 3 1 64 Dell conf if tu 3 no shutdown Dell conf if tu 3 show config interface Tunnel 3 ip address 3 1 1 1 24 ipv6 address 3 1 64 tunnel destination 8 9 tunnel source 5 5 tunnel mode ipv6 no shutdown Configuring Tunnel Keepalive Settings You can configure a tunnel keepalive target keepalive interval and ...

Page 1086: ...ace TenGigabitEthernet 1 1 ip address 20 1 1 1 24 ipv6 address 20 1 1 64 no shutdown Dell conf interface tunnel 1 Dell conf if tu 1 ip unnumbered tengigabitethernet 1 1 Dell conf if tu 1 ipv6 unnumbered tengigabitethernet 1 1 Dell conf if tu 1 tunnel source 40 1 1 1 Dell conf if tu 1 tunnel mode ipip decapsulate any Dell conf if tu 1 no shutdown Dell conf if tu 1 show config interface Tunnel 1 ip ...

Page 1087: ...dress or interface but only with multipoint receive only mode tunnels The tunnel source anylocal command allows the multipoint receive only tunnel to decapsulate tunnel packets addressed to any IPv4 or IPv6 depending on the tunnel mode address configured on the switch that is operationally UP The following sample configuration shows the tunnel source anylocal command Dell conf interface tunnel 1 D...

Page 1088: ...h upstream interfaces When upstream connectivity fails the switch disables the downstream links Failures on the downstream links allow downstream devices to recognize the loss of upstream connectivity For example as shown in the following illustration Switches S1 and S2 both have upstream connectivity to Router R1 and downstream connectivity to the server UFD operation is shown in Steps A through ...

Page 1089: ...134 Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces The association of uplink and downlink interfaces is called an uplink state group An interface in an uplink state group can be a physical interface or a port channel LAG aggregation of physical interfaces Uplink Failure Detection UFD 1089 ...

Page 1090: ...ue to insufficient bandwidth on the upstream links to the routers switches By default if all upstream interfaces in an uplink state group go down all downstream interfaces in the same uplink state group are put into a Link Down state Using UFD you can configure the automatic recovery of downstream ports in an uplink state group when the link status of an upstream port changes The tracking of upstr...

Page 1091: ...an uplink state group goes down either a user configurable set of downstream ports or all the downstream ports in the group are put in an Operationally Down state with an UFD Disabled error The order in which downstream ports are disabled is from the lowest numbered port to the highest If one of the upstream interfaces in an uplink state group that was down comes up the set of UFD disabled downstr...

Page 1092: ...ed Oper Down state if one upstream link in the group goes down UPLINK STATE GROUP mode downstream disable links number all number specifies the number of downstream links to be brought down The range is from 1 to 1024 all brings down all downstream links in the group The default is no downstream links are disabled when an upstream link goes down NOTE Downstream interfaces in an uplink state group ...

Page 1093: ...nge of ports separated by a dash and or individual ports port channels in any order for example gigabitethernet tengigabitethernet 1 1 1 2 1 5 1 9 1 11 1 12 port channel 1 3 5 A comma is required to separate each port and port range entry clear ufd disable interface interface uplink state group group id re enables all UFD disabled downstream interfaces in the group The range is from 1 to 16 Exampl...

Page 1094: ...TATE_UP Downstream interface cleared from UFD error disabled Fo 3 52 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interface state to up Fo 3 49 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interface state to up Fo 3 50 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interface state to up Fo 3 51 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interface state to up Fo 3 52 Displaying Uplink Failure Detec...

Page 1095: ...ll show uplink state group detail Up Interface up Dwn Interface down Dis Interface disabled Uplink State Group 1 Status Enabled Up Upstream Interfaces Downstream Interfaces Uplink State Group 3 Status Enabled Up Upstream Interfaces Te 1 6 Up Te 1 7 Up Downstream Interfaces Te 3 1 Up Te 3 3 Up Te 3 5 Up Te 3 6 Up Uplink State Group 5 Status Enabled Down Upstream Interfaces Te 1 1 Dwn Te 1 3 Dwn Te ...

Page 1096: ...ec 0 packets sec 0 00 of line rate Output 00 00 Mbits sec 0 packets sec 0 00 of line rate Time since last interface status change 00 01 23 The following example shows viewing the UFD configuration Dell show running config uplink state group no enable uplink state track 1 downstream TenGigabitEthernet 1 2 4 6 11 19 upstream TengigabitEthernet 1 8 12 upstream PortChannel 1 uplink state track 2 downs...

Page 1097: ...up 3 description Testing UFD feature Dell conf uplink state group 3 show config uplink state group 3 description Testing UFD feature downstream disable links 2 downstream TenGigabitEthernet 1 1 2 5 9 11 12 upstream TenGigabitEthernet 1 3 4 Dell conf uplink state group 3 Dell conf uplink state group 3 exit Dell conf exit Dell 00 13 06 STKUNIT0 M CP SYS 5 CONFIG_I Configured from console by console ...

Page 1098: ...ystem type follow the procedures in the Dell Networking OS Release Notes Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center You can reach Technical Support On the web http www dell com support By email Dell Force10_Technical_Support Dell com By phone US and Canada 866 965 5800 International 408 965 5800 59 Up...

Page 1099: ... 1Q Virtual Bridged Local Area Networks In this guide also refer to Bulk Configuration in the Interfaces chapter VLAN Stacking in the Service Provider Bridging chapter For a complete listing of all commands related to Dell Networking OS VLANs refer to these Dell Networking OS Command Reference Guide chapters Interfaces 802 1X GARP VLAN Registration Protocol GVRP Service Provider Bridging Per VLAN ...

Page 1100: ...port command and Dell Networking OS removes the interface from the Default VLAN A tagged interface requires an additional step to remove it from Layer 2 mode Because tagged interfaces can belong to multiple VLANs remove the tagged interface from all VLANs using the no tagged interface command Only after the interface is untagged and a member of the Default VLAN can you use the no switchport comman...

Page 1101: ... inserted in the tag header Figure 136 Tagged Frame Format The tag header contains some key information that Dell Networking OS uses The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802 1Q specifications 2 bytes Tag control information TCI includes the VLAN ID 2 bytes total The VLAN ID can have 4 096 values but two are reserved NOTE The insertion of the tag header ...

Page 1102: ...t based VLAN use the following command Configure a port based VLAN if the VLAN ID is different from the Default VLAN ID and enter INTERFACE VLAN mode CONFIGURATION mode interface vlan vlan id To activate the VLAN after you create a VLAN assign interfaces in Layer 2 mode to the VLAN Example of Verifying a Port Based VLAN To view the configured VLANs use the show vlan command in EXEC Privilege mode ...

Page 1103: ...ces that are in Layer 2 mode use the show interfaces switchport command in EXEC Privilege mode or EXEC mode The following example shows the steps to add a tagged interface in this case port channel 1 to VLAN 4 To view the interface s status Interface po 1 is tagged and in VLAN 2 and 3 use the show vlan command In a port based VLAN use the tagged command to add the interface to another VLAN The sho...

Page 1104: ...removes the untagged interface from a port based VLAN and places the interface in the Default VLAN You cannot use the no untagged interface command in the Default VLAN The following example shows the steps and commands to move an untagged interface from the Default VLAN to another VLAN To determine interface status use the show vlan command Interface 1 2 is untagged and in the Default VLAN vlan 1 ...

Page 1105: ...ace VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic For more information refer to Bulk Configuration To assign an IP address use the following command Configure an IP address and mask on the interface INTERFACE mode ip address ip address mask secondary ip address mask Enter an address in dotted decimal format A B C D and the mask must be in slash format 24 sec...

Page 1106: ... the interface for Switchport mode INTERFACE mode switchport 4 Add the interface to a tagged or untagged VLAN VLAN INTERFACE mode tagged untagged Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces each connected to a differ...

Page 1107: ...scenario is virtual movement of servers across data centers Virtual movement enables live migration of running virtual machines VMs from one host to another without downtime For example consider a square VLT connecting two data centers If a VM VM1 on Server Rack 1 has C as its default gateway and VM1 performs a virtual movement to Server Rack 2 with no change in default gateway In this case L3 pac...

Page 1108: ...nts in mind when you enable a VLT proxy gateway Proxy gateway is supported only for VLT for example across a VLT domain You must enable the VLT peer routing command for the VLT proxy gateway to function Asymmetric virtual local area network VLAN configuration such as the same VLAN configured with Layer 2 L2 mode on one VLT domain and L3 mode on another VLT domain is not supported You must always c...

Page 1109: ... 60 success rate considering it takes a longer path When you remove and add back a MAC address L3 frames can be received out of order at the L3 cloud This happens when proxy gateway routing and sub optimal routing intersperse with each other Enabling the VLT Proxy Gateway To enable the VLT proxy gateway the system mac addresses of C and D in the local VLT domain must be installed in C1 and D1 in t...

Page 1110: ...way LLDP to enable the proxy gateway LLDP TLV You must configure the interface proxy gateway LLDP to enable or disable a proxy gateway LLDP TLV on specific interfaces The interface is typically a VLT port channel that connects to a remote VLT domain The new proxy gateway TLV is carried on the physical links under the port channel only You must have at least one link connection to each unit of the ...

Page 1111: ...domain 1 and C1 and D1 in the VLT domain 2 This causes sub optimal routing with the VLT Proxy Gateway LLDP method For VLT Proxy Gateway to work in this scenario you must configure the VLT peer mac transmit command under VLT Domain Proxy Gateway LLDP mode in both C and D VLT domain 1 and C1 and D1 VLT domain 2 This behavior is applicable only in the LLDP configuration and not required in the static...

Page 1112: ...called VLAN 10 in C and D and in C1 and D1 If packets for VLAN 10 with C s MAC address C is in VLT domain 1 gets an L3 hit at C1 in VLT domain 2 they are switched to both D1 via ICL and C via inter DC link This may lead to packet duplication Therefore if C s MAC address is learned at C1 the packet does not flood to D1 and only switches to C and avoids packet duplication With the existing hardware ...

Page 1113: ...mote VLT domain 1 Configure proxy gateway static in VLT Domain Configuration mode 2 Configure remote mac address mac address in VLT Domain Proxy Gateway LLDP mode Configure the system mac addresses of both C and D in C1 and also in D1 in the remote VLT domain and vice versa Sample Static Configuration on C switch or C1 switch Switch_C conf Switch_C conf vlt domain 1 Switch_C conf vlt domain1 proxy...

Page 1114: ... upstream devices Eliminates STP blocked ports Provides a loop free topology Uses all available uplink bandwidth Provides fast convergence if either the link or a device fails Optimized forwarding with virtual router redundancy protocol VRRP Provides link level resiliency Assures high availability CAUTION Dell Networking does not recommend enabling Stacking and VLT simultaneously If you enable bot...

Page 1115: ...ayer and VLT at the aggregation layer such that all the uplinks from servers to access and access to aggregation are in Active Active Load Sharing mode This example provides the highest form of resiliency scaling and load balancing in data center switching networks The following example shows stacking at the access VLT in aggregation and Layer 3 at the core The aggregation layer is mostly in the L...

Page 1116: ...w the core aggregation port density in the Layer 2 topology is increased using eVLT For inter VLAN routing and other Layer 3 routing you need a separate Layer 3 router Figure 140 Enhanced VLT VLT Terminology The following are key VLT terms Virtual link trunk VLT The combined port channel between an attached device and the VLT peer switches VLT backup link The backup link monitors the vitality of V...

Page 1117: ... and that you disable LACP on the VLTi Ensure that the spanning tree root bridge is at the Aggregation layer Refer to RSTP and VLT for guidelines to avoid traffic loss if you enable RSTP on the VLT device If you reboot both VLT peers in BMP mode and the VLT LAGs are static the DHCP server reply to the DHCP discover offer may not be forwarded by the ToR to the correct node To avoid this scenario co...

Page 1118: ...er1 ignores the ARP requests that it receives on VLTi ICL and updates only the ARP requests that it receives on the local VLT As a result the remaining ARP requests still points to the Non VLT links and traffic does not reach half of the hosts To mitigate this issue ensure that you configure the following settings on both the Peers Peer1 and Peer2 arp learn enable and mac address table station mov...

Page 1119: ...switches operate as separate chassis with independent control and data planes for devices attached to non VLT ports Port channel link aggregation LAG across the ports in the VLT interconnect is required individual ports are not supported Dell Networking strongly recommends configuring a static LAG for VLTi The VLT interconnect synchronizes L2 and L3 control plane information across the two chassis...

Page 1120: ...nel as shown in Overview Up to 48 port channels are supported up to 16 member links are supported in each port channel between the VLT domain and an access device The discovery protocol running between VLT peers automatically generates the ID number of the port channel that connects an access device and a VLT switch The discovery protocol uses LACP properties to identify connectivity to a common c...

Page 1121: ...ocal DA spaces for wild card functionality are required Software features supported on VLT physical ports In a VLT domain the following software features are supported on VLT physical ports 802 1p LLDP flow control IPv6 dynamic routing port monitoring and jumbo frames Software features not supported with VLT In a VLT domain the following software features are not supported on VLT ports 802 1x DHCP...

Page 1122: ...ary and Secondary roles for VLT peers You can elect or configure the Primary Peer By default the peer with the lowest MAC address is selected as the Primary Peer You can configure another peer as the Primary Peer using the VLT domain domain id role priority priority value command If the VLTi link fails the status of the remote VLT Primary Peer is checked using the backup link If the remote VLT Pri...

Page 1123: ...T LAG ICL Overall Bandwidth utilization of VLT ICL LAG port channel 25 crosses threshold Bandwidth usage 80 When the bandwidth usage drops below the 80 threshold the system generates another syslog message shown in the following message and an SNMP trap STKUNIT0 M CP VLTMGR 6 VLT LAG ICL Overall Bandwidth utilization of VLT ICL LAG port channel 25 reaches below threshold Bandwidth usage 74 VLT sho...

Page 1124: ...nloaded to the newly enabled VLT node the system allows time for the VLT ports on the new node to be enabled and begin receiving traffic The delay restore feature waits for all saved configurations to be applied then starts a configurable timer After the timer expires the VLT ports are enabled one by one in a controlled manner The delay between bringing up each VLT port channel is proportional to ...

Page 1125: ...t protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports VLT peer switches can act as a last hop router for IGMP receivers and as a first hop router for multicast sources Figure 141 PIM Sparse Mode Support on VLT Virtual Link Trunking VLT 1125 ...

Page 1126: ... the multicast port use the show ip pim neighbor show ip igmp snooping mrouter and show running config commands You can configure virtual link trunking VLT peer nodes as rendezvous points RPs in a Protocol Independent Multicast PIM domain If the VLT node elected as the designated router fails and you enable VLT Multicast Routing multicast routes are synced to the other peer for traffic forwarding ...

Page 1127: ... syslog and display in the show vlt mismatch command output If you enable VLT unicast routing the following actions occur L3 routing is enabled on any new IP address IPv6 address configured for a VLAN interface that is up L3 routing is enabled on any VLAN with an admin state of up NOTE If the CAM is full do not enable peer routing NOTE The peer routing and peer routing timeout is applicable for bo...

Page 1128: ...ring PIM router If you connect multiple spanned VLANs to a PIM neighbor or if both spanned and non spanned VLANs can access the PIM neighbor ECMP can cause the PIM protocol running on each VLT peer node to choose a different VLAN or IP route to reach the PIM neighbor This can result in issues with multicast route syncing between peers Both VLT peers require symmetric Layer 2 and Layer 3 configurat...

Page 1129: ...commends configuring the primary VLT peer as the RSTP primary root device and configuring the secondary VLT peer as the RSTP secondary root device BPDUs use the MAC address of the primary VLT peer as the RSTP bridge ID in the designated bridge ID field The primary VLT peer sends these BPDUs on VLT interfaces connected to access devices The MAC address for a VLT domain is automatically selected on ...

Page 1130: ... never blocked In the case of a primary VLT switch failure the secondary switch starts sending BPDUs with its own bridge ID and inherits all the port states from the last synchronization with the primary switch An access device never detects the change in primary secondary roles and does not see it as a topology change The following examples show the RSTP configuration that you must perform on eac...

Page 1131: ...s the MAC address and VLT primary secondary roles 5 Connect the peer switches in a VLT domain to an attached access device switch or server Configuring a VLT Interconnect To configure a VLT interconnect follow these steps 1 Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port channel id number Enter the same po...

Page 1132: ...e time interval used to send hello messages The range is from 1 to 5 seconds 3 Configure the port channel to be used as the VLT interconnect between VLT peers in the domain VLT DOMAIN CONFIGURATION mode peer link port channel id number 4 Optional After you configure a VLT domain on each peer switch and connect cable the two VLT peers on each side of the VLT interconnect the system elects a primary...

Page 1133: ...s ipv4 address mask ipv6 address ipv6 address mask This is the IP address to be configured on the VLT peer with the back up destination command 3 Ensure that the interface is active MANAGEMENT INTERFACE mode no shutdown 4 Configure a VLT backup link using the IPv4 or IPv6 address of the VLT peer s management interface MANAGEMENT INTERFACE mode back up destination ip address ipv4 address mask ipv6 ...

Page 1134: ...on 3 Optional When you create a VLT domain on a switch Dell Networking OS automatically creates a VLT system MAC address used for internal system operations VLT DOMAIN CONFIGURATION mode system mac mac address mac address To explicitly configure the default MAC address for the domain by entering a new MAC address use the system mac command The format is aaaa bbbb cccc Also reconfigure the same MAC...

Page 1135: ...rmation For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information 5 Ensure that the port channel is active INTERFACE PORT CHANNEL mode no shutdown 6 Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device INTERFACE PORT CHANNEL mode vlt peer lag port channel id number 7 Repeat Steps 1 to 6 on the...

Page 1136: ...le To set up the VLT domain use the following commands 1 Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port channel id number Enter the same port channel number configured with the peer link port channel command in the Enabling VLT and Creating a VLT Domain 2 Add one or more port interfaces to the ...

Page 1137: ...ed for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots 7 When you create a VLT domain on a switch Dell Networking OS automatically assigns a unique unit ID 0 or 1 to each peer switch VLT DOMAIN CONFIGURATION mode unit id 0 1 The unit IDs are used for internal system operations To explicitly configure the default values on e...

Page 1138: ...7 Repeat steps 1 through 15 for the first VLT node in Domain 2 18 Repeat steps 1 through 15 for the VLT peer node in Domain 2 To verify the configuration of a VLT domain use any of the show commands described in Verifying a VLT Configuration VLT Sample Configuration To review a sample VLT configuration setup study these steps 1 Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2...

Page 1139: ...he VLT peer link port channel id in VLT peer 1 and VLT peer 2 EXEC mode or EXEC Privilege mode show interfaces interface 11 In the top of rack unit configure LACP in the physical ports EXEC Privilege mode show running config entity 12 Verify that VLT is running EXEC mode show vlt brief or show vlt detail 13 Verify that the VLT LAG is running in both VLT peer units EXEC mode or EXEC Privilege mode ...

Page 1140: ...1 206 43 Dell 4 Dell 4 show running config interface managementethernet 1 1 ip address 10 11 206 58 16 no shutdown Configure the VLT links between VLT peer 1 and VLT peer 2 to the Top of Rack unit In the following example port Te 1 4 in VLT peer 1 is connected to Te 1 8 of ToR and port Te 1 18 in VLT peer 2 is connected to Te 1 30 of ToR 1 Configure the static LAG LACP between the ports connected ...

Page 1141: ...ng config interface port channel 100 interface Port channel 100 no ip address switchport no shutdown s60 1 show interfaces port channel 100 brief Codes L LACP Port channel LAG Mode Status Uptime Ports L 100 L2 up 03 33 48 Te 1 8 Up Te 1 30 Up Verify VLT is up Verify that the VLTi ICL link backup link connectivity heartbeat status and VLT peer link peer chassis are all up Dell show vlt br VLT Domai...

Page 1142: ...and states on VLT ports and ensures that the VLT interconnect link is never blocked The PVST instance in Primary peer sends the role state of VLT LAGs for all VLANs to the Secondary peer The Secondary peer uses this information to program the hardware The PVST instance running in Secondary peer does not control the VLT LAGs Dell Networking recommends configuring the primary VLT peer as the primary...

Page 1143: ...1 1cf4 9b79 128 3 Te 1 10 128 230 128 2000 FWD 0 0 90b1 1cf4 9b79 128 230 Te 1 13 128 233 128 2000 FWD 0 0 90b1 1cf4 9b79 128 233 Interface Name Role PortID Prio Cost Sts Cost Link type Edge Po 1 Desg 128 2 128 188 FWD 0 vltI P2P No Po 2 Desg 128 3 128 2000 FWD 0 vlt P2P No Te 1 10 Desg 128 230 128 2000 FWD 0 P2P Yes Te 1 13 Desg 128 233 128 2000 FWD 0 P2P No Dell eVLT Configuration Example The fo...

Page 1144: ...on Peer 1 Domain_1_Peer1 conf interface port channel 100 Domain_1_Peer1 conf if po 100 switchport Domain_1_Peer1 conf if po 100 vlt peer lag port channel 100 Domain_1_Peer1 conf if po 100 no shutdown Add links to the eVLT port channel on Peer 1 Domain_1_Peer1 conf interface range tengigabitethernet 1 16 1 17 Domain_1_Peer1 conf if range te 1 16 17 port channel protocol LACP Domain_1_Peer1 conf if ...

Page 1145: ...in back up destination 10 18 130 11 Domain_2_Peer3 conf vlt domain system mac mac address 00 0b 00 0b 00 0b Domain_2_Peer3 conf vlt domain unit id 0 Configure eVLT on Peer 3 Domain_2_Peer3 conf interface port channel 100 Domain_2_Peer3 conf if po 100 switchport Domain_2_Peer3 conf if po 100 vlt peer lag port channel 100 Domain_2_Peer3 conf if po 100 no shutdown Add links to the eVLT port channel o...

Page 1146: ...t VLANs VLT_Peer1 conf interface vlan 4001 VLT_Peer1 conf if vl 4001 ip address 140 0 0 1 24 VLT_Peer1 conf if vl 4001 ip pim sparse mode VLT_Peer1 conf if vl 4001 tagged port channel 101 VLT_Peer1 conf if vl 4001 tagged port channel 102 VLT_Peer1 conf if vl 4001 no shutdown VLT_Peer1 conf if vl 4001 exit The following example shows how to configure the VLTi port as a static multicast router port ...

Page 1147: ...e MAC address and priority of the locally attached VLT device EXEC mode show vlt role Display the current configuration of all VLT domains or a specified group on the switch EXEC mode show running config vlt Display statistics on VLT operation EXEC mode show vlt statistics Display the RSTP configuration on a VLT peer switch including the status of port channels used in the VLT interconnect trunk a...

Page 1148: ...ssages Sent 1030 HeartBeat Messages Received 1014 The following example shows the show vlt brief command Dell show vlt brief VLT Domain Brief Domain ID 1 Role Secondary Role Priority 32768 ICL Link Status Up HeartBeat Status Up VLT Peer Status Up Version 6 3 Local System MAC address 00 01 e8 8a e9 91 Remote System MAC address 00 01 e8 8a e9 76 Remote system version 6 3 Delay Restore timer 90 secon...

Page 1149: ... The following example shows the show running config vlt command Dell_VLTpeer1 show running config vlt vlt domain 30 peer link port channel 60 back up destination 10 11 200 18 Dell_VLTpeer2 show running config vlt vlt domain 30 peer link port channel 60 back up destination 10 11 200 20 The following example shows the show vlt statistics command Dell_VLTpeer1 show vlt statistics VLT Statistics Hear...

Page 1150: ... ID Priority 0 Address 0001 e88a dff8 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 0 Address 0001 e88a dff8 We are the root Configured hello time 2 max age 20 forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID Po 1 128 2 128 200000 DIS 0 0 0001 e88a dff8 128 2 Po 3 128 4 128 200000 DIS 0 0 0001 e88a dff8 128 4 Po 4 128 5 128 200000 DIS ...

Page 1151: ...gned to the same VLAN Dell_VLTpeer1 show vlan id 10 Codes Default VLAN G GVRP VLANs P Primary C Community I Isolated Q U Untagged T Tagged x Dot1x untagged X Dot1x tagged G GVRP tagged M Vlan stack H Hyperpull tagged NUM Status Description Q Ports 10 Active U Po110 Fo 1 51 T Po100 Fo 1 49 50 Configuring Virtual Link Trunking VLT Peer 2 Enable VLT and create a VLT domain with a backup link VLT inte...

Page 1152: ...nnection to a VLT Domain From an Attached Access Switch On an access device verify the port channel connection to a VLT domain Dell_TORswitch conf show running config interface port channel 11 interface Port channel 11 no ip address switchport channel member fortyGigE 1 49 50 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur use the following information NOTE...

Page 1153: ...nerated During run time a loop may occur as long as the mismatch lasts To resolve enable RSTP on both VLT peers Spanning tree mismatch at port level A syslog error message is generated A one time informational syslog message is generated Correct the spanning tree configuration on the ports System MAC mismatch A syslog error message and an SNMP trap are generated A syslog error message and an SNMP ...

Page 1154: ...or both switches 5 Reload the stack and confirm the new configurations have been applied 6 On the Secondary switch stack unit 2 enter the command stack unit 2 renumber 1 7 Confirm the reload query 8 After reloading confirm that VLT is enabled 9 Confirm that the management ports are interconnected or connected to a switch that can transfer Heartbeat information Specifying VLT Nodes in a PVLAN You c...

Page 1155: ... be a member of a normal VLAN or a PVLAN If you configure a VLT LAG to be a promiscuous port you can configure that LAG to be a member of PVLAN only If you configure a VLT LAG to be in access port mode you can add that LAG to be a member of the secondary VLAN only ARP entries are synchronized even when a mismatch occurs in the PVLAN mode of a VLT LAG Any VLAN that contains at least one VLT port as...

Page 1156: ...eers this modification is synchronized with the other peers Depending on the validation mechanism that is initiated for MAC synchronization of VLT peers MAC addresses learned on a particular VLAN are either synchronized with the other peers or MAC addresses synchronized from the other peers on the same VLAN are deleted This method of processing occurs when the PVLAN mode of VLT LAGs is modified Be...

Page 1157: ...s The ARP reply is sent with the MAC address of the primary VLAN The ARP request packet originates on the primary VLAN for the intended destination IP address The ARP request received on ICLs are not proxied even if they are received with a secondary VLAN tag This behavior change occurs because the node from which the ARP request was forwarded would have replied with its MAC address and the curren...

Page 1158: ...es Promiscuous Promiscuous Primary Primary Yes Yes Secondary Community Secondary Community Yes Yes Secondary Isolated Secondary Isolated Yes Yes Promiscuous Trunk Primary Normal No No Promiscuous Trunk Primary Primary Yes No Access Access Secondary Community Secondary Community Yes Yes Primary VLAN X Primary VLAN X Yes Yes Access Access Secondary Isolated Secondary Isolated Yes Yes Primary VLAN X ...

Page 1159: ... configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved This section describe how to configure a VLT VLAN or a VLT LAG VLTi link and assign that VLT interface to a PVLAN Creating a VLT LAG or a VLT VLAN 1 Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port channel id numb...

Page 1160: ...VLT DOMAIN CONFIGURATION mode peer link port channel id number 8 Optional To configure a VLT LAG enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down VLT DOMAIN CONFIGURATION mode peer link port channel id number peer down vlan vlan interface number Associating the VLT LAG or VLT VLAN in a PVLAN 1 Access INTERFACE mode for the ...

Page 1161: ...abled device answers the ARP requests that are destined for another host or router The local host forwards the traffic to the proxy ARP enabled device which in turn transmits the packets to the destination By default proxy ARP is enabled To disable proxy ARP use the no proxy arp command in Interface mode To re enable proxy ARP use the ip proxy arp command in Interface mode To view if proxy ARP is ...

Page 1162: ...RP database because of peer routing timer expiry The source hardware address in the ARP response contains the VLT peer MAC address Proxy ARP is supported for both unicast and broadcast ARP requests Control packets other than ARP requests destined for the VLT peers that reach the undesired and incorrect VLT node are dropped if the ICL link is down Further processing is not done on these control pac...

Page 1163: ...ed to the device Only S G routes are used to forward the multicast traffic from the source to the receiver You can configure VLT nodes which function as RP as Multicast source discovery protocol MSDP peers in different domains However you cannot configure the VLT peers as MSDP peers in the same VLT domain In such instances the VLT peer does not support the RP functionality If the same source or RP...

Page 1164: ...eer 1 Configure the VLT domain Dell conf vlt domain 1 Dell conf vlt domain peer link port channel 1 Dell conf vlt domain back up destination 10 16 151 116 Dell conf vlt domain primary priority 100 Dell conf vlt domain system mac mac address 00 00 00 11 11 11 Dell conf vlt domain unit id 0 Dell conf vlt domain Dell show running config vlt vlt domain 1 peer link port channel 1 back up destination 10...

Page 1165: ...conf if vl 50 vlan stack compatible Dell conf if vl 50 stack member port channel 10 Dell conf if vl 50 stack member port channel 20 Dell show running config interface vlan 50 interface Vlan 50 vlan stack compatible member Port channel 10 20 shutdown Dell Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN Stack VLAN Dell show vlan id 50 Codes Default VLAN G GVRP VLANs R R...

Page 1166: ...onfig interface port channel 10 interface Port channel 10 no ip address switchport vlan stack access vlt peer lag port channel 10 no shutdown Dell Dell conf interface port channel 20 Dell conf if po 20 switchport Dell conf if po 20 vlt peer lag port channel 20 Dell conf if po 20 vlan stack trunk Dell conf if po 20 no shutdown Dell show running config interface port channel 20 interface Port channe...

Page 1167: ... support VLT This functionality performs the following operations Forwarding control traffic to the correct VLT node when the control traffic reaches the wrong VLT node due to hashing at the VLT LAG level on the ToR Routing the data traffic which is destined to peer VLT node Synchronizing neighbor entries learned on VLT VLAN interfaces between the primary and secondary node Synchronizing the IP ad...

Page 1168: ... a node from Neighbor advertisements NA ND entries synchronization scenarios When you enable and configure VLT on both VLT node1 and node2 any dynamically learned ND entry in VLT node1 be synchronizes instantaneously to VLT node2 and vice versa The link local address also synchronizes if learned on the VLT VLAN interface During failure cases when a VLT node goes down and comes back up all the ND e...

Page 1169: ...is case the solicited NA has the destination address field set to the unicast MAC address of the initial NS sender This solicited NA must be tunneled when they reach the wrong peer Sometimes NA messages are sent by a node when its link layer address changes This NA message is sent as an unsolicited NA to advertise its new address and the destination address field is set to the link local scope of ...

Page 1170: ...f IPv6 Peer Routing in a VLT Domain Consider a sample scenario as shown in the following figure in which two VLT nodes Unit1 and Unit2 are connected in a VLT domain using an ICL or VLTi link To the south of the VLT domain Unit1 and Unit2 are connected to a ToR switch named Node B Also Unit1 is connected to another node Node A and Unit2 is linked to a node Node C The network between the ToR and the...

Page 1171: ...om VLT Hosts Consider an example in which NA for VLT node1 reaches VLT node1 on the VLT interface and NA for VLT node1 reaches VLT node2 due to LAG level hashing in ToR When VLT node1 receives NA on VLT interface it learns the Host MAC address on VLT interface This learned neighbor entry is synchronized to VLT node2 as it is learned on VLT interface of Node2 If VLT node2 receives a NA packet on VL...

Page 1172: ...raffic to one of the VLT nodes using a global IP or Link Local address When the host communicates with the VLT node using LLA and traffic reaches the wrong peer due to LAG level hashing in the ToR the wrong peer routes the packet to correct the VLT node though the destination IP is LLA Consider a case in which traffic destined for VLT node1 reaches VLT node1 on the VLT interface and traffic destin...

Page 1173: ...s traffic to VLT interface If traffic reaches wrong VLT peer it routes the traffic over ICL Non VLT host to Non VLT host traffic flow When VLT node receives traffic from non VLT host intended to the non VLT host it does neighbor entry lookup and routes traffic over ICL interface If traffic reaches wrong VLT peer it routes the traffic over ICL Router Solicitation When VLT node receives router Solic...

Page 1174: ...oint VTEP functionality VXLAN is a technology where in the data traffic from the virtualized servers is transparently transported over an existing legacy network Figure 145 VXLAN Gateway Topics Components of VXLAN network Functional Overview of VXLAN Gateway VXLAN Frame Format Configuring and Controlling VXLAN from the NVP Controller GUI 63 Virtual Extensible LAN VXLAN 1174 ...

Page 1175: ...way function is NSX from VMWare The top level functions of NVP are Provide a GUI for creating service gateways Manage the VTEPs Binds Port and VLAN Install VTEP tunnels Distribute the VTEPs to MAC binding to all relevant VTEPs Provide an interface for cloud orchestration in cloud data center management VTEP VXLAN Tunnel End Point VTEPs work as the open vSwitch running on the hypervisor on a virtua...

Page 1176: ...etworks VTEP is responsible for identifying and binding a Port and VLAN to a logical network VTEP maintains MAC bindings to a VTEP VTEP is typically managed by a network orchestrator When the device functions as VTEP VXLAN from VMWare is the network orchestrator VXLAN communicates with the VTEP using a standard protocol called OvsDb Protocol The protocol uses the JSON RPC based message format The ...

Page 1177: ...s Source Address It is the source MAC address of the router that routes the packet VLAN It is optional in a VXLAN implementation and will be designated by an ethertype of 0 8100 and has an associated VLAN ID tag Ethertype It is set to 0 0800 because the payload packet is an IPv4 packet The initial VXLAN draft does not include an IPv6 implementation but it is planned for the next draft Outer IP Hea...

Page 1178: ...hat is the VXLAN Network Identifier Reserved A set of fields 24 bits and 8 bits that are reserved and set to zero Frame Check Sequence FCS Note that the original Ethernet frame s FCS is not included but new FCS is generated on the outer Ethernet frame Configuring and Controlling VXLAN from the NVP Controller GUI To configure and control VXLAN from the NVP controller GUI follow these steps 1 Create...

Page 1179: ...Figure 147 Create Hypervisor Figure 148 Edit Hypervisor Figure 149 Create Transport Connector Virtual Extensible LAN VXLAN 1179 ...

Page 1180: ...te Service Node 3 Create VXLAN Gateway To create a VXLAN L2 Gateway the IP address of the Gateway is mandatory The following is the snapshot of the user interface in creating a VXLAN Gateway Figure 151 Create Gateway 4 Create Logical Switch You can create a logical network by creating a logical switch The logical network acts as the forwarding domain for workloads on the physical as well as virtua...

Page 1181: ...ting to NVP controller 2 Advertising VXLAN access ports to controller Connecting to an NVP Controller To connect to an NVP controller use the following commands 1 feature vxlan CONFIGURATION mode feature vxlan You must configure feature VXLAN to configure vxlan instance 2 vxlan instance CONFIGURATION mode vxlan instance instance ID The platform supports only the instance ID 1 in the initial releas...

Page 1182: ...mmand configures a VXLAN Access Port into a VXLAN instance INTERFACE mode vxlan instance Examples of the show vxlan instance Command Dell show vxlan vxlan instance 1 Instance 1 Admin State enabled Management IP 192 168 200 200 Gateway IP 3 3 3 3 MAX Backoff 30000 Controller 1 192 168 122 6 6632 ssl connected Fail Mode secure Port List Fo 1 49 Te 1 6 Te 1 8 Po 2 The following example shows the show...

Page 1183: ...an vxlan instance unicast mac local command Dell show vxlan vxlan instance 1 unicast mac local Total Local Mac Count 5 VNI MAC PORT VLAN 4656 00 00 02 00 03 00 Te 1 17 0 4656 00 00 02 00 03 01 Te 1 17 0 4656 00 00 02 00 03 02 Te 1 17 0 4656 00 00 02 00 03 03 Te 1 17 0 4656 00 00 02 00 03 04 Te 1 17 0 Dell show vxlan vxlan instance 1 unicast mac local Total Local Mac Count 5 VNI MAC PORT VLAN 4656 ...

Page 1184: ...ame VNID bffc3be0 13e6 4745 9f6b 0bcbc5877f01 4656 Dell n instance 1 logical network n 2a8d5d19 8845 4365 ad04 243f0b6df252 Name 2a8d5d19 8845 4365 ad04 243f0b6df252 Description Tunnel Key 2 VFI 28674 Unknown Multicast MAC Tunnels 192 168 122 133 vxlan_over_ipv4 up Port Vlan Bindings Te 0 80 VLAN 0 0x80000001 Fo 0 124 VLAN 0 0x80000004 The following example shows the show vxlan vxlan instance stat...

Page 1185: ...e nodes for forwarding Broadcast unknown Unicast and Multicast Traffic BUM When one of the service nodes goes down or bfd is down in that service node the gateway switches to the alternate service node for Broadcast unknown Unicast and Multicast Traffic BUM Examples of the show bfd neighbors command To verify that the session is established use the show bfd neighbors command Dell_GW1 show bfd neig...

Page 1186: ...PNs for customers VRF is also referred to as VPN routing and forwarding VRF acts like a logical router while a physical router may include many routing tables a VRF instance uses only a single routing table VRF uses a forwarding table that designates the next hop for each data packet a list of devices that may be called upon to forward the packet and a set of rules and routing protocols that gover...

Page 1187: ...ce by using Forwarding Information Bases FIBs A network device may have the ability to configure different virtual routers where entries in the FIB that belong to one VRF cannot be accessed by another VRF on the same device Only Layer 3 interfaces can belong to a VRF VRF is supported on following types of interface Physical Ethernet interfaces Port channel interfaces static dynamic using LACP VLAN...

Page 1188: ...RF Feature Capability Support Status for Default VRF Support Status for Non default VRF Configuration rollback for commands introduced or modified Yes No LLDP protocol on the port Yes No 802 1x protocol on the VLAN port Yes No OSPF RIP ISIS BGP on physical and logical interfaces Yes Yes NOTE OSPF supported on all VRF ports OSPF V2 and BGP V4 are supported on non default VRF ports also Others suppo...

Page 1189: ...nterfaces and LAGs Yes No IPv4 ARP Yes Yes IPv6 Neighbor Discovery Yes Yes Layer 2 ACLs on VLANs Yes No FEED Yes No Layer 2 QoS Yes Yes Support for storm control broadcast and unknown unicast Yes No sFlow Yes No VRRP on physical and logical interfaces Yes Yes VRRPV3 Yes Yes Secondary IP Addresses Yes No Following IPv6 capabilities No Basic Yes No OSPFv3 Yes Yes IS IS Yes Yes BGP Yes Yes ACL Yes No...

Page 1190: ...Loading VRF CAM Load CAM memory for the VRF feature CONFIGURATION feature vrf After you load VRF CAM CLI parameters that allow you to configure non default VRFs are made available on the system Creating a Non Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances 1 to 63 and the default VRF 0 Create a non default VRF instance by specifying a name and VRF I...

Page 1191: ...host interface NOTE You cannot assign loop back and port channel interfaces to a management port To assign a front end port to a management VRF perform the following steps 1 Enter the front end interface that you want to assign to a management interface CONFIGURATION interface tengigabitethernet 1 1 2 Assign the interface to management VRF INTERFACE CONFIGURATION ip vrf forwarding management Befor...

Page 1192: ... the OSPF Process ID cannot be used again in the system Enable the OSPFv2 process globally for a VRF instance Enter the VRF key word and instance name to tie the OSPF instance to the VRF All network commands under this OSPF instance are subsequently tied to the VRF instance CONFIGURATION router ospf process id vrf vrf name The process id range is from 0 65535 Configuring VRRP on a VRF Instance You...

Page 1193: ...ress 10 1 1 100 no shutdown View VRRP command output for the VRF vrf1 show vrrp vrf vrf1 TenGigabitEthernet 1 13 IPv4 VRID 10 Version 2 Net 10 1 1 1 VRF 2 vrf1 State Master Priority 100 Master 10 1 1 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 43 Gratuitous ARP sent 0 Virtual MAC address 00 00 5e 00 01 0a Virtual IP address 10 1 1 100 Authentication none C...

Page 1194: ...r Set NS retransmit interval used and advertised in RA ipv6 nd suppress ra Suppress IPv6 Router Advertisements ipv6 ad ipv6 address IPv6 Address Detection ipv6 ad autoconfig IPv6 stateless auto configuration ipv6 address ipv6 address Configure IPv6 address on an interface NOTE The command line help still displays relevant details corresponding to each of these commands However these interface rang...

Page 1195: ...Sample VRF Configuration The following configuration illustrates a typical VRF set up Figure 155 Setup OSPF and Static Routes Virtual Routing and Forwarding VRF 1195 ...

Page 1196: ...hown in the above illustrations Router 1 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface TenGigabitEthernet 3 1 no ip address switchport no shutdown interface TenGigabitEthernet 1 1 ip vrf forwarding blue ip address 10 0 0 1 24 no shutdown Virtual Routing and Forwarding VRF 1196 ...

Page 1197: ...n ip address 3 0 0 1 24 tagged TenGigabitEthernet 3 1 no shutdown router ospf 1 vrf blue router id 1 0 0 1 network 1 0 0 0 24 area 0 network 10 0 0 0 24 area 0 router ospf 2 vrf orange router id 2 0 0 1 network 2 0 0 0 24 area 0 network 20 0 0 0 24 area 0 ip route vrf green 31 0 0 0 24 3 0 0 2 Router 2 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface TenGigabitEthernet 3 1 no ip address swit...

Page 1198: ...ork 1 0 0 0 24 area 0 passive interface TenGigabitEthernet 2 1 router ospf 2 vrf orange router id 2 0 0 2 network 21 0 0 0 24 area 0 network 2 0 0 0 24 area 0 passive interface TenGigabitEthernet 2 2 ip route vrf green30 0 0 0 24 3 0 0 1 The following shows the output of the show commands on Router 1 Router 1 Dell show ip vrf VRF Name VRF ID Interfaces default vrf 0 Te 3 1 3 3 Te 1 3 1 47 Te 2 1 2...

Page 1199: ... OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active route summary route Gateway of last resort is not set Destination Gateway Dist Metric Last Change C 2 0 0 0 24 Direct Vl 192 0 0 00 20 55 C 20 0 0 0 24 Direct Te 1 2 0 0 00 10 05 O 21 0 0 0 24 via 2 0 0 2 ...

Page 1200: ...nnected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active route summary route Gateway of last resort is not set Destination Gateway Dist Metric Last Cha...

Page 1201: ...e summary route Gateway of last resort is not set Destination Gateway Dist Metric Last Change C 3 0 0 0 24 Direct Vl 256 0 0 00 26 27 S 30 0 0 0 24 via 3 0 0 1 Vl 256 1 0 00 17 03 C 31 0 0 0 24 Direct Te 2 3 0 0 00 20 19 Dell Route Leaking VRFs Static routes can be used to redistribute routes between non default to default non default VRF and vice versa You can configure route leaking between two ...

Page 1202: ... to various other VRFs The destinations or target VRFs then import these IPv4 or IPv6 routes using the ip route import tag or the ipv6 route import tag command respectively NOTE In Dell Networking OS you can configure at most one route export per VRF as only one set of routes can be exposed for leaking However you can configure multiple route import targets because a VRF can accept routes from mul...

Page 1203: ...s mask A non default VRF named VRF Shared is created and the interface 1 4 is assigned to this VRF 2 Configure the export target in the source VRF ip route export 1 1 3 Configure VRF red ip vrf vrf red interface type slot port subport ip vrf forwarding VRF red ip address ip address mask A non default VRF named VRF red is created and the interface is assigned to this VRF 4 Configure the import targ...

Page 1204: ... import 1 1 ip vrf VRF Green ip vrf VRF shared ip route export 1 1 ip route import 2 2 ip route import 3 3 Show routing tables of all the VRFs without any route export and route import tags being configured Dell show ip route vrf VRF Red O 11 1 1 1 32 via 111 1 1 1 110 0 00 00 10 C 111 1 1 0 24 Direct Te 1 11 0 0 22 39 59 Dell show ip route vrf VRF Blue O 22 2 2 2 32 via 122 2 2 2 110 0 00 00 11 C...

Page 1205: ...er the sourced or Leaked route from some other VRF then route Leaking for that particular prefix fails and the following error log is thrown SYSLOG Duplicate prefix found s in the target VRF d address import_vrf_id with The type level is EVT_LOGWARNING The source routes always take precedence over leaked routes The leaked routes are deleted as soon as routes are locally learnt by the VRF using oth...

Page 1206: ... end to define the filtering criteria based on which the routes are imported into VRF blue You can define a route map import_ospf_protocol and then specify the match criteria as OSPF using the match source protocol ospf command You can then use the ip route import route map command to import routes matching the filtering criteria defined in the import_ospf_protocol route map For a reply communicat...

Page 1207: ..._ospfbgp_protocol ip route import 2 2 this action exports only the OSPF and BGP routes to other VRFs ip vrf vrf Blue ip route export 2 2 ip route import 1 1 import_ospf_protocol this action accepts only OSPF routes from VRF red even though both OSPF as well as BGP routes are shared The show VRF commands displays the following output Dell show ip route vrf VRF Blue C 122 2 2 0 24 Direct Te 1 22 0 0...

Page 1208: ...Similarly when two VRFs leak or export routes there is no option to discretely filter leaked routes from each source VRF Meaning you cannot import one set of routes from VRF red and another set of routes from VRF blue Virtual Routing and Forwarding VRF 1208 ...

Page 1209: ...d allows for up to 255 VRRP routers on a network The following example shows a typical network configuration using VRRP Instead of configuring the hosts on the network 10 10 10 0 with the IP address of either Router A or Router B as their default router their default router is the IP address configured on the virtual router When any host on the LAN segment wants to access the Internet it sends pac...

Page 1210: ...dent on internal gateway protocol IGP protocols to converge or update routing tables VRRP Implementation Within a single VRRP group up to 12 virtual IP addresses are supported Virtual IP addresses can belong to the primary or secondary IP address subnet configured on the interface You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet Virtu...

Page 1211: ... dead interval may cause packets to be dropped during that switch over time Table 99 Recommended VRRP Advertise Intervals Recommended Advertise Interval Groups Interface Total VRRP Groups Groups Interface Less than 250 1 second 12 Between 250 and 450 2 3 seconds 24 Between 450 and 600 3 4 seconds 36 Between 600 and 800 4 seconds 48 Between 800 and 1000 5 seconds 84 Between 1000 and 1200 7 seconds ...

Page 1212: ...fying VRRP The following examples how to configure VRRP Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 vrrp group 111 Dell conf if te 1 1 vrid 111 The following examples how to verify the VRRP configuration Dell conf if te 1 1 show conf interface TenGigabitEthernet 1 1 ip address 10 10 10 1 24 vrrp group 111 no shutdown Configuring the VRRP Version for an IPv4 Group For IPv4 you ca...

Page 1213: ...up_switch1 conf if te 1 1 vrid 100 version both Dell_backup_switch2 conf if te 1 2 vrid 100 version both 2 Set the master switch to VRRP protocol version 3 Dell_master_switch conf if te 1 1 vrid 100 version 3 3 Set the backup switches to version 3 Dell_backup_switch1 conf if te 1 1 vrid 100 version 3 Dell_backup_switch2 conf if te 1 2 vrid 100 version 3 Assign Virtual IP addresses Virtual routers ...

Page 1214: ...erface primary or secondary IP address On a stack system if a force failover is performed on a master stack unit the VRRP virtual addresses are disabled To re enable VRRP execute the mac address table station move refresh arp command Configuring a Virtual IP Address To configure a virtual IP address use the following commands 1 Configure a VRRP group INTERFACE mode vrrp group vrrp id The VRID rang...

Page 1215: ...ontains either Master or Backup Setting VRRP Group Virtual Router Priority Setting a virtual router priority to 255 ensures that router is the owner virtual router for the VRRP group VRRP elects the MASTER router by choosing the router with the highest priority The default priority for a virtual router is 100 The higher the number the higher the priority If the MASTER router fails VRRP begins the ...

Page 1216: ...he password in its VRRP transmission The receiving router uses that password to verify the transmission NOTE You must configure all virtual routers in the VRRP group the same you must enable authentication with the same password or authentication is disabled NOTE Authentication for VRRPv3 is not supported To configure simple authentication use the following command Configure a simple text password...

Page 1217: ...no preempt Dell conf if te 1 1 vrid 111 The following example shows how to verify preempt is disabled using the show conf command Dell conf if te 1 1 vrid 111 show conf vrrp group 111 authentication type simple 7 387a7f2df5969da4 no preempt priority 255 virtual address 10 10 10 1 virtual address 10 10 10 2 virtual address 10 10 10 3 virtual address 10 10 10 10 Changing the Advertisement Interval B...

Page 1218: ...is from 1 to 255 seconds The default is 1 second For VRRPv3 change the advertisement centisecs interval setting INTERFACE VRID mode advertise interval centisecs centisecs The range is from 25 to 4075 centisecs in units of 25 centisecs The default is 100 centisecs Examples of the advertise interval Command The following example shows how to change the advertise interval using the advertise interval...

Page 1219: ...ter the keyword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 For a virtual group you can also track the status of a configured object the track object id command by entering its object number NOTE You can configure a tracked object for a VRRP group using t...

Page 1220: ...entication type simple 7 387a7f2df5969da4 no preempt priority 255 track TenGigabitEthernet 1 2 virtual address 10 10 10 1 virtual address 10 10 10 2 virtual address 10 10 10 3 virtual address 10 10 10 10 The following example shows verifying the tracking status Dell show track Track 2 IPv6 route 2040 64 metric threshold Metric threshold is Up STATIC 0 0 5 changes last change 00 02 16 Metric thresh...

Page 1221: ...bles normally NOTE When you reload a node that contains VRRP configuration and is enabled for VLT Dell Networking recommends that you configure the reload timer by using the vrrp delay reload command to ensure that VRRP is functional Otherwise when you reload a VLT node configured for VRRP the local destination address is not seen on the reloaded node causing suboptimal routing Set the delay timer...

Page 1222: ...p VRRP review the following sample configurations VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration You can copy and paste from the example to your CLI To support your own IP addresses interfaces names and so on be sure that you mak...

Page 1223: ...terface tengigabitethernet 2 31 R2 conf if te 2 31 ip address 10 1 1 1 24 R2 conf if te 2 31 vrrp group 99 R2 conf if te 2 31 vrid 99 priority 200 R2 conf if te 2 31 vrid 99 virtual 10 1 1 3 R2 conf if te 2 31 vrid 99 no shut R2 conf if te 2 31 show conf interface TenGigabitEthernet 2 31 ip address 10 1 1 1 24 Virtual Router Redundancy Protocol VRRP 1223 ...

Page 1224: ...rnet 3 21 R3 conf if te 3 21 ip address 10 1 1 2 24 R3 conf if te 3 21 vrrp group 99 R3 conf if te 3 21 vrid 99 virtual 10 1 1 3 R3 conf if te 3 21 vrid 99 no shut R3 conf if te 3 21 show conf interface TenGigabitEthernet 3 21 ip address 10 1 1 1 24 vrrp group 99 virtual address 10 1 1 3 no shutdown R3 conf if te 3 21 end R3 show vrrp TenGigabitEthernet 3 21 VRID 99 Net 10 1 1 2 State Backup Prior...

Page 1225: ...nues to be MASTER even if one of two routers has a higher IP or IPv6 address The following example shows configuring VRRP for IPv6 Router 2 and Router 3 Configure a virtual link local fe80 address for each VRRPv3 group created for an interface The VRRPv3 group becomes active as soon as you configure the link local address Afterward you can configure the group s virtual IPv6 address Virtual Router ...

Page 1226: ...Net fe80 201 e8ff fe6a c59f VRF 0 default vrf State Master Priority 100 Master fe80 201 e8ff fe6a c59f local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 135 Virtual MAC address 00 00 5e 00 02 0a Virtual IP address 1 10 fe80 10 Router 3 R3 conf interface tengigabitethernet 1 2 R3 conf if te 1 2 no ipv6 addres...

Page 1227: ...ssociated with each VRF Both Switch 1 and Switch 2 have three VRF instances defined VRF 1 VRF 2 and VRF 3 Each VRF has a separate physical interface to a LAN switch and an upstream VPN interface to connect to the Internet Both Switch 1 and Switch 2 use VRRP groups on each VRF instance in order that there is one MASTER and one backup router for each VRF In VRF 1 and VRF 2 Switch 2 serves as owner m...

Page 1228: ...rrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S1 conf if te 1 1 vrid 101 priority 100 S1 conf if te 1 1 vrid 101 virtual address 10 10 1 2 S1 conf if te 1 1 no shutdown S1 conf interface TenGigabitEthernet 1 2 S1 conf if te 1 2 ip vrf forwarding VRF 2 S1 conf if te 1 2 ip address 10 10 1 6 24 S1 conf if te 1 2 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF...

Page 1229: ...f ip vrf VRF 3 3 S2 conf interface TenGigabitEthernet 1 1 S2 conf if te 1 1 ip vrf forwarding VRF 1 S2 conf if te 1 1 ip address 10 10 1 2 24 S2 conf if te 1 1 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if te 1 1 vrid 101 priority 255 S2 conf if te 1 1 vrid 101 virtual address 10 10 1 2 S2 conf if te 1 1 no shutdown S2 conf interface TenGigabitEthernet 1 2 S...

Page 1230: ...conf if te 1 1 interface vlan 100 S1 conf if vl 100 ip vrf forwarding VRF 1 S1 conf if vl 100 ip address 10 10 1 5 24 S1 conf if vl 100 tagged TenGigabitethernet 1 1 S1 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S1 conf if vl 100 vrid 101 priority 100 S1 conf if vl 100 vrid 101 virtual address 10 10 1 2 S1 conf if vl 100 no shutdown S1 conf if te 1 1 ...

Page 1231: ...hport S2 conf if te 1 1 no shutdown S2 conf if te 1 1 interface vlan 100 S2 conf if vl 100 ip vrf forwarding VRF 1 S2 conf if vl 100 ip address 10 10 1 2 24 S2 conf if vl 100 tagged TenGigabitethernet 1 1 S2 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if vl 100 vrid 101 priority 255 S2 conf if vl 100 vrid 101 virtual address 10 10 1 2 S2 conf i...

Page 1232: ...sion 2 Net 20 1 1 2 VRF 1 vrf1 State Backup Priority 90 Master 20 1 1 1 Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 377 Bad pkts rcvd 0 Adv sent 0 Gratuitous ARP sent 0 Virtual MAC address 00 00 5e 00 01 0a Virtual IP address 20 1 1 100 Authentication none Dell show vrrp vrf vrf2 port channel 1 Port channel 1 IPv4 VRID 1 Version 2 Net 10 1 1 1 VRF 2 vrf2 State Master Priority 100 Master 10 ...

Page 1233: ...te from the example to your CLI Be sure you make the necessary changes to support your own IP addresses interfaces names and so on NOTE In a VRRP or VRRPv3 group if two routers come up with the same priority and another router already has MASTER status the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address Router 2 R2 conf interface tengigab...

Page 1234: ...local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 135 Virtual MAC address 00 00 5e 00 02 0a Virtual IP address 1 10 fe80 10 NOTE Although R2 and R3 have the same default priority 100 R2 is elected master in the VRRPv3 group because the Tengigabitethernet 1 1 interface has a higher IPv6 address than the Tengi...

Page 1235: ...pkts rcvd 0 Adv sent 120 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 10 1 1 255 fe80 255 Dell Dell show vrrp vrf vrf1 vlan 400 Vlan 400 IPv6 VRID 255 Version 3 Net fe80 201 e8ff fe8a e9ed VRF 1 vrf1 State Master Priority 200 Master fe80 201 e8ff fe8a e9ed local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0...

Page 1236: ...l 1 Port channel 1 IPv6 VRID 255 Version 3 Net fe80 201 e8ff fe8a fd76 VRF 2 vrf2 State Backup Priority 90 Master fe80 201 e8ff fe8a e9ed Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 548 Bad pkts rcvd 0 Adv sent 0 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 10 1 1 255 fe80 255 Virtual Router Redundancy Protocol VRRP 1236 ...

Page 1237: ...nts on the board are put into Loopback mode and test packets are transmitted through those components Level 2 diagnostics also perform snake tests using virtual local area network VLAN configurations Important Points to Remember You can only perform offline diagnostics on an offline standalone unit or offline member unit of a stack of three or more You cannot perform diagnostics on the management ...

Page 1238: ...T 6 DA_DIAG_DONE Diags finished on stack unit 0 Dell 00 09 42 Diagnostic test results are stored on file flash TestReport SU 0 txt Diags completed Rebooting the system now Mar 12 10 40 35 S6000 0 DIAGAGT 6 DA_DIAG_DONE Diags finished on stack unit 1 Diagnostic results are printed to a file in the flash using the filename format TestReport SU stack unit id txt Log messages differ somewhat when diag...

Page 1239: ... unit will be pulled out of the stack for diagnostic execution Proceed with Diags confirm yes no yes Warning diagnostic execution will cause multiple link flaps on the peer side advisable to shut directly connected ports Proceed with Diags confirm yes no yes Dell 00 03 13 S25P 2 DIAGAGT 6 DA_DIAG_STARTED Starting diags on stack unit 2 00 03 13 Approximate time to complete these Diags 6 Min 00 03 1...

Page 1240: ...t 1 001 Psu Power Good Test PASS Test 1 Psu Power Good Test FAIL diagS4810ChkPsuPresence 625 ERROR Psu 0 is not present Test 2 000 Fan Psu Status test NOT PRESENT Test 2 001 Fan Psu Status test PASS Test 2 Fan Psu Status Test FAIL Test 3 000 Fan board presence Test PASS Test 3 001 Fan board presence Test PASS Test 3 Fan Board Presence Test PASS Test 4 000 Board Fan Status Test PASS Test 4 001 Boar...

Page 1241: ...ing the show file command from the flash TRACE_LOG_DIR directory On a Standby unit you can reach the TRACE_LOG_DIR files only by using the show file command from the flash TRACE_LOG_DIR directory NOTE Non management member units do not support this functionality Last Restart Reason If the system restarts for some reason automatically or manually the show system command output includes the reason f...

Page 1242: ...U must process View the modular packet buffers details per stack unit and the mode of allocation EXEC Privilege mode show hardware stack unit 1 6 buffer total buffer View the modular packet buffers details per unit and the mode of allocation EXEC Privilege mode show hardware stack unit 1 6 buffer unit 0 1 total buffer View the forwarding plane statistics containing the packet buffer usage per port...

Page 1243: ... replication View the internal statistics for each port pipe unit on per port basis EXEC Privilege mode show hardware stack unit 1 6 unit 0 1 port stats detail View the stack unit internal registers for each port pipe EXEC Privilege mode show hardware stack unit 1 6 unit 0 1 register View the tables from the bShell through the CLI without going into the bShell EXEC Privilege mode show hardware sta...

Page 1244: ...52 Temp High Warning threshold 70 000C QSFP 52 Voltage High Warning threshold 3 465V QSFP 52 Bias High Warning threshold 9 500mA QSFP 52 RX Power High Warning threshold 1 738mW QSFP 52 Temp Low Warning threshold 0 000C QSFP 52 Voltage Low Warning threshold 3 135V QSFP 52 Bias Low Warning threshold 1 000mA QSFP 52 RX Power Low Warning threshold 0 112mW QSFP 52 Temperature 30 602C QSFP 52 Voltage 3 ...

Page 1245: ... 2 Check air flow through the system Ensure that the air ducts are clean and that all fans are working correctly 3 After the software has determined that the temperature levels are within normal limits you can re power the card safely To bring back the line card online use the power on command in EXEC mode In addition to control airflow for adequate system cooling Dell Networking requires that you...

Page 1246: ...TxPower OID displays the transmitting power of the connected optics Temperature 1 3 6 1 4 1 6027 3 10 1 2 5 1 7 chSysPortXfpRecvTemp OID displays the temperature of the connected optics NOTE These OIDs only generate if you enable the enable optic info update interval is enabled command Hardware MIB Buffer Statistics 1 3 6 1 4 1 6027 3 27 1 4 dellNetFpPacketBufferTable View the modular packet buffe...

Page 1247: ...edicated buffer this pool is reserved memory that other interfaces cannot use on the same ASIC or by other queues on the same interface This buffer is always allocated and no dynamic re carving takes place based on changes in interface status Dedicated buffers introduce a trade off They provide each interface with a guaranteed minimum buffer to prevent an overused and congested interface from star...

Page 1248: ...tem performance The default values work for most cases As a guideline consider tuning buffers if traffic is bursty and coming from several interfaces In this case Reduce the dedicated buffer on all queues interfaces Increase the dynamic buffer on all interfaces Increase the cell pointers on a queue that you are expecting will receive the largest number of packets To define change and apply buffers...

Page 1249: ...mory this allocation is called oversubscription If you choose to oversubscribe the dynamic allocation a burst of traffic on one interface might prevent other interfaces from receiving the configured dynamic allocation which causes packet loss You cannot allocate more than the available memory for the dedicated buffers If the system determines that the sum of the configured dedicated buffers alloca...

Page 1250: ... ip address mtu 9216 switchport no shutdown buffer policy myfsbufferprofile The following example shows viewing the default buffer profile on an interface Dell show buffer profile detail interface tengigabitethernet 1 10 Interface Te 1 10 Buffer profile fsqueue fp Dynamic buffer 1256 00 Kilobytes Queue Dedicated Buffer Buffer Packets Kilobytes 0 3 00 256 1 3 00 256 2 3 00 256 3 3 00 256 4 3 00 256...

Page 1251: ...lays Error User defined buffer profile already applied Failed to apply global pre defined buffer profile Please remove all user defined buffer profiles Similarly when you configure buffer profile global you cannot not apply a buffer profile on any single interface A message similar to the following displays Error Global pre defined buffer profile already applied Failed to apply user defined buffer...

Page 1252: ...ac eg acl in acl stack unit stack unit number port set 0 pipeline 0 3 show hardware ip qos stack unit stack unit number port set 0 show hardware system flow layer2 stack unit stack unit number port set 0 counters pipeline 0 3 show hardware drops interface interface show hardware buffer stats snapshot resource interface interface show hardware buffer inteface interface priority group id all queue i...

Page 1253: ...COS1 0 HOL DROPS on COS2 0 HOL DROPS on COS3 0 HOL DROPS on COS4 0 HOL DROPS on COS5 0 HOL DROPS on COS6 0 HOL DROPS on COS7 0 HOL DROPS on COS8 0 HOL DROPS on COS9 0 HOL DROPS on COS10 0 HOL DROPS on COS11 0 HOL DROPS on COS12 0 HOL DROPS on COS13 0 HOL DROPS on COS14 0 HOL DROPS on COS15 0 HOL DROPS on COS16 0 HOL DROPS on COS17 0 TxPurge CellErr 0 Aged Drops 0 Egress MAC counters Egress FCS Dro...

Page 1254: ...0 0 3 3 0 0 0 0 0 4 4 0 0 0 0 0 5 5 0 0 0 0 0 6 6 0 0 0 0 0 7 7 0 0 0 0 0 8 8 0 0 0 0 0 9 9 0 0 0 0 0 10 10 0 0 0 0 0 11 11 0 0 0 0 0 12 12 0 0 0 0 0 13 13 0 0 0 0 0 14 14 0 0 0 0 0 15 15 0 0 0 0 0 16 16 0 0 0 0 0 17 17 2144854 0 124904297 0 0 18 18 0 0 0 0 0 19 19 0 0 0 0 0 20 20 0 0 0 0 0 21 21 0 0 0 0 0 22 22 0 0 0 0 0 23 23 0 0 0 0 0 24 24 0 0 0 0 0 25 25 0 0 0 0 0 26 26 0 0 0 0 0 27 27 0 0 0 ...

Page 1255: ...0 0 0 0 0 40 40 0 0 0 0 0 41 41 0 0 0 0 0 42 42 0 0 0 0 0 43 43 0 0 0 0 0 44 44 0 0 0 0 0 45 45 0 0 0 0 0 46 46 0 0 0 0 0 47 47 0 0 0 0 0 48 48 0 0 0 0 0 49 49 0 0 0 0 0 49 50 0 0 0 0 0 49 51 0 0 0 0 0 49 52 0 0 0 0 0 52 61 0 0 0 0 0 52 62 0 0 0 0 0 52 63 0 0 0 0 0 52 64 0 0 0 0 0 53 65 0 0 0 0 0 53 66 0 0 0 0 0 53 67 0 0 0 0 0 53 68 0 0 0 Debugging and Diagnostics 1255 ...

Page 1256: ...ics on a per queue basis The objective is to see whether CPU bound traffic is internal so called party bus or IPC traffic or network control traffic which the CPU must process Example of Viewing Dataplane Statistics Dell show hardware stack unit 1 cpu data plane statistics bc pci driver statistics for device rxHandle 773 noMhdr 0 noMbuf 0 noClus 0 recvd 773 dropped 0 recvToNet 773 rxError 0 rxFwdE...

Page 1257: ...s 78 over 1023 byte pkts 0 Multicasts 5 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 1649714 packets 1948622676 bytes 0 underruns 0 64 byte pkts 27234 over 64 byte pkts 107970 over 127 byte pkts 34 over 255 byte pkts 504838 over 511 byte pkts 1009638 over 1023 byte pkts 0 Multicasts 0 Broadcasts 1649714 Unicasts 0 throttles 0 discarded 0 collisions Rate inf...

Page 1258: ...e counter 0 RX Double VLAN tag frame counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 46 TX 64 to 127 Byte Frame Counter 0 TX 128 to 255 Byte Frame Counter 0 TX 256 to 511 Byte Frame Counter 0 TX 512 to 1023 Byte Frame Counter 0 TX 1024 to 1518 Byte Frame Counter 0 TX 1519 to 1522 Byte Good VLAN Frame Counter 0 TX 1519 to 2047 Byte Frame Cou...

Page 1259: ...unter 0 RX Double VLAN tag frame counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 0 TX 64 to 127 Byte Frame Counter 0 TX 128 to 255 Byte Frame Counter 0 TX 256 to 511 Byte Frame Counter 0 TX 512 to 1023 Byte Frame Counter 0 TX 1024 to 1518 Byte Frame Counter 0 TX 1519 to 1522 Byte Good VLAN Frame Counter 0 TX 1519 to 2047 Byte Frame Counter ...

Page 1260: ...X Oversized Frame Counter 0 RX Jabber Frame Counter 0 RX VLAN Tag Frame Counter 0 RX Double VLAN Tag Frame Counter 0 RX RUNT Frame Counter 0 RX Fragment Counter 0 RX VLAN Tagged Packets 0 RX Ingress Dropped Packet 0 RX MTU Check Error Frame Counter 0 RX PFC Frame Priority 0 0 RX PFC Frame Priority 1 0 RX PFC Frame Priority 2 0 RX PFC Frame Priority 3 0 RX PFC Frame Priority 4 0 RX PFC Frame Priori...

Page 1261: ... member or standby unit crashes the mini core file gets uploaded to master unit When the master unit crashes the mini core file is uploaded to new master The panic string contains key information regarding the crash Several panic string types exist and they are displayed in regular English text to enable easier understanding of the crash cause Example of Application Mini Core Dump Listings Dell di...

Page 1262: ...y specifying the snap length to capture the file headers only The tcpdump command has a finite run process When you enable the tcpdump command it runs until the capture duration timer and or the packet count counter threshold is met If you do not set a threshold the system uses a default of a 5 minute capture duration and or a single 1k file as the stopping point for the dump You can use the captu...

Page 1263: ...o related RFCs Topics IEEE Compliance RFC and I D Compliance MIB Location IEEE Compliance The following is a list of IEEE compliance 802 1AB LLDP 802 1D Bridging STP 802 1p L2 Prioritization 802 1Q VLAN Tagging Double VLAN Tagging GVRP 802 1s MSTP 802 1w RSTP 802 1X Network Access Control Port Authentication 802 3ab Gigabit Ethernet 1000BASE T 802 3ac Frame Extensions for VLAN Tagging 802 3ad Link...

Page 1264: ...ing table lists the Dell Networking OS support per platform for general internet protocols Table 103 General Internet Protocols RFC Full Name Z Series S Series 768 User Datagram Protocol 7 6 1 793 Transmission Control Protocol 7 6 1 854 Telnet Protocol Specification 7 6 1 959 File Transfer Protocol FTP 7 6 1 1321 The MD5 Message Digest Algorithm 7 6 1 1350 The TFTP Protocol Revision 2 7 6 1 1661 T...

Page 1265: ...tion General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols Table 104 General IPv4 Protocols R F C Full Name Z Series S Series 7 9 1 Internet Protocol 7 6 1 7 9 2 Internet Control Message Protocol 7 6 1 8 2 6 An Ethernet Address Resolution Protocol 7 6 1 1 0 2 7 Using ARP to Implement Transparent Subnet Gateways 7 6 1 1 0 3 5 DOMAIN ...

Page 1266: ...tation and Analysis 7 6 1 1 5 1 9 Classless Inter Domain Routing CIDR an Address Assignment and Aggregation Strategy 7 6 1 1 5 4 2 Clarifications and Extensions for the Bootstrap Protocol 7 6 1 1 8 1 2 Requirements for IP Version 4 Routers 7 6 1 2 1 3 1 Dynamic Host Configuration Protocol 7 6 1 2 3 3 8 Virtual Router Redundancy Protocol VRRP 7 6 1 3 0 Using 31 Bit Prefixes on IPv4 7 7 1 Standards ...

Page 1267: ...of the Tiny Fragment Attack 7 6 1 General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols Table 105 General IPv6 Protocols RF C Full Name Z Series S Series 18 86 DNS Extensions to support IP version 6 7 8 1 19 81 Pa rtia l Path MTU Discovery for IP version 6 7 8 1 24 60 Internet Protocol Version 6 IPv6 Specificatio n 7 8 1 Standards C...

Page 1268: ... 271 1 IPv6 Router Alert Option 8 3 12 0 35 87 IPv6 Global Unicast Address Format 7 8 1 40 07 IPv6 Scoped Address Architecture 8 3 12 0 42 91 Internet Protocol Version 6 IPv6 Addressing Architecture 7 8 1 44 43 Internet Control Message Protocol ICMPv6 for the IPv6 Specificatio n 7 8 1 48 61 Neighbor Discovery for IPv6 8 3 12 0 48 62 IPv6 Stateless Address 8 3 12 0 Standards Compliance 1268 ...

Page 1269: ...P 4 Multiprotocol Extensions for IPv6 Inter Domain Routing 2796 BGP Route Reflection An Alternative to Full Mesh Internal BGP IBGP 7 8 1 2842 Capabilities Advertisement with BGP 4 7 8 1 2858 Multiprotocol Extensions for BGP 4 7 8 1 2918 Route Refresh Capability for BGP 4 7 8 1 3065 Autonomous System Confederations for BGP 7 8 1 4360 BGP Extended Communities Attribute 7 8 1 4893 BGP Support for Fou...

Page 1270: ...Packets and Congestion Avoidance 7 6 1 Intermediate System to Intermediate System IS IS The following table lists the Dell Networking OS support per platform for IS IS protocol Table 108 Intermediate System to Intermediate System IS IS RFC Full Name S Series 1142 OSI IS IS Intra Domain Routing Protocol ISO DP 10589 1195 Use of OSI IS IS for Routing in TCP IP and Dual Environments 2763 Dynamic Host...

Page 1271: ...th 02 Extended Ethernet Frame Size Support Routing Information Protocol RIP The following table lists the Dell Networking OS support per platform for RIP protocol Table 109 Routing Information Protocol RIP RFC Full Name S Series 1058 Routing Information Protocol 7 8 1 2453 RIP Version 7 8 1 4191 Default Router Preferences and More Specific Routes 8 3 12 0 Multicast The following table lists the De...

Page 1272: ... network management protocol Table 111 Network Management RFC Full Name S4810 1155 Structure and Identification of Management Information for TCP IP based Internets 7 6 1 1156 Management Information Base for Network Management of TCP IP based internets 7 6 1 1157 A Simple Network Management Protocol SNMP 7 6 1 1212 Concise MIB Definitions 7 6 1 1215 A Convention for Defining Traps for use with the...

Page 1273: ...ents for Internet Standard Management Framework 7 6 1 2571 An Architecture for Describing Simple Network Management Protocol SNMP Management Frameworks 7 6 1 2572 Message Processing and Dispatching for the Simple Network Management Protocol SNMP 7 6 1 2574 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMPv3 7 6 1 2575 View based Access Control Model VACM fo...

Page 1274: ... Alarm Table Event Table Log Table 7 6 1 2863 The Interfaces Group MIB 7 6 1 2865 Remote Authentication Dial In User Service RADIUS 7 6 1 3273 Remote Network Monitoring Management Information Base for High Capacity Networks 64 bits Ethernet Statistics High Capacity Table Ethernet History High Capacity Table 7 6 1 3416 Version 2 of the Protocol Operations for the Simple Network Management Protocol ...

Page 1275: ...on Base for Intermediate System to Intermediate System IS IS isisSysObject top level scalar objects isisISAdjTable isisISAdjAreaAddrTable isisISAdjIPAddrTable isisISAdjProtSuppTable draft ietf netmod interfaces cfg 03 Defines a YANG data model for the configuration of network interfaces Used in the Programmatic Interface RESTAPI feature 9 2 0 0 IEEE 802 1AB Management Information Base module for L...

Page 1276: ...rprise Chassis MIB FORCE10 IF EXTENSION MIB Force10 Enterprise IF Extension MIB extends the Interfaces portion of the MIB 2 RFC 1213 by providing proprietary SNMP OIDs for other counters displayed in the show interfaces output 7 6 1 FORCE10 LINKAGG MIB Force10 Enterprise Link Aggregation MIB 7 6 1 FORCE10 CHASSIS MIB Force10 E Series Enterprise Chassis MIB FORCE10 COPY CONFIG MIB Force10 File Copy...

Page 1277: ...can obtain a list of selected MIBs and their OIDs at the following URL https www force10networks com CSPortal20 Main Login aspx Some pages of iSupport require a login To request an iSupport account go to https www force10networks com CSPortal20 AccountRequest AccountRequest aspx If you have forgotten or lost your account information contact Dell TAC for assistance Standards Compliance 1277 ...

Reviews:

No comments

Related manuals for S4048T

D DGS-3048 DGS-3048

Brand: D-Link Pages: 3

Brand: Zektor Pages: 84

Brand: Open Mesh Pages: 2

S6520X-EI Series

Brand: H3C Pages: 34

Brand: PRO SIGNAL Pages: 2

Brand: VeEX Pages: 22

Brand: FS Pages: 43

Brand: C4i Pages: 7

Brand: JetNet Pages: 20

Brand: Eminent Pages: 6

Brand: InvoTek Pages: 4

IP Power 9258 DS

Brand: Aviosys Pages: 37

Brand: Gigacore Pages: 8

Brand: Rasfox Pages: 13

Brand: Solar Solve Marine Pages: 12

Brand: CYP Pages: 44

Brand: Asco Pages: 20

Brand: KanexPro Pages: 9

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands