Dell S4820T Configuration Manual Download Page 880

Page: 880 / 1178

ip ssh rsa-authentication enable

Bind the public keys to RSA authentication.
EXEC Privilege mode

ip ssh rsa-authentication my-authorized-keys flash:

//public_key

Example of Generating RSA Keys

admin@Unix_client#ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/admin/.ssh/id_rsa):

/home/admin/.ssh/id_rsa already exists.

Overwrite (y/n)? y

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/admin/.ssh/id_rsa.

Your public key has been saved in /home/admin/.ssh/id_rsa.pub.

Configuring Host-Based SSH Authentication

Authenticate a particular host. This method uses SSH version 2.

To configure host-based authentication, use the following commands.

Configure RSA Authentication. Refer to

Using RSA Authentication of SSH

Create

shosts

by copying the public RSA key to the file

shosts

in the directory

.ssh

, and write the IP

address of the host to the file.

cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts

Refer to the first example.

Create a list of IP addresses and usernames that are permitted to SSH in a file called

rhosts

Refer to the second example.

Copy the file

shosts

and

rhosts

to the Dell Networking system.

Disable password authentication and RSA authentication, if configured
CONFIGURATION mode or EXEC Privilege mode

no ip ssh password-authentication

no ip ssh rsa-authentication

Enable host-based authentication.
CONFIGURATION mode

ip ssh hostbased-authentication enable

Bind

shosts

and

rhosts

to host-based authentication.

CONFIGURATION mode

ip ssh pub-key-file flash:

//filename

ip ssh rhostsfile flash:

//filename

Examples of Creating

shosts

and

rhosts

The following example shows creating

shosts

admin@Unix_client# cd /etc/ssh

admin@Unix_client# ls

moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.pub

ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_key

880

Security

Summary of Contents for S4820T

Page 1: ...Dell Configuration Guide for the S4820T System 9 8 0 0 ...

Page 2: ...blem WARNING A WARNING indicates a potential for property damage personal injury or death Copyright 2009 2015 Dell Inc All rights reserved This product is protected by U S and international copyright and intellectual property laws Dell and the Dell logo are trademarks of Dell Inc in the United States and or other jurisdictions All other marks and names mentioned herein may be trademarks of their r...

Page 3: ...ace and Running Scripts Using SSH 51 Entering CLI commands Using an SSH Connection 52 Executing Local CLI Scripts Using an SSH Connection 52 Default Configuration 53 Configuring a Host Name 53 Accessing the System Remotely 53 Accessing the System Remotely 53 Configure the Management Port IP Address 53 Configure a Management Route 54 Configuring a Username and Password 54 Configuring the Enable Pas...

Page 4: ...nnection to a Syslog Server 73 Log Messages in the Internal Buffer 74 Configuration Task List for System Log Management 74 Disabling System Logging 74 Sending System Messages to a Syslog Server 75 Configuring a UNIX System as a Syslog Server 75 Track Login Activity 75 Restrictions for Tracking Login Activity 75 Configuring Login Activity Tracking 76 Display Login Statistics 76 Limit Concurrent Log...

Page 5: ...iables 93 5 802 1ag 95 Ethernet CFM 95 Maintenance Domains 96 Maintenance Points 96 Maintenance End Points 97 Implementation Information 98 Configuring the CFM 98 Related Configuration Tasks 98 Enabling Ethernet CFM 99 Creating a Maintenance Domain 99 Creating a Maintenance Association 100 Create Maintenance Points 100 Creating a Maintenance End Point 100 Creating a Maintenance Intermediate Point ...

Page 6: ...elines for Configuring ACL VLAN Groups 125 Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters 126 Configuring ACL VLAN Groups 126 Configuring FP Blocks for VLAN Parameters 127 Viewing CAM Usage 128 Allocating FP Blocks for VLAN Processes 129 8 Access Control Lists ACLs 130 IP Access Control Lists ACLs 131 CAM Usage 132 Implementing ACLs on Dell Networking OS 133 IP Fragment ...

Page 7: ...Guidelines for Configuring ACL Logging 161 Configuring ACL Logging 161 Flow Based Monitoring Support for ACLs 162 Behavior of Flow Based Monitoring 163 Enabling Flow Based Monitoring 164 9 Bidirectional Forwarding Detection BFD 166 How BFD Works 166 BFD Packet Format 167 BFD Sessions 169 BFD Three Way Handshake 169 Session State Changes 170 Important Points to Remember 171 Configure BFD 171 Config...

Page 8: ...o Remember 214 Configuration Information 215 BGP Configuration 215 Enabling BGP 216 Configuring AS4 Number Representations 220 Configuring Peer Groups 222 Configuring BGP Fast Fall Over 224 Configuring Passive Peering 226 Maintaining Existing AS Numbers During an AS Migration 227 Allowing an AS Number to Appear in its Own AS Path 228 Enabling Graceful Restart 229 Enabling Neighbor Graceful Restart...

Page 9: ...ion Optimization 253 Debugging BGP 253 Storing Last and Bad PDUs 254 Capturing PDUs 255 PDU Counters 256 Sample Configurations 257 11 Content Addressable Memory CAM 263 CAM Allocation 263 Test CAM Usage 265 View CAM Profiles 266 View CAM ACL Settings 266 View CAM Usage 268 CAM Optimization 269 Troubleshoot CAM Profiling 269 CAM Profile Mismatches 269 QoS CAM Region Limitation 269 12 Control Plane ...

Page 10: ...7 Behavior of Tagged Packets 298 Configuration Example for DSCP and PFC Priorities 298 Using PFC to Manage Converged Ethernet Traffic 299 Configure Enhanced Transmission Selection 299 ETS Prerequisites and Restrictions 300 Creating an ETS Priority Group 300 ETS Operation with DCBx 301 Configuring Bandwidth Allocation for DCBx CIN 302 Configuring ETS in a DCB Map 303 Hierarchical Scheduling in ETS ...

Page 11: ...em to be a Relay Agent 340 Configure the System to be a DHCP Client 342 DHCP Client Operation with Other Features 342 DHCP Client on a Management Interface 343 Configure the System for User Port Stacking Option 230 344 Configure Secure DHCP 344 Option 82 344 DHCP Snooping 345 Drop DHCP Packets on Snooped VLANs Only 349 Dynamic ARP Inspection 349 Configuring Dynamic ARP Inspection 350 Source Addres...

Page 12: ...idge to FCF Link 367 Impact on Other Software Features 367 FIP Snooping Restrictions 368 Configuring FIP Snooping 368 Displaying FIP Snooping Information 369 FCoE Transit Configuration Example 375 17 FIPS Cryptography 377 Configuration Tasks 377 Preparing the System 377 Enabling FIPS Mode 378 Generating Host Keys 378 Monitoring FIPS Mode Status 379 Disabling FIPS Mode 379 18 Force10 Resilient Ring...

Page 13: ...edundancy 397 Automatic and Manual Stack Unit Failover 399 Support for RPM Redundancy by Dell Networking OS Version 400 Synchronization between Management and Standby Units 400 Configuring RPM Redundancy 400 Online Insertion and Removal 402 RPM Online Insertion and Removal 402 Linecard Online Insertion and Removal 403 Hitless Behavior 404 Graceful Restart 404 Software Resiliency 405 Software Compo...

Page 14: ...Handling of Management Route Configuration 422 Handling of Switch Initiated Traffic 423 Handling of Switch Destined Traffic 424 Handling of Transit Traffic Traffic Separation 424 Mapping of Management Applications and Traffic Type 425 Behavior of Various Applications for Switch Initiated Traffic 426 Behavior of Various Applications for Switch Destined Traffic 427 Interworking of EIS With Various A...

Page 15: ...Channel 446 Configuring the Minimum Oper Up Links in a Port Channel 447 447 Assigning an IP Address to a Port Channel 448 Deleting or Disabling a Port Channel 448 Load Balancing Through Port Channels 448 Load Balancing Method 449 Changing the Hash Algorithm 449 Bulk Configuration 451 Interface Range 451 Bulk Configuration Examples 451 Defining Interface Range Macros 453 Define the Interface Range ...

Page 16: ...80 Assigning IP Addresses to an Interface 480 Configuring Static Routes 481 Configure Static Routes for the Management Interface 483 IPv4 Path MTU Discovery Overview 483 Using the Configured Source IP Address in ICMP Messages 484 Configuring the ICMP Source Interface 484 Configuring the Duration to Establish a TCP Connection 485 Enabling Directed Broadcast 485 Resolution of Host Names 486 Enabling...

Page 17: ... 500 IPv6 Header Fields 501 Extension Header Fields 503 Addressing 504 Implementing IPv6 with Dell Networking OS 505 ICMPv6 507 Path MTU Discovery 508 IPv6 Neighbor Discovery 508 IPv6 Neighbor Discovery of MTU Packets 509 Configuration Task List for IPv6 RDNSS 509 Configuring the IPv6 Recursive DNS Server 510 Debugging IPv6 RDNSS Information Sent to the Host 510 Displaying IPv6 RDNSS Information 5...

Page 18: ...lues 528 iSCSI Optimization Prerequisites 529 Configuring iSCSI Optimization 529 Displaying iSCSI Optimization Information 531 27 Intermediate System to Intermediate System 533 IS IS Protocol Overview 533 IS IS Addressing 533 Multi Topology IS IS 534 Transition Mode 535 Interface Support 535 Adjacencies 535 Graceful Restart 535 Timers 536 Implementation Information 536 Configuration Information 53...

Page 19: ...29 Layer 2 575 Manage the MAC Address Table 575 Clearing the MAC Address Table 575 Setting the Aging Time for Dynamic Entries 575 Configuring a Static MAC Address 576 Displaying the MAC Address Table 576 MAC Learning Limit 576 Setting the MAC Learning Limit 577 mac learning limit Dynamic 577 mac learning limit mac address sticky 578 mac learning limit station move 578 mac learning limit no station...

Page 20: ...cent LLDP Agents 603 Configuring LLDPDU Intervals 604 Configuring Transmit and Receive Mode 604 Configuring a Time to Live 605 Debugging LLDP 606 Relevant Management Objects 607 31 Microsoft Network Load Balancing 614 NLB Unicast Mode Scenario 614 NLB Multicast Mode Scenario 615 Limitations of the NLB Feature 615 Microsoft Clustering 615 Enable and Disable VLAN Flooding 616 Configuring a Switch fo...

Page 21: ...e Configurations 642 33 Multiple Spanning Tree Protocol MSTP 646 Protocol Overview 646 Spanning Tree Variations 647 Implementation Information 647 Configure Multiple Spanning Tree Protocol 647 Related Configuration Tasks 647 Enable Multiple Spanning Tree Globally 648 Adding and Removing Interfaces 648 Creating Multiple Spanning Tree Instances 649 Influencing MSTP Root Selection 650 Interoperate wi...

Page 22: ...4 Area Types 685 Networks and Neighbors 686 Router Types 686 Designated and Backup Designated Routers 688 Link State Advertisements LSAs 688 Router Priority and Cost 690 OSPF with Dell Networking OS 691 Graceful Restart 691 Fast Convergence OSPFv2 IPv4 Only 692 Multi Process OSPFv2 with VRF 693 RFC 2328 Compliant OSPF Flooding 693 OSPF ACK Packing 694 Setting OSPF Adjacency with Cisco Routers 694 ...

Page 23: ...ate a Redirect List 731 Create a Rule for a Redirect list 731 Apply a Redirect list to an Interface using a Redirect group 733 Show Redirect List Configuration 734 Sample Configuration 735 Create the Redirect List GOLDAssign Redirect List GOLD to Interface 2 11View Redirect List GOLD 736 38 PIM Sparse Mode PIM SM 740 Implementation Information 740 Protocol Overview 740 Requesting Multicast Traffic...

Page 24: ...ing 764 Changes to Default BehaviorConfiguration steps for ERPM 764 ERPM Behavior on a typical Dell Networking OS 766 Decapsulation of ERPM packets at the Destination IP Analyzer 766 41 Private VLANs PVLAN 768 Private VLAN Concepts 768 Using the Private VLAN Commands 769 Configuration Task List 770 Creating PVLAN ports 770 Creating a Primary VLAN 771 Creating a Community VLAN 772 Creating an Isola...

Page 25: ...09 Applying a WRED Profile to Traffic 809 Displaying Default and Configured WRED Profiles 809 Displaying WRED Drop Statistics 810 Displaying egress queue Statistics 810 Pre Calculating Available QoS CAM Space 811 Configuring Weights and ECN for WRED 812 Global Service Pools With WRED and ECN Settings 813 Configuring WRED and ECN Attributes 814 Guidelines for Configuring ECN for Classifying and Col...

Page 26: ...yer 2 Mode 845 Enabling Rapid Spanning Tree Protocol Globally 846 Adding and Removing Interfaces 848 Modifying Global Parameters 849 Enabling SNMP Traps for Root Elections and Topology Changes 850 Modifying Interface Parameters 850 Enabling SNMP Traps for Root Elections and Topology Changes 851 Influencing RSTP Root Selection 851 Configuring an EdgePort 851 Configuring Fast Hellos for Link State D...

Page 27: ...figuration 882 VTY Line Local Authentication and Authorization 882 VTY Line Remote Authentication and Authorization 883 VTY MAC SA Filter Support 884 Role Based Access Control 884 Overview of RBAC 885 User Roles 888 AAA Authentication and Authorization for Roles 891 Role Accounting 894 Display Information About User Roles 896 49 Service Provider Bridging 898 VLAN Stacking 898 Important Points to R...

Page 28: ... sFlow Global 920 Displaying Show sFlow on an Interface 920 Displaying Show sFlow on a Stack unit 921 Configuring Specify Collectors 921 Changing the Polling Intervals 922 Back Off Mechanism 922 sFlow on LAG ports 922 Enabling Extended sFlow 922 Important Points to Remember 923 51 Simple Network Management Protocol SNMP 925 Protocol Overview 925 Implementation Information 925 SNMPv3 Compliance Wit...

Page 29: ... the System 943 Viewing the Software Core Files Generated by the System 944 Manage VLANs using SNMP 944 Creating a VLAN 945 Assigning a VLAN Alias 945 Displaying the Ports in a VLAN 945 Add Tagged and Untagged Ports to a VLAN 947 Managing Overload on Startup 948 Enabling and Disabling a Port using SNMP 948 Fetch Dynamic MAC Entries using SNMP 949 Deriving Interface Indices 950 Monitor Port Channel...

Page 30: ...te on an S Series Stack 977 Recover from a Card Mismatch State on an S Series Stack 977 53 Storm Control 980 Configure Storm Control 980 Configuring Storm Control from INTERFACE Mode 980 Configuring Storm Control from CONFIGURATION Mode 980 54 Spanning Tree Protocol STP 982 Protocol Overview 982 Configure Spanning Tree 982 Related Configuration Tasks 982 Important Points to Remember 983 Configurin...

Page 31: ...etting Daylight Saving Time Once 1008 Setting Recurring Daylight Saving Time 1009 56 Tunneling 1011 Configuring a Tunnel 1011 Configuring Tunnel Keepalive Settings 1012 Configuring a Tunnel Interface 1013 Configuring Tunnel Allow Remote Decapsulation 1013 Configuring Tunnel source anylocal Decapsulation 1014 57 Uplink Failure Detection UFD 1015 Feature Description 1015 How Uplink Failure Detection...

Page 32: ...43 VLT Bandwidth Monitoring 1044 VLT and Stacking 1044 VLT and IGMP Snooping 1044 VLT IPv6 1044 VLT Port Delayed Restoration 1045 PIM Sparse Mode Support on VLT 1045 VLT Routing 1047 Non VLT ARP Sync 1049 RSTP Configuration 1050 Preventing Forwarding Loops in a VLT Domain 1050 Sample RSTP Configuration 1050 Configuring VLT 1051 PVST Configuration 1062 Sample PVST Configuration 1063 eVLT Configurat...

Page 33: ...nts for Multicast Resiliency 1083 Configuring VLAN Stack over VLT 1084 61 VLT Proxy Gateway 1088 Proxy Gateway in VLT Domains 1088 Guidelines for Enabling the VLT Proxy Gateway 1089 Enabling the VLT Proxy Gateway 1090 LLDP Organizational TLV for Proxy Gateway 1090 Sample Configuration for a VLT Proxy Gateway 1092 Configuring an LLDP VLT Proxy Gateway 1093 62 Virtual Routing and Forwarding VRF 1094...

Page 34: ...ing Offline Diagnostics 1144 Trace Logs 1148 Auto Save on Crash or Rollover 1148 Last Restart Reason 1148 Hardware Watchdog Timer 1149 Using the Show Hardware Commands 1149 Enabling Environmental Monitoring 1150 Recognize an Overtemperature Condition 1151 Troubleshoot an Over temperature Condition 1151 Recognize an Under Voltage Condition 1152 Troubleshoot an Under Voltage Condition 1152 Troublesh...

Page 35: ...Pv6 Protocols 1168 Border Gateway Protocol BGP 1168 Open Shortest Path First OSPF 1169 Intermediate System to Intermediate System IS IS 1170 Routing Information Protocol RIP 1170 Multicast 1171 Network Management 1171 MIB Location 1178 35 ...

Page 36: ...tructions in this guide cite relevant RFCs The Standards Compliance chapter contains a complete list of the supported RFCs and management information base files MIBs Audience This document is intended for system administrators who are responsible for configuring and maintaining networks and assumes knowledge in Layer 2 and Layer 3 networking technologies Conventions This guide uses the following c...

Page 37: ...r more information about the Dell Networking switches refer to the following documents Dell Networking OS Command Reference Installing the System Dell Quick Start Guide Dell Networking OS Release Notes About this Guide 37 ...

Page 38: ...e and continued system development features may occasionally differ between the platforms Differences are noted in each CLI description and related documentation Accessing the Command Line Access the CLI through a serial console port or a Telnet session When the system successfully boots enter the command line in EXEC mode NOTE You must have a password configured on a virtual terminal line before ...

Page 39: ...aces protocols and features The following example shows the submode command structure Two sub CONFIGURATION modes are important when configuring the chassis for the first time INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface An interface can be physical Management interface 1 Gigabit Ethernet or 10 Gigabit Ethernet or synch...

Page 40: ...es to indicate the CLI mode The following table lists the CLI mode its prompt and information about how to access and exit the CLI mode Move linearly through the command modes except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level NOTE Sub CONFIGURATION modes all have the letters conf in the prompt with more modifie...

Page 41: ...Management Ethernet Interface Dell conf if ma 0 0 interface INTERFACE modes Null Interface Dell conf if nu 0 interface INTERFACE modes Port channel Interface Dell conf if po 1 interface INTERFACE modes Tunnel Interface Dell conf if tu 1 interface INTERFACE modes VLAN Interface Dell conf if vl 1 interface INTERFACE modes STANDARD ACCESS LIST Dell config std nacl ip access list standard IP ACCESS LI...

Page 42: ... Mode ROUTER ISIS Dell conf router_isis router isis ISIS ADDRESS FAMILY Dell conf router_isis af_ipv6 address family ipv6 unicast ROUTER ISIS Mode ROUTER OSPF Dell conf router_ospf router ospf ROUTER OSPFV3 Dell conf ipv6router_ospf ipv6 router ospf ROUTER RIP Dell conf router_rip router rip SPANNING TREE Dell config span protocol spanning tree 0 TRACE LIST Dell conf trace acl ip trace list CLASS ...

Page 43: ...over group PRIORITY GROUP Dell conf pg priority group PROTOCOL GVRP Dell config gvrp protocol gvrp QOS POLICY Dell conf qos policy out ets qos policy output VLT DOMAIN Dell conf vlt domain vlt domain VRRP Dell conf if interface type slot port vrid vrrp group id vrrp group u Boot Dell Press any key when the following line appears on the console during a system boot Hit any key to stop autoboot UPLI...

Page 44: ...l reload Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Management online S4810 S4810 9 4 0 0 64 1 Member not present 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not present 9 Member not present 10 Member not present 11 Member not present Power Supplies Unit Bay Status Type FanStatus 0 0 absen...

Page 45: ...t To enable Layer 2 protocols use the no disable command For example in PROTOCOL SPANNING TREE mode enter no disable to enable Spanning Tree Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the or help command To list the keywords available in the current mode enter at the prompt or after a keyword Enter after a prompt lists all of...

Page 46: ... move quickly across the command line The following table describes these short cut key combinations Short Cut Key Combination Action CNTL A Moves the cursor to the beginning of the command line CNTL B Moves the cursor back one character CNTL D Deletes character at cursor CNTL E Moves the cursor to the end of the line CNTL F Moves the cursor forward one character CNTL I Completes a keyword CNTL K ...

Page 47: ...nds show run grep Ethernet returns a search result with instances containing a capitalized Ethernet such as interface TenGigabitEthernet 1 1 show run grep ethernet does not return that search result because it only searches for instances containing a non capitalized ethernet show run grep Ethernet ignore case returns instances containing both Ethernet and ethernet The grep command displays only th...

Page 48: ...s Unit Bay Status Type FanStatus FanSpeed rpm 1 1 down AC up 8128 1 2 absent absent 0 Fan Status Unit Bay TrayStatus Fan0 Speed 1 1 up up 9900 1 2 up up 9900 1 3 up up 9900 Speed in RPM The display command displays additional configuration information The no more command displays the output all at once rather than one screen at a time This is similar to the terminal length command except that the ...

Page 49: ...ple On the system that telnets into the switch this message appears Warning The following users are currently configuring the system User username on line console0 On the system that is connected over the console this message appears Warning User username on line vty0 10 11 130 2 is in configuration mode If either of these messages appears Dell Networking recommends coordinating with the users lis...

Page 50: ...tion When the boot process completes the RPM and line card status LEDs remain online green and the console monitor displays the EXEC mode prompt For details about using the command line interface CLI refer to the Accessing the Command Line section in the Configuration Fundamentals chapter Console Access The device has two management ports available for system access a serial console port and an ou...

Page 51: ...a PC The pin assignments between the console and a DTE terminal server are as follows Table 2 Pin Assignments Between the Console and a DTE Terminal Server Console Port RJ 45 to RJ 45 Rollover Cable RJ 45 to RJ 45 Rollover Cable RJ 45 to DB 9 Adapter Terminal Server Device Signal RJ 45 Pinout RJ 45 Pinout DB 9 Pin Signal RTS 1 8 8 CTS NC 2 7 6 DSR TxD 3 6 2 RxD GND 4 5 5 GND GND 5 4 5 GND RxD 6 3 ...

Page 52: ... sessions in SSH Therefore you might expect a failure in executing SSH related scripts To avoid denial of service DoS attacks a rate limit of 10 concurrent sessions per minute in SSH is devised Therefore you might experience a failure in executing SSH related scripts when multiple short SSH commands are executed If you issue an interactive command in the SSH session the behavior may not really be ...

Page 53: ...n configure the system to access it remotely by Telnet or SSH The platform has a dedicated management port and a management routing table that is separate from the IP routing table You can manage all Dell Networking products in band via the front end data ports through interfaces assigned an IP address as well Accessing the System Remotely Configuring the system for remote access is a three step p...

Page 54: ...ATION mode management route ip address mask gateway ip address the network address in dotted decimal format A B C D mask a subnet mask in prefix length format xx gateway the next hop for network traffic originating from the management port Configuring a Username and Password To access the system remotely configure a system username and password To configure a system username and password use the f...

Page 55: ...inputting a password that is already encrypted using a DES hash Obtain the encrypted password from the configuration file of another Dell Networking system 5 is for inputting a password that is already encrypted using an MD5 hash Obtain the encrypted password from the configuration file of another Dell Networking system Configuration File Management Files can be stored on and accessed from various...

Page 56: ...8 2 1 0 27952672 bytes successfully copied Example of Importing a File to the Local System core1 copy ftp myusername mypassword 10 10 10 10 Dell Dell EF 8 2 1 0 bin flash Destination file name Dell EF 8 2 1 0 bin bin 26292881 bytes successfully copied Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system You can perform file operations on an NFS ...

Page 57: ...path filename Important Points to Remember You cannot copy a file from one remote system to another You cannot copy a file from one location to the same location When copying to a server you can only use a hostname if a domain name server DNS server is configured Example of Copying a File to current File System Dell copy tftp 10 16 127 35 mashutosh dv maa s4810 test nfsmount Destination file name ...

Page 58: ...ow the same format as those commands in the Copy Files to and from the System section but use the filenames startup configuration and running configuration These commands assume that current directory is the internal flash which is the system default Save the running configuration to the startup configuration on the internal flash of the primary RPM EXEC Privilege mode copy running config startup ...

Page 59: ...le of the dir Command The output of the dir command also shows the read write privileges size in bytes and date of modification for each file Dell dir Directory of flash 1 drw 32768 Jan 01 1980 00 00 00 2 drwx 512 Jul 23 2007 00 38 44 3 drw 8192 Mar 30 1919 10 31 04 TRACE_LOG_DIR 4 drw 8192 Mar 30 1919 10 31 04 CRASH_LOG_DIR 5 drw 8192 Mar 30 1919 10 31 04 NVTRACE_LOG_DIR 6 drw 8192 Mar 30 1919 10...

Page 60: ...0 16 127 35 dt maa s4810 2 boot system gateway 10 16 130 254 Page 57 Under Managing the File System the word external Flash must be removed Page 57 The output of show file systems must be modified as follows Dell show file systems Size b Free b Feature Type Flags Prefixes 2056916992 2056540160 FAT32 USERFLASH rw flash network rw ftp network rw tftp network rw scp Dell Managing the File System The ...

Page 61: ...es whether this enabling or disabling method is available for such features In 9 4 0 0 you can enable or disable the VRF application globally across the system by using this capability You can activate VRF application on a device by using the feature vrf command in CONFIGURATION mode NOTE The no feature vrf command is not supported on any of the platforms To enable the VRF feature and cause all VR...

Page 62: ... OS refer to the Release Notes for the version you want to load on the system Using HTTP for File Transfers Stating with Release 9 3 0 1 you can use HTTP to copy files or configuration details to a remote server Use the copy source file url http host port file path command to transfer files to an external server Enter the following source file url keywords and information To copy a file from the i...

Page 63: ...he software image on the flash drive after the image has been transferred to the system but before the image has been installed The validation calculates a hash value of the downloaded image file on system s flash drive and optionally compares it to a Dell Networking published hash for that file The MD5 or SHA256 hash provides a method of validating that you have downloaded the original software C...

Page 64: ...alue Optional Specify the relevant hash published on i Support img file Enter the name of the Dell Networking software image file to validate Examples Without Entering the Hash Value for Verification MD5 Dell verify md5 flash FTOS SE 9 5 0 0 bin MD5 hash for FTOS SE 9 5 0 0 bin 275ceb73a4f3118e1d6bcf7d75753459 SHA256 Dell verify sha256 flash FTOS SE 9 5 0 0 bin SHA256 hash for FTOS SE 9 5 0 0 bin ...

Page 65: ... available For information about how access and authorization is controlled based on a user s role see Role Based Access Control Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set You can then customize privilege levels 2 14 by restricting access to an EXEC mode command moving commands from EXEC Privilege to EXEC mode restricting access A user ca...

Page 66: ...P and ROUTER modes you must first allow access to the command that enters you into the mode For example to allow a user to enter INTERFACE mode use the privilege configure level level interface gigabitethernet command Next individually identify the INTERFACE LINE ROUTE MAP or ROUTER commands to which you want to allow access using the privilege interface line route map router level level command I...

Page 67: ...l 3 line privilege configure level 3 interface Dell conf do telnet 10 11 80 201 telnet output omitted Dell show priv Current privilege level is 3 Dell capture Capture packet configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC ip Global IP subcommands monitor Monitoring feature mtrace Trace reverse multicast path from d...

Page 68: ...ernet interface vlan VLAN keyword Dell conf interface group vlan 1 2 tengigabitethernet 1 1 Dell conf if group vl 1 2 te 1 1 no shutdown Dell conf if group vl 1 2 te 1 1 end Applying a Privilege Level to a Username To set the user privilege level use the following command Configure a privilege level for a user CONFIGURATION mode username username privilege level Applying a Privilege Level to a Ter...

Page 69: ...sk list for audit and security logs Enabling Audit and Security Logs Displaying Audit and Security Logs Clearing Audit Logs Enabling Audit and Security Logs You enable audit and security logs to monitor configuration changes or determine if these changes affect the operation of the system in the network You log audit and security events to a system log server using the logging extended command in ...

Page 70: ... audit security and system events Only the system administrator and security administrator user roles can view security logs The network administrator and network operator user roles can view system events NOTE If extended logging is disabled you can only view system events regardless of RBAC user role Example of Enabling Audit and Security Logs Dell conf logging extended Displaying Audit and Secu...

Page 71: ...gging version 0 1 Select syslog version default 0 Dell conf logging version 1 Display the Logging Buffer and the Logging Configuration To display the current contents of the logging buffer and the logging settings for the system use the show logging command in EXEC privilege mode When RBAC is enabled the security logs are filtered based on the user roles Only the security administrator and system ...

Page 72: ...from line card 5 type EX1YB 1 ports TSM 6 PORT_CONFIG Port link status for LC 5 portpipe 0 OK portpipe 1 N A CHMGR 5 LINECARDUP Line card 5 is up CHMGR 5 CHECKIN Checkin from line card 12 type S12YC12 12 ports TSM 6 PORT_CONFIG Port link status for LC 12 portpipe 0 OK portpipe 1 N A CHMGR 5 LINECARDUP Line card 12 is up IFMGR 5 CSTATE_UP changed interface Physical state to up So 12 8 IFMGR 5 CSTAT...

Page 73: ...quisites To configure a secure connection from the switch to the syslog server 1 On the switch enable the SSH server Dell conf ip ssh server enable 2 On the syslog server create a reverse SSH tunnel from the syslog server to FTOS switch using following syntax ssh R remote port syslog server syslog server listen port user remote_host nNf Management 73 ...

Page 74: ...g in the internal buffer For example BOOTUP RPM0 CP PORTPIPE INIT SUCCESS Portpipe 0 enabled Configuration Task List for System Log Management There are two configuration tasks for system log management Disable System Logging Send System Messages to a Syslog Server Disabling System Logging By default logging is enabled and log messages are sent to the logging buffer all terminal lines the console ...

Page 75: ...previous lines local7 is the logging facility level and debugging is the severity level Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events When you log in using the console or VTY line the system displays the last successful login details of the current user and the number of unsuccessful login attempts sin...

Page 76: ... the system to store the login activity details for 12 days Dell config login statistics enable Dell config login statistics time period 12 Display Login Statistics To view the login statistics use the show login statistics command Example of the show login statistics Command The show login statistics command displays the successful and failed login details of the current user in the last 30 days ...

Page 77: ...nables you to limit the number of concurrent login sessions of users on VTY auxiliary and console lines You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions By default you can use all 10 VTY lines one console line and one auxiliary line You can limit the number of available sessions using the login concurrent session limit command and ...

Page 78: ...n you try to log in the following message appears with all your existing concurrent sessions providing an option to close any one of the existing sessions telnet 10 11 178 14 Trying 10 11 178 14 Connected to 10 11 178 14 Escape character is Login admin Password Current sessions for user admin Line Location 2 vty 0 10 14 1 97 3 vty 1 10 14 1 97 Clear existing session line number Enter to cancel Whe...

Page 79: ...monitor level Specify the minimum severity level for logging to a syslog server CONFIGURATION mode logging trap level Specify the minimum severity level for logging to the syslog history table CONFIGURATION mode logging history level Specify the size of the logging buffer CONFIGURATION mode logging buffered size NOTE When you decrease the buffer size Dell Networking OS deletes all messages stored ...

Page 80: ...nt CHMGR 5 CARDDETECTED Line card 12 present TSM 6 SFM_DISCOVERY Found SFM 0 TSM 6 SFM_DISCOVERY Found SFM 1 TSM 6 SFM_DISCOVERY Found SFM 2 TSM 6 SFM_DISCOVERY Found SFM 3 TSM 6 SFM_DISCOVERY Found SFM 4 TSM 6 SFM_DISCOVERY Found SFM 5 TSM 6 SFM_DISCOVERY Found SFM 6 TSM 6 SFM_DISCOVERY Found SFM 7 TSM 6 SFM_SWITCHFAB_STATE Switch Fabric UP TSM 6 SFM_DISCOVERY Found SFM 8 TSM 6 SFM_DISCOVERY Foun...

Page 81: ...s for USENET news messages sys9 system use sys10 system use sys11 system use sys12 system use sys13 system use sys14 system use syslog for syslog messages user for user programs uucp UNIX to UNIX copy protocol Example of the show running config logging Command To view nondefault settings use the show running config logging command in EXEC mode Dell show running config logging logging buffered 5242...

Page 82: ...el severity level all limit Configure the following optional parameters level severity level the range is from 0 to 7 The default is 2 Use the all keyword to include all messages limit the range is from 20 to 300 The default is 20 To view the logging synchronous configuration use the show config command in LINE mode Enabling Timestamp on Syslog Messages By default syslog messages do not include a ...

Page 83: ...you configure this setting the VRF table is used to look up the destination address However these changes are backward compatible and do not affect existing behavior meaning you can still use the source interface command to communicate with a particular interface even if no VRF is configured on that interface For more information about FTP refer to RFC 959 File Transfer Protocol NOTE To transmit l...

Page 84: ...until you have configured ftp server topdir To view the FTP configuration use the show running config ftp command in EXEC privilege mode Configuring FTP Client Parameters To configure FTP client parameters use the following commands Enter the following keywords and slot port or number information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port informatio...

Page 85: ... are applied to the terminal This method is a generic way of configuring access restrictions To be able to filter access exclusively using either IPv4 or IPv6 rules use either the ipv4 or ipv6 attribute along with the access class access list name command Depending on the attribute that you specify ipv4 or ipv6 the ACL processes either IPv4 or IPv6 rules but not both Using this configuration you c...

Page 86: ...for a username and password Configuring Login Authentication for Terminal Lines You can use any combination of up to six authentication methods to authenticate a user on a terminal line A combination of authentication methods is called a method list If the user fails the first authentication method Dell Networking OS prompts the next method until all methods are exhausted at which point the connec...

Page 87: ...ntication myvtymethodlist Dell config line vty password myvtypassword Dell config line vty show config line vty 0 password myvtypassword login authentication myvtymethodlist line vty 1 password myvtypassword login authentication myvtymethodlist line vty 2 password myvtypassword login authentication myvtymethodlist Dell config line vty Setting Time Out of EXEC Privilege Mode EXEC time out is a basi...

Page 88: ...cess the system during downtime Telnet to the peer RPM You do not need to configure the management port on the peer RPM to be able to telnet to it EXEC Privilege mode telnet peer rpm Telnet to a device with an IPv4 or IPv6 address EXEC Privilege telnet ip address If you do not enter an IP address Dell Networking OS enters a Telnet dialog that prompts you for one Enter an IPv4 address in dotted dec...

Page 89: ...rom EXEC Privilege mode Alternatively you can clear any line using the clear command from EXEC Privilege mode If you clear a console session the user is returned to EXEC mode Example of Locking CONFIGURATION Mode for Single User Access Dell conf configuration mode exclusive auto BATMAN conf exit 3d23h35m RPM0 P CP SYS 5 CONFIG_I Configured from console by console Dell config Locks configuration mo...

Page 90: ...hem if they are copied and pasted 4 Set the system parameters to ignore the startup configuration file when the system reloads uBoot mode setenv stconfigignore true 5 To save the changes use the saveenv command uBoot mode saveenv 6 Reload the system uBoot mode reset 7 Copy startup config bak to the running config EXEC Privilege mode copy flash startup config bak running config 8 Remove all authent...

Page 91: ...the running config to the startup config EXEC Privilege mode copy running config startup config Recovering from a Failed Start A system that does not start correctly might be attempting to boot from a corrupted Dell Networking OS image or from a mis specified location In this case you can restart the system and interrupt the boot process to point the system to another boot location Use the setenv ...

Page 92: ...TION There is no undo for this command Important Points to Remember When you restore all the units in a stack these units are placed in standalone mode When you restore a single unit in a stack only that unit is placed in standalone mode No other units in the stack are affected When you restore the units in standalone mode the units remain in standalone mode after the restoration After the restore...

Page 93: ...boot loader checks if the primary partition contains a valid image If a valid image exists on the primary partition and the secondary partition does not contain a valid image then the primary boot line is set to A and the secondary and default boot lines are set to a Null string If the secondary partition also contains a valid image then the primary boot line value is set to the partition that is ...

Page 94: ...e uBoot mode setenv ipaddr ip_address For example 10 16 150 105 setenv netmask mask For example 255 255 0 0 5 Assign an IP address as the default gateway for the system uBoot mode setenv gatewayip gateway_ip_address For example 10 16 150 254 6 Save the modified environmental variables uBoot mode saveenv 7 Reload the system uBoot mode reset 94 Management ...

Page 95: ...uch as spanning tree protocol STP link aggregation group LAG virtual router redundancy protocol VRRP and electronic commerce messaging protocol ECMP configurations ping and traceroute are not designed to verify data connectivity in the network and within each node in the network such as in the switching fabric and hardware forwarding tables when networks are built from different operational domain...

Page 96: ...omains Maintenance Points Domains are comprised of logical entities called maintenance points A maintenance point is an interface demarcation that confines CFM frames to a domain There are two types of maintenance points Maintenance end points MEPs a logical entity that marks the end point of a domain Maintenance intermediate points MIPs a logical entity configured at a port of a switch that is an...

Page 97: ...forwarding path internal to a bridge on the customer or provider edge On Dell Networking systems the internal forwarding path is effectively the switch fabric and forwarding engine Down MEP monitors the forwarding path external another bridge Configure Up MEPs on ingress ports ports that send traffic towards the bridge relay Configure Down MEPs on egress ports ports that send traffic away from the...

Page 98: ...o configure the CFM follow these steps 1 Configure the ecfmacl CAM region using the cam acl command 2 Enable Ethernet CFM 3 Create a Maintenance Domain 4 Create a Maintenance Association 5 Create Maintenance Points 6 Use CFM tools a Continuity Check Messages b Loopback Message and Response c Linktrace Message and Response Related Configuration Tasks Enable CFM SNMP Traps Display Ethernet CFM Stati...

Page 99: ...rchical maintenance domains as shown in Maintenance Domains 1 Create maintenance domain ETHERNET CFM mode domain name md level number The range is from 0 to 7 2 Display maintenance domain information EXEC Privilege mode show ethernet cfm domain name brief Example of Viewing Configured Maintenance Domains Dell show ethernet cfm domain Domain Name customer Level 7 Total Service 1 Services MA Name VL...

Page 100: ...een two MEPs within a single domain These roles define the relationships between all devices so that each device can monitor the layers under its responsibility Creating a Maintenance End Point A maintenance endpoint MEP is a logical entity that marks the endpoint of a domain There are two types of MEPs defined in 802 1ag for an 802 1 bridge Up MEP monitors the forwarding path internal to a bridge...

Page 101: ...entire MD 1 Create a MIP INTERFACE mode ethernet cfm mip domain name level ma name name 2 Display configured MEPs and MIPs EXEC Privilege mode show ethernet cfm maintenance points local mep mip Example of Viewing Configured MIPs Dell show ethernet cfm maintenance points local mip MPID Domain Name Level Type Port CCM Status MA Name VLAN Dir MAC 0 service1 4 MIP Te 1 5 Disabled My_MA 3333 DOWN 00 01...

Page 102: ...y check database ECFM DOMAIN database hold time minutes The default is 100 minutes The range is from 100 to 65535 minutes Continuity Check Messages Continuity check messages CCM are periodic hellos Continuity check messages discover MEPs and MIPs within a maintenance domain detect loss of connectivity between MEPs detect misconfiguration such as VLAN ID mismatch between MEPs to detect unauthorized...

Page 103: ... with an incorrect CCM transmission interval which indicates a configuration error Reception of a CCM with an incorrect MEP ID or MAID which indicates a configuration or cross connect error This error could happen when different VLANs are cross connected due to a configuration error Reception of a CCM with an MD level lower than the receiving MEP which indicates a configuration or cross connect er...

Page 104: ... Layer 2 Ping is an administrative echo transmitted by MEPs to verify reachability to another MEP or MIP within the maintenance domain LBM and LBR are unicast frames Send a Loopback message EXEC Privilege mode ping ethernet domain name ma name ma name remote mep id mac addr mac address source mep id port interface Sending Linktrace Messages and Responses Linktrace message and response LTM LTR also...

Page 105: ... message Because the LTM is a Multicast message sent to the entire ME there is no need to specify a destination EXEC Privilege traceroute ethernet domain Caching Link Trace After you execute a Link Trace command the trace information can be cached so that you can view it later without retracing To enable set display and delete link trace caching use the following commands Enable Link Trace caching...

Page 106: ...D Status 4 00 00 00 01 e8 53 4a f8 00 01 e8 52 4a f8 IngOK RlyHit 00 00 00 01 e8 52 4a f8 Terminal MEP Enabling CFM SNMP Traps An SNMP trap is sent only when one of the five highest priority defects occur Table 7 Five Highest Priority Defects Priority Defects Trap Message Cross connect defect ECFM 5 ECFM_XCON_ALARM Cross connect fault detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000 Erro...

Page 107: ...p Information Dell show ethernet cfm maintenance points local mep MPID Domain Name Level Type Port CCM Status MA Name VLAN Dir MAC 100 cfm0 7 MEP Te 4 10 Enabled test0 10 DOWN 00 01 e8 59 23 45 Dell conf if te 1 6 do show ethernet cfm domain Domain Name My_Name MD Index 1 Level 0 Total Service 1 Services MA Index MA Name VLAN CC Int X CHK Status 1 test 0 1s enabled Domain Name Your_Name MD Index 2...

Page 108: ...cvd 0 LBRs Received 0 Rcvd Out Of Order 0 Received Bad MSDU 0 Transmitted 0 Example of viewing CFM statistics by port Dell show ethernet cfm port statistics interface TenGigabitEthernet 1 5 Port statistics for port Te 1 5 RX Statistics Total CFM Pkts 75394 CCM Pkts 75394 LBM Pkts 0 LTM Pkts 0 LBR Pkts 0 LTR Pkts 0 Bad CFM Pkts 0 CFM Pkts Discarded 0 CFM Pkts forwarded 102417 TX Statistics Total CF...

Page 109: ...diary network access device in this case a Dell Networking switch The network access device mediates all communication between the end user device and the authentication server so that the network remains secure The network access device uses EAP over Ethernet EAPOL to communicate with the end user device and EAP over RADIUS to communicate with the server NOTE The Dell Networking Operating System ...

Page 110: ...l Networking switch is the authenticator The authentication server selects the authentication method verifies the information the supplicant provides and grants it network access privileges Ports can be in one of two states Ports are in an unauthorized state by default In this state non 802 1X traffic cannot be forwarded in or out of the port The authenticator changes the port state to authorized ...

Page 111: ...ticator 5 The supplicant can negotiate the authentication method but if it is acceptable the supplicant provides the Requested Challenge information in an EAP response which is translated and forwarded to the authentication server as another Access Request frame 6 If the identity information provided by the supplicant is valid the authentication server sends an Access Accept frame in which network...

Page 112: ... station id relays the supplicant MAC address to the authentication server Attribute 41 NAS Port Type NAS port physical port type 15 indicates Ethernet Attribute 61 NAS Port the physical port number by which the authenticator is connected to the supplicant Attribute 81 Tunnel Private Group ID associate a tunneled session with a particular group of users Configuring 802 1X Configuring 802 1X on a p...

Page 113: ...AP OTP EAP TLS EAP TTLS PEAPv0 PEAPv1 and MS CHAPv2 with PEAP All platforms support only RADIUS as the authentication server If the primary RADIUS server becomes unresponsive the authenticator begins using a secondary RADIUS server if configured 802 1X is not supported on port channels or port channel members 802 1X 113 ...

Page 114: ...bled 1 Enable 802 1X globally CONFIGURATION mode dot1x authentication 2 Enter INTERFACE mode on an interface or a range of interfaces INTERFACE mode interface range 3 Enable 802 1X on the supplicant interface only INTERFACE mode dot1x authentication 114 802 1X ...

Page 115: ...formation on Te 2 1 Dot1x Status Enable Port Control AUTO Port Auth Status UNAUTHORIZED Re Authentication Disable Untagged VLAN id None Guest VLAN Disable Guest VLAN id NONE Auth Fail VLAN Disable Auth Fail VLAN id NONE Auth Fail Max Attempts NONE Mac Auth Bypass Disable Mac Auth Bypass Only Disable Tx Period 30 seconds Quiet Period 60 seconds ReAuth Max 2 Supplicant Timeout 30 seconds Server Time...

Page 116: ...an EAP Request Identity frame after 90 seconds and re transmits a maximum of 10 times Configuring a Quiet Period after a Failed Authentication If the supplicant fails the authentication process the authenticator sends another Request Identity frame after 30 seconds by default but you can configure this period NOTE The quiet period dot1x quiet period is a transmit interval for after a failed authen...

Page 117: ...t in this state is never subjected to the authentication process but is allowed to communicate on the network Placing the port in this state is same as disabling 802 1X on the port ForceUnauthorized an unauthorized state A device connected to a port in this state is never subjected to the authentication process and is not allowed to communicate on the network Placing the port in this state is the ...

Page 118: ...riodic re authentication After the supplicant has been authenticated and the port has been authorized you can configure the authenticator to re authenticate the supplicant periodically If you enable re authentication the supplicant is required to re authenticate every 3600 seconds but you can configure this interval You can configure a maximum number of re authentications as well To configure re a...

Page 119: ...State Initialize Configuring Timeouts If the supplicant or the authentication server is unresponsive the authenticator terminates the authentication process after 30 seconds by default You can configure the amount of time the authenticator waits for a response To terminate the authentication process use the following commands Terminate the authentication process due to an unresponsive supplicant I...

Page 120: ...the user should do after finishing this task optional Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802 1X The basis for VLAN assignment is RADIUS attribute 81 Tunnel Private Group ID Dynamic VLAN assignment uses the standard dot1x procedure 1 The host sends a dot1x packet to the Dell Networking system 2 The system forwa...

Page 121: ...5 Verify that the port has been authorized and placed in the desired VLAN refer to the illustration in Dynamic VLAN Assignment with Port Authentication Guest and Authentication Fail VLANs Typically the authenticator the Dell system denies the supplicant access to the network until the supplicant is authenticated If the supplicant is authenticated the authenticator enables the port and places it in...

Page 122: ...is placed in the Guest VLAN NOTE For more information about configuring timeouts refer to Configuring Timeouts Configure a port to be placed in the Guest VLAN after failing to respond within the timeout period using the dot1x guest vlan command from INTERFACE mode View your configuration using the show config command from INTERFACE mode or using the show dot1x interface command from EXEC Privilege...

Page 123: ...ured Authentication View your configuration using the show config command from INTERFACE mode as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode 802 1x information on Te 2 1 Dot1x Status Enable Port Control FORCE_AUTHORIZED Port Auth Status UNAUTHORIZED Re Authentication Disable Untagged VLAN id None Guest VLAN Disabled Guest VLAN...

Page 124: ... ACL separately on the VLAN interface each ACL has a mapping with the VLAN and you use more CAM space To maximize CAM space create an ACL VLAN group and attach the ACL with the VLAN members The ACL manager application on the router processor RP1 contains all the state information about all the ACL VLAN groups that are present The ACL handler on the control processor CP and the ACL agent on the lin...

Page 125: ...ACL VLAN group to the same interface validation performs to determine whether the ACL is applied directly to an interface If you previously applied an ACL separately to the interface an error occurs when you attempt to attach an ACL VLAN group to the same interface The maximum number of members in an ACL VLAN group is determined by the type of switch and its hardware capabilities This scaling limi...

Page 126: ... that you can attach to VLAN interfaces It also describes how to configure FP blocks for different VLAN operations Configuring ACL VLAN Groups You can create an ACL VLAN group and attach the ACL with the VLAN members The optimization is applicable only when you create an ACL VLAN group 1 Create an ACL VLAN group CONFIGURATION mode acl vlan group group name You can have up to eight different ACL VL...

Page 127: ...N groups or CAM optimization is not enabled by default You also must allocate the slices for CAM optimization 1 Allocate the number of FP blocks for VLAN operations CONFIGURATION mode cam acl vlan vlanopenflow 0 2 2 Allocate the number of FP blocks for VLAN iSCSI counters CONFIGURATION mode cam acl vlan vlaniscsi 0 2 3 Allocate the number of FP blocks for ACL VLAN optimization CONFIGURATION mode c...

Page 128: ...15 0 9215 IN L3 Qos 8192 0 8192 IN L3 PBR 1024 0 1024 IN V6 ACL 0 0 0 IN V6 FIB 0 0 0 IN V6 SysFlow 0 0 0 IN V6 McastFib 0 0 0 OUT L2 ACL 1024 0 1024 OUT L3 ACL 1024 0 1024 OUT V6 ACL 0 0 0 1 1 IN L2 ACL 320 0 320 IN L2 FIB 32768 1136 31632 IN L3 ACL 12288 2 12286 IN L3 FIB 262141 14 262127 IN L3 SysFlow 2878 44 2834 More The following output displays CAM space usage when you configure Layer 2 and...

Page 129: ... groups Of the two dynamic groups you can allocate zero one or two FP blocks to iSCSI Counters Open Flow and ACL Optimization You can configure only two of these features at a time To allocate the number of FP blocks for VLAN open flow operations use the cam acl vlan vlanopenflow 0 2 command To allocate the number of FP blocks for VLAN iSCSI counters use the cam acl vlan vlaniscsi 0 2 command To a...

Page 130: ...e information refer to User Configurable CAM Allocation and CAM Optimization For complete CAM profiling information refer to Content Addressable Memory CAM You can configure ACLs on VRF instances In addition to the existing qualifying parameters Layer 3 ACLs also incorporate VRF ID as one of the parameters Using this new capability you can also configure VRF based ACLs on interfaces NOTE You can a...

Page 131: ...tion IP address Source TCP port number Destination TCP port number Source UDP port number Destination UDP port number For more information about ACL options refer to the Dell Networking OS Command Reference Guide For extended ACL TCP and UDP filters you can match criteria on specific or ranges of TCP or UDP ports For extended ACL TCP filters you can also match criteria on established TCP sessions ...

Page 132: ... command if a policy map containing classification rules ACL and or dscp ip precedence rules is applied to more than one physical interface on the same port pipe only a single copy of the policy is written only one FP entry is used When you disable this command the system behaves as described in this chapter Test CAM Usage This command applies to both IPv4 and IPv6 CAM profiles but is best used wh...

Page 133: ...entries are installed for each port belonging to a port pipe When you use the log keyword the CP has to log the details about the packets that match Depending on how many packets match the log entry and at what rate the CP might become busy as it has to log these packets details However the other processors RP1 and RP2 are unaffected This option is typically useful when debugging some problem rela...

Page 134: ...rking OS supports a configurable option to explicitly deny IP fragmented packets particularly second and subsequent packets It extends the existing ACL command syntax with the fragments keyword for all Layer 3 rules applicable to all Layer protocols permit deny ip tcp udp icmp Both standard and extended ACLs support IP fragments Second and subsequent fragments are allowed because a Layer 4 rule ca...

Page 135: ...O 0 the packet is permitted If a packet s FO 0 the next ACL entry is processed Deny ACL line with L3 information only and the fragments keyword is present If a packet s L3 information does match the L3 information in the ACL line the packet s FO is checked If a packet s FO 0 the packet is denied If a packet s FO 0 the next ACL line is processed Example of Permitting All Packets from a Specified Ho...

Page 136: ...ed IP ACL A standard IP ACL uses the source IP address as its match criterion 1 Enter IP ACCESS LIST mode by naming a standard IP access list CONFIGURATION mode ip access list standard access listname 2 Configure a drop or forward filter CONFIG STD NACL mode seq sequence number deny permit source mask any host ip address count byte dscp order fragments NOTE When assigning sequence numbers to filte...

Page 137: ...the filters are configured The software assigns filters in multiples of five 1 Configure a standard IP ACL and assign it a unique name CONFIGURATION mode ip access list standard access list name 2 Configure a drop or forward IP ACL filter CONFIG STD NACL mode deny permit source mask any host ip address count byte dscp order fragments When you use the log keyword the CP logs details about the packe...

Page 138: ...e Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses IP host addresses TCP addresses TCP host addresses UDP addresses and UDP host addresses Because traffic passes through the filter in the order of the filter s sequence you can configure the extended IP ACL by first entering IP ACCESS LIST mode and then assigning a sequence number to the filter Configuring...

Page 139: ...ce mask any host ip address count byte order fragments Example of the seq Command When you create the filters with a specific sequence number you can create the filters in any order and the filters are placed in the correct order NOTE When assigning sequence numbers to filters you may have to insert a new filter To prevent reconfiguring multiple filters assign sequence numbers in multiples of five...

Page 140: ...hat match Depending on how many packets match the log entry and at what rate the CP may become busy as it has to log these packets details The following example shows an extended IP ACL in which the sequence numbers were assigned by the software The filters were assigned sequence numbers based on the order in which they were configured for example the first filter was given the lowest sequence num...

Page 141: ...permits Permit Deny L3 ACL denies Permit Permit L3 ACL permits NOTE If you configure an interface as a vlan stack access port only the L2 ACL filters the packets The L3 ACL applied to such a port does not affect traffic That is existing rules for other features such as trace list policy based routing PBR and QoS are applied to the permitted traffic For information about MAC ACLs refer to Layer 2 A...

Page 142: ...plicit permit vlan vlan range vrf vrf range NOTE The number of entries allowed per ACL is hardware dependent For detailed specification about entries allowed per ACL refer to your line card documentation 4 Apply rules to the new ACL INTERFACE mode ip access list standard extended name To view which IP ACL is applied to an interface use the show config command in INTERFACE mode or use the show runn...

Page 143: ...ist Example of Applying ACL Rules to Ingress Traffic and Viewing ACL Configuration To specify ingress use the in keyword Begin applying rules to the ACL with the ip access list extended abcd command To view the access list use the show command Dell conf interface tengigabitethernet 1 1 Dell conf if te1 1 ip access group abcd in Dell conf if te1 1 show config tengigabitethernet 1 1 no ip address ip...

Page 144: ...nterface you can apply an egress ACL to block the flow from the exiting the box thus protecting downstream devices To create an egress ACL use the ip access group command in EXEC Privilege mode The example shows viewing the configuration applying rules to the newly created access group and viewing the access list NOTE VRF based ACL configurations are not supported on the egress traffic Example of ...

Page 145: ...nsmitted successfully NOTE The ip control plane egress filter and the ipv6 control plane egress filter commands are not supported 1 Apply Egress ACLs to IPv4 system traffic CONFIGURATION mode ip control plane egress filter 2 Apply Egress ACLs to IPv6 system traffic CONFIGURATION mode ipv6 control plane egress filter 3 Create a Layer 3 ACL using permit rules with the count option to describe the de...

Page 146: ... mask greater than 20 enter permit x x x x x ge 20 The following rules apply to prefix lists A prefix list without any permit or deny filters allows all routes An implicit deny is assumed that is the route is dropped for all route prefixes that do not match a permit or deny filter in a configured prefix list After a route matches a filter the filter s action is applied No additional filters are ap...

Page 147: ...example shows how the seq command orders the filters according to the sequence number assigned In the example filter 20 was configured before filter 15 and 12 but the show config command displays the filters in the correct order Dell conf nprefixl seq 20 permit 0 0 0 0 0 le 32 Dell conf nprefixl seq 12 deny 134 23 0 0 16 Dell conf nprefixl seq 15 deny 120 23 14 0 8 le 16 Dell conf nprefixl show co...

Page 148: ...d for example the first filter was given the lowest sequence number The show config command in PREFIX LIST mode displays the two filters with the sequence numbers 5 and 10 Dell conf nprefixl permit 123 23 0 0 16 Dell conf nprefixl deny 133 24 56 0 8 Dell conf nprefixl show conf ip prefix list awe seq 5 permit 123 23 0 0 16 seq 10 deny 133 0 0 0 8 Dell conf nprefixl To delete a filter enter the sho...

Page 149: ...on To pass traffic through a configured prefix list use the prefix list in a route redistribution command Apply the prefix list to all traffic redistributed into the routing process The traffic is either forwarded or dropped depending on the criteria and actions specified in the prefix list To apply a filter to routes in RIP use the following commands Enter RIP mode CONFIGURATION mode router rip A...

Page 150: ...e of Viewing Configured Prefix Lists ROUTER OSPF mode To view the configuration use the show config command in ROUTER OSPF mode or the show running config ospf command in EXEC mode Dell conf router_ospf show config router ospf 34 network 10 2 1 1 255 255 255 255 area 0 0 0 1 distribute list prefix awe in Dell conf router_ospf ACL Resequencing ACL resequencing allows you to re number the rules and ...

Page 151: ...Pv4 and IPv6 ACLs prefix lists and MAC ACLs To resequence an ACL or prefix list use the following commands You must specify the list name starting number and increment when using these commands IPv4 IPv6 or MAC ACL EXEC mode resequence access list ipv4 ipv6 mac access list name StartingSeqNum Step to Increment IPv4 or IPv6 prefix list EXEC mode resequence prefix list ipv4 ipv6 prefix list name Sta...

Page 152: ...t nacl show config ip access list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1 1 1 1 seq 5 permit ip any host 1 1 1 1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1 1 1 2 seq 10 permit ip any host 1 1 1 2 seq 15 permit ip any host 1 1 1 3 seq 20 permit ip any host 1 1 1 4 Dell end Dell resequence access list ipv4 test 2 2 Dell show runnin...

Page 153: ...sequences When a match is found the packet is forwarded and no more route map sequences are processed If a continue clause is included in the route map sequence the next or a specified route map sequence is processed after a match is found Configuration Task List for Route Maps Configure route maps in ROUTE MAP mode and apply the maps in various commands in ROUTER RIP and ROUTER OSPF modes The fol...

Page 154: ...example with two instances of a route map The following example shows matching instances of a route map Dell show route map route map zakho permit sequence 10 Match clauses Set clauses route map zakho permit sequence 20 Match clauses interface TenGigabitEthernet 1 1 Set clauses tag 35 level stub area Dell To delete all instances of that route map use the no route map map name command To delete jus...

Page 155: ...match tag 2000 Dell config route map match tag 3000 Example of the match Command to Match All Specified Values In the next example there is a match only if a route has both of the specified characteristics In this example there a match only if the route has a tag value of 1000 and a metric value of 2000 Also if there are different instances of the same route map then it s sufficient if a permit ma...

Page 156: ...nter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Match destination routes specified in a prefix list IPv4 CONFIG ROUTE MAP mode match ip address prefix list name Match destination routes specified in a prefix list IPv6 CONFIG ROUTE MAP mode match ipv6 address prefix list name Match next hop routes specified in a prefix list IPv4 ...

Page 157: ...map low Set commands do not require a corresponding match command Configuring Set Conditions To configure a set condition use the following commands Add an AS PATH number to the beginning of the AS PATH CONFIG ROUTE MAP mode set as path prepend as number as number Generate a tag to be added to redistributed routes CONFIG ROUTE MAP mode set automatic tag Specify an OSPF area or ISIS level for redis...

Page 158: ...ols assign different values to redistributed routes to identify either the routes and their origins The metric value is the most common attribute that is changed to properly redistribute other routes into a routing protocol Other attributes that can be changed include the metric type for example external and internal route types in OSPF and route tag Use the redistribute command in OSPF RIP ISIS a...

Page 159: ...a tag of 34 to all internal OSPF routes that are redistributed into RIP Example of the redistribute Command Using a Route Tag router rip redistribute ospf 34 metric 1 route map torip route map torip permit 10 match route type internal set tag 34 Continue Clause Normally when a match is found set clauses are executed and the packet is then forwarded no more route map modules are processed If you co...

Page 160: ...2 or Layer 3 ACL contains a set of defined rules that are saved as flow processor FP entries When you enable ACL logging for a particular ACL rule a set of specific ACL rules translate to a set of FP entries You can enable logging separately for each of these FP entries which relate to each of the ACL entries configured in an ACL Dell Networking OS saves a table that maps each ACL entry that match...

Page 161: ...ies with deny action can be logged For virtual ACL entries the same match rule number is reused Similarly when an ACL entry is deleted that was previously enabled for ACL logging the match rule number used by it is released back to the pool or available set of match indices so that it can be reused for subsequent allocations If you enabled the count of packets for the ACL entry for which you confi...

Page 162: ... Support for ACLs Flow based monitoring is supported on the S4820T platform Flow based monitoring conserves bandwidth by monitoring only the specified traffic instead of all traffic on the interface It is available for Layer 2 and Layer 3 ingress traffic You can specify traffic using standard or extended access lists This mechanism copies incoming packets that matches the ACL rules applied on the ...

Page 163: ...will be high The ACL manager might require a large bandwidth when you assign an ACL with many entries to an interface The ACL agent module saves monitoring details in its local database and also in the CAM region to monitor packets that match the specified criterion The ACL agent maintains data on the source port the destination port and the endpoint to which the packet must be forwarded when a ma...

Page 164: ...s feature is particularly useful when looking for malicious traffic It is available for Layer 2 and Layer 3 ingress and egress traffic You can specify traffic using standard or extended access lists 1 Enable flow based monitoring for a monitoring session MONITOR SESSION mode flow based enable 2 Define access list rules that include the keyword monitor Dell Networking OS only considers port monitor...

Page 165: ...ll conf do show ip accounting access list testflow Extended Ingress IP access list testflow on TenGigabitEthernet 1 1 Total cam count 4 seq 5 permit icmp any any monitor count bytes 0 packets 0 bytes seq 10 permit ip 102 1 1 0 24 any monitor count bytes 0 packets 0 bytes seq 15 deny udp any any count bytes 0 packets 0 bytes seq 20 deny tcp any any count bytes 0 packets 0 bytes Dell conf do show mo...

Page 166: ...n any form that is convenient and on Dell Networking routers BFD agents maintain sessions that reside on the line card which frees resources on the route processor module RPM Only session state changes are reported to the BFD Manager on the RPM which in turn notifies the routing protocols that are registered with it BFD is an independent and generic protocol which all media topologies and routing ...

Page 167: ...hat triggers a link state change in the routing protocol client BFD Packet Format Control packets are encapsulated in user datagram protocol UDP packets The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet Figure 12 BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed State The current local session...

Page 168: ...hich the local system would like to receive control packets from the remote system Required Min Echo RX The minimum rate at which the local system would like to receive echo packets NOTE Dell Networking OS does not currently support the echo function Authentication Type Authentication Length Authentication Data An optional method for authenticating control packets NOTE Dell Networking OS does not ...

Page 169: ...t within the detection time for a particular session Init The local system is communicating Up Both systems are exchanging control packets The session is declared down if A control packet is not received within the detection time Sufficient echo packets are lost Demand mode is active and a control packet is not received in response to a poll packet BFD Three Way Handshake A three way handshake mus...

Page 170: ...hat a session has been established However because both members must send a control packet that requires a response anytime there is a state change or change in a session parameter the passive system sends a final response indicating the state change After this periodic control packets are exchanged Figure 13 BFD Three Way Handshake State Changes Session State Changes The following illustration sh...

Page 171: ... 3 and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4 Enable BFD on both ends of a link Demand mode authentication and the Echo function are not supported BFD is not supported on multi hop and virtual links Protocol Liveness is supported for routing protocols only Dell Networking OS supports only OSPF OSPFv3 IS IS and BGP protocols as BFD clients Configure BFD Thi...

Page 172: ...e remote system Configuring BFD for a physical port is a two step process 1 Enable BFD globally 2 Establish a session with a next hop neighbor Related Configuration Tasks Viewing Physical Port Session Parameters Disabling and Re Enabling BFD Enabling BFD Globally You must enable BFD globally on both routers For more information about enabling BFD globally refer to Establishing a Session on Physica...

Page 173: ...with the BFD session INTERFACE mode bfd neighbor ip address Examples of the show bfd neighbors command To verify that the session is established use the show bfd neighbors command The bold line shows the BFD session R1 conf if te 4 24 do show bfd neighbors Active session role Ad Dn Admin Down C CLI I ISIS O OSPF R Static Route RTM LocalAddr RemoteAddr Interface State Rx int Tx int Mult Clients 2 2...

Page 174: ... 1 BFD_STATE_CHANGE Changed session state to Up for neighbor 2 2 2 2 on interface Te 4 24 diag 0 Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role active Dell Networking recommends maintaining the default values To view session parameters use the show bfd neighbors detail command Example of Viewing Session Parameters R1 conf if te 4 24 b...

Page 175: ...BFDMGR 1 BFD_STATE_CHANGE Changed session state to Ad Dn for neighbor 2 2 2 2 on interface Te 4 24 diag 0 If the remote system state changes due to the local state administration being down this message displays R2 01 32 53 RPM0 P RP2 BFDMGR 1 BFD_STATE_CHANGE Changed session state to Down for neighbor 2 2 2 1 on interface Te 2 1 diag 7 Configure BFD for Static Routes BFD offers systems a link sta...

Page 176: ...ve session role Ad Dn Admin Down C CLI I ISIS O OSPF R Static Route RTM LocalAddr RemoteAddr Interface State Rx int Tx int Mult Clients 2 2 2 1 2 2 2 2 Gi 4 24 Up 100 100 4 R To view detailed session information use the show bfd neighbors detail command as shown in the examples in Displaying BFD for BGP Information Changing Static Route Session Parameters BFD sessions are configured with default i...

Page 177: ...isable BFD for static routes use the following command Disable BFD for static routes CONFIGURATION mode no ip route bfd Configure BFD for OSPF When using BFD with OSPF the OSPF protocol registers with the BFD manager on the RPM BFD sessions are established with all neighboring interfaces participating in OSPF If a neighboring interface fails the BFD agent on the line card notifies the BFD manager ...

Page 178: ...shed when the OSPF adjacency is in the Full state Figure 17 Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface use the following commands Establish sessions with all OSPF neighbors ROUTER OSPF mode bfd all neighbors Establish sessions with OSPF neighbors on a single interface INTERFACE mode 178 Bidirectional Forwarding De...

Page 179: ...ange a parameter at the interface level the change affects all OSPF sessions on that interface To change parameters for all OSPF sessions or for OSPF sessions on a single interface use the following commands Change parameters for OSPF sessions ROUTER OSPF mode bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive Change parameters for all OSPF sessions on...

Page 180: ...single interface use the following commands Establish sessions with all OSPFv3 neighbors ROUTER OSPFv3 mode bfd all neighbors Establish sessions with OSPFv3 neighbors on a single interface INTERFACE mode ipv6 ospf bfd all neighbors To view the established sessions use the show bfd neighbors command Changing OSPFv3 Session Parameters Configure BFD sessions with default intervals and a default role ...

Page 181: ...rigger a change in BFD clients a final Admin Down packet is sent before the session is terminated To disable BFD sessions use the following commands Disable BFD sessions with all OSPFv3 neighbors ROUTER OSPFv3 mode no bfd all neighbors Disable BFD sessions with OSPFv3 neighbors on a single interface INTERFACE mode ipv6 ospf bfd all neighbors disable Configure BFD for IS IS When using BFD with IS I...

Page 182: ...lish BFD with all IS IS neighbors or with IS IS neighbors on a single interface use the following commands Establish sessions with all IS IS neighbors ROUTER ISIS mode bfd all neighbors Establish sessions with IS IS neighbors on a single interface INTERFACE mode isis bfd all neighbors Example of Verifying Sessions with IS IS Neighbors To view the established sessions use the show bfd neighbors com...

Page 183: ...ion parameters use the show bfd neighbors detail command as shown in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors Command in Displaying BFD for BGP Information Change parameters for all IS IS sessions ROUTER ISIS mode bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive Change parameters for IS IS sessions on a single interface ...

Page 184: ...as described in Border Gateway Protocol IPv4 BGPv4 2 Enable fast fall over for BGP neighbors to reduce convergence time the neighbor fall over command as described in BGP Fast Fall Over Establishing Sessions with BGP Neighbors Before configuring BFD for BGP you must first configure BGP on the routers that you want to interconnect For more information refer to Border Gateway Protocol IPv4 BGPv4 For...

Page 185: ...ckets drops due to queue congestion BFD notifies BGP of any failure conditions that it detects on the link Recovery actions are initiated by BGP BFD for BGP is supported only on directly connected BGP neighbors and only in BGP IPv4 networks Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for fai...

Page 186: ...a specified BGP neighbor or peer group using the neighbor bfd command the default BFD session parameters are used interval 100 milliseconds min_rx 100 milliseconds multiplier 3 packets and role active When you explicitly enable or disable a BGP neighbor for a BFD session with the neighbor bfd or neighbor bfd disable commands the neighbor does not inherit the BFD enable disable values configured wi...

Page 187: ...d for the peer group to which the neighbor belongs The neighbor inherits only the global timer values that are configured with the bfd all neighbors command interval min_rx and multiplier If you explicitly enable or disable a peer group for BFD that has no BFD parameters configured for example advertisement interval using the neighbor peer group name bfd command the peer group inherits any BFD set...

Page 188: ... 1 1 1 3 1 1 1 2 Te 6 1 Up 100 100 3 B 2 2 2 3 2 2 2 2 Te 6 2 Up 100 100 3 B 3 3 3 3 3 3 3 2 Te 6 3 Up 100 100 3 B The following example shows viewing BFD neighbors with full detail The bold lines show the BFD session parameters TX packet transmission RX packet reception and multiplier maximum number of missed packets R2 show bfd neighbors detail Session Discriminator 9 Neighbor Discriminator 10 L...

Page 189: ...ms Multiplier 3 Role Active Delete session on Down True Client Registered BGP Uptime 00 02 22 Statistics Number of packets received from neighbor 1428 Number of packets sent to neighbor 1428 Number of state changes 1 Number of messages from IFA about port state change 0 Number of messages communicated b w Manager and Agent 4 The following example shows viewing configured BFD counters R2 show bfd c...

Page 190: ...session with a BGP neighbor using the neighbor ip address bfd command Message displays when you enable a BGP neighbor in a peer group for which you enabled a BFD session using the neighbor peer group name bfd command R2 show ip bgp neighbors 2 2 2 2 BGP neighbor is 2 2 2 2 remote AS 1 external link BGP version 4 remote router ID 12 0 0 4 BGP state ESTABLISHED in this state for 00 05 33 Last read 0...

Page 191: ... 0 0 4 BGP state ESTABLISHED in this state for 00 05 33 Neighbor is using BGP peer group mode BFD configuration Peer active in peer group outbound optimization Configure BFD for VRRP When using BFD with VRRP the VRRP protocol registers with the BFD manager on the route processor module RPM BFD sessions are established with all neighboring interfaces participating in VRRP If a neighboring interface...

Page 192: ...aster router does not care about the state of the backup router so it does not participate in any VRRP BFD sessions VRRP BFD sessions on the backup router cannot change to the UP state Configure the master router to establish an individual VRRP session the backup router To establish a session with a particular VRRP neighbor use the following command Establish a session with a particular VRRP neigh...

Page 193: ...2 2 5 4 Authentication none BFD Neighbors RemoteAddr State 2 2 5 2 Up Dell conf if te 4 25 1 do show vrrp TenGigabitEthernet 4 1 1 VRID 1 Net 2 2 5 1 State Backup Priority 1 Master 2 2 5 2 Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 95 Bad pkts rcvd 0 Adv sent 933 Gratuitous ARP sent 3 Virtual MAC address 00 00 5e 00 01 01 Virtual IP address 2 2 5 4 Authentication none BFD Neighbors RemoteA...

Page 194: ... change to the Down state To disable all VRRP sessions on an interface sessions for a particular VRRP group or for a particular VRRP session on an interface use the following commands Disable all VRRP sessions on an interface INTERFACE mode no vrrp bfd all neighbors Disable all VRRP sessions in a VRRP group VRRP mode bfd disable Disable a particular VRRP session on an interface INTERFACE mode no v...

Page 195: ...ode 0 State Init Poll bit 0 Final bit 0 Demand bit 0 myDiscrim 6 yourDiscrim 4 minTx 1000000 minRx 1000000 multiplier 3 minEchoRx 0 00 54 38 RPM0 P RP2 BFDMGR 1 BFD_STATE_CHANGE Changed session state to Up for neighbor 2 2 2 2 on interface Te 4 24 diag 0 The following example shows hexadecimal output from the debug bfd packet command RX packet dump 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 0...

Page 196: ...The output for the debug bfd event command is the same as the log messages that appear on the console by default 196 Bidirectional Forwarding Detection BFD ...

Page 197: ...ou can group autonomous systems into three categories multihomed stub and transit defined by their connections and operation multihomed AS is one that maintains connections to more than one other AS This group allows the AS to remain connected to the Internet in the event of a complete failure of one of their connections However this type of AS does not allow traffic from one AS to pass through on...

Page 198: ... based on path network policies and or rulesets Unlike most protocols BGP uses TCP as its transport protocol Since each BGP router talking to another router is a session a BGP network needs to be in full mesh This is a topology that has every router directly connected to every other router Each BGP router within an AS must have iBGP sessions with all other BGP routers in the AS For example a BGP n...

Page 199: ...tain increases exponentially Network management quickly becomes impossible Sessions and Peers When two routers communicate using the BGP protocol a BGP session is started The two end points of that session are Peers A Peer is also called a Neighbor Border Gateway Protocol IPv4 BGPv4 199 ...

Page 200: ...sition the router sends an Open message and waits for one in return OpenConfirm After the Open message parameters are agreed between peers the neighbor relation is established and is in the OpenConfirm state This is when the router receives and checks for agreement on the parameters of open messages to establish a session Established Keepalive messages are exchanged next and after successful recei...

Page 201: ...lowing steps Routers B C D E and G are members of the same AS AS100 These routers are also in the same Route Reflection Cluster where Router D is the Route Reflector Router E and H are client peers of Router D Routers B and C and nonclient peers of Router D Figure 23 BGP Router Rules 1 Router B receives an advertisement from Router A through eBGP Because the route is learned through eBGP Router B ...

Page 202: ...eighboring external AS number BGP best path selection is deterministic by default which means the bgp non deterministic med command is NOT applied The best path in each group is selected based on specific criteria Only one best path is selected at a time If any of the criteria results in more than one path BGP moves on to the next option in the list For example two paths may have the same weights ...

Page 203: ...e 24 BGP Best Path Selection Best Path Selection Details 1 Prefer the path with the largest WEIGHT attribute 2 Prefer the path with the largest LOCAL_PREF attribute 3 Prefer the path that was locally Originated via a network command redistribute command or aggregate address command a Routes originated with the Originated via a network or redistribute commands are preferred over routes originated w...

Page 204: ... received as the Best Path The path selection algorithm returns without performing any of the checks detailed here 11 Prefer the external path originated from the BGP router with the lowest router ID If both paths are external prefer the oldest path first received path For paths containing a route reflector RR attribute the originator ID is substituted for the router ID 12 If two paths have the sa...

Page 205: ...o the LOCAL_PREF settings have the preferred path go through Router B and AS300 This is advertised to all routers within AS100 causing all BGP speakers to prefer the path through Router B Figure 25 BGP Local Preference Multi Exit Discriminators MEDs If two ASs connect in more than one place a multi exit discriminator MED can be used to assign a preference to a preferred path MED is one of the crit...

Page 206: ...o outbound EBGP peers when redistributing routes The configured set metric value overwrites the default IGP cost If the outbound route map uses MED it overwrites IGP MED Origin The origin indicates the origin of the prefix or how the prefix came into BGP There are three origin codes IGP EGP INCOMPLETE Origin Type Description IGP Indicates the prefix originated from information learned through an i...

Page 207: ...ormation shown in bold Example of Viewing AS Paths Dell show ip bgp paths Total 30655 Paths Address Hash Refcount Metric Path 0x4014154 0 3 18508 701 3549 19421 i 0x4013914 0 3 18508 701 7018 14990 i 0x5166d6c 0 3 18508 209 4637 1221 9249 9249 i 0x5e62df4 0 2 18508 701 17302 i 0x3a1814c 0 26 18508 209 22291 i 0x567ea9c 0 75 18508 209 3356 2529 i 0x6cc1294 0 2 18508 209 1239 19265 i 0x6cc18d4 0 1 1...

Page 208: ...routing topology MBGP uses either an IPv4 address configured on the interface which is used to establish the IPv6 session or a stable IPv4 address that is available in the box as the next hop address As a result while advertising an IPv6 network exchange of IPv4 routes does not lead to martian next hop message logs NOTE It is possible to configure BGP peers that exchange both unicast and multicast...

Page 209: ...rnal configured BGP advertises the IGP cost as MED If the redistribute command has metric configured route map set metric or redistribute route type metric and the BGP peer outbound route map has metric type internal configured BGP advertises the metric configured in the redistribute command as MED If BGP peer outbound route map has metric configured all other metrics are overwritten by this confi...

Page 210: ... as 65123 To calculate the comparable dot format for an ASN from a traditional format use ASN 65536 ASN 65536 Traditional Format DOT Format 65001 0 65501 65536 1 0 100000 1 34464 4294967295 65535 65535 When creating Confederations all the routers in a Confederation must be either 4 Byte or 2 Byte identified routers You cannot mix them Configure 4 byte AS numbers with the four octet support command...

Page 211: ...the running config statements When you apply or change an asnotation the type selected is reflected immediately in the running configuration and the show commands refer to the following two examples Example of Dynamic Changes in the Running Configuration When Using the bgp asnotation Command ASDOT Dell conf router_bgp bgp asnotation asdot Dell conf router_bgp show conf router bgp 100 bgp asnotatio...

Page 212: ...the routes are propagated throughout the network while the migration is in progress When migrating one AS to another perhaps combining ASs an eBGP network may lose its routing to an iBGP if the ASN changes Migration can be difficult as all the iBGP and eBGP peers of the migrating network must be updated to maintain network reachability Essentially Local AS provides a capability to the BGP speaker ...

Page 213: ...If an inbound route map is used to prepend the as path to the update from the peer the Local AS is added first For example consider the topology described in the previous illustration If Router B has an inbound route map applied on Router C to prepend 65001 65002 to the as path the following events take place on Router B 1 Receive and validate the update 2 Prepend local as 200 to as path 3 Prepend...

Page 214: ... a policy If you do enable BGP soft reconfig the denied prefixes are not accounted for F10BgpM2AdjRibsOutRoute stores the pointer to the NLRI in the peer s Adj Rib Out PA Index f10BgpM2PathAttrIndex field in various tables is used to retrieve specific attributes from the PA table The Next Hop RR Cluster list and Originator ID attributes are not stored in the PA Table and cannot be retrieved using ...

Page 215: ...e f10BgpM2NlriOpaqueType and f10BgpM2NlriOpaquePointer fields are set to zero 4 byte ASN is supported The f10BgpM2AsPath4byteEntry table contains 4 byte ASN related parameters based on the configuration If a received update route matches with a local prefix then that route is discarded This behavior results from an incorrect BGP configuration To overcome this issue you can trigger a route refresh ...

Page 216: ... 20 internal distance 200 local distance 200 Timers keepalive 60 seconds holdtime 180 seconds Add path Disabled Enabling BGP By default BGP is not enabled on the system Dell Networking OS supports one autonomous system AS and assigns the AS number ASN To establish BGP sessions and route traffic configure at least one BGP neighbor or peer In BGP routers with an established TCP connection are called...

Page 217: ...OTE Use it only if you support 4 Byte AS numbers or if you support AS4 number representation If you are supporting 4 Byte ASNs enable this command Disable 4 Byte support and return to the default 2 Byte format by using the no bgp four octet as support command You cannot disable 4 Byte support if you currently have a 4 Byte ASN configured Disabling 4 Byte AS numbers also disables ASDOT and ASDOT nu...

Page 218: ...attribute entrie s using 72 bytes of memory 1 BGP AS PATH entrie s using 47 bytes of memory 5 neighbor s using 23520 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up Down State Pfx 10 10 21 1 65123 0 0 0 0 0 never Active 10 10 32 3 65123 0 0 0 0 0 never Active 100 10 92 9 65192 0 0 0 0 0 never Active 192 168 10 1 65123 0 0 0 0 0 never Active 192 168 12 2 65123 0 0 0 0 0 never Active ...

Page 219: ... Command Line Interface Reference Guide The following example shows the show ip bgp neighbors command output Dell show ip bgp neighbors BGP neighbor is 10 114 8 60 remote AS 18508 external link BGP version 4 remote router ID 10 20 20 20 BGP state ESTABLISHED in this state for 00 01 58 Last read 00 00 14 hold time is 90 keepalive interval is 30 seconds Received 18552 messages 0 notifications 0 in q...

Page 220: ...r ASDOT Term Description ASPLAIN the method Dell Networking OS used for all previous Dell Networking OS versions It remains the default method with Dell Networking OS With the ASPLAIN notation a 32 bit binary AS number is translated into a decimal value ASDOT representation splits the full binary 4 byte AS number into two words of 16 bits separated by a decimal point high order 16 bit value low or...

Page 221: ...down 5332332 9911991 65057 18508 12182 7018 46164 i The following example shows the bgp asnotation asdot command output Dell conf router_bgp bgp asnotation asdot Dell conf router_bgp sho conf router bgp 100 bgp asnotation asdot bgp four octet as support neighbor 172 30 1 250 remote as 18508 neighbor 172 30 1 250 local as 65057 neighbor 172 30 1 250 route map rmap1 in neighbor 172 30 1 250 password...

Page 222: ...roups are found at the end of this chapter 1 Create a peer group by assigning a name to it CONFIG ROUTERBGP mode neighbor peer group name peer group 2 Enable the peer group CONFIG ROUTERBGP mode neighbor peer group name no shutdown By default all peer groups are disabled 3 Create a BGP neighbor CONFIG ROUTERBGP mode neighbor ip address remote as as number 4 Enable the neighbor CONFIG ROUTERBGP mod...

Page 223: ...is more specific than the peer group s and if the neighbor s configuration does not affect outgoing updates NOTE When you configure a new set of BGP policies for a peer group always reset the peer group by entering the clear ip bgp peer group peer group name command in EXEC Privilege mode To view the configuration use the show config command in CONFIGURATION ROUTER BGP mode When you create a peer ...

Page 224: ...version 4 Minimum time between advertisement runs is 5 seconds For address family IPv4 Unicast BGP neighbor is zanzibar peer group internal Number of peers in this group 26 Peer group members outbound optimized 10 68 160 1 10 68 161 1 10 68 162 1 10 68 163 1 10 68 164 1 10 68 165 1 10 68 166 1 10 68 167 1 10 68 168 1 10 68 169 1 10 68 170 1 10 68 171 1 10 68 172 1 10 68 173 1 10 68 174 1 10 68 175...

Page 225: ...d Dell sh ip bgp neighbors BGP neighbor is 100 100 100 100 remote AS 65517 internal link Member of peer group test for session parameters BGP version 4 remote router ID 30 30 30 5 BGP state ESTABLISHED in this state for 00 19 15 Last read 00 00 15 last write 00 00 06 Hold time is 180 keepalive interval is 60 seconds Received 52 messages 0 notifications 0 in queue Sent 45 messages 5 notifications 0...

Page 226: ...shutdown Dell Configuring Passive Peering When you enable a peer group the software sends an OPEN message to initiate a TCP connection If you enable passive peering for the peer group the software does not send an OPEN message but it responds to an OPEN message When a BGP neighbor connection with authentication configured is rejected by a passive peer group Dell Networking OS does not allow anothe...

Page 227: ...on and allows you to maintain existing ASNs during a BGP network migration When you complete your migration be sure to reconfigure your routers with the new information and disable this feature Allow external routes from this neighbor CONFIG ROUTERBGP mode neighbor IP address peer group name local as as number no prepend Peer Group Name 16 characters AS number 0 to 65535 2 Byte or 1 to 4294967295 ...

Page 228: ...eature permits a BGP speaker to allow the ASN to be present for a specified number of times in the update received from the peer even if that ASN matches its own The AS PATH loop is detected if the local ASN is present more than the specified number of times in the command Allow this neighbor ID to use the AS path the specified number of times CONFIG ROUTER BGP mode neighbor IP address peer group ...

Page 229: ...to the peer Flags routes from the peer as Stale and sets a timer to delete them if the peer does not perform a graceful restart Deletes all routes from the peer if forwarding state information is not saved Speeds convergence by advertising a special update packet known as an end of RIB marker This marker indicates the peer has been updated with all routes in the local RIB If you configure your sys...

Page 230: ...t for remote peers for their graceful restart without supporting the feature itself You can implement BGP graceful restart either by neighbor or by BGP peer group For more information refer to the Dell Networking OS Command Line Interface Reference Guide Add graceful restart to a BGP neighbor or peer group CONFIG ROUTER BGP mode neighbor ip address peer group name graceful restart Set the maximum ...

Page 231: ...ode ip as path access list as path name 2 Enter the parameter to match BGP AS PATH for filtering CONFIG AS PATH mode deny permit filter parameter This is the filter that is used to match the AS path The entries can be any format letters numbers or regular expressions You can enter this command multiple times if multiple filters are desired For accepted expressions refer to Regular Expressions as F...

Page 232: ...er used to define a pattern that is then compared with an input string For an AS path access list as shown in the previous commands if the AS path matches the regular expression in the access list the route matches the access list The following lists the regular expressions accepted in Dell Networking OS Regular Expression Definition caret Matches the beginning of the input string Alternatively wh...

Page 233: ...reate the access list and filter The second lines shown in bold are the regular expression shown as part of the access list filter Example of Using Regular Expression to Filter AS Paths Dell config router bgp 99 Dell conf router_bgp neigh AAA peer group Dell conf router_bgp neigh AAA no shut Dell conf router_bgp show conf router bgp 99 neighbor AAA peer group neighbor AAA no shutdown neighbor 10 1...

Page 234: ... 1 level 1 2 or level 2 Assign all redistributed routes to a level The default is level 2 metric value The value is from 0 to 16777215 The default is 0 map name name of a configured route map Include specific OSPF routes in IS IS ROUTER BGP or CONF ROUTER_BGPv6_ AF mode redistribute ospf process id match external 1 2 match internal metric type external internal route map map name Configure the fol...

Page 235: ...th the NO_EXPORT_SUBCONFED 0xFFFFFF03 community attribute are not sent to CONFED EBGP or EBGP peers but are sent to IBGP peers within CONFED SUB AS All routes with the NO_ADVERTISE 0xFFFFFF02 community attribute must not be advertised All routes with the NO_EXPORT 0xFFFFFF01 community attribute must not be advertised outside a BGP confederation boundary but are sent to CONFED EBGP and IBGP peers D...

Page 236: ... Configuring an IP Extended Community List To configure an IP extended community list use these commands 1 Create a extended community list and enter the EXTCOMMUNITY LIST mode CONFIGURATION mode ip extcommunity list extcommunity list name 2 Two types of extended communities are supported CONFIG COMMUNITY LIST mode permit deny rt soo ASN NN IPADDR N regex REGEX LINE Filter routes based on the type...

Page 237: ...lter routes you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group 1 Enter the ROUTE MAP mode and assign a name to a route map CONFIGURATION mode route map map name permit deny sequence number 2 Configure a match filter for all routes meeting the criteria in the IP community or IP extended community list CONFIG ROUTE MAP mode match comm...

Page 238: ... group specified CONFIG ROUTER BGP mode neighbor ip address peer group name send community To view the BGP configuration use the show config command in CONFIGURATION ROUTER BGP mode If you want to remove or add a specific COMMUNITY number from a BGP path you must create a route map with one or both of the following statements in the route map Then apply that route map to a BGP neighbor or peer gro...

Page 239: ... BGP table version is 3762622 local router ID is 10 114 8 48 Status codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path i 3 0 0 0 8 195 171 0 16 100 0 209 701 80 i i 4 2 49 12 30 195 171 0 16 100 0 209 i i 4 21 132 0 23 195 171 0 16 100 0 209 6461 16422 i i 4 24 118 16 30 195 171 0 16 100 0 209 i i 4 24 145 0 30...

Page 240: ... mode Changing the LOCAL_PREFERENCE Attribute In Dell Networking OS you can change the value of the LOCAL_PREFERENCE attribute To change the default values of this attribute for all routes received by the router use the following command Change the LOCAL_PREF value CONFIG ROUTER BGP mode bgp default local preference value value the range is from 0 to 4294967295 The default is 100 To view the BGP c...

Page 241: ... command in EXEC Privilege mode You can also use route maps to change this and other BGP attributes For example you can include the second command in a route map to specify the next hop address Disable next hop processing and configure the router as the next hop for a BGP neighbor CONFIG ROUTER BGP mode neighbor ip address peer group name next hop self Sets the next hop address CONFIG ROUTE MAP mo...

Page 242: ...refix length while AS Path ACLs filter routes based on the ASN Route maps can filter and set conditions change attributes and assign update policies NOTE Dell Networking OS supports up to 255 characters in a set community statement inside a route map NOTE With Dell Networking OS you can create inbound and outbound policies Each of the commands used for filtering has in and out parameters that you ...

Page 243: ...address or the peer group s name prefix list name enter the name of a configured prefix list in apply the prefix list to inbound routes out apply the prefix list to outbound routes As a reminder the following are rules concerning prefix lists If the prefix list contains no filters all routes are permitted If none of the routes match any of the filters in the prefix list the route is denied This ac...

Page 244: ...e route map map name in out Configure the following parameters ip address or peer group name enter the neighbor s IP address or the peer group s name map name enter the name of a configured route map in apply the route map to inbound routes out apply the route map to outbound routes To view the BGP configuration use the show config command in CONFIGURATION ROUTER BGP mode To view a route map confi...

Page 245: ... filter in your AS PATH ACL Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh they reduce the amount of BGP control traffic NOTE Dell Networking recommends not using multipath and add path simultaneously in a route reflector With route reflection configured properly IBGP routers are not fully meshed within a cluster but all receive routing information Con...

Page 246: ... an a in the first column shown in bold and routes suppressed by the aggregate contain an s in the first column Dell show ip bgp BGP table version is 0 local router ID is 10 101 15 13 Status codes s suppressed d damped h history valid best Path source I internal a aggregate c confed external r redistributed n network Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 7 ...

Page 247: ...utes that flap When that penalty value reaches a configured limit the route is not advertised even if the route is up In Dell Networking OS that penalty value is 1024 As time passes and the route does not flap the penalty value decrements or is decayed However if the route flaps again it is assigned another penalty The penalty value is cumulative and penalty is added under following cases Withdraw...

Page 248: ...a Penalty of 1024 to a route the Penalty is decreased by half after the half life period expires The default is 15 minutes reuse the range is from 1 to 20000 This number is compared to the flapping route s Penalty value If the Penalty value is less than the reuse value the flapping route is once again advertised or no longer suppressed The default is 750 suppress the range is from 1 to 20000 This ...

Page 249: ...te default 750 Dell conf router_bgp bgp dampening 2 2000 1 20000 Value to start suppressing a route default 2000 Dell conf router_bgp bgp dampening 2 2000 3000 1 255 Maximum duration to suppress a stable route default 60 Dell conf router_bgp bgp dampening 2 2000 3000 10 route map Route map to specify criteria for dampening cr To view a count of dampened routes history routes and penalized routes w...

Page 250: ...60 seconds holdtime the range is from 3 to 65536 Time interval in seconds between the last keepalive message and declaring the router dead The default is 180 seconds To view non default values use the show config command in CONFIGURATION ROUTER BGP mode or the show running config bgp command in EXEC Privilege mode Enabling BGP Neighbor Soft Reconfiguration BGP soft reconfiguration allows for faste...

Page 251: ... reconfiguration for the BGP neighbor specified CONFIG ROUTER BGP mode neighbor ip address peer group name soft reconfiguration inbound BGP stores all the updates received by the neighbor but does not reset the peer session Entering this command starts the storage of updates which is required to do inbound soft reconfiguration Outbound BGP soft reconfiguration does not require inbound soft reconfi...

Page 252: ...t of actions overrides the previous set of actions with the same set command If the set community additive and set as path prepend commands are configured the communities and AS numbers are prepended Enabling MBGP Configurations Multiprotocol BGP MBGP is an enhanced BGP that carries IP multicast routes BGP carries two sets of routes one set for unicast routing and one set for multicast routing The...

Page 253: ...fect BGP routing convergence Also show bgp commands that get filtered through regular expressions can to take a lot of CPU cycles especially when the database is large This feature is turned on by default If necessary use the bgp regex eval optz disable command in CONFIGURATION ROUTER BGP mode to disable it Debugging BGP To enable BGP debugging use any of the following commands View all informatio...

Page 254: ...ll debugging use the undebug all command Storing Last and Bad PDUs Dell Networking OS stores the last notification sent received and the last bad protocol data unit PDU received on a per peer basis The last bad PDU is the one that causes a notification to be issued In the following example the last seven lines shown in bold are the last PDUs Example of the show ip bgp neighbor Command to View Last...

Page 255: ...hbor direction command The buffer size supports a maximum value between 40 MB the default and 100 MB The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction Setting the buffer size to a value lower than the current maximum might cause captured PDUs to be freed to set the new limit NOTE Memory...

Page 256: ...w to view space requirements for storing all the PDUs With full internet feed 205K captured approximately 11 8MB is required to store all of the PDUs Dell conf router_bgp do show capture bgp pdu neighbor 172 30 1 250 Incoming packet capture enabled for BGP neighbor 172 30 1 250 Available buffer size 29165743 192991 packet s captured using 11794257 bytes Dell conf router_bgp do sho ip bg s BGP rout...

Page 257: ...CLI Be sure that you make the necessary changes The following illustration shows the configurations described on the following examples These configurations show how to create BGP areas using physical and virtual links They include setting up the interfaces and peers groups with each other Figure 28 Sample Configurations Example of Enabling BGP Router 1 R1 conf R1 conf int loop 0 R1 conf if lo 0 i...

Page 258: ... 168 128 3 update source loop 0 R1 conf router_bgp show config router bgp 99 network 192 168 128 0 24 neighbor 192 168 128 2 remote as 99 neighbor 192 168 128 2 update source Loopback 0 neighbor 192 168 128 2 no shutdown neighbor 192 168 128 3 remote as 100 neighbor 192 168 128 3 update source Loopback 0 neighbor 192 168 128 3 no shutdown Example of Enabling BGP Router 2 R2 conf R2 conf int loop 0...

Page 259: ...gabitEthernet 3 11 ip address 10 0 3 33 24 no shutdown R3 conf if lo 0 int te 3 21 R3 conf if te 3 21 ip address 10 0 2 3 24 R3 conf if te 3 21 no shutdown R3 conf if te 3 21 show config interface TengigabitEthernet 3 21 ip address 10 0 2 3 24 no shutdown R3 conf if te 3 21 R3 conf if te 3 21 router bgp 100 R3 conf router_bgp show config router bgp 100 R3 conf router_bgp network 192 168 128 0 24 R...

Page 260: ... 1 0 0 00 00 17 1Capabilities received from neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 Capabilities advertised to neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 Update source set to Loopback 0 Peer active in peer group outbound optimization For address family IPv4 Unicast BGP table version 1 neighbor version 1 Prefixes acc...

Page 261: ...outer_bgp end R2 R2 show ip bgp summary BGP router identifier 192 168 128 2 local AS number 99 BGP table version is 2 main routing table version 2 1 network entrie s using 132 bytes of memory 3 paths using 204 bytes of memory BGP RIB over all using 207 bytes of memory 2 BGP path attribute entrie s using 128 bytes of memory 2 BGP AS PATH entrie s using 90 bytes of memory 2 neighbor s using 9216 byt...

Page 262: ...Capabilities advertised to neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 Update source set to Loopback 0 Peer active in peer group outbound optimization For address family IPv4 Unicast BGP table version 2 neighbor version 2 Prefixes accepted 1 consume 4 bytes withdrawn 0 by peer Prefixes advertised 1 denied 0 withdrawn 0 from peer Connections established 6 drop...

Page 263: ...L2 QoS PBR VRF ACL and so forth use the cam acl command in CONFIGURATION mode The CAM space is allotted in field processor FP blocks The total space allocated must equal 13 FP blocks The following table lists the default CAM allocation settings NOTE There are 16 FP blocks but the system flow requires three blocks that cannot be reallocated Table 12 Default Cam Allocation Settings CAM Allocation Se...

Page 264: ... must enter the ipv6acl and vman dual qos allocations as a factor of 2 2 4 6 8 10 All other profile allocations can use either even or odd numbered ranges NOTE You can only have one odd number of blocks in the CLI configuration the other blocks must be in factors of 2 For example a CLI configuration of 5 4 2 1 1 blocks is not supported a configuration of 6 4 2 1 blocks is supported For the new set...

Page 265: ...alue is 0 3 Execute write memory and verify that the new settings are written to the CAM on the next boot EXEC Privilege mode show cam acl 4 Reload the system EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service policy use the test cam usage command To verify the actual CAM space required create a Class Map with all required ACL rules...

Page 266: ...tries 0 entries EgACL 0 entries 0 entries MicroCode Name Default Default More To view brief output of the show cam profile command use the summary option The show running config cam profile command shows the current profile and microcode NOTE If you select the CAM profile from CONFIGURATION mode the output of this command does not reflect any changes until you save the running configuration and re...

Page 267: ...csiOptAcl 0 0 ipv4pbr 0 2 vrfv4Acl 0 2 Openflow 0 0 fedgovacl 0 0 Dell conf Example of Viewing CAM ACL Settings NOTE If you change the cam acl setting from CONFIGURATION mode the output of this command does not reflect any changes until you save the running configuration and reload the chassis The default values for the show cam acl command are Dell show cam acl Chassis Cam ACL Current Settings in...

Page 268: ...4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 IpMacAcl 0 VmanQos 0 VmanDualQos 0 EcfmAcl 0 FcoeAcl 0 iscsiOptAcl 0 ipv4pbr 0 vrfv4Acl 0 Openflow 0 fedgovacl 0 Dell View CAM Usage View the amount of CAM space available used and remaining in each ACL partition using the show cam usage command from EXEC Privilege mode Example of the show cam usage Command Dell show cam usage Stackunit Portpipe CAM Partition T...

Page 269: ... prevent mismatches Dell Networking recommends the following Use the eg default CAM profile in a chassis that has only EG Series line cards If this profile is used in a chassis with non EG line cards the non EG line cards enter a problem state Before moving a card to a new chassis change the CAM profile on a card to match the new system profile After installing a secondary RPM into a chassis copy ...

Page 270: ...K entries to the IPv4 system flow region 2 Allocate more entries in the IPv4Flow region to QoS Dell Networking OS supports the ability to view the actual CAM usage before applying a service policy The test cam usage service policy command provides this test framework For more information refer to Pre Calculating Available QoS CAM Space 270 Content Addressable Memory CAM ...

Page 271: ...reases security on the system by protecting the routing processor from unnecessary or DoS traffic giving priority to important control plane and management traffic CoPP uses a dedicated control plane configuration through the ACL and QoS command line interfaces CLIs to provide filtering and rate limiting capabilities for the control plane packets The following illustration shows an example of the ...

Page 272: ...gateway protocol BGP and internet control message protocol ICMP share same queue Q6 Q6 has 400 PPS of bandwidth by default The desired rate of ICMP is 100 PPS and the remaining 300 PPS is assigned to BGP If ICMP packets come at 400 PPS BGP packets may be dropped though ICMP packets are rate limited to 100 PPS You can solve this by increasing Q6 bandwidth to 700 PPS to allow both ICMP and BGP packe...

Page 273: ...oS policies are finally assigned to a control plane service policy for each port pipe 1 Create a Layer 2 extended ACL for control plane traffic policing for a particular protocol CONFIGURATION mode mac access list extended name cpu qos permit arp frrp gvrp isis lacp lldp stp 2 Create a Layer 3 extended ACL for control plane traffic policing for a particular protocol CONFIGURATION mode ip access li...

Page 274: ...llowing example shows creating the QoS input policy Dell conf qos policy in rate_limit_200k cpu qos Dell conf in qos policy cpuqos rate police 200 40 peak 500 40 Dell conf in qos policy cpuqos exit Dell conf qos policy in rate_limit_400k cpu qos Dell conf in qos policy cpuqos rate police 400 50 peak 600 50 Dell conf in qos policy cpuqos exit Dell conf qos policy in rate_limit_500k cpu qos Dell con...

Page 275: ...corresponding queue Consequently 1 kbps is roughly equivalent to 2 pps The basics for creating a CoPP service policy is to create QoS policies for the desired CPU bound queue and associate it with a particular rate limit The QoS policies are assigned to a control plane service policy for each port pipe 1 Create a QoS input policy for the router and assign the policing CONFIGURATION mode qos policy...

Page 276: ... unit high gig queues are used Prior to the release 9 4 0 0 all IPv6 packets are taken to same queues there is no priority between the ICMPv6 packets and unknown IPv6 packets Due to this NS NA RS RA packets not given high priority leads to the session establishment problem To solve this issue starting from release 9 4 0 0 IPv6 NDP packets use different CPU queues when compared to the Generic IPv6 ...

Page 277: ...ver the front end port and the backplane ports support only 8 queues As a result when packets are transmitted to the local CPU the CPU uses Q0 Q11 queues The control packets that are tunneled to the master unit are isolated from the data queues and the control queues in the backplane links Control traffic must be sent over the control queues Q4 Q7 on higig links After reaching the master unit tunn...

Page 278: ...X NDP Packets in VLT peer routing enable VLT peer routing enable cases each VLT node will have route entry for link local address of both self and peer VLT node Peer VLT link local entry will have egress port as ICL link And Actual link local address will have entry to CopyToCpu But NDP packets destined to peer VLT node needs to be taken to CPU and tunneled to the peer VLT node NDP packets in VLT ...

Page 279: ...ch all entry is put in the LPM table for IPv4 and IPv6 If this is included for IPv6 you can disable this capability by using the no ipv6 unknown unicast command Typically the catch all entry in LPM table is used for soft forwarding and generating ICMP unreachable messages to the source If this is in place then irrespective of whether it is 64 subnet or 64 subnet it doesn t have any effect as there...

Page 280: ...ontrol plane traffic and assign to the ACL CONFIGURATION mode Dell conf class map match any ospfv3 cpu qos Dell conf class map cpuqos match ipv6 access group ospfv3 4 Create a QoS input policy map to match to the class map and qos policy for each desired protocol CONFIGURATION mode Dell conf policy map input ospfv3_policy cpu qos Dell conf policy map in cpuqos class map ospfv3 qos policy ospfv3_ra...

Page 281: ...l To view the queue mapping for the MAC protocols use the show mac protocol queue mapping command Example of Viewing Queue Mapping for MAC Protocols Dell show mac protocol queue mapping Protocol Destination Mac EtherType Queue EgPort Rate kbps ARP any 0x0806 Q5 Q6 CP _ FRRP 01 01 e8 00 00 10 11 any Q7 CP _ LACP 01 80 c2 00 00 02 0x8809 Q7 CP _ LLDP any 0x88cc Q7 CP _ GVRP 01 80 c2 00 00 21 any Q7 ...

Page 282: ...Dell 282 Control Plane Policing CoPP ...

Page 283: ...lability by avoiding the need to deploy separate application specific networks For example instead of deploying an Ethernet network for LAN traffic include additional storage area networks SANs to ensure lossless Fibre Channel traffic and a separate InfiniBand network for high performance inter processor computing within server clusters only one DCB enabled network is required in a data center The...

Page 284: ...e of LAN storage and server traffic over a unified fabric IEEE data center bridging adds the following extensions to a classical Ethernet network 802 1Qbb Priority based Flow Control PFC 802 1Qaz Enhanced Transmission Selection ETS 802 1Qau Congestion Notification Data Center Bridging Exchange DCBx protocol NOTE Dell Networking OS supports only the PFC ETS and DCBx features in data center bridging...

Page 285: ...ffic is paused only after surpassing both static and dynamic thresholds for the priority specified for the port By default PFC is enabled when you enable DCB If you have not loaded FCoE_DCB_Config and iSCSI_DCB_Config DCB is disabled When you enable DCB globally you cannot simultaneously enable link level flow control Buffer space is allocated and de allocated only when you configure a PFC priorit...

Page 286: ...king OS ETS is implemented as follows ETS supports groups of 802 1p priorities that have PFC enabled or disabled No bandwidth limit or no ETS processing ETS uses the DCB MIB IEEE 802 1azd2 5 Data Center Bridging Exchange Protocol DCBx The data center bridging exchange DCBx protocol is disabled by default on the S4810 ETS is also disabled DCBx allows a switch to automatically discover DCB enabled p...

Page 287: ...ure shows how DCB handles a traffic flow on an interface Figure 32 DCB PFC and ETS Traffic Handling Enabling Data Center Bridging DCB is automatically configured when you configure FCoE or iSCSI optimization Data center bridging supports converged enhanced Ethernet CEE in a data center network DCB is disabled by default It must be enabled to support CEE Priority based flow control Enhanced transmi...

Page 288: ...g is an overview of the steps involved in configuring DCB Enter global configuration mode to create a DCB map or edit PFC and ETS settings Configure the PFC setting on or off and the ETS bandwidth percentage allocated to traffic in each priority group or whether the priority group traffic should be handled with strict priority scheduling You can enable PFC on a maximum of two priority queues on an...

Page 289: ... default PFC and ETS parameters are applied on the interfaces This change may create a DCB mismatch with peer DCB devices and interrupt network operation Data Center Bridging Default Configuration Before you configure PFC and ETS on a switch see the priority group setting taken into account the following default settings DCB is enabled PFC and ETS are globally enabled by default The default dot1p ...

Page 290: ...oup CONFIGURATION mode priority group group num bandwidth bandwidth strict priority pfc on The range for priority group is from 0 to 7 Set the bandwidth in percentage The percentage range is from 1 to 100 in units of 1 Committed and peak bandwidth is in megabits per second The range is from 0 to 40000 Committed and peak burst size is in kilobytes Default is 50 The range is from 0 to 10000 The pfc ...

Page 291: ...ed to loss less queues Port B acting as Ingress If the traffic congestion is on PORT B Egress DROP is on PORT A or C as the PFC is not enabled on PORT B Refer the following configuration for queue to dot1p mapping NOTE Although each port on the S4810 S4820T and S5000 devices support 8 QoS queues you can configure only 4 QoS queues 0 3 to manage data traffic The remaining 4 queues 4 7 are reserved ...

Page 292: ...C sends a pause frame to a peer device with the CoS priority values of the traffic that needs to be stopped DCBx provides the link level exchange of PFC parameters between peer devices PFC allows network administrators to create zero loss links for SAN traffic that requires no drop service while at the same time retaining packet drop congestion management for LAN traffic On switch PFC is enabled b...

Page 293: ... PFC dot1p priorities result in more than two lossless queues When you apply a DCB map an error message is displayed if link level flow control is already enabled on an interface You cannot enable PFC and link level flow control at the same time on an interface In a switch stack configure all stacked ports with the same PFC configuration Dell Networking OS allows you to change the default dot1p pr...

Page 294: ... map to more than one port You cannot apply a DCB map on an interface that has been already configured for PFC using thepfc priority command or which is already configured for lossless queues pfc no drop queues command dcb map name INTERFACE Configuring PFC without a DCB Map In a network topology that uses the default ETS bandwidth allocation assigns equal bandwidth to each priority you can also e...

Page 295: ...ort A Port B Port C Port B PFC no drop queues are configured for queues 1 2 on Port B PFC capability is enabled on priorities 3 4 on PORT A and C Port B acting as Egress During the congestion traffic pump on priorities 3 and 4 from PORT A and PORT C is at full line rate PORT A and C send out the PFCs to rate the traffic limit Egress drops are not observed on Port B since traffic flow on priorities...

Page 296: ...sable the PFC operation on the interface dcb map name default INTERFACE 6 Configure the port queues that still function as no drop queues for lossless traffic For the dot1p queue assignments The maximum number of lossless queues globally supported on a port is 2 You cannot configure PFC no drop queues on an interface on which a DCB map with PFC enabled has been applied or which is already configur...

Page 297: ...uring 4 lossless queues you can configure 4 different priorities and assign a particular priority to each application that your network is used to process For example you can assign a higher priority for time sensitive applications and a lower priority for other services such as file transfers You can configure the amount of buffer space to be allocated for each priority and the pause or resume th...

Page 298: ...1p queue table Table 2 The packets come in with packet dot1p 2 alone are assign to PG6 on ingress The packets come in with packet dot1p 2 alone use Q1 as per dot1p to Queue classification Table 2 on the egress port When Peer sends a PFC message for Priority 2 based on above PRIO2COS table TABLE 2 Queue 1 is halted Queue 1 starts buffering the packets with Dot1p 2 This causes PG6 buffer counter to ...

Page 299: ...pfc priority 1 2 Using PFC to Manage Converged Ethernet Traffic To use PFC for managing converged Ethernet traffic use the following command dcb map stack unit all dcb map name Configure Enhanced Transmission Selection ETS provides a way to optimize bandwidth allocation to outbound 802 1p classes of converged Ethernet traffic Different traffic types have different service needs Using ETS you can c...

Page 300: ...th ETS settings is applied on an egress interface 1 Configure a DCB Map CONFIGURATION mode dcb map dcb map name The dcb map name variable can have a maximum of 32 characters 2 Create an ETS priority group CONFIGURATION mode priority group group num bandwidth bandwidth strict priority pfc off The range for priority group is from 0 to 7 Set the bandwidth in percentage The percentage range is from 1 ...

Page 301: ...an interface is equal to the number of data queues 4 on the port The 802 1p priorities in a priority group can map to multiple queues If you configure more than one priority queue as strict priority or more than one priority group as strict priority the higher numbered priority queue is given preference when scheduling data traffic ETS Operation with DCBx The following section describes DCBx negot...

Page 302: ...olicy that allocates different amounts of bandwidth to the different traffic types dot1p priorities assigned to a queue and apply the output policy to the interface follow these steps 1 Create a QoS output policy CONFIGURATION mode Dell conf qos policy output test12 The maximum 32 alphanumeric characters 2 Configure the percentage of bandwidth to allocate to the dot1p priority queue traffic in the...

Page 303: ... is redirected to control queues as higher priority traffic with strict priority scheduling After the control queues drain out the remaining data traffic is scheduled to queues according to the bandwidth and scheduler configuration in the DCB map The available bandwidth calculated by the ETS algorithm is equal to the link bandwidth after scheduling non ETS higher priority traffic The configuration...

Page 304: ...iority groups in a DCB map A priority group consists of 802 1p priority values that are grouped together for similar bandwidth allocation and scheduling and that share the same latency and loss requirements All 802 1p priorities mapped to the same queue must be in the same priority group In a DCB map each 802 1p priority must map to a priority group The maximum number of priority groups supported ...

Page 305: ...ave strict priority scheduling such as groups 1 and 3 in the example the strict priority group whose traffic is mapped to one queue takes precedence over the strict priority group whose traffic is mapped to two queues Therefore in this example scheduling traffic to priority group 1 mapped to one strict priority queue takes precedence over scheduling traffic to priority group 3 mapped to two strict...

Page 306: ...er device and the local switch Mis configuration detection is feature specific because some DCB features support asymmetric configuration Reconfigures a peer device with the DCB configuration from its configuration source if the peer device is willing to accept configuration Accepts the DCB configuration from a peer if a DCBx port is in willing mode to accept a peer s DCB settings and then interna...

Page 307: ... the link with the DCBx peer port is disabled and a syslog message for an incompatible configuration is generated The network administrator must then reconfigure the peer device so that it advertises a compatible DCB configuration The internally propagated configuration is not stored in the switch s running configuration On a DCBx port in an auto downstream role all PFC application priority ETS re...

Page 308: ...rity TLV is advertised only if the priorities in the TLV match the PFC priorities configured on the port DCB Configuration Exchange The DCBx protocol supports the exchange and propagation of configuration information for the enhanced transmission selection ETS and priority based flow control PFC DCB features DCBx uses the following methods to exchange DCB configuration parameters Asymmetric DCB pa...

Page 309: ...nchronization If the configuration received from the peer is not compatible with the internally propagated configuration used by the configuration source the port is disabled as a client for DCBx operation and synchronization and a syslog error message is generated The port keeps the peer link up and continues to exchange DCBx packets If a compatible configuration is later received from the peer t...

Page 310: ...d TLVs cause the unrecognized TLV counter to increment but the frame is processed and is not discarded Legacy DCBx CIN and CEE supports the DCBx control state machine that is defined to maintain the sequence number and acknowledge the number sent in the DCBx control TLVs DCBx Example The following figure shows how to use DCBx The external 40GbE 40GbE ports on the base module ports 33 and 37 of two...

Page 311: ...the switch To configure the S4820Tsystem for DCBx operation in a data center network you must 1 Configure ToR and FCF facing interfaces as auto upstream ports 2 Configure server facing interfaces as auto downstream ports 3 Configure a port to operate in a configuration source role 4 Configure ports to operate in a manual role 1 Enter INTERFACE Configuration mode CONFIGURATION mode interface type s...

Page 312: ...figure the transmission of more than one TLV type at a time for example advertise DCBx tlv ets conf ets reco You can enable ETS recommend TLVs ets reco only if you enable ETS configuration TLVs ets conf To disable TLV transmission use the no form of the command for example no advertise DCBx tlv pfc ets reco 6 On manual ports only Configure the Application Priority TLVs advertised on the interface ...

Page 313: ...nf enables transmission of ETS Configuration TLVs ets reco enables transmission of ETS Recommend TLVs pfc enables transmission of PFC TLVs NOTE You can configure the transmission of more than one TLV type at a time You can only enable ETS recommend TLVs ets reco if you enable ETS configuration TLVs ets conf To disable TLV transmission use the no form of the command for example no advertise DCBx tl...

Page 314: ... received a different conflicting DCBx version DSM_DCBx_PFC_PARAMETERS_MATCH and DSM_DCBx_PFC_PARAMETERS_MISMATCH A local DCBx port received a compatible match or incompatible mismatch PFC configuration from a peer DSM_DCBx_ETS_PARAMETERS_MATCH and DSM_DCBx_ETS_PARAMETERS_MISMATCH A local DCBx port received a compatible match or incompatible mismatch ETS configuration from a peer LLDP_UNRECOGNISED...

Page 315: ...configuration applied to ingress traffic on an interface including priorities and link delay To clear PFC TLV counters use the clear pfc counters interface port type slot port command show interface port type slot port pfc statistics Displays counters for the PFC frames received and transmitted by dot1p priority class on an interface show interface port type slot port ets summary detail Displays t...

Page 316: ...W 50 PFC OFF Priorities 0 1 2 5 6 7 PG 1 TSA ETS BW 50 PFC ON Priorities 3 4 The following example shows the show interfaces pfc summary command Dell show interfaces tengigabitethernet 1 4 pfc summary Interface TenGigabitEthernet 1 4 Admin mode is on Admin is enabled Remote is enabled Priority list is 4 Remote Willing Status is enabled Local is enabled Oper status is Recommended PFC DCBx Oper stat...

Page 317: ...FC admin mode is on PFC advertisements are enabled to be sent and received from peers received PFC configuration takes effect The admin operational status for a DCBx exchange of PFC configuration is enabled or disabled Remote is enabled Priority list Remote Willing Status is enabled Operational status enabled or disabled of peer device for DCBx exchange of PFC configuration with a list of the conf...

Page 318: ...ority TLVs Application Priority TLV Local ISCSI Priority Map Priority bitmap used by local DCBx port in ISCSI advertisements in application priority TLVs Application Priority TLV Remote FCOE Priority Map Status of FCoE advertisements in application priority TLVs from remote peer port enabled or disabled Application Priority TLV Remote ISCSI Priority Map Status of iSCSI advertisements in applicatio...

Page 319: ...cal Parameters Local is enabled TC grp Priority Bandwidth TSA 0 1 0 1 2 100 ETS 2 3 0 SP 3 4 5 6 7 0 SP 4 5 6 7 Oper status is init ETS DCBx Oper status is Down State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 0 Input Conf TLV Pkts 1955 Output Conf TLV Pkts 0 Error Conf TLV Pkts 0 Input Reco TLV Pkts 1955 Output Reco TLV Pkts 0 Error Reco TLV Pkts Dell c...

Page 320: ...ETS 3 13 ETS 4 12 ETS 5 12 ETS 6 12 ETS 7 12 ETS Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts 0 Output Conf TLV Pkts 0 Error Conf TLV Pkts 0T LIVnput Traffic Class TLV Pkts 0 Output Traffic Class TLV Pkts 0 Error Traffic Class Pkts The following example shows the show interface ets detail command Dell conf show interfaces tengigab...

Page 321: ...Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts 0 Output Conf TLV Pkts 0 Error Conf TLV Pkts 0 Input Traffic Class TLV Pkts 0 Output Traffic Class TLV Pkts 0 Error Traffic Class TLV Pkts The following table describes the show interface ets detail command fields Table 18 show interface ets detail Command Description Field Description ...

Page 322: ...emote ETS configuration parameters were received from peer Internally propagated ETS configuration parameters were received from configuration source ETS DCBx Oper status Operational status of ETS configuration on local port match or mismatch State Machine Type Type of state machine used for DCBx exchanges of ETS parameters Feature for legacy DCBx versions Asymmetric for an IEEE version Conf TLV T...

Page 323: ...7 100 ETS 1 2 3 4 5 6 7 8 Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 2 3 4 5 6 7 8 The following example shows the show interface DCBx detail command IEEE Dell conf if te 1 17 lldp do sho int te 2 12 dc d E ETS Configuration TLV enabled e ETS Con...

Page 324: ... P PFC Configuration TLV enabled p PFC Configuration TLV disabled F Application priority for FCOE enabled f Application Priority for FCOE disabled I Application priority for iSCSI enabled i Application Priority for iSCSI disabled Interface TenGigabitEthernet 1 14 Remote Mac Address 00 01 e8 8a df a0 Port Role is Auto Upstream DCBx Operational Status is Enabled Is Configuration Source FALSE Local D...

Page 325: ...r uses to exchange DCB parameters Local DCBx TLVs Transmitted Transmission status enabled or disabled of advertised DCB TLVs see TLV code at the top of the show command output Local DCBx Status DCBx Operational Version DCBx version advertised in Control TLVs Local DCBx Status DCBx Max Version Supported Highest DCBx version supported in Control TLVs Local DCBx Status Sequence Number Sequence number...

Page 326: ...rames received Sample DCB Configuration The following shows examples of using PFC and ETS to manage your data center traffic In the following example Incoming SAN traffic is configured for priority based flow control Outbound LAN IPC and SAN traffic is mapped into three ETS priority groups and configured for enhanced traffic selection bandwidth allocation and scheduling One lossless queue is used ...

Page 327: ...lobal Configuration mode to map ingress dot1p frames to the queues shown in the following table For more information refer to QoS dot1p Traffic Classification and Queue Assignment The following describes the dot1p priority class group assignment dot1p Value in the Incoming Frame Priority Group Assignment 0 LAN 1 LAN 2 LAN Data Center Bridging DCB 327 ...

Page 328: ...face tengigabitethernet 1 1 Dell conf if te 1 1 service class dynamic dot1p 3 Apply DCB map to relevant interface dcb map test priority group 1 bandwidth 50 pfc on priority group 2 bandwidth 45 pfc off priority group 3 bandwidth 5 pfc on priority pgid 2 2 2 1 3 2 2 2 Example of Applying DCB Map to an Interface Dell conf int tengigabitethernet 1 1 Dell conf if te 1 1 dcb map test QoS dot1p Traffic ...

Page 329: ...into account the default dot1p queue assignments in the following table and the maximum number of two lossless queues supported on a port refer to Configuring Lossless Queues Although Dell Networking OS allows you to change the default dot1p priority queue assignments refer to Setting dot1p Priorities for Incoming Traffic DCB policies applied to an interface may become invalid if you reconfigure d...

Page 330: ...he number of PFC queues CONFIGURATION mode dcb enable pfc queues pfc queues The number of ports supported based on lossless queues configured will depend on the buffer The default number of PFC queues in the system is two for S4810 and Z9500 and one for S6000 platforms For each priority you can specify the shared buffer threshold limit the ingress buffer size buffer limit for pausing the acceptanc...

Page 331: ...fault buffer threshold setting INTERFACE mode conf if te dcb policy buffer threshold buffer threshold 8 Configuring Global total buffer size on stack ports CONFIGURATION mode dcb pfc total buffer size buffer size stack unit all port set port pipe all Port set number range is from 0 to 3 Data Center Bridging DCB 331 ...

Page 332: ...This is a network device offering configuration parameters to the client DHCP Client This is a network device requesting configuration parameters from the server Relay Agent This is an intermediary network device that passes DHCP messages between the client and server when the server is not on the same subnet as the host DHCP Packet Format and Options DHCP uses the user datagram protocol UDP as it...

Page 333: ...lowed to use an assigned IP address DHCP Message Type Option 53 1 DHCPDISCOVER 2 DHCPOFFER 3 DHCPREQUEST 4 DHCPDECLINE 5 DHCPACK 6 DHCPNACK 7 DHCPRELEASE 8 DHCPINFORM Parameter Request List Option 55 Clients use this option to tell the server which parameters it requires It is a series of octets where each octet is DHCP option code Renewal Time Option 58 Specifies the amount of time after the IP a...

Page 334: ...lient might wait a period of time and then act on the most preferred offer 3 The client broadcasts a DHCPREQUEST message in response to the offer requesting the offered values 4 After receiving a DHCPREQUEST the server binds the clients unique identifier the hardware address plus IP address to the accepted configuration parameters and stores the data in a database called a binding table The server...

Page 335: ...wing message Error Vlan member has access list configured Error Vlan has an access list configured NOTE If you enable DHCP Snooping globally and you have any configured L2 ports any IP ACL MAC ACL or DHCP source address validation ACL does not block DHCP packets Dell Networking OS provides 40K entries that can be divided between leased addresses and excluded addresses By extension the maximum numb...

Page 336: ...rate Lease Management DHCP servers use leases to allocate addresses to clients for a limited time The DHCP server maintains information about each of the leases including lease length Responding To Client Requests DHCP servers respond to different types of requests from clients primarily granting renewing and terminating leases Providing Administration Services DHCP servers include functionality t...

Page 337: ...et up a DHCP server and provide it with configuration parameters and policy information including IP address ranges lease length specifications and configuration data that DHCP hosts need Configuring the Dell system to be a DHCP server is a three step process 1 Configuring the Server for Automatic Address Allocation 2 Specifying a Default Gateway Related Configuration Tasks Configure a Method of H...

Page 338: ... or NetBIOS WINS Using DNS for Address Resolution A domain is a group of networks DHCP clients query DNS IP servers when they need to correlate host names to IP addresses 1 Create a domain DHCP POOL domain name name 2 Specify in order of preference the DNS servers that are available to a DHCP client DHCP POOL dns server address Using NetBIOS WINS for Address Resolution Windows internet naming serv...

Page 339: ...s pools There is no limit on the number of manual bindings but you can only configure one manual binding per host NOTE Dell Networking OS does not prevent you from using a network IP as a host IP be sure to not use a network IP as a host IP 1 Create an address pool DHCP mode pool name 2 Specify the client IP address DHCP POOL host address 3 Specify the client hardware address DHCP POOL hardware ad...

Page 340: ... Specify multiple DHCP servers by using the ip helper address dhcp address command multiple times When you configure the ip helper address command the system listens for DHCP broadcast messages on port 67 The system rewrites packets received from the client and forwards them via unicast to the DHCP servers the system rewrites the destination IP address and writes its own address as the relay devic...

Page 341: ...show ip int tengigabitethernet 1 3 TenGigabitEthernet 1 3 is up line protocol is down Internet address is 10 11 0 1 24 Broadcast address is 10 11 0 255 Address determined by user input IP MTU is 1500 bytes Helper address is 192 168 0 1 192 168 0 2 Directed broadcast forwarding is disabled Proxy ARP is enabled Split Horizon is enabled Poison Reverse is disabled Dynamic Host Configuration Protocol D...

Page 342: ...from a DHCP server By default the switch is configured to operate in Jumpstart mode as a DHCP client that sends DHCP requests to a DHCP server to retrieve configuration information IP address boot image filename and configuration file All ports and management interfaces are brought up in Layer 3 mode and pre configured with no shutdown and no ip address For this reason you cannot enter configurati...

Page 343: ...le the DHCP client on an interface and set the priority to 255 or assign the same DHCP interface IP address to a VRRP virtual group Doing so guarantees that this router becomes the VRRP group owner To use the router as the VRRP owner if you enable a DHCP client on an interface that is added to a VRRP group assign a priority less than 255 but higher than any other priority assigned in the group DHC...

Page 344: ...le to provide stack port detail on the DHCP server when you set the DHCP offer A stack can be formed when the units are connected Option 230 is the option for user port stacking Use it to create up to eight stack groups Define the configuration parameters on the DHCP server for each chassis based on the chassis MAC address Configure the following parameters unit number priority stack group ID The ...

Page 345: ...gent and the DHCP server enter the trust downstream option Manually reset the remote ID for Option 82 CONFIGURATION mode ip dhcp relay information option remote id DHCP Snooping DHCP snooping protects networks from spoofing In the context of DHCP snooping ports are either trusted or not trusted By default all ports are not trusted Trusted ports are ports through which attackers cannot connect Manu...

Page 346: ...DHCPDECLINE packets are allowed so that the DHCP snooping table can decrease in size After the table usage falls below the maximum limit of 4000 entries new IP address assignments are allowed NOTE DHCP server packets are dropped on all not trusted interfaces of a system configured for DHCP snooping To prevent these packets from being dropped configure ip dhcp snooping trust on the server connected...

Page 347: ...pv6 address interface interface type interface number lease value Clearing the Binding Table To clear the binding table use the following command Delete all of the entries in the binding table EXEC Privilege mode clear ip dhcp snooping binding Clearing the DHCP IPv6 Binding Table To clear the DHCP IPv6 binding table use the following command Delete all of the entries in the binding table EXEC Priv...

Page 348: ...ping Enabled Vlans Vl 10 List of DAI Trust ports Te 1 4 Displaying the Contents of the DHCPv6 Binding Table To display the contents of the DHCP IPv6 binding table use the following command Display the contents of the binding table EXEC Privilege mode show ipv6 dhcp snooping biniding Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp sno...

Page 349: ...0 00 4d 57 f8 e8 172740 D Vl 10 Te 1 3 10 1 1 254 00 00 4d 69 e8 f2 172740 D Vl 10 Te 1 5 Total number of Entries in the table 4 Dynamic ARP Inspection Dynamic address resolution protocol ARP inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding table ARP is a stateless protocol that provides no authentication mechanism Network devices acc...

Page 350: ...gion before enabling DAI SystemFlow has 102 entries by default This region is comprised of two sub regions L2Protocol and L2SystemFlow L2Protocol has 87 entries L2SystemFlow has 15 entries Six L2SystemFlow entries are used by Layer 2 protocols leaving nine for DAI L2Protocol can have a maximum of 100 entries you must expand this region to capacity before you can increase the size of L2SystemFlow T...

Page 351: ...ic ARP Inspection DAI Statistics Valid ARP Requests 0 Valid ARP Replies 1000 Invalid ARP Requests 1000 Invalid ARP Replies 0 Dell Bypassing the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted which is useful in multi switch environments ARPs received on trusted ports bypass validation against the binding table All ports are untrusted by default T...

Page 352: ... DHCP servers assign with the port or the port channel interface on which the requesting client is attached and the VLAN the client belongs to When you enable IP source address validation on a port the system verifies that the source IP address is one that is associated with the incoming port and optionally that the client belongs to the permissible VLAN If an attacker is impostering as a legitima...

Page 353: ...ce address validation SAV validates the IP source address of an incoming packet and optionally the VLAN ID of the client against the DHCP snooping binding table IP MAC SAV ensures that the IP source address and MAC source address are a legitimate pair rather than validating each attribute individually You cannot configure IP MAC SAV with IP SAV 1 Allocate at least one FP block to the ipmacacl CAM ...

Page 354: ...s The following output of the show ip dhcp snooping source address validation discard counters interface interface command displays the number of SAV dropped packets on a particular interface Dell show ip dhcp snooping source address validation discard counters interface TenGigabitEthernet 1 1 deny access list on TenGigabitEthernet 1 1 Total cam count 2 deny vlan 10 count 0 packets deny vlan 20 co...

Page 355: ...ing OS version 8 2 1 2 the default hash algorithm is 24 Enabling Deterministic ECMP Next Hop Deterministic ECMP next hop arranges all ECMPs in order before writing them into the content addressable memory CAM For example suppose the RTM learns eight ECMPs in the order that the protocols and interfaces came up In this case the forwarding information base FIB and CAM sorts them so that the ECMPs are...

Page 356: ...e the hash algorithm configuration the hash seed does not return to the original factory default setting To configure the hash algorithm seed use the following command Specify the hash algorithm seed CONFIGURATION mode hash algorithm seed value stack unit number port set number The range is from 0 to 4095 Link Bundle Monitoring Monitoring linked ECMP bundles allows traffic distribution amounts in ...

Page 357: ...n ecmp group 1 Link bundle trigger threshold 60 ECMP bundle 1 Utilization In Percent 44 Alarm State Active Interface Line Protocol Utilization In Percent Te 1 1 Up 36 Te 1 1 Up 52 Managing ECMP Group Paths To avoid path degeneration configure the maximum number of paths for an ECMP route that the L3 CAM can hold When you do not configure the maximum number of routes the CAM can hold a maximum ECMP...

Page 358: ...engigabitethernet 1 1 interface port channel 100 3 Enable monitoring for the bundle CONFIGURATION ECMP GROUP mode link bundle monitor enable Modifying the ECMP Group Threshold You can customize the threshold percentage for monitoring ECMP group bundles To customize the ECMP group bundle threshold and to view the changes use the following commands Modify the threshold for monitoring ECMP group bund...

Page 359: ...4 6 1022 and are for information only You can configure ecmp group with id 2 for link bundle monitoring This ecmp group is different from the ecmp group index 2 that is created by configuring routes and is automatically generated These two ecmp groups are not related in any way Dell conf ecmp group 5 show config ecmp group 5 interface tengigabitethernet 1 2 interface tengigabitethernet 1 3 link bu...

Page 360: ...er end devices attached to the Fibre Channel network end devices log into the switch to which they are attached Because Fibre Channel links are point to point a Fibre Channel switch controls all storage traffic that an end device sends and receives over the network As a result the switch can enforce zoning configurations ensure that end devices use their assigned addresses and secure the network f...

Page 361: ...llows FCoE traffic to be sent and received between FCoE end devices ENodes and the FCF FIP uses its own EtherType and frame format The following illustration shows the communication that occurs between an ENode server and an FCoE switch FCF The following table lists the FIP functions Table 22 FIP Functions FIP Function Description FIP VLAN discovery FCoE devices ENodes discover the FCoE VLANs on w...

Page 362: ...s FIP login frames are processed The ACLs are installed on switch ports configured for ENode mode for server facing ports and FCF mode for a trusted port directly connected to an FCF Enable FIP snooping on the switch configure the FIP snooping parameters and configure CAM allocation for FCoE When you enable FIP snooping all ports on the switch by default become ENode ports Dynamic ACL generation o...

Page 363: ...work The top of rack ToR switch operates as an FCF for FCoE traffic Converged LAN and SAN traffic is transmitted between the ToR switch and an S4820T switch The switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the FCF switch Figure 39 FIP Snooping on an S4820T Switch The following sections describe how to configure the FIP snoopin...

Page 364: ... by snooping FIP keep alive messages In case of a failover the new master switch starts the required timers for the FCoE database tables Timers run only on the master stack unit Using FIP Snooping There are four steps to configure FCoE transit 1 Enable the FCoE transit feature on a switch 2 Enable FIP snooping globally on all Virtual Local Area Networks VLANs or individual VLANs on a FIP snooping ...

Page 365: ...Snooping To allow FIP frames to pass through the switch on all VLANs enable FIP snooping globally on a switch A switch can support a maximum eight VLANs Configure at least one FCF bridge to bridge port mode interface for any FIP snooping enabled VLAN You can configure multiple FCF trusted interfaces in a VLAN When you disable FIP snooping ACLs are not installed FIP and FCoE traffic is not blocked ...

Page 366: ...lobally on a switch on all VLANs or on a specified VLAN When you enable FIP snooping on VLANs FIP frames are allowed to pass through the switch on the enabled VLANs and are processed to generate FIP snooping ACLs FCoE traffic is allowed on VLANs only after a successful virtual link initialization fabric login FLOGI between an ENode and an FCF All other FCoE traffic is dropped You must configure at...

Page 367: ...he VLAN FLOGI and fabric discovery FDISC request response packets are trapped to the CPU They are forwarded after the necessary ACLs are installed Impact on Other Software Features When you enable FIP snooping on a switch other software features are impacted The following table lists the impact of FIP snooping Table 23 Impact of Enabling FIP Snooping Impact Description MAC address learning MAC add...

Page 368: ... FCoE transit parameters on ports follow these steps 1 Configure FCoE FCoE configuration copy flash CONFIG_TEMPLATE FCoE_DCB_Config running config The configuration files are stored in the flash memory in the CONFIG_TEMPLATE file NOTE DCB DCBx is enabled when either of these configurations is applied 2 Save the configuration on the switch EXEC Privilege mode write memory 3 Reload the switch to ena...

Page 369: ...snooped sessions including the FCF interface and MAC address FCF interface VLAN ID FC MAP value FKA advertisement period and number of ENodes connected clear fip snooping database interface vlan vlan id fcoe mac address enode mac address fcf mac address Clears FIP snooping information on a VLAN for a specified FCoE MAC address ENode MAC address or FCF MAC address and removes the corresponding ACLs...

Page 370: ...lowing table describes the show fip snooping sessions command fields Table 25 show fip snooping sessions Command Description Field Description ENode MAC MAC address of the ENode ENode Interface Slot port number of the interface connected to the ENode FCF MAC MAC address of the FCF FCF Interface Slot port number of the interface to which the FCF is connected VLAN VLAN ID number used by the session ...

Page 371: ...ss of the FCF FCF Interface Slot port number of the interface to which the FCF is connected VLAN VLAN ID number used by the session FC MAP FC Map value advertised by the FCF ENode Interface Slot port number of the interface connected to the ENode FKA_ADV_PERIOD Period of time in milliseconds during which FIP keep alive advertisements are transmitted No of ENodes Number of ENodes connected to the F...

Page 372: ...umber of FLOGO Accepts 0 Number of FLOGO Rejects 0 Number of CVL 0 Number of FCF Discovery Timeouts 0 Number of VN Port Session Timeouts 0 Number of Session failures due to Hardware Config 0 The following example shows the show fip snooping statistics port channel command Dell show fip snooping statistics interface port channel 22 Number of Vlan Requests 0 Number of Vlan Notifications 2 Number of ...

Page 373: ...ce Number of VN Port Keep Alives Number of FIP snooped VN port keep alive frames received on the interface Number of Multicast Discovery Advertisements Number of FIP snooped multicast discovery advertisements received on the interface Number of Unicast Discovery Advertisements Number of FIP snooped unicast discovery advertisements received on the interface Number of FLOGI Accepts Number of FIP FLO...

Page 374: ...hardware configuration that occurred on the interface The following example shows the show fip snooping system command Dell show fip snooping system Global Mode Enabled FCOE VLAN List Operational 1 100 FCFs 1 Enodes 2 Sessions 17 The following example shows the show fip snooping vlan command Dell show fip snooping vlan Default VLAN VLAN FC MAP FCFs Enodes Sessions 1 100 0X0EFC00 1 2 17 374 FCoE Tr...

Page 375: ...am or configuration source role The DCBx configuration on the FCF facing port is detected by the server facing port and the DCB PFC configuration on both ports is synchronized For more information about how to configure DCBx and PFC on a port refer to the Data Center Bridging DCB chapter The following example shows how to configure FIP snooping on FCoE VLAN 10 on an FCF facing port 1 5 on an ENode...

Page 376: ...e 1 5 switchport Dell conf if te 1 5 fip snooping port mode fcf Dell conf if te 1 5 protocol lldp Dell conf if te 1 5 lldp dcbx port role auto upstream Example of Configuring FIP Snooping Ports as Tagged Members of the FCoE VLAN Dell conf interface vlan 10 Dell conf if vl 10 tagged tengigabitethernet 1 1 Dell conf if vl 10 tagged tengigabitethernet 1 5 Dell conf if te 1 1 no shut Dell conf if te 1...

Page 377: ... the following features use the embedded FIPS 140 2 validated cryptography module SSH Client SSH Server RSA Host Key Generation SCP File Transfers Currently other features using cryptography do not use the embedded FIPS 140 2 validated cryptography module Configuration Tasks To enable FIPS cryptography complete the following configuration tasks Preparing the System Enabling FIPS Mode Generating Ho...

Page 378: ...his failure occurs if there were existing SSH Telnet sessions that could not be closed successfully in a reasonable amount of time In general this failure can occur if a user at a remote host is in the process of establishing an SSH session to the local system and has been prompted to accept a new host key or to enter a password but is not responding to the request Assuming this failure is a trans...

Page 379: ...example shows the show system command Dell show system Stack MAC 00 01 e8 8a ff 0c Reload Type normal reload Next boot normal reload Unit 0 Unit Type Management Unit Status online Next Boot online Required Type S4810 52 port GE TE FG SE Current Type S4810 52 port GE TE FG SE Master priority 0 Hardware Rev 3 0 Num Ports 64 Up Time 7 hr 3 min Dell Networking OS Version 4810 8 3 7 1061 Jumbo Capable ...

Page 380: ...key pairs are created To disable FIPS mode use the following command To disable FIPS mode from a console port CONFIGURATION mode no fips mode enable The following Warning message displays WARNING Disabling FIPS mode will close all SSH Telnet connections restart those servers and destroy all configured host keys Proceed y n 380 FIPS Cryptography ...

Page 381: ... and monitors the status of the Ring The Master node checks the status of the Ring by sending ring health frames RHF around the Ring from its Primary port and returning on its Secondary port If the Master node misses three consecutive RHFs the Master node determines the ring to be in a failed state The Master then sends a Topology Change RHF to the Transit Nodes informing them that the ring has ch...

Page 382: ...N to the Master node When the Master node receives this control frame the Master node moves from the Normal state to the Ring Fault state and unblocks its Secondary port The Master node clears its routing table and sends a control frame to all other ring nodes instructing them to clear their routing tables as well Immediately after clearing its routing table each node begins learning the new topol...

Page 383: ...th FRRP groups Switch R3 has two instances of FRRP running on it one for each ring The example topology that follows shows R3 assuming the role of a Transit node for both FRRP 101 and FRRP 202 Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks The Master node originates a high speed frame that circulates around the ring Thi...

Page 384: ...te A transition state before moving to the Forward state Control traffic is forwarded but data traffic is blocked The Master node Secondary port transitions through this state during ring bring up All ports transition through this state when a port comes up Pre Forwarding State A transition state before moving to the Forward state Control traffic is forwarded but data traffic is blocked The Master...

Page 385: ...a Dell proprietary protocol that does not interoperate with any other vendor You must disable the spanning tree protocol STP on both the Primary and Secondary interfaces before you can enable FRRP All ring ports must be Layer 2 ports This is required for both Master and Transit nodes A VLAN configured as a control VLAN for a ring cannot be configured as a control or member VLAN for any other ring ...

Page 386: ...control VLAN You cannot configure a VLAN as both a control VLAN and member VLAN on the same ring Only two interfaces can be members of a control VLAN the Master Primary and Secondary ports Member VLANs across multiple rings are not supported in Master nodes To create the control VLAN for this FRRP group use the following commands on the switch that is to act as the Master node 1 Create a VLAN with...

Page 387: ...ode member vlan vlan id range VLAN ID Range VLAN IDs for the ring s member VLANS 6 Enable FRRP CONFIG FRRP mode no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2 Their status as Control or Member is determined at the FRRP group commands For more information about configuring VLANS in Layer 2 mode refer to the Layer 2 chapter Be sure to ...

Page 388: ...ce For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information Slot Port Range Slot and Port ID for the interface Range is entered Slot Port PortSlot Port VLAN ID Identification number of the Control VLAN 4 Configure a Transit node CONFIG FRRP mode mode transit...

Page 389: ...he counters associated with all FRRP groups EXEC PRIVELEGED mode clear frrp Viewing the FRRP Configuration To view the configuration for the FRRP group use the following command Show the configuration for this FRRP group CONFIG FRRP mode show configuration Viewing the FRRP Information To view general FRRP information use one of the following commands Show the information for the identified FRRP gr...

Page 390: ...y for the interface The maximum number of rings allowed on a chassis is 255 Sample Configuration and Topology The following example shows a basic FRRP topology Example of R1 MASTER interface TenGigabitEthernet 1 24 no ip address switchport no shutdown interface TenGigabitEthernet 1 34 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 1 24 34 no shutdow...

Page 391: ...member vlan 201 mode transit no disable Example of R3 TRANSIT interface TenGigabitEthernet 3 14 no ip address switchport no shutdown interface TenGigabitEthernet 3 21 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 3 14 21 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 3 14 21 no shutdown protocol frrp 101 interface primary Te...

Page 392: ...information and they do not run GVRP It is this information that is propagated to create dynamic VLAN membership in the core of the network Important Points to Remember GVRP propagates VLAN membership throughout a network GVRP allows end stations and switches to issue and revoke declarations relating to VLAN membership VLAN registration is made in the context of the port that receives the GARP PDU...

Page 393: ...ch where you want GVRP information exchanged In the following example that type of port is referred to as a VLAN trunk port but it is not necessary to specifically identify to the Dell Networking OS that the port is a trunk port Figure 41 Global GVRP Configuration Example Basic GVRP configuration is a two step process 1 Enabling GVRP Globally 2 Enabling GVRP on a Layer 2 Interface GARP VLAN Regist...

Page 394: ...rief command Enabling GVRP on a Layer 2 Interface To enable GVRP on a Layer 2 interface use the following command Enable GVRP on a Layer 2 interface INTERFACE mode gvrp enable Example of Enabling GVRP on an Interface Dell conf if te 1 21 switchport Dell conf if te 1 21 gvrp enable Dell conf if te 1 21 no shutdown Dell conf if te 1 21 show config interface TenGigabitEthernet 1 21 no ip address swit...

Page 395: ...registration fixed 34 35 Dell conf if te 1 21 gvrp registration forbidden 45 46 Dell conf if te 1 21 show conf interface TenGigabitEthernet 1 21 no ip address switchport gvrp enable gvrp registration fixed 34 35 gvrp registration forbidden 45 46 no shutdown Dell conf if te 1 21 Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP There...

Page 396: ... timer RPM Redundancy The current version of Dell Networking OS supports 1 1 hitless route processor module RPM redundancy The primary RPM performs all routing switching and control operations while the standby RPM monitors the primary RPM In the event that the primary RPM fails the standby RPM can assume control of the system without requiring a chassis reboot This section contains the following ...

Page 397: ...tion and Removal Hitless Behavior Graceful Restart Software Resiliency Hot Lock Behavior Component Redundancy Dell Networking systems eliminate single points of failure by providing dedicated or load balanced redundancy for each component RPM Redundancy The current version of Dell Networking OS supports 1 1 hitless route processor module RPM redundancy The primary RPM performs all routing switchin...

Page 398: ...between the two versions as described in the following table To view the configuration loaded on each RPM use the show redundancy command as shown in the example in Automatic and Manual RPM Failover Table 30 Mismatch Condition Behaviors Mismatch Condition Example Behavior Different Dell Networking OS versions with only the first two digits matching Primary 7 4 2 0 Standby 7 4 1 0 The link to the s...

Page 399: ...Unit Failover Stack unit failover is the process of the standby unit becoming a management unit Dell Networking OS fails over to the standby stack unit when 1 Communication is lost between the standby and primary stack unit 2 You request a failover via the CLI To display the reason for the last failover use the show redundancy command from EXEC Privilege mode Example of the show redundancy Command...

Page 400: ...ots All the line cards and SFMs remain online All application tasks are spawned on the secondary RPM before failover The running configuration is synchronized at runtime so it does not need to be reapplied during failover Synchronization between Management and Standby Units Data between the Management and Standby units is synchronized immediately after bootup After the Management and Standby units...

Page 401: ...ack unit Command Dell redundancy force failover stack unit System configuration has been modified Save yes no yes Proceed with Stack unit hot failover confirm yes no yes Dell Specifying an Auto Failover Limit When a non recoverable fatal error is detected an automatic failover occurs However Dell Networking OS is configured to auto failover only three times within any 60 minute period You may spec...

Page 402: ... Insertion and Removal Linecard Online Insertion and Removal RPM Online Insertion and Removal Dell Networking systems are functional with only one RPM If you insert a second RPM it comes online as the standby RPM To see SFM status information use the show sfm all command Example of the show rpm all Command Dell show rpm all Route Processor Modules Slot Status NxtBoot Version 0 active online 7 5 1 ...

Page 403: ...Dell conf RPM0 P CP CHMGR 2 CARD_DOWN Line card 0 down card removed Dell conf do show linecard all Line cards Slot Status NxtBoot ReqTyp CurTyp Version Ports 0 not present E48VB output omitted Pre Configuring a Stack Unit Slot You may also pre configure an empty stack unit slot with a logical stack unit To pre configure an empty stack unit slot use the following command Pre configure an empty stac...

Page 404: ...ible with other hitless and graceful restart protocols For example if hitless open shortest path first OSPF is configured over hitless the link aggregation control protocol LACP link aggregation groups LAGs both features work seamlessly to deliver a hitless OSPF LACP result However to achieve a hitless end result if the hitless behavior involves multiple protocols all protocols must be hitless For...

Page 405: ...ystem Key parameters such as CPU utilization free memory and error counters for example CRC failures and packet loss are measured and after exceeding a threshold can be used to initiate recovery mechanism Failure and Event Logging Dell Networking systems provide multiple options for logging failures and events Trace Log Developers interlace messages with software code to track the execution of a p...

Page 406: ... CAM entries dynamically without disrupting traffic Existing entries are simply shuffled to accommodate new entries Hot Lock IP ACLs allows you to append rules to and delete rules from an access control list ACL that is already written to CAM This behavior is enabled by default and is available for both standard and extended ACLs on ingress and egress For information about configuring ACLs refer t...

Page 407: ...eneral interface related processes are hitless and can be restarted in seconds if a restart is successful traffic is not interrupted Protocol tasks and line card processes are not hitless and take longer to restart You can select which process may attempt to restart and the number of consecutive restart attempts before failover but by default every process fails over Enable process restartability ...

Page 408: ... IGMP version 1 IGMP Querier Dell Networking OS automatically enables IGMP on interfaces on which you enable a multicast routing protocol IGMP Protocol Overview IGMP has three versions Version 3 obsoletes and is backwards compatible with version 2 version 2 obsoletes version 1 IGMP Version 2 IGMP version 2 improves on version 1 by specifying IGMP Leave messages which allows hosts to notify routers...

Page 409: ... address of the group it wants to join the packet is addressed to the same group If multiple hosts want to join the same multicast group only the report from the first host to respond reaches the querier and the remaining hosts suppress their responses For how the delay timer mechanism works refer to Adjusting Query and Response Timers 3 The querier receives the report for a group and adds the gro...

Page 410: ...there are no interested receivers To enable filtering routers must keep track of more state information that is the list of sources that must be filtered An additional query type the Group and Source Specific Query keeps track of state changes while the Group Specific and General queries still refresh the existing state Reporting is more efficient and robust hosts do not suppress query responses n...

Page 411: ...uery to verify that there are no hosts interested in any other sources The multicast router must satisfy all hosts if they have conflicting requests For example if another host on the subnet is interested in traffic from 10 11 1 3 the router cannot record the include request There are no other interested hosts so the request is recorded At this point the multicast routing protocol prunes the tree ...

Page 412: ...essary 2 The querier before making any state changes sends a group and source query to see if any other host is interested in these two sources queries for state changes are retransmitted multiple times If any are they respond with their current state information and the querier refreshes the relevant state information 3 Separately in the following illustration the querier sends a general query to...

Page 413: ...ng using the ip multicast routing command 2 Enable a multicast routing protocol Related Configuration Tasks Viewing IGMP Enabled Interfaces Selecting an IGMP Version Viewing IGMP Groups Adjusting Timers Preventing a Host from Joining a Group Enabling IGMP Immediate Leave IGMP Snooping Internet Group Management Protocol IGMP 413 ...

Page 414: ...GMP activity 2 joins IGMP querying router is 165 87 34 5 this system IGMP version is 2 Dell Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default which supports version 1 and 2 hosts but is not compatible with version 3 on the same subnet If hosts require IGMP version 3 you can switch to IGMP version 3 To switch to version 3 use the following command Switch to a different ...

Page 415: ...d Interfaces Adjusting Query and Response Timers The querier periodically sends a general query to discover which multicast groups are active A group must have at least one host to be active When a host receives a query it does not respond immediately but rather starts a delay timer The delay time is set to a random value between 0 and the maximum response time The host sends a response when the t...

Page 416: ...ntry Configure the system for IGMP immediate leave ip igmp immediate leave View the enable status of the IGMP immediate leave feature EXEC Privilege mode show ip igmp interface View the enable status of this feature using the command from EXEC Privilege mode as shown in the example in Selecting an IGMP Version IGMP Snooping IGMP snooping enables switches to use information in IGMP packets to gener...

Page 417: ...iguration needed for IGMP snooping with virtual link trunking VLT For information about VLT configurations refer to Virtual Link Trunking VLT Enable IGMP snooping on a switch CONFIGURATION mode ip igmp snooping enable View the configuration CONFIGURATION mode show running config Disable snooping on a VLAN INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks Removing a Group Port Ass...

Page 418: ...uter ports CONFIGURATION mode no ip igmp snooping flood Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN use the following commands Statically specify a port in a VLAN as connected to a multicast router INTERFACE VLAN mode ip igmp snooping mrouter View the ports that are connected to multicast routers EXEC Privilege mode show ip igmp snooping mrou...

Page 419: ...the last member query interval INTERFACE VLAN mode ip igmp snooping last member query interval Fast Convergence after MSTP Topology Changes The following describes the fast convergence feature When a port transitions to the Forwarding state as a result of an STP or MSTP topology change Dell Networking OS sends a general query out of all ports except the multicast router ports The host sends a resp...

Page 420: ...t exit out of the management port In this chapter all the references to traffic indicate switch initiated traffic and responses to switch destined traffic with management port IP address as the source IP address In customer deployment topologies it might be required that the traffic for certain management applications needs to exit out of the management port only You can use EIS to control and the...

Page 421: ...gured management applications and their port numbers You can configure two default routes one configured on the management port and the other on the front end port Two tables namely Egress Interface Selection routing table and default routing table are maintained In the preceding table the columns Client and Server indicate that the applications can act as both a client and a server within the swi...

Page 422: ...nt port based on route lookup in default routing table Ping and traceroute are always non management applications and route lookup for these applications is done in the default routing table only For ping and traceroute utilities that are initiated from the switch if reachability needs to be tested through routes in the management EIS routing table you must configure ICMP as a management applicati...

Page 423: ...cation specific packet count is incremented This counter is viewed using the show management application pkt cntr command This counter is cleared using clear management application pkt cntr command If the route lookup in the EIS routing table fails or if management port is down then packets are dropped The application specific count of the dropped packets is incremented and is viewed using the sho...

Page 424: ...isting behavior Consider a sample topology in which ip1 is an address assigned to the management port and ip2 is an address assigned to any of the front panel port A and B are end users on the management and front panel port networks The OS initiated traffic for management applications takes a preference for ip1 as source IP and uses the management network to reach the destination If the managemen...

Page 425: ...ce IP address is a management port IP address the management port is the preferred egress port selected based on route lookup in EIS table If the management port is down or the route lookup fails packets are dropped Traffic from management port to data port and from data port to management port is blocked EIS is enabled implies that EIS feature is enabled and the application might or might not be ...

Page 426: ... behaviors that occur when traffic is originating from the switch EIS Behavior If the destination TCP UDP port matches a configured management application a route lookup is done in the EIS table and the management port gets selected as the egress port If management port is down or the route lookup fails packets are dropped EIS Behavior for ICMP ICMP packets do not have TCP UDP ports To do an EIS r...

Page 427: ...e lookup in EIS table If the management port is down or the route lookup fails packets are dropped If the source TCP UDP port or source IP address does not match the management port IP address a route lookup is done in the default routing table EIS behavior for ICMP ICMP packets do not have TCP UDP ports In this case to perform an EIS route lookup for ICMP based applications ping and traceroute yo...

Page 428: ... When ARP learn enable is enabled the switch learns ARP entries for ARP Request packets even if the packet is not destined to an IP configured in the box The ARP learn enable feature is not applicable to the EIS routing table It is applicable to the default routing table only to avoid unnecessary double ARP entries Sflow sFlow management application is supported only in standalone boxes and switch...

Page 429: ...tion Enabling a Physical Interface Physical Interfaces Management Interfaces VLAN Interfaces Loopback Interfaces Null Interfaces Port Channel Interfaces Advanced Interface Configuration Bulk Configuration Defining Interface Range Macros Monitoring and Maintaining Interfaces Splitting QSFP Ports to SFP Ports Link Dampening Link Bundle Monitoring Ethernet Pause Frames Configure the MTU Size on an In...

Page 430: ... Interface Information To view basic interface information use the following command You have several options for viewing interface status and configuration parameters Lists all configurable interfaces on the chassis EXEC mode show interfaces This command has options to display the interface status IP and MAC addresses and multiple counters for the amount and type of traffic passing through the in...

Page 431: ...3 Broadcasts 0 Unicasts 0 Vlans 0 throttles 0 discarded 0 collisions Rate info interval 299 seconds Input 00 00 Mbits sec 0 packets sec 0 00 of line rate Output 00 00 Mbits sec 0 packets sec 0 00 of line rate Time since last interface status change 00 00 31 Dell To view which interfaces are enabled for Layer 3 data transmission use the show ip interfaces brief command in EXEC Privilege mode In the...

Page 432: ...the type of interface and slot port information CONFIGURATION mode interface interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For the Management interface on the RPM enter the keyword ManagementEthernet then the slot port information The sl...

Page 433: ...ollowing section includes information about optional configurations for physical interfaces Overview of Layer Modes Configuring Layer 2 Data Link Mode Configuring Layer 2 Interface Mode Management Interfaces Auto Negotiation on Ethernet Interfaces Adjusting the Keepalive Timer Clearing Interface Counters Overview of Layer Modes On all systems running Dell Networking OS you can place physical inter...

Page 434: ...ACE mode no shutdown Place the interface in Layer 2 switching mode INTERFACE mode switchport To view the interfaces in Layer 2 mode use the show interfaces switchport command in EXEC mode Configuring Layer 3 Network Mode When you assign an IP address to a physical interface you place it in Layer 3 mode To enable Layer 3 mode on an individual interface use the following commands In all interface ty...

Page 435: ... Interface Mode To assign an IP address use the following commands Enable the interface INTERFACE mode no shutdown Configure a primary IP address and mask on the interface INTERFACE mode ip address ip address mask secondary The ip address must be in dotted decimal format A B C D and the mask must be in slash format xx Add the keyword secondary if the IP address is the interface s backup IP address...

Page 436: ...outes to the default and EIS routing tables Use the show ip management eis route command to view the EIS routes Important Points to Remember Deleting a management route removes the route from both the EIS routing table and the default routing table If the management port is down or route lookup fails in the management EIS routing table the outgoing interface is selected based on route lookup from ...

Page 437: ...the port 0 to configure a Management interface CONFIGURATION mode interface managementethernet interface The slot range is 0 Configure an IP address and mask on a Management interface INTERFACE mode ip address ip address mask ip address mask enter an address in dotted decimal format A B C D The mask must be in prefix format x Viewing Two Global IPv6 Addresses Important Points to Remember virtual i...

Page 438: ...erfaces and is a CONFIGURATION mode command When a virtual IP address is assigned to the system the active management interface of the RPM is recognized by the virtual IP address not by the actual interface IP address assigned to it During an RPM failover you do not have to remember the IP address of the new RPM s management interface the system still recognizes the virtual IP address virtual ip i...

Page 439: ...vilege mode Dell show int TenGigabitEthernet 1 1 TenGigabitEthernet 1 1 is up line protocol is up Description This is the Managment Interface Hardware is Force10Eth address is 00 01 e8 cc cc ce Current address is 00 01 e8 cc cc ce Pluggable media not present Interface index is 46449666 Internet address is 10 11 131 240 23 output omitted Dell show ip route Codes C connected S static R RIP B BGP IN ...

Page 440: ...o the default VLAN which is VLAN 1 by default To assign another VLAN ID to the default VLAN use the default vlan id vlan id command To assign an IP address to an interface use the following command Configure an IP address and mask on the interface INTERFACE mode ip address ip address mask secondary ip address mask enter an address in dotted decimal format A B C D The mask must be in slash format 2...

Page 441: ...is another virtual interface There is only one Null interface It is always up but no traffic is transmitted through this interface To enter INTERFACE mode of the Null interface use the following command Enter INTERFACE mode of the Null interface CONFIGURATION mode interface null 0 The only configurable command in INTERFACE mode of the Null interface is the ip unreachable command Port Channel Inter...

Page 442: ...amic port channels Static Port channels that are statically configured Dynamic Port channels that are dynamically configured using the link aggregation control protocol LACP For details refer to Link Aggregation Control Protocol LACP There are 128 port channels with 16 members per channel As soon as you configure a port channel Dell Networking OS treats it like a physical interface For example IEE...

Page 443: ...annel by entering channel member tengigabitethernet 1 1 4 while in port channel interface mode and Dell Networking OS determines if the first interface specified TenGig 1 1 is up After it is up the common speed of the port channel is 1000 Mb s Dell Networking OS disables those interfaces configured with speed 10000 Mb s or whose speed is 10000 Mb s as a result of auto negotiation In this example y...

Page 444: ...00 Ethernet interfaces but Dell Networking OS disables the interfaces that are not the same speed of the first channel member in the port channel refer to 10 100 1000 Mbps Interfaces in Port Channels You can add any physical interface to a port channel if the interface configuration is minimal You can configure only the following commands on an interface if it is a member of a port channel descrip...

Page 445: ...atus and the number of interfaces belonging to the port channel Dell show interface port channel 20 Port channel 20 is up line protocol is up Hardware address is 00 01 e8 01 46 fa Internet address is 1 1 120 1 24 MTU 1554 bytes IP MTU 1500 bytes LineSpeed 2000 Mbit Members in this channel Te 1 10 Te 1 17 ARP type ARPA ARP timeout 04 00 00 Last clearing of show interface counters 00 00 00 Queueing ...

Page 446: ...channel member TenGigabitEthernet 1 6 Dell conf if portch int Te 1 6 Dell conf if ip address 10 56 4 4 24 Error Port is part of a LAG Te 1 6 Dell conf if Reassigning an Interface to a New Port Channel An interface can be a member of only one port channel If the interface is a member of a port channel remove it from the first port channel and then add it to the second port channel Each time you add...

Page 447: ...FACE mode minimum links number The default is 1 Example of Configuring the Minimum Oper Up Links in a Port Channel Dell config t Dell conf int po 1 Dell conf if po 1 minimum links 5 Dell conf if po 1 Configuring VLAN Tags for Member Interfaces To configure and verify VLAN tags for individual members of a port channel perform the following 1 Configure VLAN membership on individual ports INTERFACE m...

Page 448: ...sh format 24 secondary the IP address is the interface s backup IP address You can configure up to eight secondary IP addresses Deleting or Disabling a Port Channel To delete or disable a port channel use the following commands Delete a port channel CONFIGURATION mode no interface portchannel channel number Disable a port channel shutdown When you disable a port channel all interfaces within the p...

Page 449: ...method of balancing traffic over a port channel CONFIGURATION mode no load balance ip selection dest ip source ip mac dest mac source dest mac source mac tcp udp enable ipv6 selection tunnel ingress port You can select one two or all three of the following basic hash methods ip selection dest ip source ip Distribute IP traffic based on the IP destination or source address mac dest mac source dest ...

Page 450: ... xor2 xor4 xor8 xor16 Example of the hash algorithm Command Dell conf hash algorithm ecmp xor 26 lag crc 26 nh ecmp checksum 26 Dell conf The hash algorithm command is specific to ECMP group The default ECMP hash configuration is crc lower This command takes the lower 32 bits of the hash key to compute the egress port Other options for ECMP hash algorithms are crc16 uses 16 bit CRC16 bisync polyno...

Page 451: ...mation for valid interfaces The maximum size of an interface range prompt is 32 If the prompt size exceeds this maximum it displays at the end of the output NOTE Non existing interfaces are excluded from the interface range prompt NOTE When creating an interface range interfaces appear in the order they were entered and are not sorted The show range command is available under Interface Range mode ...

Page 452: ... interface range vlan 1 vlan 1 vlan 3 vlan 3 Dell conf if range vl 1 vl 3 Dell conf interface range tengigabitethernet 2 1 23 tengigabitethernet 2 1 23 tengigab 2 1 23 Dell conf if range te 2 1 23 Exclude a Smaller Port Range The following is an example show how the smaller of two port ranges is omitted in the interface range prompt Example of the Interface Range Prompt for Multiple Port Ranges De...

Page 453: ...lect a range of interfaces for configuration Before you can use the macro keyword in the interface range macro command string define the macro To define an interface range macro use the following command Defines the interface range macro and saves it in the running configuration file CONFIGURATION mode define interface range macro_name vlan vlan_ID vlan_ID gigabitethernet tengigabitethernet fortyG...

Page 454: ...rd TenGigabitEthernet then the slot port information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For the Management interface on the stack unit enter the keyword ManagementEthernet then the slot port information The slot range is from 0 to 1 The port range is 0 Example of the monitor interface Command The information displays in a continuous run r...

Page 455: ... the reflection TDR is able to indicate whether there is a cable fault when the cable is broken becomes unterminated or if a transceiver is unplugged TDR is useful for troubleshooting an interface that is not establishing a link that is when the link is flapping or not coming up TDR is not intended to be used on an interface that is passing traffic When a TDR test is run on a physical cable it is ...

Page 456: ...t enter the stack member unit identifier of the stack member to reset The range is from 0 to 11 number enter the port number of the 40G port to be split The range is from 0 to 47 for 10G ports and 48 52 56 and 60 for 40G ports Important Points to Remember Splitting a 40G port into four 10G ports is supported on standalone and stacked units You cannot use split ports as stack link to stack a S4820T...

Page 457: ...on enabled As a result when you peer any device using SFP the link does not come up if auto negotiation is enabled Therefore disable auto negotiation on platforms that currently use Trident2 chip sets S6000 and Z9000 This limitation applies only when you convert QSFP to SFP using the QSA This constraint does not apply for QSFP to SFP conversions using the QSA Important Points to Remember Before us...

Page 458: ...P 0 Bias High Alarm threshold 0 000mA NOTE In the following show interfaces tengigbitethernet commands the ports 1 2 and 3 are inactive and no physical SFP or SFP connection actually exists on these ports However Dell Networking OS still perceives these ports as valid and the output shows that pluggable media optical cables is inserted into these ports This is a software limitation for this releas...

Page 459: ...8 0x00 0x00 0x00 0x00 0x00 0x00 0x00 SFP 0 Encoding 0x00 Dell show interfaces tengigabitethernet 0 6 transceiver SFP 0 Serial ID Base Fields SFP 0 Id 0x0d SFP 0 Ext Id 0x00 SFP 0 Connector 0x23 SFP 0 Transceiver Code 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00 SFP 0 Encoding 0x00 Dell show interfaces tengigabitethernet 0 7 transceiver SFP 0 Serial ID Base Fields SFP 0 Id 0x0d SFP 0 Ext Id 0x00 SFP 0 C...

Page 460: ...aces tengigabitethernet 0 1 tengigabitethernet 0 1 is up line protocol is down Hardware is DellEth address is 90 b1 1c f4 9a fa Current address is 90 b1 1c f4 9a fa Pluggable media present SFP type is 10GBASE SX LineSpeed 10000 Mbit Dell show interfaces tengigabitethernet 0 2 tengigabitethernet 0 1 is up line protocol is down Hardware is DellEth address is 90 b1 1c f4 9a fa Current address is 90 b...

Page 461: ...Eth address is 90 b1 1c f4 9a fa Current address is 90 b1 1c f4 9a fa Pluggable media present QSFP type is 4x10GBASE CR1 3M LineSpeed 10000 Mbit The show inventory command shows the following output NOTE In the following show inventory media command output the port numbers 1 2 3 5 6 and 7 ports are actually inactive However Dell Networking OS still shows that optical cables are inserted into these...

Page 462: ...nterface comes up again and the routing protocols re converge Link dampening reduces processing on the CPUs by reducing excessive interface flapping improves network stability by penalizing misbehaving interfaces and redirecting traffic improves convergence times and stability throughout the network by isolating failures so that disturbances are not propagated Important Points to Remember Link dam...

Page 463: ...ing Command Dell clear dampening interface Te 1 1 Dell show interfaces dampening TenGigabitEthernet1 1 InterfaceStateFlapsPenaltyHalf LifeReuseSuppressMax Sup Te 1 1Up00205001500300 Link Dampening Support for XML View the output of the following show commands in XML by adding display xml to the end of the command show interfaces dampening show interfaces dampening summary show interfaces interface...

Page 464: ...ng config ecmp group Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS Ethernet Pause Frames allow for a temporary stop in data transmission A situation may arise where a sending device may transmit data faster than a destination device can accept it The destination sends a PAUSE frame back to the source stopping the s...

Page 465: ...the flow control values may not be reflected automatically in the show interface output As a workaround apply the new settings execute shut then no shut on the interface and then check the running config of the port NOTE If you disable rx flow control Dell Networking recommends rebooting the system The flow control sender and receiver must be on the same port pipe Flow control is not supported acr...

Page 466: ...d VLANs are as follows Port Channels All members must have the same link MTU value and the same IP MTU value The port channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members For example if the members have a link MTU of 2100 and an IP MTU 2000 the port channel s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for I...

Page 467: ...e same setting and auto negotiation is the easiest way to accomplish that as long as the remote interface is capable of auto negotiation NOTE As a best practice Dell Networking recommends keeping auto negotiation enabled Only disable auto negotiation on switch ports that attach to devices not capable of supporting negotiation or where connectivity issues arise from interoperability issues For 10 1...

Page 468: ...e brief linecard slot number configuration command Dell show interfaces status Port Description Status Speed Duplex Vlan Te 1 1 Down 1000 Mbit Auto 1 Te 1 2 Down Auto Auto 1 Te 1 3 Down Auto Auto Te 1 4 Force10Port Up 1000 Mbit Auto 30 130 Te 1 5 Down Auto Auto Te 1 6 Down Auto Auto Te 1 7 Up 1000 Mbit Auto 1502 1504 1506 1508 1602 Te 1 8 Down Auto Auto Te 1 9 Down Auto Auto Te 1 10 Down Auto Auto...

Page 469: ...ration mode exit Exit from autoneg configuration mode mode Specify autoneg mode no Negate a command or set its defaults show Show autoneg configuration information Dell conf if te 1 1 autoneg mode forced master Force port to master mode forced slave Force port to slave mode Dell conf if te 1 1 autoneg For details about the speed duplex and negotiation auto commands refer to the Interfaces chapter ...

Page 470: ... ip interface tengigabitEthernet 1 configured Dell show ip interface br configured Dell show ip interface br stack unit 1 configured Dell show ip interface br tengigabitEthernet 1 configured Dell show running config interfaces configured Dell show running config interface tengigabitEthernet 1 configured In EXEC mode the show interfaces switchport command displays only interfaces in Layer 2 mode an...

Page 471: ...MTU 1500 bytes LineSpeed 10000 Mbit ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 1d23h44m Queueing strategy fifo 0 packets input 0 bytes Input 0 IP Packets 0 Vlans 0 MPLS 0 64 byte pkts 0 over 64 byte pkts 0 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts Received 0 input symbol errors 0 runts 0 giants 0 throttles 0 CRC 0 IP Checksu...

Page 472: ...pplication and is turned off when you disable the application NOTE If you enable more than four counter dependent applications on a port pipe there is an impact on line rate performance The following counter dependent applications are supported by Dell Networking OS Egress VLAN Ingress VLAN Next Hop 2 Next Hop 1 Egress ACLs ILM IP FLOW IP ACL IP FIB L2 ACL L2 FIB Clearing Interface Counters The co...

Page 473: ...lity is supported on the S4820T platform You can avoid specifying spaces between the range of interfaces separated by commas that you configure by using the interface range command For example if you enter a list of interface ranges such as interface range fo 2 0 1 te 10 0 gi 3 0 fa 0 0 this configuration is considered valid The comma separated list is not required to be separated by spaces in bet...

Page 474: ...hut int vlan 5 tagged te 1 1 no ip address shut int vlan 100 no ip address no shut int vlan 1000 ip address 1 1 1 1 16 no shut int te 1 1 no ip address switchport shut int te 1 2 no ip address shut int te 1 3 no ip address shut int te 1 4 no ip address shut int te 1 10 no ip address shut int te 1 34 ip address 2 1 1 1 16 shut Dell show running config snip interface TenGigabitEthernet 1 1 no ip add...

Page 475: ...dress no shutdown interface Vlan 3 tagged te 1 1 no ip address shutdown interface Vlan 4 tagged te 1 1 no ip address shutdown interface Vlan 5 tagged te 1 1 no ip address shutdown interface group Vlan 2 Vlan 100 no ip address no shutdown interface group Vlan 3 5 tagged te 1 1 no ip address shutdown interface Vlan 1000 ip address 1 1 1 1 16 no shutdown snip Compressed config size 27 lines Interface...

Page 476: ...ng scenario it will also take care of syncing it to all the standby and member units The following is the sample output Dell write memory compressed Jul 30 08 50 26 STKUNIT0 M CP FILEMGR 5 FILESAVED Copied running config to startup config in flash by default copy compressed config Copy one file after optimizing and reducing the size of the configuration file to another location Dell Networking OS ...

Page 477: ... IP header Typically used when creating virtual private networks VPNs NOTE Due to performance limitations on the control processor you cannot enable IPSec on all packets in a communication session IPSec uses the following protocols Authentication Headers AH Disconnected integrity and origin authentication for IP packets Encapsulating Security Payload ESP Confidentiality authentication and data int...

Page 478: ...myXform set session key inbound esp 256 auth key encrypt key session key outbound esp 257 auth key encrypt key match 0 tcp a 1 128 0 a 2 128 23 match 1 tcp a 1 128 23 a 2 128 0 match 2 tcp a 1 128 0 a 2 128 21 match 3 tcp a 1 128 21 a 2 128 0 match 4 tcp 1 1 1 1 32 0 1 1 1 2 32 23 match 5 tcp 1 1 1 1 32 23 1 1 1 2 32 0 match 6 tcp 1 1 1 1 32 0 1 1 1 2 32 21 match 7 tcp 1 1 1 1 32 21 1 1 1 2 32 0 3...

Page 479: ...ork and host portions of the IP address At its most basic level an IP address is 32 bits composed of network and host portions and represented in dotted decimal format For example 00001010110101100101011110000011 is represented as 10 214 87 131 For more information about IP addressing refer to RFC 791 Internet Protocol Implementation Information In Dell Networking OS you can configure any IP addre...

Page 480: ...Enter the keyword interface then the type of interface and slot port information CONFIGURATION mode interface interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383...

Page 481: ...ddress distance permanent tag tag value vrf vrf name Use the following required and optional parameters vrf vrf name use the VRF option after the ip route keyword to configure a static route on that particular VRF use the VRF option after the next hop to specify which VRF the next hop belongs to This will be used in route leaking cases NOTE For more information on route leaking see the Route Leaki...

Page 482: ...6 1 20 2 Gi 5 1 1 0 00 02 30 S 6 1 2 8 32 via 6 1 20 2 Gi 5 1 1 0 00 02 30 S 6 1 2 9 32 via 6 1 20 2 Gi 5 1 1 0 00 02 30 S 6 1 2 10 32 via 6 1 20 2 Gi 5 1 1 0 00 02 30 S 6 1 2 11 32 via 6 1 20 2 Gi 5 1 1 0 00 02 30 S 6 1 2 12 32 via 6 1 20 2 Gi 5 1 1 0 00 02 30 S 6 1 2 13 32 via 6 1 20 2 Gi 5 1 1 0 00 02 30 S 6 1 2 14 32 via 6 1 20 2 Gi 5 1 1 0 00 02 30 S 6 1 2 15 32 via 6 1 20 2 Gi 5 1 1 0 00 02 ...

Page 483: ...figure Static Routes for the Management Interface When an IP address that a protocol uses and a static management route exists for the same prefix the protocol route takes precedence over the static management route To configure a static route for the management port use the following command Assign a static route to point to the management interface or forwarding router CONFIGURATION mode managem...

Page 484: ...e generation of ICMP unreachable messages PMTD is supported on all the layer 3 VLAN interfaces Because all of the Layer 3 interfaces are mapped to the VLAN ID of 4095 when VLAN sub interfaces are configured on it it is not possible to configure unique layer 3 MTU values for each of the layer 3 interfaces If a VLAN interface contains both IPv4 and IPv6 addresses configured on it both the IPv4 and I...

Page 485: ...high value to prevent the device from moving into an out of service condition or becoming unresponsive during a SYN flood attack that occurs on the device You can set the wait time to be 10 seconds or lower If the device does not contain any BGP connections with the BGP neighbors across WAN links you must set this interval to a higher value depending on the complexity of your network and the confi...

Page 486: ...main list are VRF specific The maximum number of Name servers and Domain lists per VRF is six Enabling Dynamic Resolution of Host Names By default dynamic resolution of host names DNS is disabled To enable DNS use the following commands Enable dynamic resolution of host names CONFIGURATION mode ip domain lookup Specify up to six name servers CONFIGURATION mode ip name server ip address ip address2...

Page 487: ...RATION mode ip domain name name Enter up to 63 characters to configure names to complete unqualified host names CONFIGURATION mode ip domain list name Configure this command up to six times to specify a list of possible domain names Dell Networking OS searches the domain names in the order they were configured until a match is found or the list is exhausted Configuring DNS with Traceroute To confi...

Page 488: ... learn the MAC addresses of neighbors on an IP network Over time Dell Networking OS creates a forwarding table mapping the MAC addresses to their corresponding IP address This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time For more information about ARP refer to RFC 826 An Ethernet Address Resolution Protocol In Dell Networking OS Proxy A...

Page 489: ...face type slot port information Example of the show arp Command These entries do not age and can only be removed manually To remove a static ARP entry use the no arp ip address command To view the static entries in the ARP cache use the show arp static command in EXEC privilege mode Dell show arp Protocol Address Age min Hardware Address Interface VLAN CPU Internet 10 1 2 4 17 08 00 20 b7 bd 32 Ma...

Page 490: ...orwarded during the period when deleted ARP entries are resolved again and re installed in CAM Use this option with extreme caution ARP Learning via Gratuitous ARP Gratuitous ARP can mean an ARP request or reply In the context of ARP learning via gratuitous ARP on Dell Networking OS the gratuitous ARP is a request A gratuitous ARP request is an ARP request that is not needed according to the ARP s...

Page 491: ... Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface This is the case when a host is attempting to resolve the gateway address If the target IP does not match the incoming interface the packet is dropped If there is an existing entry for the requesting host it is updated Figure 47 ARP Learning via ARP Request ...

Page 492: ...ARP retries is configurable The default backoff interval remains at 20 seconds On the device the time between ARP resend is configurable This timer is an exponential backoff timer Over the specified period the time between ARP requests increases This time increase reduces the potential for the system to slow down while waiting for a multitude of ARP responses To set and display ARP retries use the...

Page 493: ...le messages are created and sent out all interfaces To disable and re enable ICMP unreachable messages use the following commands To disable ICMP unreachable messages INTERFACE mode no ip unreachable Set FTOS to create and send ICMP unreachable messages on the interface INTERFACE mode ip unreachable To view if ICMP unreachable messages are sent on the interface use the show config command in INTER...

Page 494: ...ns those ports If the UDP port list contains ports 67 or 68 UDP broadcast traffic is forwarded on those ports Enabling UDP Helper To enable UDP helper use the following command Enable UPD helper ip udp helper udp ports Example of Enabling UDP Helper and Using the UDP Helper show Command Dell conf if te 1 1 ip udp helper udp port 1000 Dell conf if te 1 1 show config interface TenGigabitEthernet 1 1...

Page 495: ...roadcasts UDP Helper with Broadcast All Addresses UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses UDP Helper with No Configured Broadcast Addresses UDP Helper with Broadcast All Addresses When the destination IP address of an incoming packet is the IP broadcast address Dell Networking OS rewrites the address to match the configured broadcast address In the...

Page 496: ...e the system changes the address to the configured broadcast address and sends it to matching interface In the following illustration Packet 1 has the destination IP address 1 1 1 255 which matches the subnet broadcast address of VLAN 101 If you configured UDP helper and the packet matches the specified UDP port the system changes the address to the configured IP broadcast address and floods the p...

Page 497: ... IP address that matches the configured broadcast address on VLAN 101 In this case Packet 2 is flooded on VLAN 101 with the destination address unchanged because the forwarding process is Layer 2 If you enabled UDP helper the packet is flooded on VLAN 100 as well Figure 51 UDP Helper with Configured Broadcast Addresses UDP Helper with No Configured Broadcast Addresses The following describes UDP h...

Page 498: ...p Command Packet 0 0 0 0 68 255 255 255 255 67 TTL 128 2005 11 05 11 59 35 RELAY I PACKET BOOTP REQUEST Unicast received at interface 172 21 50 193 BOOTP Request XID 0x9265f901 secs 0 hwaddr 00 02 2D 8D 46 DC giaddr 0 0 0 0 hops 2 2005 11 05 11 59 35 RELAY I BOOTREQUEST Forwarded BOOTREQUEST for 00 02 2D 8D 46 DC to 137 138 17 6 2005 11 05 11 59 36 RELAY I PACKET BOOTP REPLY Unicast received at in...

Page 499: ...ew IPv6 is an evolution of IPv4 IPv6 is generally installed as an upgrade in devices and operating systems Most new devices and operating systems support both IPv4 and IPv6 Some key changes in IPv6 are Extended address space Stateless autoconfiguration Header format simplification Improved support for options and extensions Extended Address Space The address format is extended from 32 bits to 128 ...

Page 500: ...stencies in router advertisement values between routers are logged per RFC 4861 The values checked for consistency include Cur Hop limit M and O flags Reachable time Retrans timer MTU options Preferred and valid lifetime values for the same prefix Only management ports support stateless auto configuration as a host The router redirect functionality in the neighbor discovery protocol NDP is similar...

Page 501: ...abel 20 bits The Flow Label field identifies packets requiring special treatment in order to manage real time data traffic The sending router can label sequences of IPv6 packets so that forwarding routers can process packets within the same flow without needing to reprocess each packet s header separately NOTE All packets in the flow must have the same source and destination addresses Payload Leng...

Page 502: ...cation header 59 No Next Header 60 Destinations option header NOTE This table is not a comprehensive list of Next Header field values For a complete and current listing refer to the Internet Assigned Numbers Authority IANA web page at Hop Limit 8 bits The Hop Limit field shows the number of hops remaining for packet processing In IPv4 this is known as the Time to Live TTL field and uses seconds ra...

Page 503: ...cket header Hop by Hop Options Header The Hop by Hop options header contains information that is examined by every router along the packet s path It follows the IPv6 header and is designated by the Next Header value 0 zero When a Hop by Hop Options header is not included the router knows that it does not have to process any router specific information and immediately processes the packet to its fi...

Page 504: ...t 2001 0db8 0000 0000 0000 0000 1428 57ab 2001 0db8 0000 0000 0000 1428 57ab 2001 0db8 0 0 0 0 1428 57ab 2001 0db8 0 0 1428 57ab 2001 0db8 1428 57ab 2001 db8 1428 57ab IPv6 networks are written using classless inter domain routing CIDR notation An IPv6 network or subnet is a contiguous group of IPv6 addresses the size of which must be a power of two the initial bits of addresses which are identica...

Page 505: ...o receives a local link address automatically in the fe80 64 subnet Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform The sections following the table give greater detail about the feature Feat...

Page 506: ...ntermediate System IPv6 IS IS in the Dell Networking OS Command Line Reference Guide IS IS for IPv6 support for redistribution 8 3 19 Intermediate System to Intermediate System IPv6 IS IS in the Dell Networking OS Command Line Reference Guide ISIS for IPv6 support for distribute lists and administrative distance 8 3 19 Intermediate System to Intermediate System IPv6 IS IS in the Dell Networking OS...

Page 507: ...ence Guide IPv6 Multicast MLDv1 v2 8 3 19 IPv6 PIM in the Dell Networking OS Command Line Reference Guide ICMPv6 ICMP for IPv6 combines the roles of ICMP IGMP and ARP in IPv4 Like IPv4 it provides functions for reporting delivery and forwarding errors and provides a simple echo service for troubleshooting The Dell Networking OS implementation of ICMPv6 is based on RFC 4443 Generally ICMPv6 uses tw...

Page 508: ...overy Process IPv6 Neighbor Discovery NDP is a top level protocol for neighbor discovery on an IPv6 network In lieu of address resolution protocol ARP NDP uses Neighbor Solicitation and Neighbor Advertisement ICMPv6 messages for determining relationships between neighboring nodes Using these messages an IPv6 device learns the link layer addresses for neighbors known to reside on attached links qui...

Page 509: ...advertised through the RA packets to incoming routers without altering the actual MTU setting on the interface The ipv6 nd mtu command sets the value advertised to routers It does not set the actual MTU rate For example if you set ipv6 nd mtu to 1280 the interface still passes 1500 byte packets if that is what is set with the mtu command Configuration Task List for IPv6 RDNSS This section describe...

Page 510: ...guring an IPv6 Recursive DNS Server The following example configures a RDNNS server with an IPv6 address of 1000 1 and a lifetime of 1 second Dell conf if te 1 1 ipv6 nd dns server X X X X X Recursive DNS Server s RDNSS IPv6 address Dell conf if te 1 1 ipv6 nd dns server 1000 1 0 4294967295 Max lifetime sec which RDNSS address may be used for name resolution infinite Infinite lifetime sec which RD...

Page 511: ... up IPV6 is enabled Link Local address fe80 201 e8ff fe8b 7570 Global Unicast address es 1212 12 subnet is 1212 64 MANUAL Remaining lifetime infinite Global Anycast address es Joined Group address es ff02 1 ff02 2 ff02 1 ff00 12 ff02 1 ff8b 7570 ND MTU is 0 ICMP redirects are not sent DAD is enabled number of DAD attempts 3 ND reachable time is 20120 milliseconds ND base reachable time is 30000 mi...

Page 512: ... IPv6 Route Configuring Telnet with IPv6 SNMP over IPv6 Showing IPv6 Information Clearing IPv6 Routes Adjusting Your CAM Profile Although adjusting your CAM profile is not a mandatory step if you plan to implement IPv6 ACLs adjust your CAM settings The CAM space is allotted in FP blocks The total space allocated must equal 13 FP blocks There are 16 FP blocks but the System Flow requires three bloc...

Page 513: ...e to differentiate that usage carefully To assign an IPv6 address to an interface use the ipv6 address command You can configure up to two IPv6 addresses on management interfaces allowing required default router support on the management port that is acting as host per RFC 4861 Data ports support more than two IPv6 addresses When you configure IPv6 addresses on multiple interfaces the ipv6 address...

Page 514: ...d null then the Null interface number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections You can establish a Telnet session directly to the router using an IPv6 Telnet client or you can initiate an IPv6 Telnet connection from the router NOTE Telnet to link local addresses...

Page 515: ...v6 prefix lists route IPv6 routing information rpf RPF table Dell Showing an IPv6 Interface To view the IPv6 configuration for a specific interface use the following command Show the currently running configuration for the specified interface EXEC mode show ipv6 interface interface slot port Enter the keyword interface then the type of interface and slot port information For all brief summary of I...

Page 516: ... 3 ND reachable time is 32000 milliseconds ND base reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND hop limit is 64 Showing IPv6 Routes To view the global IPv6 routing information use the following command Show IPv6 routing information for the specified route type EXEC mode show ipv6 route vrf vrf name type The following keywords are available To display informat...

Page 517: ...rt is not set Destination Dist Metric Gateway Last Change C 600 64 0 0 Direct Te 1 24 00 34 42 C 601 64 0 0 Direct Te 1 24 00 34 18 C 912 64 0 0 Direct Lo 2 00 02 33 O IA 999 1 128 110 2 via fe80 201 e8ff fe8b 3166 Te 1 24 00 01 30 L fe80 10 0 0 Direct Nu 0 00 34 42 Dell The following example shows the show ipv6 route static command Dell show ipv6 route static Destination Dist Metric Gateway Last ...

Page 518: ...C mode clear ipv6 route vrf vrf name ipv6 address prefix length vrf vrf name OPTIONAL name of the VRF all routes ipv6 address the format is x x x x x mask the prefix length is from 0 to 128 NOTE IPv6 addresses are normally written as eight groups of four hexadecimal digits where each group is separated by a colon Omitting zeros is accepted as described in Addressing Configuring IPv6 RA Guard The I...

Page 519: ...6 access list name ipv6 prefix list name mac access list name 8 Enable verification of the advertised other configuration parameter POLICY LIST CONFIGURATION mode other config flag on off 9 Enable verification of the advertised default router preference value The preference value must be less than or equal to the specified limit POLICY LIST CONFIGURATION mode router preference maximum high low med...

Page 520: ...st device role router hop limit maximum 251 mtu 1350 other config flag on reachable time 540 retrans timer 101 router preference maximum medium trusted port Dell conf ra_guard_policy_list Configuring IPv6 RA Guard on an Interface 1 Configure the terminal to enter the Interface mode CONFIGURATION mode interface interface type slot port 2 Apply the IPv6 RA guard to a specific interface INTERFACE mod...

Page 521: ...uter preference maximum medium trusted port Interfaces Te 1 1 Dell Monitoring IPv6 RA Guard To debug IPv6 RA guard use the following command EXEC Privilege mode debug ipv6 nd ra guard interface_type slot port count value The count range is from 1 to 65534 The default is infinity For a complete listing of all commands related to IPv6 RA Guard refer to Dell Networking OS Command Line Reference Guide...

Page 522: ...o provides a means of monitoring iSCSI sessions and applying quality of service QoS policies on iSCSI traffic When enabled iSCSI optimization allows a switch to monitor snoop the establishment and termination of iSCSI connections The switch uses the snooped information to detect iSCSI sessions and connections established through the switch iSCSI optimization allows you to reduce deployment time an...

Page 523: ...are used to direct the iSCSI data traffic to queues that can be given preferential QoS treatment over other data passing through the switch Preferential treatment helps to avoid session interruptions during times of congestion that would otherwise cause dropped iSCSI packets iSCSI DCBx TLVs are supported The following illustration shows iSCSI optimization between servers and a storage array in whi...

Page 524: ...vices that initiate iSCSI sessions usually use well known TCP ports 3260 or 860 to contact targets When you enable iSCSI optimization by default the switch identifies IP packets to or from these ports as iSCSI traffic You can configure the switch to monitor traffic for additional port numbers or a combination of port number and target IP address and you can remove the well known port numbers from ...

Page 525: ...arded through the switch NOTE On a switch in which a large proportion of traffic is iSCSI CoS queue assignments may interfere with other network control plane traffic such as ARP or LACP Balance preferential treatment of iSCSI traffic against the needs of other critical data in the network Information Monitored in iSCSI Traffic Flows iSCSI optimization examines the following data in packets and us...

Page 526: ...omatically reconfigure the switch to enhance storage traffic flows The switch uses the link layer discovery protocol LLDP to discover Dell EqualLogic devices on the network LLDP is enabled by default For more information about LLDP refer to Link Layer Discovery Protocol LLDP The following message displays the first time a Dell EqualLogic array is detected and describes the configuration changes th...

Page 527: ...ing synchronization of iSCSI sessions If the iSCSI login request packet is received on a port belonging to a VLT lag the information is synced to the VLT peer and the connection is associated with this interface Additional updates to connections including aging updates that are learnt on VLT lag members are synced to the peer When receiving an iSCSI login request on a non VLT interface followed by...

Page 528: ...Disabling iSCSI does not remove the MTU flow control portfast or storm control configuration applied as a result of enabling iSCSI NOTE By default CAM allocation for iSCSI is set to 0 This disables session monitoring Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature Table 35 iSCSI Optimization Defaults Parameter Default Value iSCSI Op...

Page 529: ...y CAM allocation is optional If CAM is not allocated the following features are disabled session monitoring aging class of service You can enable iSCSI even when allocated with zero 0 CAM blocks However if no CAM blocks are allocated session monitoring is disabled and this information displays in the show iscsi command 2 For a non DCB environment Enable iSCSI CONFIGURATION mode iscsi enable 3 For ...

Page 530: ...target port command to remove all IP addresses assigned to the TCP port number To remove a single IP address from the TCP port use the no iscsi target port ip address command 7 Optional Set the QoS policy that is applied to the iSCSI flows CONFIGURATION mode no iscsi cos enable disable dot1p vlan priority value remark dscp dscp value remark enable enables the application of preferential QoS treatm...

Page 531: ...ion of Compellent arrays on a port INTERFACE mode no iscsi profile compellent The default is Compellent disk arrays are not detected Displaying iSCSI Optimization Information To display information on iSCSI optimization use the following show commands Display the currently configured iSCSI settings show iscsi Display information on active iSCSI sessions on the switch show iscsi sessions Display de...

Page 532: ...ple shows the show iscsi session detailed command VLT PEER1 Dell show iscsi session detailed Session 0 Target iqn 2010 11 com ixia ixload iscsi TG1 Initiator iqn 2010 11 com ixia ixload initiator iscsi 2c Up Time 00 00 01 28 DD HH MM SS Time for aging out 00 00 09 34 DD HH MM SS ISID 806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10 10 0 44 3334...

Page 533: ... its most basic Level 1 systems route traffic within the area and any traffic destined for outside the area is sent to a Level 1 2 system Level 2 systems manage destination paths for external routers Only Level 2 routers can exchange data packets or routing information directly with external routers located outside of the routing domains Level 1 2 systems manage both inter area and intra area traf...

Page 534: ... separate databases Use this feature to place a virtual physical topology into logical routing domains which can each support different routing and security policies All routers on a LAN or point to point must have at least one common supported topology when operating in Multi Topology IS IS mode If IPv4 is the common supported topology between those two routers adjacency can be formed All topolog...

Page 535: ...hat neighbor within its LSPs If an MT ID is not detected in the remote side s IIHs the local router does not include that neighbor within its LSPs The local router does not form an adjacency if both routers do not have at least one common MT over the interface Graceful Restart Both Helper and Restart modes of Graceful restart are supported on the device Graceful restart is a protocol based mechani...

Page 536: ...t of time manually Implementation Information IS IS implementation supports one instance of IS IS and six areas You can configure the system as a Level 1 router a Level 2 router or a Level 1 2 router For IPv6 the IPv4 implementation has been expanded to include two new type length values TLVs in the PDU that carry information required for IPv6 routing The new TLVs are IPv6 Reachability and IPv6 In...

Page 537: ...guring for IPv6 ADDRESS FAMILY mode Commands in ROUTER ISIS mode configure IS IS globally while commands executed in INTERFACE mode enable and configure IS IS features on that interface only Commands in the ADDRESS FAMILY mode are specific to IPv6 NOTE When using the IS IS routing protocol to exchange IPv6 routing information and to determine destination reachability you can route IPv6 along with ...

Page 538: ...lly use the following commands 1 Create an IS IS routing process CONFIGURATION mode router isis tag tag optional identifies the name of the IS IS process 2 Configure an IS IS network entity title NET for a routing process ROUTER ISIS mode net network entity title Specify the area address and system ID for an IS IS routing process The last byte must be 00 For more information about configuring a NE...

Page 539: ... router isis tag If you configure a tag variable it must be the same as the tag variable assigned in step 1 Examples of the show isis Commands The default IS type is level 1 2 To change the IS type to Level 1 only or Level 2 only use the is type command in ROUTER ISIS mode To view the IS IS configuration enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUT...

Page 540: ...rs configure Level 1 routers with at least one common area address A Level 2 router becomes a neighbor with another Level 2 router regardless of the area address configured However if the area addresses are different the link between the Level 2 routers is only at Level 2 Configuring Multi Topology IS IS MT IS IS To configure multi topology IS IS MT IS IS use the following commands 1 Enable multi ...

Page 541: ...e range is from 1 to 120 minutes The default is 5 minutes Enable the graceful restart maximum wait time before a restarting peer comes up ROUTER ISIS mode graceful restart restart wait seconds When implementing this command be sure to set the t3 timer to adjacency on the restarting router The range is from 1 to 120 minutes The default is 30 seconds Configure the time that the graceful restart time...

Page 542: ...ends the overload bit in the LSP The overload bit is an indication to the receiving router that database synchronization did not complete at the restarting router To view all graceful restart related configurations use the show isis graceful restart detail command in EXEC Privilege mode Dell show isis graceful restart detail Configured Timer Value Graceful Restart Enabled Interval Blackout time 1 ...

Page 543: ...Hello in 6 seconds LSP Interval 33 Next IS IS LAN Level 1 Hello in 4 seconds Next IS IS LAN Level 2 Hello in 6 seconds LSP Interval 33 Restart Capable Neighbors 2 In Start 0 In Restart 0 Dell Changing LSP Attributes IS IS routers flood link state PDUs LSPs to exchange routing information LSP attributes include the generation interval maximum transmission unit MTU or size and the refresh interval Y...

Page 544: ...e transition metric style the cost can be a number between 0 and 16 777 215 Dell Networking OS supports five different metric styles narrow wide transition narrow transition and wide transition By default Dell Networking OS generates and receives narrow metric values Matrixes or costs higher than 63 are not supported To accept or generate routes with a higher metric you must change the metric styl...

Page 545: ...protocol IS IS Router Null Tag System Id EEEE EEEE EEEE IS Type level 1 2 Manual area address es 47 0004 004d 0001 Routing for area address es 21 2223 2425 2627 2829 3031 3233 47 0004 004d 0001 Interfaces supported by IS IS Vlan 2 TenGigabitEthernet 4 22 Loopback 0 Redistributing Distance 115 Generate narrow metrics level 1 2 Accept narrow metrics level 1 2 Generate wide metrics none Accept wide m...

Page 546: ...c command Metric Sytle Correct Value Range wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 To view the interface s current metric use the show config command in INTERFACE mode or the show isis interface command in EXEC Privilege mode Configuring the Distance of a Route To configure the distance for a route use the following command Confi...

Page 547: ...fe 02 00 0x00000001 0x2E7F 1113 0 0 0 Force10 00 00 0x00000002 0xD1A7 1102 0 0 0 IS IS Level 2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL B233 00 00 0x00000006 0xC38A 1124 0 0 0 eljefe 00 00 0x0000000D 0x51C6 1129 0 0 0 eljefe 01 00 0x00000001 0x68DF 1122 0 0 0 eljefe 02 00 0x00000001 0x2E7F 1113 0 0 0 Force10 00 00 0x00000004 0xCDA9 1107 0 0 0 Dell Controlling Routin...

Page 548: ... list prefix list name in interface Enter the type of interface and slot port information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For a port channel interface ...

Page 549: ... IPv6 IS IS routes ROUTER ISIS AF IPV6 mode distribute list prefix list name out bgp as number connected ospf process id rip static You can configure one of the optional parameters connected for directly connected routes ospf process id for OSPF routes only rip for RIP routes only static for user configured routes bgp for BGP routes only Deny RTM download for pre existing redistributed IPv6 routes...

Page 550: ...he default is level 2 metric value the range is from 0 to 16777215 The default is 0 match external the range is from 1 or 2 match internal metric type external or internal map name enter the name of a configured route map Redistributing IPv6 Routes To add routes from other routing instances or protocols use the following commands NOTE These commands apply to IPv6 IS IS only To apply prefix lists t...

Page 551: ...u can assign an authentication password for routers in Level 1 and for routers in Level 2 Because Level 1 and Level 2 routers do not communicate with each other you can assign different passwords for Level 1 routers and for Level 2 routers However if you want the routers in the level to communicate with each other configure them with the same password To configure a simple text password use the fo...

Page 552: ...e overload bit is set in both the Level 1 and Level 2 database because the IS type for the router is Level 1 2 Dell show isis database IS IS Level 1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL B233 00 00 0x00000003 0x07BF 1074 0 0 0 eljefe 00 00 0x0000000A 0xF963 1196 0 0 1 eljefe 01 00 0x00000001 0x68DF 1108 0 0 0 eljefe 02 00 0x00000001 0x2E7F 1099 0 0 0 Force10 00 0...

Page 553: ...ation to view IS IS information on that interface only View the events that triggered IS IS shortest path first SPF events for debugging purposes EXEC Privilege mode debug isis spf triggers View sent and received LSPs EXEC Privilege mode debug isis update packets interface To view specific information enter the following optional parameter interface Enter the type of interface and slot port inform...

Page 554: ...anges depending on the metric style The following describes the correct value range for the isis metric command Metric Style Correct Value Range for the isis metric Command wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 Maximum Values in the Routing Table IS IS metric styles support different cost ranges for the route The cost range for...

Page 555: ...ow transition default value 10 if the original value is greater than 63 A message is sent to the console wide wide transition original value narrow wide original value narrow transition original value narrow narrow transition original value narrow wide transition original value transition wide original value transition narrow original value transition narrow original value transition wide transiti...

Page 556: ...ide original value is recovered wide transition transition truncated value wide transition original value is recovered wide transition truncated value narrow default value 10 A message is sent to the logging buffer wide transition transition truncated value narrow transition default value 10 A message is sent to the logging buffer Leaks from One Level to Another In the following scenarios each IS ...

Page 557: ...S configuration changes clear the IS IS process re started using the clear isis command The clear isis command must include the tag for the ISIS process The following example shows the response from the router Dell clear isis ISIS not enabled Dell clear isis 9999 You can configure IPv6 IS IS routes in one of the following three different methods Congruent Topology You must configure both IPv4 and ...

Page 558: ...abitEthernet 3 17 ip address 24 3 1 1 24 ipv6 address 24 3 1 76 ip router isis ipv6 router isis no shutdown Dell conf if te 3 17 Dell conf router_isis show config router isis metric style wide level 1 metric style wide level 2 net 34 0000 0000 AAAA 00 Dell conf router_isis Dell conf if te 3 17 show config interface TenGigabitEthernet 3 17 ipv6 address 24 3 1 76 ipv6 router isis no shutdown Dell co...

Page 559: ... 3 17 show config interface TenGigabitEthernet 3 17 ipv6 address 24 3 1 76 ipv6 router isis no shutdown Dell conf if te 3 17 Dell conf router_isis show config router isis net 34 0000 0000 AAAA 00 address family ipv6 unicast multi topology transition exit address family Dell conf router_isis Intermediate System to Intermediate System 559 ...

Page 560: ...r LACP instances to Reach an agreement on the identity of the LAG to which the link belongs Move the link to that LAG Enable the transmission and reception functions in an orderly manner The Dell Networking OS implementation of LACP is based on the standards specified in the IEEE 802 3 Carrier sense multiple access with collision detection CSMA CD access method and physical layer specifications LA...

Page 561: ...able of being part of a dynamic LAG LACP does not run on any port that is configured to be in this state Active In this state the interface is said to be in the active negotiating state LACP runs on any link that is configured to be in this state A port in Active state also automatically initiates negotiations with other ports by initiating LACP packets Passive In this state the interface is not i...

Page 562: ...wing are LACP configuration tasks Creating a LAG Configuring the LAG Interfaces as Dynamic Setting the LACP Long Timeout Monitoring and Debugging LACP Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel LAG use the following command First you define the LAG and then the LAG interfaces Create a dynamic port channel LAG CONFIGURATION mode interface port channel Crea...

Page 563: ...face Gigabitethernet 4 16 Dell conf if gi 4 16 no shutdown Dell conf if gi 4 16 port channel protocol lacp Dell conf if gi 4 16 lacp port channel 32 mode active The port channel 32 mode active command shown here may be successfully issued as long as there is no existing static channel member configuration in LAG 32 Setting the LACP Long Timeout PDUs are exchanged between port channel LAG interface...

Page 564: ...is enabled and mode is lacp Actor Admin State ADEHJLMP Key 1 Priority 128 To view the PDU exchanges and the timeout value use the debug lacp command For more information refer to Monitoring and Debugging LACP Monitoring and Debugging LACP The system log syslog records faulty LACP actions To debug LACP use the following command Debug LACP including configuration and events EXEC mode no debug lacp c...

Page 565: ...p created for shared LAG state tracking 1 Enter port channel failover group mode CONFIGURATION mode port channel failover group 2 Create a failover group and specify the two port channels that will be members of the group CONFIG PO FAILOVER GRP mode group number port channel number port channel number Example of LAGs in the Same Failover Group In the following example LAGs 1 and 2 have been placed...

Page 566: ...e8 05 e8 4c Interface index is 1107755010 Minimum number of links to bring Port channel up is 1 Port channel is part of failover group 1 Internet address is not set MTU 1554 bytes IP MTU 1500 bytes LineSpeed 10000 Mbit Members in this channel Te 1 17 U ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 01 28 Queueing strategy fifo NOTE The set of console messages shown ...

Page 567: ...ple creates a LAG on ALPHA Example of Configuring a LAG Alpha conf interface port channel 10 Alpha conf if po 10 no ip address Alpha conf if po 10 switchport Alpha conf if po 10 no shutdown Alpha conf if po 10 show config interface Port channel 10 no ip address switchport no shutdown Alpha conf if po 10 Example of Viewing a LAG Port Configuration The following example inspects a LAG port configura...

Page 568: ...asts 0 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 136 packets 16718 bytes 0 underruns 0 64 byte pkts 15 over 64 byte pkts 121 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 136 Multicasts 0 Broadcasts 0 Unicasts 0 Vlans 0 throttles 0 discarded 0 collisions 0 wreddrops Rate info interval 299 seconds Input 00 00 Mbits sec...

Page 569: ...Figure 62 Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol LACP 569 ...

Page 570: ...f gi 2 31 shutdown Alpha conf if gi 2 31 port channel protocol lacp Alpha conf if gi 2 31 lacp port channel 10 mode active Alpha conf if gi 2 31 lacp no shut Alpha conf if gi 2 31 show config interface GigabitEthernet 2 31 no ip address port channel protocol LACP port channel 10 mode active no shutdown Alpha conf if gi 2 31 interface Port channel 10 no ip address switchport no shutdown 570 Link Ag...

Page 571: ...Bravo conf int gig 3 21 Bravo conf no ip address Bravo conf no switchport Bravo conf shutdown Bravo conf if gi 3 21 port channel protocol lacp Bravo conf if gi 3 21 lacp port channel 10 mode active Bravo conf if gi 3 21 lacp no shut Bravo conf if gi 3 21 end interface GigabitEthernet 3 21 no ip address port channel protocol LACP port channel 10 mode active no shutdown Bravo conf if gi 3 21 end int...

Page 572: ...Figure 64 Inspecting a LAG Port on BRAVO Using the show interface Command 572 Link Aggregation Control Protocol LACP ...

Page 573: ...Figure 65 Inspecting LAG 10 Using the show interfaces port channel Command Link Aggregation Control Protocol LACP 573 ...

Page 574: ...ed on both synchronous and asynchronous lines and can operate in Half Duplex or Full Duplex mode It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection As its name implies it is for point to point connections between exactly two devices and assumes that frames are sent and received in the same order 574 Link Aggregatio...

Page 575: ...ss all interface vlan address deletes the specified entry all deletes all dynamic entries interface deletes all entries for the specified interface vlan deletes all entries for the specified VLAN Setting the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries which means that they are subject to aging For any dynamic entry if no packet arrives on the sw...

Page 576: ... entry aging time displays the configured aging time count displays the number of dynamic and static entries for all VLANs and the total number of entries dynamic displays only dynamic entries interface displays only entries for the specified interface static displays only static entries vlan displays only entries for the specified VLAN MAC Learning Limit MAC address learning limit is a method of ...

Page 577: ... MAC learning limit on an interface use the following command Specify the number of MAC addresses that the system can learn off a Layer 2 interface INTERFACE mode mac learning limit address_limit Three options are available with the mac learning limit command dynamic no station move station move NOTE An SNMP trap is available for mac learning limit station move No other SNMP traps are available fo...

Page 578: ...ou enabled mac learning limit dynamic If you configured mac learning limit and mac learning limit dynamic and you disabled sticky MAC any dynamically learned MAC addresses ages mac learning limit station move The station move option allows a MAC address already in the table to be learned off of another interface For example if you disconnect a network device from one interface and reconnect it to ...

Page 579: ...ation log Shut down the interface and generate a system log message when the MAC learning limit is exceeded INTERFACE mode learn limit violation shutdown Setting Station Move Violation Actions no station move is the default behavior You can configure the system to take an action if a station move occurs using one the following options with the mac learning limit command To display a list of interf...

Page 580: ...tate caused by a learning limit violation or station move violation EXEC Privilege mode mac learning limit reset Reset interfaces in the ERR_Disabled state caused by a learning limit violation EXEC Privilege mode mac learning limit reset learn limit violation interface all Reset interfaces in the ERR_Disabled state caused by a station move violation EXEC Privilege mode mac learning limit reset sta...

Page 581: ...here the ARP is resolved in the previous example this location is Port 0 5 of the switch To ensure that the MAC address is disassociated with one port and re associated with another port in the ARP table configure the mac address table station move refresh arp command on the Dell Networking switch at the time that NIC teaming is being configured on the server NOTE If you do not configure the mac a...

Page 582: ...efer to Spanning Tree Protocol STP Assign a backup interface to an interface using the switchport backup command The backup interface remains in a Down state until the primary fails at which point it transitions to Up state If the primary interface fails and later comes up it becomes the backup interface for the redundant pair Dell Networking OS supports Gigabit 10 Gigabit and 40 Gigabit interface...

Page 583: ... ensure that existing network applications see no difference when a primary interface in a redundant pair transitions to the backup interface be sure to apply identical configurations of other traffic parameters to each interface If you remove an interface in a redundant link remove the line card of a physical interface or delete a port channel with the no interface port channel command the redund...

Page 584: ...f te 3 41 do show ip int brief find 3 41 TenGigabitEthernet 3 41 unassigned NO Manual administratively down down TenGigabitEthernet 3 42 unassigned YES Manual up up output omitted Example of Configuring Redundant Pairs on a Port Channel S4820T Dell show interfaces port channel brief Codes L LACP Port channel LAG Mode Status Uptime Ports 1 L2 up 00 08 33 Te 1 1 Up 2 L2 up 00 00 02 Te 2 1 Up Dell co...

Page 585: ...he nearest known MAC address In the event of a far end failure the device stops receiving frames and after the specified time interval assumes that the far end is not available The connecting line protocol is brought down so that upper layer protocols can detect the neighbor unavailability faster FEFD State Changes FEFD has two operational modes Normal and Aggressive When you enable Normal mode on...

Page 586: ... privilege mode it can be done globally or one interface at a time before the FEFD enabled system can become operational again Table 41 State Change When Configuring FEFD Local Event Mode Local State Remote State Local Admin Status Local Protocol Status Remote Admin Status Remote Protocol Status Shutdown Normal Admin Shutdown Unknown Down Down Up Down Shutdown Aggressive Admin Shutdown Err disable...

Page 587: ...ely INTEFACE mode no shutdown 3 Enable fefd globally CONFIGURATION mode fefd interval mode Example of the show fefd Command To display information about the state of each interface use the show fefd command in EXEC privilege mode Dell show fefd FEFD is globally ON interval is 3 seconds mode is Normal INTERFACE MODE INTERVAL STATE second Te 1 1 Normal 3 Bi directional Te 1 2 Normal 3 Admin Shutdown...

Page 588: ...sary ports administratively INTERFACE mode no shutdown 3 INTERFACE mode fefd disable interval mode Example of Viewing FEFD Configuration Dell conf if te 1 1 show config interface TenGigabitEthernet 1 1 no ip address switchport fefd mode normal no shutdown Dell conf if te 1 1 do show fefd grep 1 1 Te 1 1 Normal 3 Unknown Debugging FEFD To debug FEFD use the first command To provide output for each ...

Page 589: ...Te 1 1 Peer info Mgmt Mac 00 01 e8 14 89 25 Slot Port Te 4 1 Sender hold time 3 second 2w1d22h FEFD packet received on interface Te 4 1 Sender state Bi directional Sender info Mgmt Mac 00 01 e8 14 89 25 Slot Port Te 1 1 Peer info Mgmt Mac 00 01 e8 14 89 25 Slot Port Te 4 1 Sender hold time 3 second An RPM Failover In the event that an RPM failover occurs FEFD becomes operationally down on all enab...

Page 590: ... kind of information included in the TLV Length The value in octets of the TLV after the Length field Value The configuration information that the agent is advertising The chassis ID TLV is shown in the following illustration Figure 71 Type Length Value TLV Segment TLVs are encapsulated in a frame called an LLDP data unit LLDPDU shown in the following table which is transmitted from one LLDP enabl...

Page 591: ...ratively assigned name that identifies a port through which TLVs are sent and received Optional Includes sub types of TLVs that advertise specific configuration information These sub types are Management TLVs IEEE 802 1 IEEE 802 3 and TIA 1057 Organizationally Specific TLVs Figure 72 LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs management TLVs IEEE 802 1 and 802 3...

Page 592: ...king system to advertise any or all of these TLVs Table 43 Optional TLV Types Type TLV Description Optional TLVs 4 Port description A user defined alphanumeric string that describes the port Dell Networking OS does not currently support this TLV 5 System name A user defined alphanumeric string that identifies the system 6 System description A user defined alphanumeric string that identifies the sy...

Page 593: ...tus and bit rate and whether the current settings are the result of auto negotiation This TLV is not available in the Dell Networking OS implementation of LLDP but is available and mandatory non configurable in the LLDP MED implementation 127 Power via MDI Dell Networking supports the LLDP MED protocol which recommends that Power via MDI TLV be not implemented and therefore Dell Networking impleme...

Page 594: ...rk connectivity devices with the ability to manage inventory manage Power over Ethernet PoE identify physical location identify network policy LLDP MED is designed for but not limited to VoIP endpoints TIA Organizationally Specific TLVs The Dell Networking system is an LLDP MED Network Connectivity Device Device Type 4 Network connectivity devices are responsible for transmitting an LLDP MED capab...

Page 595: ...rdware Revision Indicates the hardware revision of the LLDP MED device 127 6 Inventory Firmware Revision Indicates the firmware revision of the LLDP MED device 127 7 Inventory Software Revision Indicates the software revision of the LLDP MED device 127 8 Inventory Serial Number Indicates the device serial number of the LLDP MED device 127 9 Inventory Manufacturer Name Indicates the manufacturer of...

Page 596: ...system is a network connectivity device which is Type 4 When you enable LLDP MED in Dell Networking OS using the advertise med command the system begins transmitting this TLV Figure 74 LLDP MED Capabilities TLV Table 45 Dell Networking OS LLDP MED Capabilities Bit Position TLV Dell Networking OS Support 0 LLDP MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power...

Page 597: ...ion Table 47 Network Policy Applications Type Application Description 0 Reserved 1 Voice Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services 2 Voice Signaling Specify this application type only if voice control packets use a separate network policy than voice data 3 Guest Voice Specify this application type for a separate lim...

Page 598: ...corresponds to a value of 1 based on the TIA 1057 specification Power Priority there are three possible priorities Low High and Critical On Dell Networking systems the default power priority is High which corresponds to a value of 2 based on the TIA 1057 specification You can configure a different power priority through the CLI Dell Networking also honors the power priority value the powered devic...

Page 599: ...RATION level configurations LLDP is not hitless LLDP Compatibility Spanning tree and force10 ring protocol blocked ports allow LLDPDUs 802 1X controlled ports do not allow LLDPDUs until the connected device is authenticated CONFIGURATION versus INTERFACE Configurations All LLDP configuration commands are available in PROTOCOL LLDP mode which is a sub mode of the CONFIGURATION mode and INTERFACE mo...

Page 600: ...ow Show LLDP configuration Dell conf if te 1 3 lldp Enabling LLDP LLDP is enabled by default Enable and disable LLDP globally or per interface If you enable LLDP globally all UP interfaces send periodic LLDPDUs To enable LLDP use the following command 1 Enter Protocol LLDP mode CONFIGURATION or INTERFACE mode protocol lldp 2 Enable LLDP PROTOCOL LLDP mode no disable Disabling and Undoing LLDP To d...

Page 601: ...dot3 tlv interface port desc management tlv med Include the keyword for each TLV you want to advertise For management TLVs system capabilities system description For 802 1 TLVs port protocol vlan id port vlan id vlan name For 802 3 TLVs max frame size For TIA 1057 TLVs guest voice guest voice signaling location identification power via mdi softphone voice streaming video video conferencing video s...

Page 602: ...tise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description hello 10 no disable Dell conf lldp Dell conf lldp exit Dell conf interface tengigabitethernet 1 31 Dell conf if te 1 31 show config interface TenGigabitEthernet 1 31 no ip address switchport no shutdown Dell conf if te 1 31 protocol lldp Dell conf if te...

Page 603: ... 4136 Total Neighbor information Age outs 0 Total Frames Discarded 0 Total In Error Frames 0 Total Unrecognized TLVs 0 Total TLVs Discarded 0 Next packet will be sent after 7 seconds The neighbors are given below Remote Chassis ID Subtype Mac address 4 Remote Chassis ID 00 01 e8 06 95 3e Remote Port Subtype Interface name 5 Remote Port ID TeGigabitEthernet 2 11 Local Port ID TeGigabitEthernet 1 21...

Page 604: ...conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description mode tx no disable R1 conf lldp no mode R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities ...

Page 605: ...tem capabilities system description mode tx no disable R1 conf lldp no mode R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Configuring a Time to Live The information received from a neighbor expires after a specific amount of time m...

Page 606: ...rame size advertise management tlv system capabilities system description multiplier 5 no disable R1 conf lldp no multiplier R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Debugging LLDP You can view the TLVs that your system is sen...

Page 607: ...Networking OS supports all IEEE 802 1AB MIB objects The following tables list the objects associated with received and transmitted TLVs the LLDP configuration on the local agent IEEE 802 1AB Organizationally Specific TLVs received and transmitted LLDP MED TLVs Link Layer Discovery Protocol LLDP 607 ...

Page 608: ...ent addresses defined for the system and the ports through which they are enabled for transmission LLDP Statistics statsAgeoutsTotal lldpStatsRxPortAgeoutsTotal Total number of times that a neighbor s information is deleted on the local system due to an rxInfoTTL timer expiration statsFramesDiscardedTotal lldpStatsRxPortFramesDisca rdedTotal Total number of LLDP frames received then discarded stat...

Page 609: ...emote lldpRemPortIdSubty pe port ID Local lldpLocPortId Remote lldpRemPortId 4 Port Description port description Local lldpLocPortDesc Remote lldpRemPortDesc 5 System Name system name Local lldpLocSysName Remote lldpRemSysName 6 System Description system description Local lldpLocSysDesc Remote lldpRemSysDesc 7 System Capabilities system capabilities Local lldpLocSysCapSupp orted Remote lldpRemSysC...

Page 610: ...B Objects TLV Type TLV Name TLV Variable System LLDP MIB Object 127 Port VLAN ID PVID Local lldpXdot1LocPortVla nId Remote lldpXdot1RemPortVl anId 127 Port and Protocol VLAN ID port and protocol VLAN supported Local lldpXdot1LocProtoVl anSupported Remote lldpXdot1RemProtoV lanSupported port and protocol VLAN enabled Local lldpXdot1LocProtoVl anEnabled Remote lldpXdot1RemProtoV lanEnabled PPVID Loc...

Page 611: ...able Remote lldpXMedRemCapSu pported lldpXMedRemConfig TLVsTxEnable LLDP MED Class Type Local lldpXMedLocDevice Class Remote lldpXMedRemDevice Class 2 Network Policy Application Type Local lldpXMedLocMediaP olicyAppType Remote lldpXMedRemMedia PolicyAppType Unknown Policy Flag Local lldpXMedLocMediaP olicyUnknown Remote lldpXMedLocMediaP olicyUnknown Tagged Flag Local lldpXMedLocMediaP olicyTagged...

Page 612: ...type Location ID Data Local lldpXMedLocLocatio nInfo Remote lldpXMedRemLocati onInfo 4 Extended Power via MDI Power Device Type Local lldpXMedLocXPoED eviceType Remote lldpXMedRemXPoED eviceType Power Source Local lldpXMedLocXPoEPS EPowerSource lldpXMedLocXPoEP DPowerSource Remote lldpXMedRemXPoEP SEPowerSource lldpXMedRemXPoEP DPowerSource Power Priority Local lldpXMedLocXPoEP DPowerPriority lldp...

Page 613: ...ame TLV Variable System LLDP MED MIB Object Power Value Local lldpXMedLocXPoEPS EPortPowerAv lldpXMedLocXPoEP DPowerReq Remote lldpXMedRemXPoEP SEPowerAv lldpXMedRemXPoEP DPowerReq Link Layer Discovery Protocol LLDP 613 ...

Page 614: ...hen maps the IP address cluster IP with the MAC address cluster MAC address In Multicast mode the cluster IP address is mapped to a cluster multicast MAC address you configured using a static ARP command After the NLB entry is learned the traffic forwards to all the servers in the VLAN corresponding to the cluster virtual IP address NLB Unicast Mode Scenario Consider a sample topology in which you...

Page 615: ...vant VLAN occurs The maximum number of concurrent clusters that is supported is eight Microsoft Clustering Microsoft clustering allows multiple servers using Microsoft Windows to be represented by one MAC address and IP address to provide transparent failover or balancing Dell Networking OS does not recognize server clusters by default you must configure it to do so When an ARP request is sent to ...

Page 616: ...itch for NLB To enable a switch for Unicast NLB mode perform the following steps Enter the ip vlan flooding command to specify that all Layer 3 unicast routed data traffic going through a VLAN member port floods across all the member ports of that VLAN CONFIGURATION mode ip vlan flooding There might be some ARP table entries that are resolved through ARP packets which had the Ethernet MAC SA diffe...

Page 617: ...mac address table static multicast mac address vlan vlan id output range interface Microsoft Network Load Balancing 617 ...

Page 618: ...e transmission control protocol TCP Through this connection peers advertise the sources in their domain 1 When an RP in a PIM SM domain receives a PIM register message from a source it sends a source active SA message to MSDP peers as shown in the following illustration 2 Each MSDP peer receives and forwards the message to its peers away from the originating RP 3 When an MSDP peer receives an SA m...

Page 619: ...in in type length value TLV format The total number of TLVs contained in the SA is indicated in the Entry Count field SA messages are transmitted every 60 seconds and immediately when a new source is detected Figure 80 MSDP SA Message Format Multicast Source Discovery Protocol MSDP 619 ...

Page 620: ... When a source registers with one RP an SA message is sent to the other RPs informing them that there is an active source for a particular multicast group The result is that each RP is aware of the active sources in the area of the other RPs If any of the RPs fail IP routing converges and one of the RPs becomes the active RP in more than one area New sources register with the backup RP Receivers j...

Page 621: ...RFP Check Specifying Source Active Messages Limiting the Source Active Cache Preventing MSDP from Caching a Local Source Preventing MSDP from Caching a Remote Source Preventing MSDP from Advertising a Local Source Terminating a Peership Clearing Peer Statistics Debugging MSDP MSDP with Anycast RP MSDP Sample Configurations Multicast Source Discovery Protocol MSDP 621 ...

Page 622: ...Figure 81 Configuring Interfaces for MSDP 622 Multicast Source Discovery Protocol MSDP ...

Page 623: ...Figure 82 Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol MSDP 623 ...

Page 624: ...Figure 83 Configuring PIM in Multiple Routing Domains 624 Multicast Source Discovery Protocol MSDP ...

Page 625: ...SDP Enable MSDP by peering RPs in different administrative domains 1 Enable MSDP CONFIGURATION mode ip multicast msdp 2 Peer PIM systems in different administrative domains CONFIGURATION mode Multicast Source Discovery Protocol MSDP 625 ...

Page 626: ...packet count in out 8 0 SAs learned from this peer 1 SA Filtering Input S G filter none Output S G filter none Manage the Source Active Cache Each SA originating RP caches the sources inside its domain domain local and the sources which it has learned from its peers domain remote By caching sources domain local receivers experience a lower join latency RPs can transmit SA messages periodically to ...

Page 627: ...e of all local or rejected entries or entries for a specific group CONFIGURATION mode clear ip msdp sa cache group address local rejected sa Enabling the Rejected Source Active Cache To cache rejected sources use the following command Active sources can be rejected because the RPF check failed the SA limit is reached the peer RP is unreachable or the SA message has a format error Cache rejected so...

Page 628: ...RP4 so the RPF check is disregarded for active sources from it but RP5 and all others because of the implicit deny all are subject to the RPF check and fail so those active sources are rejected Figure 85 MSDP Default Peer Scenario 1 628 Multicast Source Discovery Protocol MSDP ...

Page 629: ...Figure 86 MSDP Default Peer Scenario 2 Multicast Source Discovery Protocol MSDP 629 ...

Page 630: ...Figure 87 MSDP Default Peer Scenario 3 630 Multicast Source Discovery Protocol MSDP ...

Page 631: ...riginating RP from which all active sources are accepted without regard for the RPF check CONFIGURATION mode ip msdp default peer ip address list If you do not specify an access list the peer accepts all sources that peer advertises All sources from RPs that the ACL denies are subject to the normal RPF check Multicast Source Discovery Protocol MSDP 631 ...

Page 632: ... Active Messages from a Peer To limit the source active messages from a peer use the following commands 1 OPTIONAL Store sources that are received after the limit is reached in the rejected SA cache CONFIGURATION mode ip msdp cache rejected sa 2 Set the upper limit for the number of sources allowed from an MSDP peer CONFIGURATION mode ip msdp peer peer address sa limit The default limit is 100K If...

Page 633: ...cted SAs received cache size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Reason 00 02 20 239 0 0 1 10 11 4 2 192 168 0 1 local Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source use the following commands 1 OPTIONAL Cache sources that the SA filter denies in the rejected SA cache CONFIGURATION mode ip msdp cache rejected sa 2 Prevent the ...

Page 634: ... mode ip msdp sa filter list in peer list ext acl Example of Verifying the System is not Advertising Local Sources In the following example R1 stops advertising source 10 11 4 2 Because it is already in the SA cache of R3 the entry remains there until it expires Router 1 R1_E600 conf do show run msdp ip multicast msdp ip msdp peer 192 168 0 3 connect source Loopback 0 ip msdp sa filter out 192 168...

Page 635: ...is Disabled After the relationship is terminated the peering state of the terminator is SHUTDOWN while the peering state of the peer is INACTIVE Router 3 R3_E600 conf ip msdp shutdown 192 168 0 1 R3_E600 conf do show ip msdp peer Peer Addr 192 168 0 1 Local Addr 0 0 0 0 0 Connect Source Lo 0 State Shutdown Up Down Time 00 00 18 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in ...

Page 636: ...ddr 192 168 0 1 Local Addr 0 0 0 0 0 Connect Source Lo 0 State Inactive Up Down Time 00 00 04 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 0 0 SAs learned from this peer 0 SA Filtering Input S G filter myremotefilter Output S G filter none Debugging MSDP To debug MSDP use the following command Display the information exchanged between peers CONFIGURATION mode debug ip ...

Page 637: ...alancing requires prior knowledge of traffic distributions lack of scalable register decasulation With only a single RP per group all joins are sent to that RP regardless of the topological distance between the RP sources and receivers and data is transmitted to the RP until the SPT switch threshold is reached slow convergence when an active RP fails When you configure multiple RPs there can be co...

Page 638: ... 1 In each routing domain that has multiple RPs serving a group create a Loopback interface on each RP serving the group with the same IP address CONFIGURATION mode interface loopback 2 Make this address the RP for the group CONFIGURATION mode ip pim rp address 638 Multicast Source Discovery Protocol MSDP ...

Page 639: ... a set of RPs has a peership with all other RPs in the set When an RP is a member of the mesh group it forwards active source information only to its peers outside of the group To create a mesh group use the following command Create a mesh group CONFIGURATION mode ip msdp mesh group Specifying the RP Address Used in SA Messages The default originator id is the address of the RP that created the me...

Page 640: ... 168 0 22 ip msdp originator id Loopback 1 ip pim rp address 192 168 0 1 group address 224 0 0 0 4 The following example shows an R2 configuration for MSDP with Anycast RP ip multicast routing interface TenGigabitEthernet 2 1 ip pim sparse mode ip address 10 11 4 1 24 no shutdown interface TenGigabitEthernet 2 11 ip pim sparse mode ip address 10 11 1 21 24 no shutdown interface TenGigabitEthernet ...

Page 641: ...pim sparse mode ip address 10 11 0 32 24 no shutdown interface TenGigabitEthernet 3 41 ip pim sparse mode ip address 10 11 6 34 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 3 32 no shutdown router ospf 1 network 10 11 6 0 24 area 0 network 192 168 0 3 32 area 0 redistribute static redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor...

Page 642: ...pback 0 neighbor 192 168 0 22 no shutdown ip multicast msdp ip msdp peer 192 168 0 11 connect source Loopback 0 ip msdp peer 192 168 0 22 connect source Loopback 0 ip msdp sa filter out 192 168 0 22 ip route 192 168 0 1 32 10 11 0 23 ip route 192 168 0 22 32 10 11 0 23 ip pim rp address 192 168 0 3 group address 224 0 0 0 4 MSDP Sample Configurations The following examples show the running configu...

Page 643: ...cast routing interface TenGigabitEthernet 2 1 ip pim sparse mode ip address 10 11 4 1 24 no shutdown interface TenGigabitEthernet 2 11 ip pim sparse mode ip address 10 11 1 21 24 no shutdown interface TenGigabitEthernet 2 31 ip pim sparse mode ip address 10 11 0 23 24 no shutdown interface Loopback 0 ip address 192 168 0 2 32 no shutdown router ospf 1 network 10 11 1 0 24 area 0 network 10 11 4 0 ...

Page 644: ...3 32 area 0 redistribute static redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192 168 0 2 remote as 100 neighbor 192 168 0 2 ebgp multihop 255 neighbor 192 168 0 2 update source Loopback 0 neighbor 192 168 0 2 no shutdown ip multicast msdp ip msdp peer 192 168 0 1 connect source Loopback 0 ip route 192 168 0 2 32 10 11 0 23 ip multicast routing interface T...

Page 645: ... 0 4 32 no shutdown router ospf 1 network 10 11 5 0 24 area 0 network 10 11 6 0 24 area 0 network 192 168 0 4 32 area 0 ip pim rp address 192 168 0 3 group address 224 0 0 0 4 Multicast Source Discovery Protocol MSDP 645 ...

Page 646: ... reduce the total number of required instances In contrast PVST allows a spanning tree instance for each VLAN This 1 1 approach is not suitable if you have many VLANs because each spanning tree instance costs bandwidth and processing resources In the following illustration three VLANs are mapped to two multiple spanning tree instances MSTI VLAN 100 traffic takes a different path than VLAN 200 and ...

Page 647: ...ell Networking OS supports only one MSTP region When you enable MSTP all ports in Layer 2 mode participate in MSTP You can configure 64 MSTIs including the default instance 0 CIST Configure Multiple Spanning Tree Protocol Configuring multiple spanning tree is a four step process 1 Configure interfaces for Layer 2 2 Place the interfaces in VLANs 3 Enable the multiple spanning tree protocol 4 Create...

Page 648: ...th by disabling one of the link ports 1 Enter PROTOCOL MSTP mode CONFIGURATION mode protocol spanning tree mstp 2 Enable MSTP PROTOCOL MSTP mode no disable Example of Verifying MSTP is Enabled To verify that MSTP is enabled use the show config command in PROTOCOL MSTP mode Dell conf protocol spanning tree mstp Dell config mstp show config protocol spanning tree mstp no disable Dell Adding and Remo...

Page 649: ...Privilege mode Dell conf mstp name my mstp region Dell conf mstp exit Dell conf do show spanning tree mst config MST region name my mstp region Revision 0 MSTI VID 1 100 2 200 300 To view the forwarding discarding state of the ports participating in an MSTI use the show spanning tree msti command from EXEC Privilege mode Dell show spanning tree msti 1 MSTI 1 VLANs mapped 100 Root Identifier has pr...

Page 650: ...he following command Assign a number as the bridge priority PROTOCOL MSTP mode msti instance bridge priority priority A lower number increases the probability that the bridge becomes the root bridge The range is from 0 to 61440 in increments of 4096 The default is 32768 Example of Assigning and Verifying the Root Bridge Priority By default the simple configuration shown previously yields the same ...

Page 651: ...equipment that participates in MSTP ensure these values match on all the equipment NOTE Some non Dell Networking OS equipment may implement a non null default region name SFTOS for example uses the Bridge ID while others may use a MAC address Changing the Region Name or Revision To change the region name or revision use the following commands Change the region name PROTOCOL MSTP mode name name Cha...

Page 652: ...hat only experienced network administrators change MSTP parameters Poorly planned modification of MSTP parameters can negatively affect network performance To change the MSTP parameters use the following commands on the root bridge 1 Change the forward delay parameter PROTOCOL MSTP mode forward delay seconds The range is from 4 to 30 The default is 15 seconds 2 Change the hello time parameter PROT...

Page 653: ...e port cost the less likely the port is selected to be a forwarding port Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost The following lists the default values for port cost by interface Table 53 Default Values for Port Costs by Interface Port Cost Default Value 100 Mb s Ethernet interfaces 200000 1 Gigabit ...

Page 654: ... on links connecting to an end station EdgePort can cause loops if you enable it on an interface connected to a network To enable EdgePort on an interface use the following command Enable EdgePort on an interface INTERFACE mode spanning tree mstp edge port bpduguard shutdown on violation Dell Networking OS Behavior Regarding bpduguard shutdown on violation behavior If the interface to be shut down...

Page 655: ...ange Dell Networking OS has an optimized MAC address flush mechanism for RSTP MSTP and PVST that flushes addresses only when necessary which allows for faster convergence during topology changes However you may activate the flushing mechanism defined by 802 1Q 2003 using the tc flush standard command which flushes MAC addresses after every topology change notification To view the enable status of ...

Page 656: ...ped to MSTP instances tag interfaces to the VLANs Step 1 protocol spanning tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 Step 2 interface TenGigabitEthernet 1 21 no ip address switchport no shutdown interface TenGigabitEthernet 1 31 no ip address switchport no shutdown Step 3 interface Vlan 100 no ip address tagged TenGigabitEthernet 1 21 31 no shutdown interfac...

Page 657: ... no ip address switchport no shutdown interface TenGigabitEthernet 2 31 no ip address switchport no shutdown Step 3 interface Vlan 100 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown Router 3 Running Configuration This example use...

Page 658: ...es the following steps 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs 2 Assign Layer 2 interfaces to the MSTP topology 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs Step 1 spanning tree spanning tree configuration name Tahiti spanning tree configuration revision 123 spanning tree MSTi instance 1 spanning tree MSTi vlan 1 100 spanni...

Page 659: ... the show running configuration spanning tree mstp in EXEC Privilege mode To monitor and verify that the MSTP configuration is connected and communicating as desired use the debug spanning tree mstp bpdu command Key items to look for in the debug report include MSTP flags indicate communication received from the same region As shown in the following the MSTP routers are located in the same region ...

Page 660: ... Indicates MSTP routers are in the single region CIST Root Bridge Id 32768 0001 e806 953e Ext Path Cost 0 Regional Bridge Id 32768 0001 e806 953e CIST Port Id 128 470 Msg Age 0 Max Age 20 Hello 2 Fwd Delay 15 Ver1 Len 0 Ver3 Len 96 Name Tahiti Rev 123 MSTP region name and revision Int Root Path Cost 0 Rem Hops 19 Bridge Id 32768 0001 e8d5 cbbd 4w0d4h INST 1 MSTP Instance Flags 0x78 Reg Root 32768 ...

Page 661: ...INST 2 Flags 0x70 Reg Root 32768 0001 e8d5 cbbd Int Root Cost Brg Port Prio 32768 128 Rem Hops 20 Multiple Spanning Tree Protocol MSTP 661 ...

Page 662: ...p to the same MAC address the Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic As the upper 5 bits of an IP Multicast address are dropped in the translation 32 different multicast group IDs all map to the same Ethernet address For example 224 0 0 5 is a known IP address for open shortest path first OSPF that maps to the multicast MA...

Page 663: ...mit is reached the Dell Networking OS does not process any IGMP or multicast listener discovery protocol MLD joins to PIM though it still processes leave messages until the number of entries decreases below 95 of the limit When the limit falls below 95 after hitting the maximum the system begins relearning route entries through IGMP MLD and MSDP If the limit is increased after it is reached subseq...

Page 664: ...n advance who the source is for the group in which they are interested To apply the access list use the following command Apply the access list INTERFACE mode ip igmp access group access list name Dell Networking OS Behavior Do not enter the ip igmp access group command before creating the access list If you do after entering your first deny rule Dell Networking OS clears the multicast routing tab...

Page 665: ...iption shown in the previous illustration Table 54 Preventing a Host from Joining a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 no shutdown 1 31 Interface TenGigabitEthernet 1 31 ip pim sparse mode Multicast Features 665 ...

Page 666: ...GigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode ip address 10 11 3 1 24 untagged TenGigabitEthernet 1 1 no shutdown Receiver 2 Interfa...

Page 667: ...packets to the RP no hosts can ever discover the source and create a shortest path tree SPT to it Prevent a source from transmitting to a particular group CONFIGURATION mode ip pim register filter In the following example Source 1 and Source 2 are both transmitting packets for groups 239 0 0 1 and 239 0 0 2 R3 has a PIM register filter that only permits packets destined for group 239 0 0 2 An entr...

Page 668: ...iption shown in the previous illustration Table 55 Preventing a Source from Transmitting to a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 no shutdown 1 31 Interface TenGigabitEthernet 1 31 ip pim sparse mode 668 Multicast Features ...

Page 669: ...n 3 1 Interface TenGigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode ip address 10 11 3 1 24 untagged TenGigabitEthernet 1 1 no shutdown...

Page 670: ...sive traffic generates when the join process from the RP back to the source is blocked due to a new source group being permitted in the join filter This results in the new source becoming stuck in registering on the DR and the continuous generation of user datagram protocol UDP encapsulated registration messages between the DR and RP routers which are being sent to the CPU Prevent the PIM SM route...

Page 671: ...uch VRRP to receive a notification when the state of a tracked object changes The following example shows how object tracking is performed Router A and Router B are both connected to the Internet via interfaces running OSPF Both routers belong to a VRRP group with a virtual router at 10 0 0 1 on the local area network LAN side Neither Router A nor Router B is the owner of the group Although Router...

Page 672: ...erational status UP or DOWN of the interface is monitored When the link level status goes down the tracked resource status is considered to be DOWN if the link level status goes up the tracked resource status is considered to be UP For logical interfaces such as port channels or virtual local area networks VLANs the link protocol status is considered to be UP if any physical interface under the lo...

Page 673: ...ddress in the ARP cache A tracked route is considered to be reachable if there is an address resolution protocol ARP cache entry for the route s next hop address If the next hop address in the ARP cache ages out for a route tracked for its reachability an attempt is made to regenerate the ARP cache entry to see if the next hop address appears before considering the route DOWN Track a Metric Thresh...

Page 674: ...he state changes from UP to DOWN or vice versa If the state of an object changes back to its former UP DOWN state before the timer expires the timer is cancelled and the client is not notified If the timer expires and an object s state has changed a notification is sent to the client For example if the DOWN timer is running when an interface goes down and comes back up the DOWN timer is cancelled ...

Page 675: ...s of a specified interface When the link level status goes down the tracked object status is considered to be DOWN if the link level status is up the tracked object status is considered to be UP To remove object tracking on a Layer 2 interface use the no track object id command To configure object tracking on the status of a Layer 2 interface use the following commands 1 Configure object tracking ...

Page 676: ...Layer 3 status of an IPv4 interface goes DOWN when its Layer 2 status goes down for a Layer 3 VLAN all VLAN ports must be down or the IP address is removed from the routing table For an IPv6 interface a routing object only tracks the UP DOWN status of the specified IPv6 interface the track interface ipv6 routing command The status of an IPv6 interface is UP only if the Layer 2 status of the interf...

Page 677: ... the reachability or metric of an IPv4 or IPv6 route You specify the route to be tracked by its address and prefix length values Optionally for an IPv4 route you can enter a VRF instance name if the route is part of a VPN routing and forwarding VRF table The next hop address is not part of the definition of a tracked IPv4 IPv6 route In order for an route s reachability or metric to be tracked the ...

Page 678: ... 254 the default DOWN threshold is 255 The notification of a change in the state of a tracked object is sent when a metric value crosses a configured threshold The tracking process uses a protocol specific resolution value to convert the actual metric in the routing table to a scaled metric in the range from 0 to 255 The resolution value is user configurable and calculates the scaled metric by div...

Page 679: ...w track object id Example of the track ip route reachability Command Example of the track ipv6 route reachability Command Dell conf track 104 ip route 10 0 0 0 8 reachability Dell conf track 104 delay up 20 down 10 Dell conf track 104 end Dell show track 104 Track 104 IP route 10 0 0 0 8 reachability Reachability is Down route not in route table 2 changes last change 00 02 49 Tracked by Dell confi...

Page 680: ...refix len metric threshold vrf vrf name Valid object IDs are from 1 to 65535 Enter an IPv4 address in dotted decimal format Valid IPv4 prefix lengths are from 0 to 32 Enter an IPv6 address in X X X X X format Valid IPv6 prefix lengths are from 0 to 128 Optional E Series only For an IPv4 route you can enter a VRF name 3 Optional Configure the time delay used before communicating a change in the UP ...

Page 681: ...ed Objects To display the currently configured objects used to track Layer 2 and Layer 3 interfaces and IPv4 and IPv6 routes use the following show commands To display the configuration and status of currently tracked Layer 2 or Layer 3 interfaces IPv4 or IPv6 routes or a VRF instance use the show track command You can also display the currently configured per protocol resolution values used to sc...

Page 682: ...how track brief Command Router show track brief ResId Resource Parameter State LastChange 1 IP route reachability 10 16 0 0 16 Example of the show track resolution Command Dell show track resolution IP Route Resolution ISIS 1 OSPF 1 IPv6 Route Resolution ISIS 1 Example of the show track vrf Command Dell show track vrf red Track 5 IP route 192 168 0 0 24 reachability Vrf red Reachability is Up CONN...

Page 683: ...track 4 interface TenGigabitEthernet 1 4 ip routing track 5 ip route 192 168 0 0 24 reachability vrf red Object Tracking 683 ...

Page 684: ...iables is included in OSPF LSAs As OSPF routers accumulate link state information they use the shortest path first SPF algorithm to calculate the shortest path to each node OSPF routers initially exchange HELLO messages to set up adjacencies with neighbor routers The HELLO process is used to establish adjacencies between routers of the AS It is not required that every router within the AS areas es...

Page 685: ...ithin the AS thus minimizing the size of the routing tables on all routers An area within the AS may not see the details of another area s topology AS areas are known by their area number or the router s IP address Figure 95 Autonomous System Areas Area Types The backbone of the network is Area 0 It is also called Area 0 0 0 0 and is the core of any AS All other areas must connect to Area 0 Areas ...

Page 686: ...rtual link can traverse it Totally stubby areas are referred to as no summary areas in the Dell Networking OS Networks and Neighbors As a link state protocol OSPF sends routing information to other OSPF routers concerning the state of the links between them The state up or down of those links is important Routers that share a link become neighbors on that segment OSPF uses the Hello protocol as a ...

Page 687: ...outer BR is part of the OSPF Backbone Area 0 This includes all ABRs It can also include any routers that connect only to the backbone and another ABR but are only part of Area 0 such as Router I in the previous example Open Shortest Path First OSPFv2 and OSPFv3 687 ...

Page 688: ...nds the updates to the other routers via multicast All routers in an area form a slave master relationship with the DR Every time a router sends an update the router sends it to the DR and BDR The DR sends the update out to all other routers in the area The BDR is the router that takes over if the DR fails Each router exchanges information with the DR and BDR The DR and BDR relay the information t...

Page 689: ... This LSA carries the IPv6 address information of the local links Type 9 Link Local LSA OSPFv2 Intra Area Prefix LSA OSPFv3 For OSPFv2 this is a link local opaque LSA as defined by RFC2370 For OSPFv3 this LSA carries the IPv6 prefixes of the router and network links Type 11 Grace LSA OSPFv3 For OSPFv3 only this LSA is a link local opaque LSA sent by a restarting OSPFv3 router during a graceful res...

Page 690: ...eared routes that are waiting for the LSA throttle timer to expire are re enabled Router Priority and Cost Router priority and cost is the method the system uses to rate the routers For example if not assigned the system selects the router with the highest priority as the DR The second highest priority is the BDR Priority is a numbered rating 0 to 255 The higher the number the higher the priority ...

Page 691: ...ys It is therefore desirable that the network maintains a stable topology if it is possible for data flow to continue uninterrupted OSPF graceful restart understands that in a modern router the control plane and data plane functionality are separate restarting the control plane functionality such as the failover of the active RPM to the backup in a redundant configuration does not necessarily have...

Page 692: ...a helper reject role OSPF does not participate in the graceful restart of an adjacent OSPFv2 v3 router If multiple OSPF interfaces provide communication between two routers after you configure helper reject on one interface all other interfaces between the two routers behave as if they are in the help reject role OSPFv2 and OSPFv3 support planned only and or unplanned only restarts The default is ...

Page 693: ...nding to the OspfNbrOption feild in the OspfNbrTable returns a value of 66 RFC 2328 Compliant OSPF Flooding In OSPF flooding is the most resource consuming task The flooding algorithm described in RFC 2328 requires that OSPF flood LSAs on all interfaces as governed by LSA s flooding scope refer to Section 13 of the RFC When multiple direct links connect two routers the RFC 2328 flooding algorithm ...

Page 694: ...cording to RFC 2328 SPF schedule delay 5 secs Hold time between two SPFs 10 secs Number of area in this router is 1 normal 0 stub 0 nssa 1 More OSPF ACK Packing The OSPF ACK packing feature bundles multiple LS acknowledgements in a single packet significantly reducing the number of ACK packets transmitted when the number of LSAs increases This feature also enhances network utilization and reduces ...

Page 695: ...jacent neighbor count is 1 Adjacent with neighbor 1 1 1 1 Backup Designated Router Dell conf if te 2 2 Configuration Information The interfaces must be in Layer 3 mode assigned an IP address and enabled so that they can send and receive traffic The OSPF process must know about these interfaces To make the OSPF process aware of these interfaces they must be assigned to OSPF areas You must configure...

Page 696: ...l conf router_ospf 1 end Dell For a complete list of the OSPF commands refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document Enabling OSPFv2 To enable Layer 3 routing assign an IP address to an interface physical or Loopback By default OSPF similar to all routing protocols is disabled You must configure at least one interface for Layer 3 before enabling OSPFv2 g...

Page 697: ...wing message displays C300 conf router ospf 1 Error No router ID available Assigning a Router ID In CONFIGURATION ROUTER OSPF mode assign the router ID The router ID is not required to be the router s IP address However Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting Optional process id commands are also described Assign the router ID for ...

Page 698: ...RF are tied together the OSPF process ID cannot be used again in the system If you try to enable more OSPF processes than available Layer 3 interfaces the following message displays C300 conf router ospf 1 Error No router ID available Assigning an OSPFv2 Area After you enable OSPFv2 assign the interface to an OSPF area Set up OSPF areas and enable OSPFv2 on an interface with the network command Yo...

Page 699: ... and an OSPFv2 area is defined that includes the IP address of a Layer 3 interface The first bold lines assign an IP address to a Layer 3 interface and theno shutdown command ensures that the interface is UP The second bold line assigns the IP address of an interface to an area Example of Enabling OSPFv2 and Assigning an Area to an Interface Dell conf int te 4 14 Dell conf if te 4 14 ip address 10...

Page 700: ...OSPF Status on a Loopback Interface Dell show ip ospf 1 int TenGigabitEthernet 1 23 is up line protocol is up Internet Address 10 168 0 1 24 Area 0 0 0 1 Process ID 1 Router ID 10 168 253 2 Network Type BROADCAST Cost 1 Transmit Delay is 1 sec State DROTHER Priority 1 Designated Router ID 10 168 253 5 Interface address 10 168 0 4 Backup Designated Router ID 192 168 253 3 Interface address 10 168 0...

Page 701: ...database database summary OSPF Router with ID 10 1 2 100 Process ID 34 Area ID Router Network S Net S ASBR Type 7 Subtotal 2 2 2 2 1 0 0 0 0 1 3 3 3 3 1 0 0 0 0 1 Dell To view information on areas use the show ip ospf process id command in EXEC Privilege mode Enabling Passive Interfaces A passive interface is one that does not send or receive routing information Enabling passive interface suppress...

Page 702: ...00 Network Type BROADCAST Cost 10 Transmit Delay is 1 sec State DOWN Priority 1 Designated Router ID 10 1 2 100 Interface address 0 0 0 0 Backup Designated Router ID 0 0 0 0 Interface address 0 0 0 0 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 13 39 46 Neighbor Count is 0 Adjacent neighbor count is 0 TenGigabitEthernet 2 1 is up line protocol is down Internet Addr...

Page 703: ...8 67 2 Supports only single TOS TOS0 routes SPF schedule delay 5 secs Hold time between two SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs Min LSA arrival 0 secs Number of area in this router is 0 normal 0 stub 0 nssa 0 Dell The following examples shows how to disable fast convergence Dell conf router_ospf 1 no fast converge Dell conf router_ospf 1 ex Dell conf ex Dell show ip ospf 1 ...

Page 704: ...r key which is sent instead of the key CONFIG INTERFACE mode ip ospf message digest key keyid md5 key keyid the range is from 1 to 255 Key a character string NOTE Be sure to write down or otherwise record the key You cannot learn the key after it is configured You must be careful when changing this key NOTE You can configure a maximum of six digest keys on an interface Of the available six digest ...

Page 705: ...interface TenGigabitEthernet 1 1 is up line protocol is up Internet Address 10 1 2 100 24 Area 2 2 2 2 Process ID 34 Router ID 10 1 2 100 Network Type BROADCAST Cost 45 Transmit Delay is 1 sec State DR Priority 1 Designated Router ID 10 1 2 100 Interface address 10 1 2 100 Backup Designated Router ID 10 1 2 100 Interface address 0 0 0 0 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmi...

Page 706: ...form NOTE By default OSPFv2 graceful restart is disabled To enable and configure OSPFv2 graceful restart use the following commands 1 Enable OSPFv2 graceful restart globally and set the grace period CONFIG ROUTEROSPF id mode graceful restart grace period seconds The seconds range is from 40 and 3000 This setting is the time that an OSPFv2 router s neighbors advertises it as fully adjacent regardle...

Page 707: ... fully adjacent during a restart For more information about OSPF graceful restart refer to the Dell Networking OS Command Line Reference Guide Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router the show run ospf command displays information similar to the following Dell show run ospf router ospf 1 graceful restart grace period 300 graceful restart role h...

Page 708: ...irectly connected routes in the OSPF process NOTE Do not route iBGP routes to OSPF unless there are route maps associated with the OSPF redistribution To redistribute routes use the following command Specify which routes are redistributed into OSPF process CONFIG ROUTEROSPF id mode redistribute bgp connected isis rip static metric metric value metric type type value route map map name tag tag valu...

Page 709: ...ea type Have the routes been included in the OSPF database Have the OSPF routes been included in the routing table not just the OSPF database Some useful troubleshooting commands are show interfaces show protocols debug IP OSPF events and or packets show neighbors show routes To help troubleshoot OSPFv2 use the following commands View the summary of all OSPF process IDs enables on the router EXEC ...

Page 710: ... queue Example of Viewing OSPF Configuration Dell show run ospf router ospf 4 router id 4 4 4 4 network 4 4 4 0 28 area 1 ipv6 router ospf 999 default information originate always router id 10 10 10 10 Dell Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2 These examples are not comprehensive directions They are intended to give you some guidance with t...

Page 711: ...1 2 ip address 10 2 12 2 24 no shutdown interface Loopback 10 ip address 192 168 100 100 24 no shutdown OSPF Area 0 Te 3 1 and 3 2 router ospf 33333 network 192 168 100 0 24 area 0 network 10 0 13 0 24 area 0 network 10 0 23 0 24 area 0 interface Loopback 30 ip address 192 168 100 100 24 no shutdown interface TenGigabitEthernet 3 1 ip address 10 1 13 3 24 no shutdown interface TenGigabitEthernet 3...

Page 712: ...as The OSPFv3 ipv6 ospf area command enables OSPFv3 on the interface and places the interface in an area With OSPFv2 two commands are required to accomplish the same tasks the router ospf command to create the OSPF process then the network area command to enable OSPF on an interface NOTE The OSPFv2 network area command enables OSPF on multiple interfaces with the single command Use the OSPFv3 ipv6...

Page 713: ... written as eight groups of four hexadecimal digits separate each group by a colon The format is A B C F 128 2 Bring up the interface CONF INT type slot port mode no shutdown Assigning Area ID on an Interface To assign the OSPFv3 process to an interface use the following command The ipv6 ospf area command enables OSPFv3 on an interface and places the interface in the specified area Additionally th...

Page 714: ... ROUTER OSPF mode router id number number the IPv4 address The format is A B C D NOTE Enter the router id for an OSPFv3 router as an IPv4 IP address Disable OSPF CONFIGURATION mode no ipv6 router ospf process id Reset the OSPFv3 process EXEC Privilege mode clear ipv6 ospf process Assigning OSPFv3 Process ID and Router ID to a VRF To assign disable or reset OSPFv3 on a non default VRF use the follo...

Page 715: ...on an OSPFv3 interface use the following command This command stops the router from sending updates on that interface Specify whether some or all some of the interfaces are passive CONF IPV6 ROUTER OSPF mode passive interface interface slot port Interface identifies the specific interface that is passive For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port in...

Page 716: ...a default external route into the OSPFv3 routing domain configure Dell Networking OS To specify the information for the default route use the following command Specify the information for the default route CONF IPV6 ROUTER OSPF mode default information originate always metric metric value metric type type value route map map name Configure the following required and optional parameters always indi...

Page 717: ... events that trigger a graceful restart CONF IPV6 ROUTER OSPF mode graceful restart mode planned only unplanned only Planned only the OSPFv3 router supports graceful restart only for planned restarts A planned restart is when you manually enter a redundancy force failover rpm command to force the primary RPM over to the secondary RPM During a planned restart OSPFv3 sends out a Grace LSA before the...

Page 718: ...0 ipv6 router ospf 1 log adjacency changes graceful restart grace period 180 The following example shows the show ipv6 ospf database database summary command Dell show ipv6 ospf database database summary OSPFv3 Router with ID 200 1 1 1 Process ID 1 Process 1 database summary Type Count Status Oper Status 1 Admin Status 1 Area Bdr Rtr Status 0 AS Bdr Rtr Status 1 AS Scope LSA Count 0 AS Scope LSA C...

Page 719: ...urity protocols authentication header AH and encapsulating security payload ESP For OSPFv3 these two IPsec protocols provide interoperable high quality cryptographically based security HA IPsec authentication header is used in packet authentication to verify that data is not altered during transmission and ensures that users are communicating with the intended individual or organization Insert the...

Page 720: ...e IPsec security associations SAs are the same on inbound and outbound traffic on an OSPFv3 interface There is no maximum AH or ESP header length because the headers have fields with variable lengths Manual key configuration is supported in an authentication or encryption policy dynamic key configuration using the internet key exchange IKE protocol is not supported In an OSPFv3 authentication poli...

Page 721: ...cation type Message Digest 5 MD5 or Secure Hash Algorithm 1 SHA 1 key encryption type optional specifies if the key is encrypted The valid values are 0 key is not encrypted or 7 key is encrypted key specifies the text string used in authentication All neighboring OSPFv3 routers must share key to exchange information For MD5 authentication the key must be 32 hex digits non encrypted or 64 hex digit...

Page 722: ...gits for AES 128 and 48 or 96 hex digits for AES 192 key encryption type optional specifies if the key is encrypted The valid values are 0 key is not encrypted or 7 key is encrypted authentication algorithm specifies the encryption authentication algorithm to use The valid values are MD5 or SHA1 key specifies the text string used in authentication All neighboring OSPFv3 routers must share key to e...

Page 723: ... 32 hex digits non encrypted or 64 hex digits encrypted For SHA 1 authentication the key must be 40 hex digits non encrypted or 80 hex digits encrypted Remove an IPSec authentication policy from an OSPFv3 area no area area id authentication ipsec spi number Display the configuration of IPSec authentication policies on the router show crypto ipsec policy Configuring IPsec Encryption for an OSPFv3 A...

Page 724: ... or SHA1 key specifies the text string used in authentication All neighboring OSPFv3 routers must share key to exchange information For MD5 authentication the key must be 32 hex digits non encrypted or 64 hex digits encrypted For SHA 1 authentication the key must be 40 hex digits non encrypted or 80 hex digits encrypted key authentication type optional specifies if the authentication key is encryp...

Page 725: ...9c123456789d12345678 Transform set esp 3des esp md5 hmac Crypto IPSec client security policy data Policy name OSPFv3 1 500 Policy refcount 2 Inbound AH SPI 500 0x1F4 Outbound AH SPI 500 0x1F4 Inbound AH Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Outbound AH Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Transform set ah md5 hmac Crypto IPSec client s...

Page 726: ... spi 600 0x258 transform esp des esp sha1 hmac in use settings Transport replay detection support N STATUS ACTIVE Troubleshooting OSPFv3 Use the information in this section to troubleshoot OSPFv3 operation on the switch NOTE The following tasks are not a comprehensive they provide some examples of typical troubleshooting checks Have you enabled OSPF globally Is the OSPF process active on the inter...

Page 727: ...rf vrf name database View the configuration of OSPFv3 neighbors EXEC Privilege mode show ipv6 ospf vrf vrf name neighbor View debug messages for all OSPFv3 interfaces EXEC Privilege mode debug ipv6 ospf vrf vrf name event packet type slot port For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port information For a 40 Gigabit Ethernet interface enter the keywor...

Page 728: ... type destination and so forth For example a network administrator might want to forward a packet that uses transmission control protocol TCP across a different next hop than packets using Internet control message protocol ICMP In these situations you can configure switch route packets according to a policy applied to interfaces When the packet comes from this source and wants to go to that destin...

Page 729: ...interface IP The qualifiers of the rule would be pertaining to the inner IP details For next hop to be a tunnel interface user needs to provide tunnel id mandatory Instead if user provides the tunnel destination IP as next hop that would be treated as IPv4 next hop and not tunnel next hop PBR with Multiple Tacking Option Policy based routing with multiple tracking option extends and introduces the...

Page 730: ...st Create a Rule for a Redirect list Create a Track id list For complete tracking information refer to Object Tracking chapter Apply a Redirect list to an Interface using a Redirect group PBR Exceptions Permit To create an exception to a redirect list use the permit command Use exceptions when a forwarding decision is based on the routing table rather than a routing policy Dell Networking OS assig...

Page 731: ...ules Use the seq nn redirect version of the command to organize your rules Configure a rule for the redirect list CONF REDIRECT LIST mode seq number redirect ip address tunnel tunnel id track obj id ip protocol number protocol type bit source mask any host ip address destination mask any host ip address number is the number in sequence to initiate this rule ip address is the Forwarding router s ad...

Page 732: ... or nn Mask in dotted decimal or in slash format Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 32 A B C D Destination address any Any destination host host A single destination host Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 32 77 1 1 1 Mask A B C D or nn Mask in dotted decimal or in slash format Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 32 77 1 1 1 32 Dell conf redi...

Page 733: ...list with a different route is used Apply a Redirect list to an Interface using a Redirect group IP redirect lists are supported on physical interfaces as well as virtual local area network VLAN and port channel interfaces NOTE When you apply a redirect list on a port channel when traffic is redirected to the next hop and the destination port channel is shut down the traffic is dropped However the...

Page 734: ... purposes Show Redirect List Configuration To view the configuration redirect list configuration use the following commands 1 View the redirect list configuration and the associated interfaces EXEC mode show ip redirect list redirect list name 2 View the redirect list entries programmed in the CAM EXEC mode show cam pbr show cam usage List the redirect list configuration using the show ip redirect...

Page 735: ...mit ip 200 200 200 200 200 200 200 200 199 199 199 199 199 199 199 199 seq 10 redirect 1 1 1 2 tcp 234 224 234 234 255 234 234 234 222 222 222 222 24 eq 40 ack Next hop reachable via Te 2 1 Applied interfaces Te 2 2 NOTE If you apply the redirect list to an interface the output of the show ip redirect list redirect list name command displays reachability status for the specified next hop Example S...

Page 736: ...raffic originating in 192 168 2 0 24 seq 15 permit ip any Create the Redirect List GOLD EDGE_ROUTER conf if Te 2 23 ip redirect list GOLD EDGE_ROUTER conf redirect list description Route GOLD traffic to ISP_GOLD EDGE_ROUTER conf redirect list direct 10 99 99 254 ip 192 168 1 0 24 any EDGE_ROUTER conf redirect list redirect 10 99 99 254 ip 192 168 2 0 24 any EDGE_ROUTER conf redirect list seq 15 pe...

Page 737: ...eate Track Objects to track the Redirect IP s Dell configure terminal Dell conf track 3 ip host 42 1 1 2 reachability Dell conf track 3 probe icmp Dell conf track 3 track 4 ip host 43 1 1 2 reachability Dell conf track 4 probe icmp Dell conf track 4 end Create a Redirect list with Track Objects pertaining to Redirect IP s Dell configure terminal Dell conf ip redirect list redirect_list_with_track ...

Page 738: ... 25 redirect 43 1 1 2 track 4 ip host 7 7 7 7 host 144 144 144 144 Track 4 up Next hop reachable via Vl 20 Applied interfaces Te 2 28 Dell Configuration Tasks for Creating a PBR list using Explicit Track Objects for Tunnel Interfaces Creating steps for Tunnel Interfaces Dell configure terminal Dell conf interface tunnel 1 Dell conf if tu 1 tunnel destination 40 1 1 2 Dell conf if tu 1 tunnel sourc...

Page 739: ...edirect list redirect tunnel 2 track 2 tcp any any Dell conf redirect list end Dell Apply the Redirect Rule to an Interface Dell configure terminal Dell conf interface TenGigabitEthernet 2 28 Dell conf if te 2 28 ip redirect group explicit_tunnel Dell conf if te 2 28 exit Dell conf end Verify the Applied Redirect Rules Dell show ip redirect list explicit_tunnel IP redirect list explicit_tunnel Def...

Page 740: ...fter receiving the first multicast packet Dell Networking OS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message Dell Networking OS supports PIM SM on physical virtual local area network VLAN and port channel interfaces NOTE Multicast routing is supported across default and non default VRFs Protocol Overview PIM SM initially...

Page 741: ...e message is not forwarded Send Multicast Traffic With PIM SM all multicast traffic must initially originate from the RP A source must unicast traffic to the RP so that the RP can learn about the source and create an SPT to it Then the last hop DR may create an SPT directly to the source 1 The source gateway router first hop DR receives the multicast packets and creates an S G entry in its multica...

Page 742: ...ocess 1 Enable multicast routing refer to the following step 2 Select a rendezvous point 3 Enable PIM SM on an interface Enable multicast routing CONFIGURATION mode ip multicast routing Related Configuration Tasks The following are related PIM SM configuration tasks Configuring S G Expiry Timers Configuring a Static Rendezvous Point Configuring a Designated Router Creating Multicast Boundaries and...

Page 743: ...show ip pim tib command from EXEC privilege mode Dell show ip pim tib PIM Multicast Routing Table Flags D Dense S Sparse C Connected L Local P Pruned R RP bit set F Register flag T SPT bit set J Join SPT Timers Uptime Expires Interface state Interface next Hop State Mode 192 1 2 1 uptime 00 29 36 expires 00 03 26 RP 10 87 2 6 flags SCJ Incoming interface TenGigabitEthernet 1 12 RPF neighbor 10 87 ...

Page 744: ... or is a standard ACL if the expiry time is specified for an S G entry in a deny rule Dell conf ip access list extended SGtimer Dell config ext nacl permit ip 10 1 2 3 24 225 1 1 0 24 Dell config ext nacl permit ip any 232 1 1 0 24 Dell config ext nacl permit ip 100 1 1 0 16 any Dell config ext nacl show conf ip access list extended SGtimer seq 5 permit ip 10 1 2 0 24 225 1 1 0 24 seq 10 permit ip...

Page 745: ...ivilege mode Dell show ip pim rp Group RP 225 0 1 40 165 87 50 5 226 1 1 1 165 87 50 5 To display the assigned RP for a group range group to RP mapping use the show ip pim rp mapping command in EXEC privilege mode Dell show ip pim rp mapping PIM Group to RP Mappings Group s 224 0 0 0 4 Static RP 165 87 50 5 v2 Configuring a Designated Router Multiple PIM SM routers might be connected to a single l...

Page 746: ...ary defined by PIM multicast border routers PMBRs PMBRs connect each PIM domain to the rest of the Internet Create multicast boundaries and domains by filtering inbound and outbound bootstrap router BSR messages per interface The following command is applied to the subsequent inbound and outbound updates Timeout removes existing BSR advertisements Create multicast boundaries and domains by filteri...

Page 747: ...SM also solves the multicast address allocation problem Applications must use unique multicast addresses because if multiple applications use the same address receivers receive unwanted traffic However global multicast address space is limited Currently GLOP EGLOP is used to statically assign Internet routable multicast addresses but each autonomous system number yields only 255 multicast addresse...

Page 748: ...sm range command from EXEC Privilege mode R1 conf do show run pim ip pim rp address 10 11 12 2 group address 224 0 0 0 4 ip pim ssm range ssm R1 conf do show run acl ip access list standard ssm seq 5 permit host 239 0 0 2 R1 conf do show ip pim ssm range Group Address MaskLen 239 0 0 2 32 Use PIM SSM with IGMP Version 2 Hosts PIM SSM requires receivers that support IGMP version 3 You can employ PI...

Page 749: ...table If you do not specify the group option the display is a list of groups currently in the IGMP group table that has a group to source mapping To display the list of sources mapped to a group currently in the IGMP group table use the show ip igmp groups group detail command Configuring PIM SSM with IGMPv2 R1 conf do show run pim ip pim rp address 10 11 12 2 group address 224 0 0 0 4 ip pim ssm ...

Page 750: ...e 1 1 1 239 0 0 1 Vlan 400 INCLUDE 00 00 10 Never 10 11 4 2 R1 conf do show ip igmp ssm map IGMP Connected Group Membership Group Address Interface Mode Uptime Expires Last Reporter 239 0 0 2 Vlan 300 IGMPv2 Compat 00 00 36 Never 10 11 3 2 Member Ports Te 1 1 1 R1 conf do show ip igmp ssm map 239 0 0 2 SSM Map Information Group 239 0 0 2 Source s 10 11 5 2 R1 conf do show ip igmp groups detail Int...

Page 751: ...10 11 5 2 00 00 05 00 02 04 Member Ports Te 1 2 1 PIM Source Specific Mode PIM SSM 751 ...

Page 752: ...ork Important Points to Remember Port Monitoring is supported on both physical and logical interfaces like virtual area network VLAN and port channel The monitored the source MD and monitoring ports the destination MG must be on the same switch In general a monitoring port should have no ip address and no shutdown as the only configuration Dell Networking OS permits a limited set of commands for m...

Page 753: ... sess 5 Dell conf mon ses 300 Dell conf mon sess 300 source tengig 1 17 destination tengig 1 4 direction tx Error Exceeding max MG ports for this MD port pipe Dell conf mon sess 300 Dell conf mon sess 300 source tengig 1 17 destination tengig 1 1 direction tx Dell conf mon sess 300 do show mon session SessionID Source Destination Direction Mode Type 0 Te 1 13 Te 2 1 rx interface Port based 10 Te 1...

Page 754: ...D port is a Layer 2 port the frames are tagged with the VLAN ID of the VLAN to which the MD belongs If the MD port is a Layer 3 port the frames are tagged with VLAN ID 4095 If the MD port is in a Layer 3 VLAN the frames are tagged with the respective Layer 3 VLAN ID For example in the configuration source TeGig 6 1 destination TeGig 6 2 direction tx if the MD port TenGig 6 1 is an untagged member ...

Page 755: ...ce Destination Dir Mode Source IP Dest IP 0 Te 1 1 Te 1 2 rx Port N A N A Dell conf monitor session 0 Dell conf mon sess 0 source po 10 dest ten 1 2 dir rx Dell conf mon sess 0 do show monitor session SessID Source Destination Dir Mode Source IP Dest IP 0 Te 1 1 Te 1 2 rx Port N A N A 0 Po 10 Te 1 2 rx Port N A N A Dell conf monitor session 1 Dell conf mon sess 1 source vl 40 dest ten 1 3 dir rx D...

Page 756: ... Layer 2 and Layer 3 ingress and egress traffic You can specify traffic using standard or extended access lists 1 Enable flow based monitoring for a monitoring session MONITOR SESSION mode flow based enable 2 Define in access list rules that include the keyword monitor For port monitoring Dell Networking OS only considers traffic matching rules with the keyword monitor CONFIGURATION mode ip access...

Page 757: ...y any count bytes 0 packets 0 bytes seq 20 deny tcp any any count bytes 0 packets 0 bytes Dell conf do show monitor session 0 SessionID Source Destination Direction Mode Type 0 Te 1 1 Te 1 2 rx interface Flow based Remote Port Mirroring While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port on the same switch router remote port...

Page 758: ...ce session traffic is shown with an orange or green circle with a blue border The reserved VLANs transport the mirrored traffic in sessions blue pipes to the destination analyzers in the local network Two destination sessions are shown one for the reserved VLAN that transports orange circle traffic one for the reserved VLAN that transports green circle traffic Configuring Remote Port Mirroring Rem...

Page 759: ...VLAN can have multiple member ports Reserved Vlan cannot have untagged ports In the reserved L2 VLAN used for remote port mirroring MAC address learning in the reserved VLAN is automatically disabled The reserved VLAN for remote port mirroring can be automatically configured in intermediate switches by using GVRP There is no restriction on the VLAN IDs used for the reserved remote mirroring VLAN V...

Page 760: ...d VLAN used to transport mirrored traffic must be a L2 VLAN L3 VLANs are not supported On a source switch on which you configure source ports for remote port mirroring you can add only one port to the dedicated RPM VLAN which is used to transport mirrored traffic You can configure multiple ports for the dedicated RPM VLAN on intermediate and destination switches Displaying Remote Port Mirroring Co...

Page 761: ...erface Range Specify the port or list of ports that needs to be monitored 4 direction Specify rx tx or both in case to monitor ingress egress or both ingress and egress packets on the specified port 5 rpm source ip id dest ip id Specify the source ip address and the destination ip where the packet needs to be sent 6 no flow based enable Specify flow based enable for mirroring on a flow by flow bas...

Page 762: ...it Dell conf interface port channel 10 Dell conf if po 10 channel member te 1 28 29 Dell conf if po 10 no shutdown Dell conf if po 10 exit Dell conf monitor session 3 type rpm Dell conf mon sess 3 source port channel 10 dest remote vlan 30 dir both Dell conf mon sess 3 no disable Dell conf mon sess 3 Dell conf mon sess 3 exit Dell conf end Dell Dell show monitor session SessID Source Destination D...

Page 763: ...estination te 1 6 Dell conf mon sess 3 tagged destination te 1 6 Dell conf mon sess 3 end Dell Dell show monitor session SessID Source Destination Dir Mode Source IP Dest IP 1 remote vlan 10 Te 1 4 N A N A N A N A 2 remote vlan 20 Te 1 5 N A N A N A N A 3 remote vlan 30 Te 1 6 N A N A N A N A Dell Configuring RSPAN Source Sessions to Avoid BPD Issues When ever you configure an RPM source session y...

Page 764: ... ERPM mirrored packet The system encapsulates the complete ingress or egress data under GRE header IP header and outer MAC header and sends it out at the next hop interface as pointed by the routing table The source IP address can be any port s ip address defined in the box but it should be unique and should not be assigned to any other system in the network The keyword flow based enable should ha...

Page 765: ...sion to be active The following example shows a sample configuration Dell conf monitor session 0 type erpm Dell conf mon sess 0 source tengigabitethernet 1 9 direction rx Dell conf mon sess 0 source port channel 1 direction tx Dell conf mon sess 0 erpm source ip 1 1 1 1 dest ip 7 1 1 2 Dell conf mon sess 0 no disable Dell conf monitor session 1 type erpm Dell conf mon sess 1 source vlan 11 directi...

Page 766: ...not supported As seen in the above figure the packets received transmitted on Port A will be encapsulated with an IP GRE header plus a new L2 header and sent to the destination ip address Port D s ip address on the sniffer The Header that gets attached to the packet is 38 bytes long If the sniffer does not support IP interface a destination switch will be needed to receive the encapsulated ERPM pa...

Page 767: ...ne interface one can choose the ingress and forward interface to be same and listen in the tx direction of the interface Download Write a small script for example erpm py such that it will strip the given ERPM packet starting from the bit where GRE header ends Basically all the bits after 0x88BE need to be removed from the packet and sent out through another interface This script erpm zip is avail...

Page 768: ...ed VLANs mapped to the same primary VLAN In more detail community VLANs are especially useful in the service provider environment because multiple customers are likely to maintain servers that must be strictly separated in customer specific groups A set of servers owned by a customer could comprise a community VLAN so that those servers could communicate with each other and would be isolated from ...

Page 769: ...cate with any other port type in the PVLAN A promiscuous port can be part of more than one primary VLAN A promiscuous port cannot be added to a regular VLAN Trunk port carries traffic between switches A trunk port in a PVLAN is always tagged In tagged mode the trunk port carries the primary or secondary VLAN traffic The tag on the packet helps identify the VLAN to which the packet belongs A trunk ...

Page 770: ...ed port INTERFACE switchport mode private vlan host promiscuous trunk NOTE Secondary VLANs are Layer 2 VLANs so even if they are operationally down while primary VLANs are operationally up Layer 3 traffic is still transmitted across secondary VLANs NOTE The outputs of the show arp and show vlan commands provide PVLAN data For more information refer to the Dell Networking OS Command Line Reference ...

Page 771: ...bitEthernet 2 1 Dell conf if te 2 1 switchport mode private vlan promiscuous Dell conf interface TenGigabitEthernet 2 2 Dell conf if te 2 2 switchport mode private vlan host Dell conf interface TenGigabitEthernet 2 3 Dell conf if te 2 3 switchport mode private vlan trunk Dell conf interface TenGigabitEthernet 2 2 Dell conf if te 2 2 switchport mode private vlan host Dell conf interface port channe...

Page 772: ... You can enter interfaces in numeric or in range format either comma delimited slot port port port or hyphenated slot port port You can only add promiscuous ports or PVLAN trunk ports to the PVLAN no host or regular ports 6 OPTIONAL Assign an IP address to the VLAN INTERFACE VLAN mode ip address ip address 7 OPTIONAL Enable disable Layer 3 communication between secondary VLANs INTERFACE VLAN mode ...

Page 773: ...at primary VLAN 1 Access INTERFACE VLAN mode for the VLAN that you want to make an isolated VLAN CONFIGURATION mode interface vlan vlan id 2 Enable the VLAN INTERFACE VLAN mode no shutdown 3 Set the PVLAN mode of the selected VLAN to isolated INTERFACE VLAN mode private vlan mode isolated 4 Add one or more host ports to the VLAN INTERFACE VLAN mode tagged interface or untagged interface You can en...

Page 774: ...e community Dell conf vlan 101 untagged Te 2 10 Dell conf interface vlan 100 Dell conf vlan 100 private vlan mode isolated Dell conf vlan 100 untagged Te 2 2 Private VLAN Configuration Example The following example shows a private VLAN topology Figure 101 Sample Private VLAN Topology The following configuration is based on the example diagram for the Z9500 Te 1 1 and Te 1 23 are configured as prom...

Page 775: ...hosts In parallel on S4810 Te 1 3 is a promiscuous port and Te 1 25 is a PVLAN trunk port assigned to the primary VLAN 4000 Te 1 4 6 are host ports Te 1 4 and Te 1 5 are assigned to the community VLAN 4001 while Te 1 6 is assigned to the isolated VLAN 4003 The result is that The S4810 ports would have the same intra switch communication characteristics as described for the Z9500 For transmission b...

Page 776: ...how arp and show vlan commands are revised to display PVLAN data The following example shows viewing a private VLAN c300 1 show vlan private vlan Primary Secondary Type Active Ports 4000 Primary Yes Te 1 1 23 25 4001 Community Yes Te 4 1 23 4002 Community Yes Te 4 24 47 4003 Isolated Yes Te 1 24 47 The following example shows using the show vlan private vlan mapping command S50 1 show vlan private...

Page 777: ...t 1 5 no ip address switchport switchport mode private vlan host no shutdown interface TenGigabitEthernet 1 6 no ip address switchport switchport mode private vlan host no shutdown interface TenGigabitEthernet 1 25 no ip address switchport switchport mode private vlan trunk no shutdown interface Vlan 4000 private vlan mode primary private vlan mapping secondary vlan 4001 4003 no ip address tagged ...

Page 778: ...ird party that allows you to configure a separate spanning tree instance for each virtual local area network VLAN For more information about spanning tree refer to the Spanning Tree Protocol STP chapter Figure 102 Per VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree as shown in the following table 778 Per VLAN Spanning Tree Plus PVST ...

Page 779: ...ivendor network verify that the costs are values you intended You can enable PVST on 254 VLANs To set up VLANs refer to Virtual LANs VLANs Configure Per VLAN Spanning Tree Plus Configuring PVST is a four step process 1 Configure interfaces for Layer 2 2 Place the interfaces in VLANs 3 Enable PVST 4 Optionally for load balancing select a nondefault bridge priority for a VLAN Related Configuration T...

Page 780: ...To display your PVST configuration use the show config command from PROTOCOL PVST mode Dell_E600 conf pvst show config verbose protocol spanning tree pvst no disable vlan 100 bridge priority 4096 Influencing PVST Root Selection As shown in the previous per VLAN spanning tree illustration all VLANs use the same forwarding topology because R2 is elected the root and all TenGigabitEthernet ports have...

Page 781: ... assign bridges a low non default value for bridge priority To assign a bridge priority use the following command Assign a bridge priority PROTOCOL PVST mode vlan bridge priority The range is from 0 to 61440 The default is 32768 Example of the show spanning tree pvst vlan Command To display the PVST forwarding topology use the show spanning tree pvst vlan vlan id command from EXEC Privilege mode D...

Page 782: ...ss 0001 e80d b6 d6 Designated bridge has priority 4096 address 0001 e80d b6 d6 Designated port id is 128 385 designated path cost 0 Modifying Global PVST Parameters The root bridge sets the values for forward delay and hello time and overwrites the values set on other PVST bridges Forward delay the amount of time an interface waits in the Listening state and the Learning state before it transition...

Page 783: ...nterface Table 57 Default Values for Port Cost Port Cost Default Value 100 Mb s Ethernet interfaces 200000 1 Gigabit Ethernet interfaces 20000 10 Gigabit Ethernet interfaces 2000 Port Channel with 100 Mb s Ethernet interfaces 180000 Port Channel with 1 Gigabit Ethernet interfaces 18000 Port Channel with 10 Gigabit Ethernet interfaces 1800 NOTE The Dell Networking OS implementation of PVST uses IEE...

Page 784: ...se the following command Enable EdgePort on an interface INTERFACE mode spanning tree pvst edge port bpduguard shutdown on violation The EdgePort status of each interface is given in the output of the show spanning tree pvst command as previously shown Dell Networking OS Behavior Regarding the bpduguard shutdown on violation command behavior If the interface to be shut down is a port channel all t...

Page 785: ... the following example ports P1 and P2 are untagged members of different VLANs These ports are untagged because the hub is VLAN unaware There is no data loop in this scenario however you can employ PVST to avoid potential misconfigurations If you enable PVST on the Dell Networking switch in this network P1 and P2 receive BPDUs from each other Ordinarily the Bridge ID in the frame matches the Root ...

Page 786: ... previous illustration Example of PVST Configuration R1 interface TenGigabitEthernet 1 22 no ip address switchport no shutdown interface TenGigabitEthernet 1 32 no ip address switchport no shutdown protocol spanning tree pvst no disable vlan 100 bridge priority 4096 interface Vlan 100 no ip address tagged TenGigabitEthernet 1 22 32 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthe...

Page 787: ...y 4096 Example of PVST Configuration R3 interface TenGigabitEthernet 3 12 no ip address switchport no shutdown interface TenGigabitEthernet 3 22 no ip address switchport no shutdown interface Vlan 100 no ip address tagged TenGigabitEthernet 3 12 22 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3 12 22 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 3...

Page 788: ...fic Ingress Configure Port based Rate Policing Ingress Configure Port based Rate Shaping Egress Policy Based QoS Configurations Ingress Egress Classify Traffic Ingress Create a Layer 3 Class Map Ingress Set DSCP Values for Egress Packets Based on Flow Ingress Create a Layer 2 Class Map Ingress Create a QoS Policy Ingress Egress Create an Input QoS Policy Ingress Configure Policy Based Rate Policin...

Page 789: ...ss Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict Priority Queueing Weighted Random Early Detection Egress Create WRED Profiles Egress Quality of Service QoS 789 ...

Page 790: ...o implements these Internet Engineering Task Force IETF documents RFC 2474 Definition of the Differentiated Services Field DS Field in the IPv4 Headers RFC 2475 An Architecture for Differentiated Services RFC 2597 Assured Forwarding PHB Group RFC 2598 An Expedited Forwarding PHB You cannot configure port based and policy based QoS on the same interface 790 Quality of Service QoS ...

Page 791: ...interface in a port channel Table 59 dot1p priority Values and Queue Numbers dot1p Queue Number 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 Change the priority of incoming traffic on the interface dot1p priority Example of Configuring a dot1p Priority on an Interface Dell configure terminal Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 switchport Dell conf if te 1 1 dot1p priority 1 Dell conf...

Page 792: ...agged port or hybrid port the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if you configure service class dynamic dotp or trust dot1p When priority tagged frames ingress a tagged port the frames are dropped because for a tagged port the default VLAN is 0 Dell Networking OS Behavior Hybrid ports can receive untagged tagged and priority tagge...

Page 793: ...ps traffic exceeding the specified rate until the buffer is exhausted If any stream exceeds the configured bandwidth on a continuous basis it can consume all of the buffer space that is allocated to the port Apply rate shaping to outgoing traffic on a port INTERFACE mode rate shape Apply rate shaping to a queue QoS Policy mode rate shape Example of rate shape Command Dell configure terminal Dell c...

Page 794: ...ucting Policy Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic For both class maps Layer 2 and Layer 3 Dell Networking OS matches packets against match criteria in the order that you configure them 794 Quality of Service QoS ...

Page 795: ... in CLASS MAP mode Match any class maps allow up to five ACLs Match all class maps allow only one ACL 4 Link the class map to a queue POLICY MAP mode service queue Example of Creating a Layer 3 Class Map Dell conf ip access list standard acl1 Dell config std nacl permit 20 0 0 0 8 Dell config std nacl exit Dell conf ip access list standard acl2 Dell config std nacl permit 20 1 1 0 24 order 0 Dell ...

Page 796: ...h criteria CLASS MAP mode match mac After you create a class map Dell Networking OS places you in CLASS MAP mode Match any class maps allow up to five access lists Match all class maps allow only one You can match against only one VLAN ID 4 Link the class map to a queue POLICY MAP mode service queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class maps to queues...

Page 797: ...eues 1 and 2 Class map ClassAF1 is match any and ClassAF2 is match all Display all class maps or a specific class map EXEC Privilege mode show qos class map Examples of Traffic Classifications The following example shows incorrect traffic classifications Dell show running config policy map input policy map input PolicyMapIn service queue 1 class map ClassAF1 qos policy QosPolicyIn 1 service queue ...

Page 798: ... 0 0 0 12 1 20419 1 10 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 14 1 24511 1 0 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 0 Create a QoS Policy There are two types of QoS policies input and output Input QoS policies regulate Layer 3 and Layer 2 ingress traffic The regulation mechanisms for input QoS policies are rate policing and setting priority values Layer 3 QoS input policies allow you to rate police and set a DSCP o...

Page 799: ... POLICY IN mode rate police Setting a dot1p Value for Egress Packets To set a dot1p value for egress packets use the following command Set a dscp or dot1p value for egress packets QOS POLICY IN mode set mac dot1p Creating an Output QoS Policy To create an output QoS policy use the following commands 1 Create an output QoS policy CONFIGURATION mode qos policy output 2 After you configure an output ...

Page 800: ...bandwidth weight by the sum of all queue weights Table 60 Default Bandwidth Weights Queue Default Weight Equivalent Percentage 0 1 6 67 1 2 13 33 2 4 26 67 3 8 53 33 Allocate bandwidth to queues bandwidth percentage Specifying WRED Drop Precedence Specify a WRED profile to yellow and or green traffic QOS POLICY OUT mode wred For more information refer to Applying a WRED Profile to Traffic Create P...

Page 801: ... policy map use the following command Apply an input QoS policy to an input policy map POLICY MAP IN mode policy service queue number qos polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps D...

Page 802: ...ingress packets with the Trust dot1p feature The following table specifies the queue to which the classified traffic is sent based on the dot1p value Table 62 Default dot1p to Queue Mapping dot1p Queue ID 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 Table 63 Default dot1p to Queue Mapping dot1p Queue ID 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 The dot1p value is also honored for frames on the default VLAN For more info...

Page 803: ...idth percentage command in QOS POLICY OUT mode supersedes the service class bandwidth percentage command Guarantee a minimum bandwidth to queues globally CONFIGURATION mode service class bandwidth percentage Applying an Input Policy Map to an Interface To apply an input policy map to an interface use the following command You can apply the same policy map to multiple interfaces and you can modify ...

Page 804: ...n Output Policy Map to an Interface To apply an output policy map to an interface use the following command Apply an input policy map to an interface INTERFACE mode service policy output You can apply the same policy map to multiple interfaces and you can modify a policy map after you apply it DSCP Color Maps This section describes how to configure color maps and how to display the color map and c...

Page 805: ...hat color that are not in the new DSCP list are colored green If you configured a DSCP color map on an interface that does not exist or you delete a DSCP color map that is configured on an interface that interface uses an all green color policy To create a DSCP color map 1 Create the color aware map QoS DSCP color map CONFIGURATION mode qos dscp color map color map name 2 Create the color aware ma...

Page 806: ...ion about a color policy on one or more interfaces detail Displays detailed color policy information on an interface interface Enter the name of the interface that has the color policy configured Examples for Displaying a DSCP Color Policy Display summary information about a color policy for one or more interfaces Dell show qos dscp color policy summary Interface dscp color map TE 1 10 mapONE TE 1...

Page 807: ...abling QoS rate adjustment QoS rate adjustment is disabled by default Specify the number of bytes of packet overhead to include in rate limiting policing and shaping calculations CONFIGURATION mode qos rate adjust overhead bytes For example to include the Preamble and SFD type qos rate adjust 8 For variable length overhead fields know the number of bytes you want to include The default is disabled...

Page 808: ...m threshold values The minimum threshold is the allotted buffer space for specified traffic for example 1000KB on egress If the 1000KB is consumed packets are dropped randomly at an exponential rate until the maximum threshold is reached as shown in the following illustration this procedure is the early detection part of WRED If the maximum threshold for example 2000KB is reached all incoming pack...

Page 809: ...d Dell Networking uses the first three bits LSB of this field DP to determine the drop precedence DP values of 110 and 100 101 map to yellow all other values map to green If you do not configure Dell Networking OS to honor DSCP values on ingress refer to Honoring DSCP Values on Ingress Packets all traffic defaults to green drop precedence Assign a WRED profile to either yellow or green traffic QOS...

Page 810: ...play egress queue statistics of both transmitted and dropped packets and bytes use the following command Display the number of packets and number of bytes on the egress queue profile EXEC Privilege mode show qos statistics egress queue Example of the show qos statistics egress queue Command Dell show qos statistics egress queue Interface Te 1 1 Unicast Multicast Egress Queue Statistics Queue Q Typ...

Page 811: ...ber test cam usage service policy input policy map stack unit all The output of this command shown in the following example displays The estimated number of CAM entries the policy map will consume Whether or not the policy map can be applied The number of interfaces in a port pipe to which the policy map can be applied Specifically Available CAM the available number of CAM entries in the specified...

Page 812: ...k experiences a large traffic load This best effort network deployment is not suitable for applications that are time sensitive such as video on demand VoD or voice over IP VoIP applications In such cases you can use ECN in conjunction with WRED to resolve the dropping of packets under congested conditions Using ECN the packets are marked for transmission at a later time after the network recovers...

Page 813: ...WRED ECN settings which are enabled for WRED to be valid for that traffic When WRED is configured on the global service pool regardless of whether ECN on global service pool is configured and one or more queues have WRED enabled and ECN disabled WRED is effective for the minimum of the thresholds between the queue threshold and the service pool threshold When WRED is configured on the global servi...

Page 814: ...on ECN is a capability that enhances WRED by marking the packets instead of causing WRED to drop them when the threshold value is exceeded If you configure ECN for WRED devices employ this functionality of ECN to mark the packets and reduce the rate of sending packets in a congested heavily loaded network To configure the weight factor for WRED and ECN capabilities global buffer pools for multiple...

Page 815: ... Marking Packets Keep the following points in mind while configuring the marking and mapping of incoming packets using ECN fields in IPv4 headers Currently Dell Networking OS supports matching only the following TCP flags ACK FIN SYN PSH RST URG In the existing software ECE CWR TCP flag qualifiers are not supported Because this functionality forcibly marks all the packets matching the specific mat...

Page 816: ...ngested heavily loaded network ECN is a mechanism using which network switches indicate congestion to end hosts for initiating appropriate action End hosts uses two least significant bits of ToS to indicate that it is ECT When intermediate network node encounters congestion remarks ECT to CE for end host to take appropriate action During congestion ECN enabled packets are not subject to any kind o...

Page 817: ...art of the ToS field in IPv4 Header You can now accept and process incoming packets based on the 2 bit ECN part of the ToS field in addition to the DSCP categorization The IPv4 ACLs standard and Extended are enhanced to add this qualifier This new keyword ecn is present for all L3 ACL types TCP UDP IP ICMP at the level where the DSCP qualifier is positioned in the current ACL commands Dell Network...

Page 818: ... packet This marking action to set the color of the packet is allowed only on the match any logical operator of the class map This marking action can be configured for all of the below L3 match sequence types match ip access group match ip dscp match ip precedence match ip vlan Sample configuration to mark non ecn packets as yellow with single traffic class Consider the use case where the packet w...

Page 819: ...access list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class map match any class_dscp_40 match ip access group dscp_40_non_ecn set color yellow match ip access group dscp_40_ecn class map match any class_dscp_50 match ip access group dscp_50_non_ecn set color yellow match ip access group dscp_50_ecn policy map input pmap_dscp_40_50 service queue 2 class map class_dscp_40 service queue...

Page 820: ... in class map input configuration mode You can include the class map in a policy map and apply the class and policy map to a service queue using the service queue command In this way the system applies the match criteria in a class map according to queue priority queue numbers closer to 0 have a lower priority To configure IP VLAN and DSCP match criteria in a Layer 3 class map and apply the class ...

Page 821: ...ffer statistics tracking utility and enter the Buffer Statistics Snapshot configuration mode CONFIGURATION mode Dell conf buffer stats snapshot Dell conf no disable Enable this utility to be able to configure the parameters for buffer statistics tracking By default buffer statistics tracking is disabled 2 Enable the buffer statistics tracking utility and enter the Buffer Statistics Snapshot config...

Page 822: ...it 3 port 13 interface Fo 1 156 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 17 interface Fo 1 160 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 21 interface Fo 1 164 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 25 interface Fo 1 168 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 29 interface Fo 1 172 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit...

Page 823: ...EC EXEC Privilege mode Dell show hardware buffer stats snapshot resource interface fortyGigE 0 0 queue all Unit 0 unit 0 port 1 interface Fo 0 0 Q TYPE Q TOTAL BUFFERED CELLS UCAST 0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0 0 MCAST 1 0 MCAST 2 0 MCAST 3 0 MCAST 4 0 MCAST 5 0 MCAST 6 0 MCAST 7 0 MCAST 8 0 Quality of Se...

Page 824: ...ting table which defines where nodes in the network are located The information that is used to update the routing table is sent as either a request or response message In RIPv1 automatic updates to the routing table are performed as either one time requests or periodic responses every 30 seconds RIP transports its responses or requests by means of user datagram protocol UDP over port 520 RIP must...

Page 825: ...sten to RIPv1 and RIPv2 Transmit RIPv1 RIP timers update timer 30 seconds invalid timer 180 seconds holddown timer 180 seconds flush timer 240 seconds Auto summarization Enabled ECMP paths supported 16 Configuration Information By default RIP is disabled in Dell Networking OS To configure RIP you must use commands in two modes ROUTER RIP and INTERFACE Commands executed in the ROUTER RIP mode confi...

Page 826: ...networks with which the system is to exchange RIP information ensure that all devices on that network are configured to exchange RIP information The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2 To change the RIP version globally use the version command in ROUTER RIP mode To view the global RIP configuration use the show running config command in EXEC mode or the show ...

Page 827: ...0 00 26 Fa 1 49 160 160 0 0 16 auto summary 2 0 0 0 8 120 1 via 29 10 10 12 00 01 22 Fa 1 49 2 0 0 0 8 auto summary 4 0 0 0 8 120 1 via 29 10 10 12 00 01 22 Fa 1 49 4 0 0 0 8 auto summary 8 0 0 0 8 120 1 via 29 10 10 12 00 00 26 Fa 1 49 8 0 0 0 8 auto summary 12 0 0 0 8 120 1 via 29 10 10 12 00 00 26 Fa 1 49 12 0 0 0 8 auto summary 20 0 0 0 8 120 1 via 29 10 10 12 00 00 26 Fa 1 49 20 0 0 0 8 auto ...

Page 828: ... this command multiple times to exchange RIP information with as many RIP networks as you want Disable a specific interface from sending or receiving RIP routing information ROUTER RIP mode passive interface interface Assigning a Prefix List to RIP Routes Another method of controlling RIP or any routing protocol routing information is to filter the information through a prefix list A prefix list i...

Page 829: ...bute ospf process id match external 1 2 match internal metric value route map map name Configure the following parameters process id the range is from 1 to 65535 metric the range is from 0 to 16 map name the name of a configured route map To view the current RIP configuration use the show running config command in EXEC mode or the show config command in ROUTER RIP mode Setting the Send and Receive...

Page 830: ...tic network summarization is in effect Outgoing filter for all interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control receive version 2 send version 2 Interface Recv Send TenGigabitEthernet 1 1 2 2 Routing for Networks 10 0 0 0 Routing Information Sources Gateway Distance Last Update Distance default is 120 Dell To configure an interface to r...

Page 831: ...ute in RIP ROUTER RIP mode default information originate always metric value route map route map name always Enter the keyword always to always generate a default route value The range is from 1 to 16 route map name The name of a configured route map To confirm that the default route configuration is completed use the show config command in ROUTER RIP mode Summarize Routes Routes in the RIPv2 rout...

Page 832: ... following parameters weight the range is from 1 to 255 The default is 120 ip address mask the IP address in dotted decimal format A B C D and the mask in slash format x access list name the name of a configured IP ACL Apply an additional number to the incoming or outgoing route metrics ROUTER RIP mode offset list access list name in out offset interface Configure the following parameters prefix l...

Page 833: ...ore 2 RIP Output RIP Configuration on Core 3 Core 3 RIP Output RIP Configuration Summary Figure 108 RIP Topology Example RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2 Example of Configuring RIPv2 on Core 2 Core2 conf if te 2 3 Core2 conf if te 2 3 router rip Core2 conf router_rip ver 2 Core2 conf router_rip network 10 200 10 0 Core2 conf router...

Page 834: ...abitEthernet 2 3 192 168 1 0 24 auto summary 192 168 2 0 24 120 1 via 10 11 20 1 00 00 03 TenGigabitEthernet 2 3 192 168 2 0 24 auto summary Core2 The following example shows the show ip route command to show the RIP setup on Core 2 Core2 show ip route Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1...

Page 835: ...Routing Information Sources Gateway Distance Last Update 10 11 20 1 120 00 00 12 Distance default is 120 Core2 RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3 Example of Configuring RIPv2 on Core3 Core3 conf if te 3 21 router rip Core3 conf router_rip version 2 Core3 conf router_rip network 192 168 1 0 Core3 conf router_rip network 192 168 2 0 Co...

Page 836: ... external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active route summary route Gateway of last resort is not set Destination Gateway Dist Metric Last Change R 10 11 10 0 24 via 10 11 20 2 Te 3 21 120 1 00 01 14 C 10 11 20 0 24 Direct Te 3 21 0 0 00 01 53 C 10 11 30 0 24 Direct Te 3 11 0 0 00 06 00 R 10...

Page 837: ...dress 10 11 10 1 24 no shutdown interface TenGigabitEthernet 2 3 ip address 10 11 20 2 24 no shutdown interface TenGigabitEthernet 2 4 ip address 10 200 10 1 24 no shutdown interface TenGigabitEthernet 2 5 ip address 10 250 10 1 24 no shutdown router rip version 2 10 200 10 0 10 300 10 0 10 11 10 0 10 11 20 0 The following example shows viewing the RIP configuration on Core 3 interface TenGigabitE...

Page 838: ...terface TenGigabitEthernet 3 5 ip address 192 168 2 1 24 no shutdown router rip version 2 network 10 11 20 0 network 10 11 30 0 network 192 168 1 0 network 192 168 2 0 838 Routing Information Protocol RIP ...

Page 839: ...s Implementation Information Configure SNMP prior to setting up RMON For a complete SNMP implementation description refer to Simple Network Management Protocol SNMP Configuring RMON requires using the RMON CLI and includes the following tasks Setting the rmon Alarm Configuring an RMON Event Configuring RMON Collection Statistics Configuring the RMON Collection History RMON implements the following...

Page 840: ...umber variable interval delta absolute rising threshold value event number falling threshold value event number owner string Configure the alarm using the following optional parameters number alarm number an integer from 1 to 65 535 the value must be unique in the RMON Alarm Table variable the MIB object to monitor the variable must be in SNMP OID format for example 1 3 6 1 2 1 1 3 The object type...

Page 841: ...the RMON event table CONFIGURATION mode no rmon event number log trap community description string owner string number assign an event number in integer format from 1 to 65535 The number value must be unique in the RMON event table log Optional enter the keyword log to generate an RMON event log it sets the eventType to either log or log and snmptrap in the RMON event table The default is None tra...

Page 842: ...wner john Configuring the RMON Collection History To enable the RMON MIB history group of statistics collection on an interface use the rmon collection history command in INTERFACE CONFIGURATION mode Configure the RMON MIB history group of statistics collection CONFIGURATION INTERFACE config if mode no rmon collection history controlEntry integer owner ownername buckets bucket number interval seco...

Page 843: ...ove a specified RMON history group of statistics collection use the no form of this command The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john both the sampling interval and the number of buckets use their respective defaults Dell conf if mgmt rmon collection history controlEntry 20 owner john Remote Monitoring RMON...

Page 844: ...ation Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Configuring Rapid Spanning Tree Configuring RSTP is a two step process 1 Configure interfaces for Layer 2 2 Enable the rapid spanning tree protocol Related Configuration Tasks Adding and Removing Interfaces Modifying Global Parame...

Page 845: ...owing recommendations help you avoid these issues and the associated traffic loss caused by using RSTP when you enable VLT on both VLT peers Configure any ports at the edge of the spanning tree s operating domain as edge ports which are directly connected to end stations or server racks Ports connected directly to Layer 3 only routers not running STP should have RSTP disabled or be configured as e...

Page 846: ... Only one path from any bridge to any other bridge is enabled Bridges block a redundant path by disabling one of the link ports To enable RSTP globally for all Layer 2 interfaces use the following commands 1 Enter PROTOCOL SPANNING TREE RSTP mode CONFIGURATION mode protocol spanning tree rstp 2 Enable RSTP PROTOCOL SPANNING TREE RSTP mode no disable Examples of the RSTP show Commands To disable RS...

Page 847: ...ast change occurred 00 02 17 ago on Te 1 26 Port 377 TenGigabitEthernet 2 1 is designated Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 377 Designated root has priority 32768 address 0001 e801 cbb4 Designated bridge has priority 32768 address 0001 e801 cbb4 Designated port id is 128 377 designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 121 receive...

Page 848: ...col Root ID Priority 32768 Address 0001 e801 cbb4 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 32768 Address 0001 e80f 1dad Configured hello time 2 max age 20 forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID Te 3 1 128 681 128 20000 BLK 20000 32768 0001 e80b 88bd 128 469 Te 3 2 128 682 128 20000 BLK 20000 32768 0001 e80b 88bd 128 470 ...

Page 849: ...ers Poorly planned modification of the RSTP parameters can negatively affect network performance The following table displays the default values for RSTP Table 68 RSTP Default Values RSTP Parameter Default Value Forward Delay 15 seconds Hello Time 2 seconds Max Age 20 seconds Port Cost 100 Mb s Ethernet interfaces 1 Gigabit Ethernet interfaces 10 Gigabit Ethernet interfaces Port Channel with 100 M...

Page 850: ...face Parameters On interfaces in Layer 2 mode you can set the port cost and port priority values Port cost a value that is based on the interface type The previous table lists the default values The greater the port cost the less likely the port is selected to be a forwarding port Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports hav...

Page 851: ...idge has been assigned The following example example shows the console message after the bridge priority command is used to make R2 the root bridge shown in bold Dell conf rstp bridge priority 4096 04 27 59 RPM0 P RP2 SPANMGR 5 STP_ROOT_CHANGE RSTP root changed My Bridge ID 4096 0001 e80b 88bd Old Root 32768 0001 e801 cbb4 New Root 4096 0001 e80b 88bd Configuring an EdgePort The EdgePort feature e...

Page 852: ... id portfast bpduguard shutdown on violation command Disable spanning tree on the interface the no spanning tree command in INTERFACE mode Disable global spanning tree the no spanning tree command in CONFIGURATION mode To enable EdgePort on an interface use the following command Enable EdgePort on an interface INTERFACE mode spanning tree rstp edge port bpduguard shutdown on violation Example of V...

Page 853: ...Spanning Tree Protocol Root ID Priority 0 Address 0001 e811 2233 Root Bridge hello time 50 ms max age 20 forward delay 15 Bridge ID Priority 0 Address 0001 e811 2233 We are the root Configured hello time 50 ms max age 20 forward delay 15 NOTE The hello time is encoded in BPDUs in increments of 1 256ths of a second The standard minimum hello time in seconds is 1 second which is encoded as 256 Milli...

Page 854: ...47 Software Defined Networking SDN Dell Networking operating software supports Software Defined Networking SDN For more information refer to the SDN Deployment Guide 854 Software Defined Networking SDN ...

Page 855: ...ing records Each accounting record comprises accounting attribute value AV pairs and is stored on the access control server As with authentication and authorization you must configure AAA accounting by defining a named list of accounting methods and then applying that list to various virtual terminal line VTY lines Configuration Task List for AAA Accounting The following sections present the AAA a...

Page 856: ...are issues accounting records for all users on the system including users whose username string is NULL because of protocol translation An example of this is a user who comes in on a line where the AAA authentication login method list none command is applied To prevent accounting records from being generated for sessions that do not have usernames associated with them use the following command Pre...

Page 857: ...tions CONFIGURATION mode or EXEC Privilege mode show accounting Example of the show accounting Command for AAA Accounting Dell show accounting Active accounted actions on tty2 User admin Priv 1 Task ID 1 EXEC Accounting record 00 00 39 Elapsed service shell Active accounted actions on tty3 User admin Priv 1 Task ID 2 EXEC Accounting record 00 00 26 Elapsed service shell Dell AAA Authentication Del...

Page 858: ...ion for Terminal Lines You can assign up to five authentication methods to a method list Dell Networking OS evaluates the methods in the order in which you enter them in each list If the first method list does not respond or returns an error Dell Networking OS applies the next method list until the user either passes or fails the authentication If the user fails a method list Dell Networking OS do...

Page 859: ... method lists and assign them to different terminal lines Enabling AAA Authentication To enable AAA authentication use the following command Enable AAA authentication CONFIGURATION mode aaa authentication enable method list name default method1 method4 default uses the listed authentication methods that follow this argument as the default list of methods when a user logs in method list name charac...

Page 860: ...t with service type SVC_ENABLE and then sends a second packet with just the password The TACACS server must have an entry for username enable RADIUS When using RADIUS authentication FTOS sends an authentication packet with the following Username enab15 Password password entered by user Therefore the RADIUS server must have an entry for this username Obscuring Passwords and Keys By default the serv...

Page 861: ...f 0 1 or 15 You can configure up to 16 privilege levels in Dell Networking OS Dell Networking OS is pre configured with three privilege levels and you can configure 13 more The three pre configured levels are Privilege level 1 is the default level for EXEC mode At this level you can interact with the router for example view some show commands and Telnet and ping to test connectivity but you cannot...

Page 862: ...eference Guide Configuring a Username and Password In Dell Networking OS you can assign a specific username to limit user access to the system To configure a username and password use the following command Assign a user name and password CONFIGURATION mode username name access class access list name nopassword password encryption type password privilege level secret Configure the optional and requ...

Page 863: ...of commands so that they are visible in different privilege levels Within Dell Networking OS commands have certain privilege levels With the privilege command you can change the default level or you can reset their privilege level back to the default Assign the launch keyword for example configure for the keyword s command mode If you assign only the first keyword to the privilege level all comman...

Page 864: ...ilege mode Examples of Privilege Level Commands To view the configuration use the show running config command in EXEC Privilege mode The following example shows a configuration to allow a user john to view only EXEC mode commands and all snmp server commands Because the snmp server commands are enable level commands and by default found in CONFIGURATION mode also assign the launch command for CONF...

Page 865: ...it from Configuration mode no Reset a command snmp server Modify SNMP parameters Dell conf Specifying LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines The user s privilege level is the same as the privilege level assigned to the terminal line unless a more specific privilege level is assigned to the user To specify a password for t...

Page 866: ... boot press ESC when prompted during the countdown to stop the auto boot process see Example 2 5 Press C to access the Grub boot loader command line prompt 6 Enter the following commands at the Grub command line prompt grub set stconfigignore true save_env stconfigignore reboot 7 The Z9000 system boots up with factory default configuration The default Dell system prompt displays when the system bo...

Page 867: ...the user If an error occurs in the transmission or reception of RADIUS packets you can view the error by enabling the debug radius command Transactions between the RADIUS server and the client are encrypted the users passwords are not sent in plain text RADIUS uses UDP as the transport protocol between the RADIUS server host and the client For more information about RADIUS refer to RFC 2865 Remote...

Page 868: ...The auto command command is executed when the user is authenticated and before the prompt appears to the user Automatically execute a command auto command Privilege Levels Through the RADIUS server you can configure a privilege level for the user to enter into when they connect to a session This value is configured on the client system Set a privilege level privilege level Configuration Task List ...

Page 869: ... long as the name of the method list you wish to use with the RADIUS authentication method CONFIGURATION mode aaa authentication login method list name radius Create a method list with RADIUS and TACACS as authorization methods CONFIGURATION mode aaa authorization exec method list name default radius tacacs Typical order of methods RADIUS TACACS Local None If RADIUS denies authorization the sessio...

Page 870: ...mes If you configure multiple RADIUS server hosts Dell Networking OS attempts to connect with them in the order in which they were configured When Dell Networking OS attempts to authenticate a user the software connects with the RADIUS server hosts one at a time until a RADIUS server host responds with an accept or reject response If you want to change an optional parameter setting for a specific ...

Page 871: ...erver timeout seconds seconds the range is from 0 to 1000 Default is 5 seconds To view the configuration of RADIUS communication parameters use the show running config command in EXEC Privilege mode Monitoring RADIUS To view information on RADIUS transactions use the following command View RADIUS transactions to troubleshoot problems EXEC Privilege mode debug radius TACACS Dell Networking OS suppo...

Page 872: ... 3 Enter LINE mode CONFIGURATION mode line aux 0 console 0 vty number end number 4 Assign the method list to the terminal line LINE mode login authentication method list name default Example of a Failed Authentication To view the configuration use the show config in LINE mode or the show running config tacacs command in EXEC Privilege mode If authentication fails using the primary method Dell Netw...

Page 873: ...ser angeline on vty0 10 11 9 209 RPM0 P CP SEC 3 AUTHENTICATION_ENABLE_SUCCESS Enable password authentication success on vty0 10 11 9 209 Monitoring TACACS To view information on TACACS transactions use the following command View TACACS transactions to troubleshoot problems EXEC Privilege mode debug tacacs TACACS Remote Authentication When configuring a TACACS server host you can set different com...

Page 874: ...were configured To view the TACACS configuration use the show running config tacacs command in EXEC Privilege mode To delete a TACACS server host use the no tacacs server host hostname ip address command freebsd2 telnet 2200 2200 2200 2200 2200 2202 Trying 2200 2200 2200 2200 2200 2202 Connected to 2200 2200 2200 2200 2200 2202 Escape character is Login admin Password Dell Dell Command Authorizati...

Page 875: ...ed WinSCP client software is not supported for secure copying between a PC and a Dell Networking OS based system Unix based SCP client software is supported To use the SSH client use the following command Open an SSH connection and specify the hostname username port number encryption cipher HMAC algorithm and version of the SSH client EXEC Privilege mode ssh hostname l username p port number v 1 2...

Page 876: ...est cfg User name to login remote host admin Password to login remote host Removing the RSA Host Keys and Zeroizing Storage Use the crypto key zeroize rsa command to delete the host key pairs both the public and private key information for RSA 1 and or RSA 2 types Note that when FIPS mode is enabled there is no RSA 1 key pair Any memory currently holding these keys is zeroized written over with ze...

Page 877: ...hange algorithm command in CONFIGURATION mode key exchange algorithm Enter a space delimited list of key exchange algorithms that will be used by the SSH server The following key exchange algorithms are available diffie hellman group exchange sha1 diffie hellman group1 sha1 diffie hellman group14 sha1 The default key exchange algorithms are the following diffie hellman group exchange sha1 diffie h...

Page 878: ...a1 96 Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm list Dell conf ip ssh server mac hmac sha1 96 Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server use the ip ssh server cipher cipher list command in CONFIGURATION mode cipher list Enter a space delimited list of ciphers the SSH server will sup...

Page 879: ... password authentication enable Dell show ip ssh SSH server enabled SSH server version v1 and v2 SSH server vrf default SSH server ciphers 3des cbc aes128 cbc aes192 cbc aes256 cbc aes128 ctr aes192 ctr aes256 ctr SSH server macs hmac md5 hmac md5 96 hmac sha1 hmac sha1 96 hmac sha2 256 hmac sha2 256 96 SSH server kex algorithms diffie hellman group exchange sha1 diffie hellman group1 sha1 diffie ...

Page 880: ...ublic RSA key to the file shosts in the directory ssh and write the IP address of the host to the file cp etc ssh ssh_host_rsa_key pub ssh shosts Refer to the first example 3 Create a list of IP addresses and usernames that are permitted to SSH in a file called rhosts Refer to the second example 4 Copy the file shosts and rhosts to the Dell Networking system 5 Disable password authentication and R...

Page 881: ... non default value use the ip ssh server port number command to change the default port number You may only change the port number when SSH is disabled Then use the p option with the ssh command SSH from the chassis to the SSH client ssh ip_address Example of Client Based SSH Authentication Dell ssh 10 16 127 201 c Encryption cipher to use for v2 clients only l User name option m HMAC algorithm to...

Page 882: ... the correct routing table and establish a connection Example of Using Telnet for Remote Login Dell conf ip telnet server enable Dell conf no ip telnet server enable VTY Line and Access Class Configuration Various methods are available to restrict VTY access in Dell Networking OS These depend on which authentication scheme you use line local or remote Table 69 VTY Access Authentication Method VTY ...

Page 883: ...orization Based on Access Class Retrieved from a Local Database Per User Dell conf user gooduser password abc privilege 10 access class permitall Dell conf user baduser password abc privilege 10 access class denyall Dell conf Dell conf aaa authentication login localmethod local Dell conf Dell conf line vty 0 9 Dell config line vty login authentication localmethod Dell config line vty end VTY Line ...

Page 884: ...AC ACL for the Line Per MAC Address Dell conf mac access list standard sourcemac Dell config std mac permit 00 00 5e 00 01 01 Dell config std mac deny any Dell conf Dell conf line vty 0 9 Dell config line vty access class sourcemac Dell config line vty end Role Based Access Control With Role Based Access Control RBAC access and authorization is controlled based on a user s role Users are granted p...

Page 885: ...ity than the hierarchical RBAC model Essentially a constrained model puts some limitations around each role s permissions to allow you to partition of tasks However some inheritance is possible Default command permissions are based on CLI mode such as configure interface router any specific command settings and the permissions allowed by the privilege and role commands The role command allows you ...

Page 886: ...sistency the best practice is to define the same authentication method list across all lines in the same order of comparison for example VTY and console port You could also use the default authentication method to apply to all the LINES console port VTY NOTE The authentication method list should be in the same order as the authorization method list For example if you configure the authentication m...

Page 887: ... role This role does not have access to the commands that are available to the system security administrator for cryptography operations AAA or the commands reserved solely for the system administrator Security Administrator secadmin This user role can control the security policy across the systems that are within a domain or network topology The security administrator commands include FIPS mode e...

Page 888: ...d from the system administrator can create roles and user names Only the system administrator security administrator and roles inherited from these can use the role command to modify command permissions The security administrator and roles inherited by security administrator can only modify permissions for commands they already have access to Make sure you select the correct role you want to inher...

Page 889: ...command permissions If you add or delete command permissions using the role command those changes only apply to the specific user role They do not apply to other roles that have inheritance from that role Authorization and accounting only apply to the roles specified in that configuration When you modify a command for a role you specify the role the mode and whether you want to restrict access usi...

Page 890: ...ces and then shows that the secadmin highlighted in bold can now access Interface mode However the secadmin can only access 10 Gigabit Ethernet interfaces Dell conf role configure addrole secadmin LINE Initial keywords of the command to modify Dell conf role configure addrole secadmin interface tengigabitethernet Dell conf show role mode configure interface Role access netadmin secadmin sysadmin E...

Page 891: ...t Permissions In the following example the command protocol permissions are reset to their original setting or one or more of the system defined roles and any roles that inherited permissions from them Dell conf role configure reset protocol Adding and Deleting Users from a Role To create a user name that is authenticated based on a user role use the username name password encryption type password...

Page 892: ...oles To configure AAA authentication use the aaa authentication command in CONFIGURATION mode aaa authentication login method list name default method method4 Configure AAA Authorization for Roles Authorization services determine if the user has permission to use a command in the CLI Users with only privilege levels can use commands in privilege or role mode the default provided their privilege le...

Page 893: ...e applied there line console 0 exec timeout 0 0 line vty 0 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 1 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 2 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 3 login authentication uc...

Page 894: ... level of 15 to have access to EXEC commands The format to create a Dell Network OS AV pair for privilege level is shell priv lvl number where number is a value between 0 and 15 Force10 avpair shell priv lvl 15 Example for Creating a AVP Pair for System Defined or User Defined Role The following section shows you how to create an AV pair to allow a user to login from a network access server to hav...

Page 895: ...g method list to a role executed by a user with that user role use the accounting command in LINE mode accounting exec commands level role role name method list Example of Applying an Accounting Method to a Role The following example applies the accounting default method to the user role secadmin security administrator Dell conf vty 0 accounting commands role secadmin default Displaying Active Acc...

Page 896: ...Permissions Assigned to a Command To display permissions assigned to a command use the show role command in EXEC Privilege mode The output displays the user role and or permission level Examples of Role Permissions Assigned to a Command Dell show role mode configure Global configuration mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route map Route map conf...

Page 897: ...m displays unassigned Example of Displaying Information About Users Logged into the Switch Dell show users Authorization Mode role or privilege Line User Role Privilege Host s Location 0 console 0 admin sysadmin 15 idle 3 vty 1 sec1 secadmin 14 idle 172 31 1 4 4 vty 2 ml1 netadmin 12 idle 172 31 1 5 Security 897 ...

Page 898: ...share the 4094 available VLANs Instead 802 1ad allows service providers to add their own VLAN tag to frames traversing the provider network The provider can then differentiate customers even if they use the same VLAN ID and providers can map multiple customers to a single VLAN to overcome the 4094 VLAN limitation Forwarding decisions in the provider network are based on the provider VLAN tag only ...

Page 899: ...traffic add these interfaces to a non default VLAN Stack enabled VLAN Dell Networking cautions against using the same MAC address on different customer VLANs on the same VLAN Stack VLAN You cannot ping across the trunk port link if one or both of the systems is an S4820T This limitation becomes relevant if you enable the port as a multi purpose port carrying single tagged and double tagged traffic...

Page 900: ...ovider bridge that connects to another service provider bridge and is a member of multiple service provider VLANs Physical ports and port channels can be access or trunk ports 1 Assign the role of access port to a Layer 2 port on a provider bridge that is connected to a customer INTERFACE mode vlan stack access 2 Assign the role of trunk port to a Layer 2 port on a provider bridge that is connecte...

Page 901: ... marked with an M in column Q Dell show vlan Codes Default VLAN G GVRP VLANs NUM Status Q Ports 1 Active U Te 3 0 5 18 2 Inactive 3 Inactive 4 Inactive 5 Inactive 6 Active M Po1 Te 3 14 15 M Te 3 13 Dell Configuring the Protocol Type Value for the Outer VLAN Tag The tag protocol identifier TPID field of the S Tag is user configurable To set the S Tag TPID use the following command Select a value f...

Page 902: ... port that is configured as a hybrid port and then added to VLAN 100 as untagged VLAN 101 as tagged and VLAN 103 which is a stacking VLAN Dell conf interface tenigabitethernet 1 1 Dell conf if te 1 1 portmode hybrid Dell conf if te 1 1 switchport Dell conf if te 1 1 vlan stack trunk Dell conf if te 1 1 show config interface TenGigabitEthernet 1 1 no ip address portmode hybrid switchport vlan stack...

Page 903: ...etworking systems might use a different value If the next hop system s TPID does not match the outer tag TPID of the incoming frame the system drops the frame For example as shown in the following the frame originating from Building A is tagged VLAN RED and then double tagged VLAN PURPLE on egress at R4 The TPID on the outer tag is 0x9100 R2 s TPID must also be 0x9100 and it is so R2 forwards the ...

Page 904: ... system treats 0x8100 and untagged traffic the same and maps both types to the default VLAN as shown by the frame originating from Building C For the same traffic types if you configure TPID 0x8100 the system is able to differentiate between 0x8100 and untagged traffic and maps each to the appropriate VLAN as shown by the packet originating from Building A Therefore a mismatched TPID results in th...

Page 905: ...Figure 112 Single and Double Tag First byte TPID Match Service Provider Bridging 905 ...

Page 906: ...the S Series Table 70 Behaviors for Mismatched TPID Network Position Incoming Packet TPID System TPID Match Type Pre Version 8 2 1 0 Version 8 2 1 0 Ingress Access Point untagged 0xUVWX switch to default VLAN switch to default VLAN single tag 0x8100 0xUVWX single tag mismatch switch to default VLAN switch to default VLAN 906 Service Provider Bridging ...

Page 907: ...AN switch to default VLAN 0xQRST double tag mismatch switch to default VLAN switch to default VLAN VLAN Stacking Packet Drop Precedence The drop eligible indicator DEI bit in the S Tag indicates to a service provider bridge which packets it should prefer to drop when congested Enabling Drop Eligibility Enable drop eligibility globally before you can honor or mark the DEI value When you enable drop...

Page 908: ...Networking OS drop precedence INTERFACE mode dei honor 0 1 green red yellow You may enter the command once for 0 and once for 1 Packets with an unmapped DEI value are colored green Example of Viewing DEI Honoring Configuration To display the DEI honoring configuration use the show interface dei honor interface slot port linecard number port set number in EXEC Privilege mode Dell show interface dei...

Page 909: ... to a S Tag 802 1p value Figure 114 Statically and Dynamically Assigned dot1p for VLAN Stacking When configuring Dynamic Mode CoS you have two options Mark the S Tag dot1p and queue the frame according to the original C Tag dot1p In this case you must have other dot1p QoS configurations this option is classic dot1p marking Mark the S Tag dot1p and queue the frame according to the S Tag dot1p For e...

Page 910: ...tch any a layer2 match mac access group a mac access list standard a seq 5 permit any qos policy input 3 layer2 rate police 40 Likewise in the following configuration packets with dot1p priority 0 3 are marked as dot1p 7 in the outer tag and queued to Queue 3 Rate policing is according to qos policy input 3 All other packets will have outer dot1p 0 and hence are queued to Queue 1 They are therefor...

Page 911: ...a S Tag dot1p value INTERFACE mode vlan stack dot1p mapping c tag dot1p values sp tag dot1p value Separate C Tag values by commas Dashed ranges are permitted Dynamic Mode CoS overrides any Layer 2 QoS configuration in case of conflicts NOTE Because dot1p mapping marks and queues packets the only remaining applicable QoS configuration is rate metering You may use Rate Shaping or Rate Policing Layer...

Page 912: ...frames by the switches in the intermediate network core On egress edge of the intermediate network the MAC address rewritten to the original MAC address and forwarded to the opposing network region shown in the following illustration Dell Networking OS Behavior In Dell Networking OS versions prior to 8 2 1 0 the MAC address that Dell Networking systems use to overwrite the Bridge Group Address on ...

Page 913: ... and later the L2PT MAC address is user configurable so you can specify an address that non Dell Networking systems can recognize and rewrite the address at egress edge Figure 116 VLAN Stacking with L2PT Implementation Information L2PT is available for STP RSTP MSTP and PVST BPDUs No protocol packets are tunneled when you enable VLAN stacking L2PT requires the default CAM profile Service Provider ...

Page 914: ... BPDUs use the following command Overwrite the BPDU with a user specified destination MAC address when BPDUs are tunneled across the provider network CONFIGURATION mode protocol tunnel destination mac The default is 01 01 e8 00 00 00 Setting Rate Limit BPDUs CAM space is allocated in sections called field processor FP blocks There are a total of 13 user configurable FP blocks The default number of...

Page 915: ...Bridge Group Address 01 80 C2 00 00 00 originally specified in 802 1Q Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs originating from the customer network as normal data frames rather than consuming them The same is true for GARP VLAN registration protocol GVRP 802 1ad specifies that provider bridges participating in GVRP use a reserved d...

Page 916: ...pically complete packet sampling sFlow collector analyses the sFlow datagrams received from different devices and produces a network wide view of traffic flows Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port pipe and is decided based on all the ports in that port pipe If you do not enable sFlow on any port specifically the globa...

Page 917: ...is redirected using policy based routing PBR the sFlow datagram may contain incorrect extended gateway router information The source virtual local area network VLAN field in the extended switch element is not packed in case of routed packet The destination VLAN field in the extended switch element is not packed in a Multicast packet Up to 700 packets can be sampled and processed per second Enablin...

Page 918: ...nter polling interval 20 Global extended information enabled none 0 collectors configured 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected 0 sFlow samples dropped due to sub sampling Enabling and Disabling sFlow on an Interface By default sFlow is disabled on all interfaces This CLI is supported on physical ports and link aggregation group LAG ports To enable sFlow on a speci...

Page 919: ...6400 Global default extended maximum header size 256 bytes Global extended information enabled none 1 collectors configured Collector IP addr 100 1 1 12 Agent IP addr 100 1 1 1 UDP port 6343 VRF Default 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected Example of viewing the sflow max header size extended on an Interface Mode Dell show sflow interface tengigabitethernet 1 1 Te...

Page 920: ...r polling interval 20 1 collectors configured Collector IP addr 133 33 33 53 Agent IP addr 133 33 33 116 UDP port 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub sampling Stack unit 1 Port set 0 H W sampling rate 8192 Te 1 16 configured rate 8192 actual rate 8192 sub sampling rate 1 Te 1 17 configured rate 16384 actual rate 16384 s...

Page 921: ...cified interface EXEC mode show sflow stack unit slot number Example of Viewing sFlow Configuration Line Card Dell show sflow stack unit 1 stack unit 1 Samples rcvd from h w 165 Samples dropped for sub sampling 69 Total UDP packets exported 77 UDP packets exported via RPM 77 UDP packets dropped Configuring Specify Collectors The sflow collector command allows identification of sFlow collectors to ...

Page 922: ...In such a scenario a binary back off mechanism gets triggered which doubles the sampling rate halves the number of samples per second for all interfaces The backoff mechanism continues to double the sampling rate until the CPU condition is cleared This is as per sFlow version 5 draft After the back off changes the sample rate you must manually change the sampling rate to the desired value As a res...

Page 923: ...Collector IP addr 100 1 1 1 Agent IP addr 1 1 1 2 UDP port 6343 VRF Default 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected stack unit 0 Port set 0 Te 1 1 configured rate 16384 actual rate 16384 Dell If you did not enable any extended information the show output displays the following shown in bold Dell show sflow sFlow services are disabled Global default sampling rate 3276...

Page 924: ...information static connected IGP BGP 0 Exported src_as and src_peer_as are zero because there is no AS information for IGP BGP static connected IGP Exported Exported Prior to Dell Networking OS version 7 8 1 0 extended gateway data is not exported because IP DA is not learned via BGP Version 7 8 1 0 allows extended gateway information in cases where the source and destination IP addresses are lear...

Page 925: ...iptor Implementation Information The following describes SNMP implementation information Dell Networking OS supports SNMP version 1 as defined by RFC 1155 1157 and 1212 SNMP version 2c as defined by RFC 1901 and SNMP version 3 as defined by RFC 2571 Dell Networking OS supports up to 16 trap receivers Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via SNMP sets SNMP...

Page 926: ...to be used Dell conf snmp server user snmpguy snmpmon 3 auth sha AArt61wq priv aes128 jntRR59a In this example for a specified user and a group the AES128 CFB algorithm the authentication password to enable the server to receive packets from the host and the privacy password to encode the message contents are configured SHA authentication needs to be used with the AES CFB128 privacy algorithm only...

Page 927: ...aging Overload on Startup Reading Managed Object Values Writing Managed Object Values Subscribing to Managed Object Value Updates using SNMP Copying Configuration Files via SNMP Manage VLANs Using SNMP Enabling and Disabling a Port using SNMP Fetch Dynamic MAC Entries using SNMP Deriving Interface Indices Monitor Port channels Important Points to Remember Typically 5 second timeout and 3 second re...

Page 928: ...nd alter values read write 22 31 23 STKUNIT0 P CP SNMP 6 SNMP_WARM_START Agent Initialized SNMP WARM_START To choose a name for the community you create use the following command Choose a name for the community CONFIGURATION mode snmp server community name ro rw Example of Creating an SNMP Community To view your SNMP configuration use the show running config snmp command from EXEC Privilege mode D...

Page 929: ... name Configure an SNMPv3 view CONFIGURATION mode snmp server view view name 3 noauth included excluded NOTE To give a user read and write privileges repeat this step for each privilege type Configure an SNMP group with password or privacy privileges CONFIGURATION mode snmp server group group name oid tree priv read name write name Configure the user with a secure authorization password and privac...

Page 930: ...unity 10 11 131 161 sysUpTime 0 DISMAN EVENT MIB sysUpTimeInstance Timeticks 32852616 3 days 19 15 26 16 snmpget v 2c c mycommunity 10 11 131 161 1 3 6 1 2 1 1 3 0 The following example shows reading the value of the next managed object snmpgetnext v 2c c mycommunity 10 11 131 161 1 3 6 1 2 1 1 3 0 SNMPv2 MIB sysContact 0 STRING snmpgetnext v 2c c mycommunity 10 11 131 161 sysContact 0 The followi...

Page 931: ...e an email address or phone number CONFIGURATION mode snmp server contact text You may use up to 55 characters The default is None From a Dell Networking system Identify the physical location of the system for example San Jose 350 Holger Way 1st floor lab rack A1 1 CONFIGURATION mode snmp server location text You may use up to 55 characters The default is None From a management station Identify th...

Page 932: ... 2c 3 community string To send trap messages enter the keyword traps To send informational messages enter the keyword informs To send the SNMP version to use for notification messages enter the keyword version To identify the SNMPv1 community string enter the name of the community string 2 Specify which traps the Dell Networking system sends to the trap receiver CONFIGURATION mode snmp server enab...

Page 933: ...0 down card removed HOT_FAILOVER RPM Failover Completed SFM_DISCOVERY Found SFM 1 SFM_REMOVE Removed SFM 1 MAJOR_SFM Major alarm Switch fabric down MAJOR_SFM_CLR Major alarm cleared Switch fabric up MINOR_SFM MInor alarm No working standby SFM MINOR_SFM_CLR Minor alarm cleared Working standby SFM present TASK SUSPENDED SUSPENDED svce d inst d task s RPM0 P CP CHMGR 2 CARD_PARITY_ERR ABNORMAL_TASK_...

Page 934: ...nnect fault detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000 ECFM 5 ECFM_ERROR_ALARM Error CCM Defect detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000 ECFM 5 ECFM_MAC_STATUS_ALARM MAC Status Defect detected by MEP 1 in Domain provider at Level 4 VLAN 3000 ECFM 5 ECFM_REMOTE_ALARM Remote CCM Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 ECFM 5 ECFM_RDI_ALARM ...

Page 935: ... enable an SNMP agent to send a trap when the syslog server is not reachable use the following command CONFIGURATION MODE snmp server enable traps snmp syslog unreachable To enable an SNMP agent to send a trap when the syslog server resumes connectivity use the following command CONFIGURATION MODE snmp server enable traps snmp syslog reachable Table 73 List of Syslog Server MIBS that have read acc...

Page 936: ...er to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses The examples in this section use IPv4 addresses however you can substitute IPv6 addresses for the IPv4 addresses in all of the examples The following table lists the relevant MIBs for these functions are Table 74 MIB Objects for Copying Configuration Files via SNMP MIB Object OID Object Values Descript...

Page 937: ...eLocatio n and copyDestFileName copyDestFileLocation 1 3 6 1 4 1 6027 3 5 1 1 1 1 6 1 flash 2 slot0 3 tftp 4 ftp 5 scp Specifies the location of destination file If copyDestFileLocatio n is FTP or SCP you must specify copyServerAddress copyUserName and copyUserPassword copyDestFileName 1 3 6 1 4 1 6027 3 5 1 1 1 1 7 Path if the file is not in the default directory and filename Specifies the name o...

Page 938: ...ex i a s object value Every specified object must have an object value and must precede with the keyword i Refer to the previous table index must be unique to all previously executed snmpset commands If an index value has been used previously a message like the following appears In this case increment the index value and enter the command again Error in packet Reason notWritable that object does n...

Page 939: ...iguration files using OIDs snmpset v 2c c public m f10 copy config mib 10 10 10 10 1 3 6 1 4 1 6027 3 5 1 1 1 1 2 100 i 2 1 3 6 1 4 1 6027 3 5 1 1 1 1 5 100 i 3 FTOS COPY CONFIG MIB copySrcFileType 100 INTEGER runningConfig 2 FTOS COPY CONFIG MIB copyDestFileType 100 INTEGER startupConfig 3 Copying the Startup Config Files to the Running Config To copy the startup config to the running config from...

Page 940: ...S COPY CONFIG MIB copySrcFileType 110 INTEGER runningConfig 2 FTOS COPY CONFIG MIB copyDestFileName 110 STRING home startup config FTOS COPY CONFIG MIB copyDestFileLocation 110 INTEGER ftp 4 FTOS COPY CONFIG MIB copyServerAddress 110 IpAddress 11 11 11 11 FTOS COPY CONFIG MIB copyUserName 110 STRING mylogin FTOS COPY CONFIG MIB copyUserPassword 110 STRING mypass Copying the Startup Config Files to...

Page 941: ...copyDestFileType 10 i 3 copySrcFileName 10 s home myfilename copyServerAddress 10 a 172 16 1 56 copyUserName 10 s mylogin copyUserPassword 10 s mypass Additional MIB Objects to View Copy Statistics Dell Networking provides more MIB objects to view copy statistics as shown in the following table Table 75 Additional MIB Objects for Copying Configuration Files via SNMP MIB Object OID Values Descripti...

Page 942: ...d to obtain a MIB object value These examples assume that the server OS is UNIX you are using SNMP version 2c the community name is public the file f10 copy config mib is in the current directory NOTE In UNIX enter the snmpset command for help using this command The following examples show the command syntax using MIB object names and the same command using the object OIDs In both cases the same i...

Page 943: ... 1 6027 3 10 1 2 9 1 6 1 enterprises 6027 3 10 1 2 9 1 5 1 Gauge32 24 The output above displays that 24 of the flash memory is used MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files generated by the system The chSysSwCoresTable contains the list of software core files generated by the system The following ...

Page 944: ..._STK_MEMBER f10cp_l2mgr_131108080758_Stk1 acore gz enterprises 6027 3 10 1 2 10 1 2 1 3 CORE_DUMP_DIR FTP_STK_MEMBER f10cp_vrrp_140522124357_Stk1 acore gz enterprises 6027 3 10 1 2 10 1 2 2 1 CORE_DUMP_DIR FTP_STK_MEMBER f10cp_sysd_140617134445_Stk0 acore gz enterprises 6027 3 10 1 2 10 1 3 1 1 Fri Mar 14 11 51 46 2014 enterprises 6027 3 10 1 2 10 1 3 1 2 Fri Nov 8 08 11 16 2013 enterprises 6027 3...

Page 945: ... 00 01 e8 cc cc ce Current address is 00 01 e8 cc cc ce Interface index is 1107787786 Internet address is not set MTU 1554 bytes IP MTU 1500 bytes LineSpeed auto Displaying the Ports in a VLAN Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command Examples of Viewing VLAN Ports Using SNMP The following exampl...

Page 946: ...Port 8 at the right end A 0 indicates that the port is not a member of the VLAN a 1 indicates VLAN membership All hex pairs are 00 indicating that no ports are assigned to VLAN 10 In the following example Port 0 2 is added to VLAN 10 as untagged the first hex pair changes from 00 to 04 The following example shows viewing VLAN ports using SNMP with ports assigned Dell Networking OS system output R5...

Page 947: ...00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNMPv2 SMI mib 2 17 7 1 4 3 1 2 1107787786 Hex STRING 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNMPv2 SMI mib 2 17 7 1 4 3 1 4 1107787786 Hex STRING 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0...

Page 948: ...S MIB f10IsisSysOloadWaitForBgp F10 ISIS MIB f10IsisSysOloadV6SetOverload F10 ISIS MIB f10IsisSysOloadV6SetOloadOnStartupUntil F10 ISIS MIB f10IsisSysOloadV6WaitForBgp To enable overload bit for IPv4 set 1 3 6 1 4 1 6027 3 18 1 1 and IPv6 set 1 3 6 1 4 1 6027 3 18 1 4 To set time to wait set 1 3 6 1 4 1 6027 3 18 1 2 and 1 3 6 1 4 1 6027 3 18 1 5 respectively To set time to wait till bgp session a...

Page 949: ...ificant octet Table 78 MIB Objects for Fetching Dynamic MAC Entries in the Forwarding Database MIB Object OID MIB Description dot1dTpFdbTable 1 3 6 1 2 1 17 4 3 Q BRIDGE MIB List the learned unicast MAC addresses on the default VLAN dot1qTpFdbTable 1 3 6 1 2 1 17 7 1 2 2 Q BRIDGE MIB List the learned unicast MAC addresses on non default VLANs dot3aCurAggFdb Table 1 3 6 1 4 1 6027 3 2 1 1 5 F10 LIN...

Page 950: ... 06 95 ac Dynamic Po 1 Active Query from Management Station snmpwalk v 2c c techpubs 10 11 131 162 1 3 6 1 4 1 6027 3 2 1 1 5 SNMPv2 SMI enterprises 6027 3 2 1 1 5 1 1 1000 0 1 232 6 149 172 1 INTEGER 1000 SNMPv2 SMI enterprises 6027 3 2 1 1 5 1 2 1000 0 1 232 6 149 172 1 Hex STRING 00 01 E8 06 95 AC SNMPv2 SMI enterprises 6027 3 2 1 1 5 1 3 1000 0 1 232 6 149 172 1 INTEGER 1 SNMPv2 SMI enterprise...

Page 951: ...ist the version string of the system image in Flash Partition B Chassis MIB The system image can also be retrieved by performing an SNMP walk on the following OID MIB Object is chSysSwModuleTable and the OID is 1 3 6 1 4 1 6027 3 10 1 2 8 Dell show interface Tengigabitethernet 1 21 TenGigabitEthernet 1 21 is up line protocol is up Monitor Port Channels To check the status of a Layer 2 port channel...

Page 952: ...status inactive Example of Viewing Changed Interface State for Monitored Ports Layer 3 LAG does not include this support SNMP trap works for the Layer 2 Layer 3 default mode LAG SNMPv2 MIB sysUpTime 0 Timeticks 8500842 23 36 48 42 SNMPv2 MIB snmpTrapOID 0 OID IF MIB linkDown IF MIB ifIndex 33865785 INTEGER 33865785 SNMPv2 SMI enterprises 6027 3 1 1 4 1 2 STRING OSTATE_DN Changed interface state to...

Page 953: ...cs use the show ip traffic command When you query an icmpStatsInErrors object in the icmpStats table by using the snmpget or snmpwalk command the output for IPv4 addresses may be incorrectly displayed To correctly display this information under IP and ICMP statistics use the show ip traffic command When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command the...

Page 954: ...it 1 enter interface tengigabitethernet 1 1 from CONFIGURATION mode Stack Management Roles The stack elects the management units for the stack management Stack master primary management unit also called the master unit Standby secondary management unit Stack units the remaining units in the stack also called stack members The system supports up to six stack units Stack group Each set of four 10G p...

Page 955: ... the master switch from the stack When a stack reloads and all the units come up at the same time for example when all units boot up from flash all units participate in the election and the master and standby are chosen based on the priority or MAC address When the units do not boot up at the same time such as when some units are powered down just after reloading and powered up later to join the s...

Page 956: ... role After the former master switch recovers despite having a higher priority or MAC address it does not recover its master role but instead takes the next available role To view failover details use the show redundancy command MAC Addressing on S Series Stacks The S Series has three MAC addresses the chassis MAC interface MAC and null interface MAC All interfaces in the stack use the interface M...

Page 957: ...Adding a Standalone with a Lower MAC Address and Equal Priority to a Stack STANDALONE AFTER CONNECTION Standalone STKUNIT0 M CP POLLMGR 2 ALT_STACK_UNIT_STATE Alternate Stack unit is present 00 20 20 STKUNIT0 M CP CHMGR 5 STACKUNITDETECTED Stack unit 1 present 00 20 22 STKUNIT0 M CP CHMGR 5 STACKUNITDETECTED Stack unit 2 present Going for reboot Reason is Stack merge bootup messages omitted STACK ...

Page 958: ...throughput and redundancy The stacking LAG is established automatically and transparently by Dell Networking OS without user configuration after peering is detected and behaves as follows The stacking LAG dynamically aggregates it can lose link members or gain new links Shortest path selection inside the stack If multiple paths exist between two units in the stack the shortest path is used Support...

Page 959: ... 0 Stack unit ID 5 Stack unit Redundancy Role Primary Stack unit State Active Stack unit SW Version 1 0 0 3387 Link to Peer Up PEER Stack unit Status Stack unit State Standby Peer Stack unit ID 2 Stack unit SW Version 1 0 0 3387 Stack unit Redundancy Configuration Primary Stack unit mgmt id 0 Auto Data Sync Full Failover Type Hot Failover Auto reboot Stack unit Disabled Auto failover limit 3 times...

Page 960: ... utility pwd Display current working directory rename Rename a file reset Reset selected card show Show running system information ssh peer stack unit Open a SSH connection to the peer stack unit start Start shell telnet peer stack unit Open a telnet connection to the peer stack unit terminal Set terminal line parameters upload Upload file Dell standby CONSOLE ACCESS ON A MEMBER Stack stack member...

Page 961: ... the two units are grouped into a single LAG Stack Group Port Numbers By default each unit in Standalone mode is numbered stack unit 0 A maximum of eight 10G stack links or two 40G stack links can be made between two units in a stack The front end ports are divided into 16 stack groups each with 40G of bandwidth Stack groups 0 through 11 correspond to 10G stack groups with four ports each Stack gr...

Page 962: ...OS version 8 3 12 0 the management unit puts the new unit into a card problem state and generates a syslog that identifies the unit its Dell Networking OS version and its incompatibility for firmware synchronization NOTE You must enter the stack unit stack unit stack group stack group command when adding units to a stack to ensure the units are assigned to the correct groups NOTE Any scripts used ...

Page 963: ... all units in the stack 2 Verify that each unit has the same Dell Networking OS version prior to stacking them together EXEC Privilege mode show version 3 Manually configure unit numbers for each unit so that the stacking is deterministic upon boot up EXEC Privilege mode stack unit stack unit number renumber stack unit number Renumbering causes the unit to reboot The stack unit default for all new...

Page 964: ...owing order Configure the first stack group on unit 1 stack unit 1 stack group 13 Configure the stack groups on unit 2 stack unit 2 stack group 14 and stack unit 2 stack group 15 Configure the stack groups on unit 3 stack unit 3 stack group 12 and stack unit 3 stack group 13 Configure the stack groups on unit 4 stack unit 4 stack group 13 and stack unit 4 stack group 31 Configure the final stack g...

Page 965: ...es Dell 1 show system stack ports Topology Ring Interface Connection Link Speed Admin Link Trunk Gb s Status Status Group 1 1 1 1 10 up up 1 2 1 2 10 up up 1 3 1 3 10 up up Add Units to an Existing S Series Stack You can add units to an existing stack in one of three ways By manually assigning a new unconfigured unit a position in an existing stack By adding a configured unit to an existing stack ...

Page 966: ...to each unit CONFIGURATION mode stack unitstack unit number stack group stack group number 5 Connect the new unit to the stack using stacking cables Example of Adding a Stack Unit with a Conflicting Stack Number Before and After The following example shows adding a stack unit with a conflicting stack number before Dell show system brief Stack MAC 00 01 e8 8a df e6 Reload Type normal reload Stack I...

Page 967: ...een the new unit and the provisioned stack unit the configuration of the new unit takes precedence 1 Add the configured unit to the top or bottom of the stack 2 Power on the switch 3 Attach cables to connect ports on the added switch to one or more existing switches in the stack 4 Log on to the CLI and enter global configuration mode Login username Password Dell enable Dell configure 5 Configure t...

Page 968: ...ey all become stack members If there is no unit numbering conflict the stack members retain their previous unit numbers Otherwise the stack manager assigns new unit numbers based on the order that they come online The stack manager overwrites the startup and running config on the losing stack members with its own to synchronize the configuration on the new stack members Split an S Series Stack To ...

Page 969: ...ad as shown in the message below When the stack comes back online the master unit remains the management unit Renumbering master unit will reload the stack WARNING Interface configuration for current unit will be lost Proceed to renumber confirm yes no yes Creating a Virtual Stack Unit on an S Series Stack Use virtual stack units to configure ports on the stack before adding a new unit Create a vi...

Page 970: ...AC 00 01 e8 8a df e6 Reload Type normal reload Unit 0 Unit Type Management Unit Status online Next Boot online Required Type S4810 52 port GE TE FG SE Current Type S4810 52 port GE TE FG SE Master priority 0 Hardware Rev 3 0 Num Ports 64 Up Time 57 min 0 sec Dell Networking OS Version 8 3 7 13 Jumbo Capable yes POE Capable no Burned In MAC 00 01 e8 8a df e6 No Of MACs 3 Power Supplies Unit Bay Sta...

Page 971: ... 8a de 48 Reload Type normal reload Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 0 Member not present 1 Member not present 2 Member not present 3 Management online S4810 S4810 8 3 12 13 64 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not present 9 Member not present 10 Member not present 11 Member not present The following example show...

Page 972: ...he stack was initially created When the failed unit recovers it takes the next available role usually that of a stack member Influence the selection of the stack management units CONFIGURATION mode stack unit priority The unit with the numerically highest priority is elected the master management unit and the unit with the second highest priority is the standby unit The range is from 1 to 14 The d...

Page 973: ...tifies the unit s role in the stack Off indicates the unit is a stack member Blinking green indicates the unit is the stack standby Solid green indicates the unit is the stack master management unit Displaying the Status of Stacking Ports To display the status of the stacking ports including the topology use the following command Display the stacking ports EXEC Privilege mode show system stack por...

Page 974: ...tes Temperature 44C Voltage ok Serial Number H1DL104400018 Part Number Rev Vendor Id Date Code Country Code Piece Part ID N A PPID Revision N A Service Tag N A Expr Svc Code N A Auto Reboot disabled Burned In MAC 00 01 e8 8c 53 32 No Of MACs 3 Power Supplies Unit Bay Status Type FanStatus Unit Bay Status Type FanStatus 1 0 absent absent 1 1 up AC up Fan Status Unit Bay TrayStatus Fan0 Speed Fan1 S...

Page 975: ...figuration To remove a stack member from the stack disconnect the stacking cables from the unit You may do this at any time whether the unit is powered or unpowered online or offline NOTE If you remove a unit in the middle of the daisy chain stack the stack is split into multiple parts and each forms a new stack according to the stacking algorithm described throughout this chapter Examples of Remo...

Page 976: ...r Member 2 displays a console message and the master and standby display KERN 2 INT messages To re enable the downed stack port power cycle the offending unit Example of Console Messages About Flapping Link MANAGMENT UNIT Error Stack Port 50 has flapped 5 times within 10 seconds Shutting down this st ack port now Error Please check the stack cable module and power cycle the stack 10 55 20 STKUNIT1...

Page 977: ... problem S4810 unknown 64 1 Management online S4810 S4810 8 3 10 223 64 2 Member not present 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not present 9 Member not present 10 Member not present 11 Member not present Power Supplies Unit Bay Status Type FanStatus 0 0 down DC down 0 1 up DC up 1 0 absent absent 1 1 up AC up Fan Statu...

Page 978: ...er not present 7 Member not present STANDALONE UNIT AFTER 01 38 34 STKUNIT0 M CP POLLMGR 2 ALT_STACK_UNIT_STATE Alternate Stack unit is present 01 38 34 STKUNIT0 M CP CHMGR 5 STACKUNITDETECTED Stack unit 1 present Going for reboot Reason is Stack merge 01 38 34 STKUNIT0 M CP CHMGR 5 STACKUNITDETECTED Stack unit 2 present STACK AFTER to display Core 2 RIP activity 23 11 25 STKUNIT1 M CP CHMGR 5 STA...

Page 979: ...6 Member not present 7 Member not present Stacking 979 ...

Page 980: ...following command From INTERFACE mode You can only on configure storm control for ingress traffic If you configure storm control from both INTERFACE and CONFIGURATION mode the INTERFACE mode configurations override the CONFIGURATION mode configurations The percentage of storm control is calculated based on the advertised rate of the line card not by the speed setting Configure storm control INTERF...

Page 981: ...storm control Storm Control 981 ...

Page 982: ...ell Networking OS supports three other variations of spanning tree as shown in the following table Table 80 Dell Networking OS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Configure Spanning Tree Configuring...

Page 983: ...ning tree at any one time All ports in virtual local area networks VLANs and all enabled interfaces in Layer 2 mode are automatically added to the spanning tree topology at the time you enable the protocol To add interfaces to the spanning tree topology after you enable STP enable the port and configure it for Layer 2 using the switchport command The IEEE Standard 802 1D allows 8 bits for port ID ...

Page 984: ...and enabled Figure 120 Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2 use the following command 1 If the interface has been assigned an IP address remove it INTERFACE mode no ip address 2 Place the interface in Layer 2 mode INTERFACE switchport 984 Spanning Tree Protocol STP ...

Page 985: ...t no shutdown Dell conf if te 1 1 Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally it is not enabled by default When you enable STP all physical VLAN and port channel interfaces that are enabled and in Layer 2 mode are automatically part of the Spanning Tree topology Only one path from any bridge to any other bridge participating in STP is enabled Bridges block a...

Page 986: ... TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces use the disable command from PROTOCOL SPANNING TREE mode To verify that STP is enabled use the show config command from PROTOCOL SPANNING TREE mode Dell conf protocol spanning tree 0 Dell config span show config protocol spanning tree 0 no disable Dell 986 Spanning Tree Protocol...

Page 987: ...e age 1 forward delay 0 hold 0 Number of transitions to forwarding state 1 BPDU sent 21 received 486 The port is not in the portfast mode Port 290 TenGigabitEthernet 2 2 is Blocking Port path cost 4 Port priority 8 Port Identifier 8 290 More Timers message age 1 forward delay 0 hold 0 Number of transitions to forwarding state 1 BPDU sent 21 received 486 The port is not in the portfast mode To conf...

Page 988: ... Hello Time 2 seconds Max Age 20 seconds Port Cost 100 Mb s Ethernet interfaces 1 Gigabit Ethernet interfaces 10 Gigabit Ethernet interfaces Port Channel with 100 Mb s Ethernet interfaces Port Channel with 1 Gigabit Ethernet interfaces Port Channel with 10 Gigabit Ethernet interfaces 19 4 2 18 3 1 Port Priority 8 Change the forward delay parameter the wait time before the interface enters the Forw...

Page 989: ...kely the port is selected to be a forwarding port Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost The default values are listed in Modifying Global Parameters To change the port cost or priority of an interface use the following commands Change the port cost of an interface INTERFACE mode spanning tree 0 cos...

Page 990: ...ode or the show config command from INTERFACE mode Dell Networking recommends using the show config command Dell conf if te 1 1 show conf interface TenGigabitEthernet 1 1 no ip address switchport spanning tree 0 portfast no shutdown Dell conf if te 1 1 Prevent Network Disruptions with BPDU Guard Configure the Portfast and Edgeport in the case of RSTP PVST and MSTP feature on ports that connect to ...

Page 991: ...e hardware When you add a physical port to a port channel already in the Error Disable state the new member port is also disabled in the hardware When you remove a physical port from a port channel in the Error Disable state the Error Disabled state is cleared on this physical port the physical port is enabled in the hardware The reset linecard command does not clear the Error Disabled state of th...

Page 992: ...ps all BPDUs at the line card without generating a console message Example of Blocked BPDUs Dell conf if te 1 7 do show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768 Address 0001 e805 fb07 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 32768 Address 0001 e85d 0e90 Configured hello time 2 max age 20 forward delay 15 Interfa...

Page 993: ...likely this bridge becomes the root bridge The primary option specifies a bridge priority of 8192 The secondary option specifies a bridge priority of 16384 The default is 32768 Example of Viewing STP Root Information To view only the root information use the show spanning tree root command from EXEC privilege mode Dell show spanning tree 0 root Root ID Priority 32768 Address 0001 e80d 2462 We are ...

Page 994: ...the root bridge in Switch A device D is elected as root causing the link between Switches A and B to enter a Blocking state Network traffic then begins to flow in the directions indicated by the BPDU arrows in the topology If the links between Switches C and A or Switches C and B cannot handle the increased traffic flow frames may be dropped In STP topology 3 shown in the lower middle if you have ...

Page 995: ...l other MST instances To enable the root guard on an STP enabled port or port channel interface in instance 0 use the following command Enable root guard on a port or port channel interface INTERFACE mode or INTERFACE PORT CHANNEL mode spanning tree 0 mstp rstp pvst rootguard 0 enables root guard on an STP enabled port assigned to instance 0 mstp enables root guard on an MSTP enabled port rstp ena...

Page 996: ...ing state This condition can create a loop in the network For example in the following example STP topology 1 upper left Switch A is the root switch and Switch B normally transmits BPDUs to Switch C The link between Switch C and Switch B is in a Blocking state However if there is a unidirectional link failure STP topology 1 lower left Switch C does not receive BPDUs from Switch B When the max age ...

Page 997: ... age timer Figure 124 STP Loop Guard Prevents Forwarding Loops Configuring Loop Guard Enable STP loop guard on a per port or per port channel basis Dell Networking OS Behavior The following conditions apply to a port enabled with loop guard Loop guard is supported on any STP enabled port or port channel interface Loop guard is supported on a port or port channel in any spanning tree mode Spanning ...

Page 998: ... enabled port or port channel interface use the following command Enable loop guard on a port or port channel interface INTERFACE mode or INTERFACE PORT CHANNEL mode spanning tree 0 mstp rstp pvst loopguard 0 enables loop guard on an STP enabled port assigned to instance 0 mstp enables loop guard on an MSTP enabled port rstp enables loop guard on an RSTP enabled port pvst enables loop guard on a P...

Page 999: ... Te 1 1 0 INCON Root Rootguard Te 1 2 0 LIS Loopguard Te 1 3 0 EDS Shut Bpduguard Spanning Tree Protocol STP 999 ...

Page 1000: ...ed error Temporarily or permanently insane time sources are detected and avoided Dell Networking recommends configuring NTP for the most accurate time In Dell Networking OS you can configure other time sources the hardware clock and the software clock NTP is designed to produce three products clock offset roundtrip delay and dispersion all of which are relative to a selected reference clock Clock ...

Page 1001: ...the preceding level Dell Networking OS synchronizes with a time serving host to get the correct time You can set Dell Networking OS to poll specific NTP time serving hosts for the current time From those time serving hosts the system chooses one NTP host with which to synchronize and serve as a client to the NTP host As soon as a host client relationship is established the networking device propag...

Page 1002: ... command from EXEC Privilege mode R6_E300 conf do show ntp status Clock is synchronized stratum 2 reference is 192 168 1 1 frequency is 369 623 ppm stability is 53 319 ppm precision is 4294967279 reference time is CD63BCC2 0CBBD000 16 54 26 049 UTC Thu Mar 12 2009 clock offset is 997 529984 msec root delay is 0 00098 sec root dispersion is 10 04271 sec peer dispersion is 10032 715 msec peer mode i...

Page 1003: ...NTP Packets By default the source address of NTP packets is the IP address of the interface used to reach the network You can configure one interface s IP address include in all NTP packets To configure an IP address as the source address of NTP packets use the following command Configure a source IP address for NTP packets CONFIGURATION mode ntp source interface Enter the following keywords and s...

Page 1004: ...e key and cannot authenticate the NTP packets In this case re enter this command and save the running config to the startup config To configure NTP authentication use the following commands 1 Enable NTP authentication CONFIGURATION mode ntp authenticate 2 Set an authentication key CONFIGURATION mode ntp authentication key number md5 key Configure the following parameters number the range is from 1...

Page 1005: ...de 3 version 3 stratum 2 ppoll 1024 rtdel 0219 8 193970 rtdsp AF928 10973 266602 refid C0A80101 192 168 1 1 ref CD7F4F63 6BE8F000 14 51 15 421 UTC Thu Apr 2 2009 org CD7F4F63 68000000 14 51 15 406 UTC Thu Apr 2 2009 rec CD7F4F63 6BE8F000 14 51 15 421 UTC Thu Apr 2 2009 xmt CD7F5368 D0535000 15 8 24 813 UTC Thu Apr 2 2009 1w6d23h NTP rcv packet from 192 168 1 1 leap 0 mode 4 version 3 stratum 1 ppo...

Page 1006: ...spersion a signed fixed point number indicating the maximum error relative to the primary reference source at the root of the synchronization subnet in seconds Only positive values greater than zero are possible Reference Clock Identifier sys refid peer refid pkt refid This is a 32 bit code identifying the particular reference clock In the case of stratum 0 unspecified or stratum 1 primary referen...

Page 1007: ... mode clock set time month day year time enter the time in hours minutes seconds For the hour variable use the 24 hour format for example 17 15 00 is 5 15 pm month enter the name of one of the 12 months in English You can enter the name of a day to change the order of the display to time day month year day enter the number of the day The range is from 1 to 31 You can enter the name of a month to c...

Page 1008: ... date start month start day start year start time end month end day end year end time offset time zone enter the three letter name for the time zone This name displays in the show clock output start month enter the name of one of the 12 months in English You can enter the name of a day to change the order of the display to time day month year start day enter the number of the day The range is from...

Page 1009: ...week number Enter a number from 1 to 4 as the number of the week in the month to start daylight saving time first Enter the keyword first to start daylight saving time in the first week of the month last Enter the keyword last to start daylight saving time in the last week of the month start month Enter the name of one of the 12 months in English You can enter the name of a day to change the order...

Page 1010: ...rts 00 00 00 Pacific Sat Mar 14 2009 Summer time ends 00 00 00 pacific Sat Nov 7 2009 NOTE If you enter CR after entering the recurring command parameter and you have already set a one time daylight saving time date the system uses that time and date as the recurring setting The following example shows the clock summer time recurring parameters Dell conf clock summer time pacific recurring 1 4 Wee...

Page 1011: ...he logical address of the tunnel but in IPv6IP mode the logical address must be an IPv6 address The following sample configuration shows a tunnel configured in IPv6 mode carries IPv6 and IPv4 traffic Dell conf interface tunnel 1 Dell conf if tu 1 tunnel source 30 1 1 1 Dell conf if tu 1 tunnel destination 50 1 1 1 Dell conf if tu 1 tunnel mode ipip Dell conf if tu 1 ip address 1 1 1 1 24 Dell conf...

Page 1012: ...mode ipv6 no shutdown Configuring Tunnel Keepalive Settings You can configure a tunnel keepalive target keepalive interval and attempts NOTE By default the tunnel keepalive is disabled The following sample configuration shows how to use the tunnel keepalive command Dell conf if te 1 12 show config interface TenGigabitEthernet 1 12 ip address 40 1 1 1 24 ipv6 address 500 10 1 64 no shutdown Dell co...

Page 1013: ...if tu 1 no shutdown Dell conf if tu 1 show config interface Tunnel 1 ip unnumbered TenGigabitEthernet 1 1 ipv6 unnumbered TenGigabitEthernet 1 1 tunnel source 40 1 1 1 tunnel mode ipip decapsulate any no shutdown Dell conf if tu 1 Configuring Tunnel Allow Remote Decapsulation You can configure an IPv4 or IPV6 address or prefix whose tunneled packet is accepted for decapsulation If you do not confi...

Page 1014: ...stead of the ip address or interface tunnel allow remote command but only on multipoint receive only mode tunnels The following sample configuration shows how to use the tunnel source anylocal command Dell conf interface tunnel 1 Dell conf if tu 1 ipv6 address 1abd 1 64 Dell conf if tu 1 ip address 1 1 1 1 24 Dell conf if tu 1 tunnel source anylocal Dell conf if tu 1 tunnel mode ipip decapsulate a...

Page 1015: ...downstream links Failures on the downstream links allow downstream devices to recognize the loss of upstream connectivity For example as shown in the following illustration Switches S1 and S2 both have upstream connectivity to Router R1 and downstream connectivity to the server UFD operation is shown in Steps A through C In Step A the server configuration uses the connection to S1 as the primary p...

Page 1016: ...s called an uplink state group An interface in an uplink state group can be a physical interface or a port channel LAG aggregation of physical interfaces An enabled uplink state group tracks the state of all assigned upstream interfaces Failure on an upstream interface results in the automatic disabling of downstream interfaces in the uplink state group As a 1016 Uplink Failure Detection UFD ...

Page 1017: ...nterfaces in an uplink state group go down all downstream interfaces in the same uplink state group are put into a Link Down state Using UFD you can configure the automatic recovery of downstream ports in an uplink state group when the link status of an upstream port changes The tracking of upstream link status does not have a major impact on central processing unit CPU usage UFD and NIC Teaming T...

Page 1018: ...m interfaces in an uplink state group goes down either a user configurable set of downstream ports or all the downstream ports in the group are put in an Operationally Down state with an UFD Disabled error The order in which downstream ports are disabled is from the lowest numbered port to the highest If one of the upstream interfaces in an uplink state group that was down comes up the set of UFD ...

Page 1019: ... Oper Down state if one upstream link in the group goes down UPLINK STATE GROUP mode downstream disable links number all number specifies the number of downstream links to be brought down The range is from 1 to 1024 all brings down all downstream links in the group The default is no downstream links are disabled when an upstream link goes down NOTE Downstream interfaces in an uplink state group ar...

Page 1020: ...formation For a port channel interface enter port channel 1 512 port channel range Where port range and port channel range specify a range of ports separated by a dash and or individual ports port channels in any order for example tengigabitethernet 1 1 2 5 9 11 12 port channel 1 3 5 A comma is required to separate each port and port range entry clear ufd disable interface interface uplink state g...

Page 1021: ...am interface cleared from UFD error disabled Fo 3 48 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Downstream interface cleared from UFD error disabled Fo 3 52 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Downstream interface cleared from UFD error disabled Fo 3 56 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Downstream interface cleared from UFD error disabled Fo 3 60 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interfac...

Page 1022: ...ewing the uplink state group status Dell show uplink state group Uplink State Group 1 Status Enabled Up Uplink State Group 3 Status Enabled Up Uplink State Group 5 Status Enabled Down Uplink State Group 6 Status Enabled Up Uplink State Group 7 Status Enabled Up Uplink State Group 16 Status Disabled Up Dell show uplink state group 16 Uplink State Group 16 Status Disabled Up Dell show uplink state g...

Page 1023: ...rottles 0 CRC 0 overrun 0 discarded Output Statistics 0 packets 0 bytes 0 underruns 0 64 byte pkts 0 over 64 byte pkts 0 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 0 Multicasts 0 Broadcasts 0 Unicasts 0 throttles 0 discarded 0 collisions Rate info interval 299 seconds Input 00 00 Mbits sec 0 packets sec 0 00 of line rate Output 00 00 Mbits sec 0 packets sec ...

Page 1024: ...UNIT0 M CP IFMGR 5 OSTATE_DN Downstream interface set to UFD error disabled Te 1 1 Dell 00 10 00 STKUNIT0 M CP IFMGR 5 OSTATE_DN Changed interface state to down Te 1 1 Dell conf uplink state group 3 description Testing UFD feature Dell conf uplink state group 3 show config uplink state group 3 description Testing UFD feature downstream disable links 2 downstream TenGigabitEthernet 1 1 2 5 9 11 12 ...

Page 1025: ...Upstream Interfaces Te 1 3 Up Te 1 4 Dwn Downstream Interfaces Te 1 1 Dis Te 1 2 Dwn Te 1 5 Dwn Te 1 9 Dwn Te 1 11 Dwn Te 1 12 Dwn Uplink Failure Detection UFD 1025 ...

Page 1026: ...r system type follow the procedures in the Dell Networking OS Release Notes Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center You can reach Technical Support On the web http www dell com support By email Dell Force10_Technical_Support Dell com By phone US and Canada 866 965 5800 International 408 965 5800 10...

Page 1027: ...onfiguration in the Interfaces chapter VLAN Stacking in the Service Provider Bridging chapter For a complete listing of all commands related to Dell Networking OS VLANs refer to these Dell Networking OS Command Reference Guide chapters Interfaces 802 1X GARP VLAN Registration Protocol GVRP Service Provider Bridging Per VLAN Spanning Tree Plus PVST The following table lists the defaults for VLANs i...

Page 1028: ... switchport command to remove the interface from Layer 2 mode For more information refer to VLANs and Port Tagging Example of Configuring an Interface for Layer 2 Belonging to the Default VLAN Dell conf interface tengigabitethernet 1 2 Dell conf if no shut Dell conf if switchport Dell conf if show config interface TenGigabitEthernet 1 2 no ip address switchport no shutdown Dell conf if end Dell sh...

Page 1029: ...have 4 096 values but two are reserved NOTE The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1 518 bytes as specified in the IEEE 802 3 standard Some devices that are not compliant with IEEE 802 3 may not support the larger frame size Information contained in the tag header allows the system to prioritize traffic and to forward information to...

Page 1030: ...red VLANs use the show vlan command in EXEC Privilege mode Dell show vlan Codes Default VLAN G GVRP VLANs NUM Status Q Ports 1 Inactive U So 9 4 11 2 Active U Te 1 1 18 3 Active U Te 1 2 19 4 Active T Te 1 3 20 5 Active U Po 1 6 Active U Te 1 12 U So 9 0 Assigning Interfaces to a VLAN You can only assign interfaces in Layer 2 mode to a VLAN using the tagged and untagged commands To place an interf...

Page 1031: ...s tagged and in VLAN 2 and 3 use the show vlan command In a port based VLAN use the tagged command to add the interface to another VLAN The show vlan command output displays the interface s po 1 changed status Except for hybrid ports only a tagged interface can be a member of multiple VLANs You can assign hybrid ports to two VLANs if the port is untagged in one VLAN and tagged in all others Dell s...

Page 1032: ...erface in the Default VLAN You cannot use the no untagged interface command in the Default VLAN The following example shows the steps and commands to move an untagged interface from the Default VLAN to another VLAN To determine interface status use the show vlan command Interface gi 3 2 is untagged and in the Default VLAN vlan 1 In a port based VLAN vlan 4 use the untagged command to add the inter...

Page 1033: ...n IP address and mask on the interface INTERFACE mode ip address ip address mask secondary ip address mask Enter an address in dotted decimal format A B C D and the mask must be in slash format 24 secondary This is the interface s backup IP address You can configure up to eight secondary IP addresses Configuring Native VLANs Traditionally ports can be either untagged for membership to one VLAN or ...

Page 1034: ...lt VLAN In a Carrier Ethernet for Metro Service environment service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces each connected to a different customer before the interfaces are fully configured This presents a vulnerability because both interfaces are initially placed in the native VLAN VLAN 1 and for that period ...

Page 1035: ...bandwidth Provides fast convergence if either the link or a device fails Optimized forwarding with virtual router redundancy protocol VRRP Provides link level resiliency Assures high availability CAUTION Dell Networking does not recommend enabling Stacking and VLT simultaneously If you enable both features at the same time unexpected behavior occurs As shown in the following example VLT presents a...

Page 1036: ...uting layer For better resiliency in the aggregation Dell Networking recommends running the internal gateway protocol IGP on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system Enhanced VLT An enhanced VLT eVLT configuration creates a port channel between two VLT domains by allowing two different VLT domains using different VLT domain ID numbers connected by a st...

Page 1037: ...ociated to the configuration mode that you must use to assign VLT global parameters VLT peer device One of a pair of devices that are connected with the special port channel known as the VLT interconnect VLTi VLT peer switches have independent management planes A VLT interconnect between the VLT chassis maintains synchronization of L2 L3 control planes across the two VLT peer switches A separate b...

Page 1038: ...the query interval When you enable Layer 3 routing protocols on VLT peers make sure the delay restore timer is set to a value that allows sufficient time for all routes to establish adjacency and exchange all the L3 routes between the VLT peers before you enable the VLT ports Only use the lacp ungroup member independent command if the system connects to nodes using bare metal provisioning BMP to u...

Page 1039: ...Although egress ACL is applied on the VLT nodes to deny all traffic this egress ACL does not deny the traffic switching traffic is not denied owing to the egress IP ACL You cannot use egress ACLs to deny traffic properly in such a VLT scenario To support Q in Q over VLT ICL is implicitly made as vlan stack trunk port and the TPID of the ICL is set as 8100 Layer 2 Protocol Tunneling is not supporte...

Page 1040: ...not configure a backup link the switch s role displays in the show vlt brief command output as Primary instead of Standalone When you change the default VLAN ID on a VLT peer switch the VLT interconnect may flap In a VLT domain the following software features are supported on VLTi link layer discovery protocol LLDP flow control port monitoring jumbo frames and data center bridging DCB When you ena...

Page 1041: ...chassis VLT supports port channel links with LACP between access switches and VLT peer switches Dell Networking recommends using static port channels on VLTi If VLTi connectivity with a peer is lost but the VLT backup connectivity indicates that the peer is still alive the VLT ports on the Secondary peer are orphaned and are shut down In one possible topology a switch uses the BMP feature to recei...

Page 1042: ...e identical on both VLT peers Both the VRRP master and backup peers must be able to locally forward L3 traffic in the same way In a VLT domain although both VLT peers actively participate in L3 forwarding as the VRRP master or backup router the show vrrp command output displays one peer as master and the other peer as backup Failure scenarios On a link failover when a VLT port channel fails the tr...

Page 1043: ...RSTP can cause temporary port state blocking and may cause topology changes after link or node failures Spanning tree topology changes are distributed to the entire layer 2 network which can cause a network wide flush of learned MAC and ARP addresses requiring these addresses to be re learned However enabling RSTP can detect potential loops caused by non system issues such as cabling errors or inc...

Page 1044: ... Stack After you remove the unit you can configure VLT on the unit VLT and IGMP Snooping When configuring IGMP Snooping with VLT ensure the configurations on both sides of the VLT trunk are identical to get the same behavior on both sides of the trunk When you configure IGMP snooping on a VLT node the dynamically learned groups and multicast router ports are automatically learned on the VLT peer n...

Page 1045: ...l members in the port channel The default is 90 seconds To change the duration of the configurable timer use the delay restore command If you enable IGMP snooping IGMP queries are also sent out on the VLT ports at this time allowing any receivers to respond to the queries and update the multicast table on the new node This delay in bringing up the VLT ports also applies when the VLTi link recovers...

Page 1046: ... the designated router DR if they are incorrectly hashed In addition to being first hop or last hop routers the peer node can also act as an intermediate router On a VLT enabled PIM router if any PIM neighbor is reachable through a Spanned Layer 3 L3 VLAN interface this must be the only PIM enabled interface to reach that neighbor A Spanned L3 VLAN is any L3 VLAN configured on both peers in a VLT ...

Page 1047: ... operate directly on VLT ports You must add the VLT ports as a member of one or more VLANs and assign IP addresses to these VLANs VLT Unicast and VLT Multicast routing protocols require VLAN IP interfaces for operation Protocols such as BGP ISIS OSPF and PIM are compatible with VLT Unicast Routing and VLT Multicast Routing Spanned VLANs Any VLAN configured on both VLT peer nodes is referred to as ...

Page 1048: ... peer fails using the least intrusive method PIM and does not alter current protocol behavior Unlike VLT Unicast Routing a normal multicast routing protocol does not exchange multicast routes between VLT peers When you enable VLT Multicast Routing the multicast routing table is synced between the VLT peers Only multicast routes configured with a Spanned VLAN IP as their IIF are synced between VLT ...

Page 1049: ...nd configure VLT multicast follow these steps 1 Enable VLT on a switch then configure a VLT domain and enter VLT domain configuration mode CONFIGURATION mode vlt domain domain id 2 Enable peer routing VLT DOMAIN mode peer routing 3 Configure the multicast peer routing timeout VLT DOMAIN mode multicast peer routing timeout value value Specify a value in seconds from 1 to 1200 4 Configure a PIM SM c...

Page 1050: ...igurations When you enable VLT the show spanning tree rstp brief command output displays VLT information refer to Verifying a VLT Configuration Preventing Forwarding Loops in a VLT Domain During the bootup of VLT peer switches a forwarding loop may occur until the VLT configurations are applied on each switch and the primary secondary roles are determined To prevent the interfaces in the VLT inter...

Page 1051: ...same Dell Networking OS version and are configured for RSTP as described in RSTP Configuration For VRRP operation ensure that you configure VRRP groups and L3 routing on each VLT peer as described in VLT and VRRP interoperability in the Configuration Notes section To configure VLT and create a VLT domain in which two S4820T switches are physically connected and treated as a single port channel by ...

Page 1052: ...EL mode no shutdown 5 Repeat Steps 1 to 4 on the VLT peer switch to configure the VLT interconnect Enabling VLT and Creating a VLT Domain To enable VLT and create a VLT domain use the following steps 1 Enable VLT on a switch then configure a VLT domain and enter VLT domain configuration mode CONFIGURATION mode vlt domain domain id The domain ID range is from 1 to 1000 Configure the same domain ID ...

Page 1053: ...connect Configuring a VLT Backup Link To configure a VLT backup link use the following command 1 Specify the management interface to be used for the backup link through an out of band management network CONFIGURATION mode interface managementethernet slot port Enter the slot 0 1 and the port 0 2 Configure an IPv4 address A B C D or IPv6 address X X X X X and mask x on the interface MANAGEMENT INTE...

Page 1054: ...he primary role of VLT peer switches use the primary priority command To configure the primary role on a VLT peer enter a lower value than the priority value of the remote peer The priority values are from 1 to 65535 The default is 32768 3 Optional When you create a VLT domain on a switch Dell Networking OS automatically creates a VLT system MAC address used for internal system operations VLT DOMA...

Page 1055: ...e same port channel to be used to connect to an attached device and enter interface configuration mode CONFIGURATION mode interface port channel id number 2 Remove an IP address from the interface INTERFACE PORT CHANNEL mode no ip address 3 Place the interface in Layer 2 mode INTERFACE PORT CHANNEL mode switchport 4 Add one or more port interfaces to the port channel INTERFACE PORT CHANNEL mode ch...

Page 1056: ...in domain id The range of domain IDs is from 1 to 1000 2 Enter the port channel number that acts as the interconnect trunk VLT DOMAIN CONFIGURATION mode peer link port channel id number The range is from 1 to 128 3 Enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down VLT DOMAIN CONFIGURATION mode peer down vlan vlan interface n...

Page 1057: ... seconds You can optionally specify the time interval used to send hello messages The range is from 1 to 5 seconds 6 When you create a VLT domain on a switch Dell Networking OS automatically creates a VLT system MAC address used for internal system operations VLT DOMAIN CONFIGURATION mode system mac mac address mac address To explicitly configure the default MAC address for the domain by entering ...

Page 1058: ...an attached device INTERFACE PORT CHANNEL mode vlt peer lag port channel id number Valid port channel ID numbers are from 1 to 128 11 Ensure that the port channel is active INTERFACE PORT CHANNEL mode no shutdown 12 Add links to the eVLT port Configure a range of interfaces to bulk configure CONFIGURATION mode interface range port channel id 13 Enable LACP on the LAN port INTERFACE mode port chann...

Page 1059: ...e following example 6 Configure the peer 2 management ip interface ip for which connectivity is present in VLT peer 1 EXEC Privilege mode show running config vlt 7 Configure the peer 1 management ip interface ip for which connectivity is present in VLT peer 1 EXEC mode or EXEC Privilege mode show interfaces interface 8 Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack un...

Page 1060: ...peer link port channel in the VLT domains of each peer unit Dell 2 conf interface port channel 1 Dell 2 conf if po 1 channel member TenGigabitEthernet 1 4 7 Dell 4 conf interface port channel 1 Dell 4 conf if po 1 channel member TenGigabitEthernet 1 4 7 Configure the backup link between the VLT peer units 1 Configure the peer 2 management ip interface ip for which connectivity is present in VLT pe...

Page 1061: ...itEthernet 1 4 no ip address port channel protocol LACP port channel 2 mode active no shutdown configuring VLT peer lag in VLT Dell 2 show running config interface port channel 2 interface Port channel 2 no ip address switchport vlt peer lag port channel 2 no shutdown Dell 2 show interfaces port channel 2 brief Codes L LACP Port channel LAG Mode Status Uptime Ports L 2 L2L3 up 03 33 14 Te 1 4 Up I...

Page 1062: ... seconds Delay Restore Abort Threshold 60 seconds Peer Routing Disabled Peer Routing Timeout timer 0 seconds Multicast peer routing timeout 150 seconds Dell Verify that the VLT LAG is up in VLT peer unit Dell 2 show interfaces port channel 2 brief Codes L LACP Port channel LAG Mode Status Uptime Ports L 2 L2L3 up 03 43 24 Te 1 4 Up Dell 4 show interfaces port channel 2 brief Codes L LACP Port chan...

Page 1063: ...er1 conf pvst no disable Dell_VLTpeer1 conf pvst vlan 1000 bridge priority 0 Configure PVST on VLT Peers to Prevent Forwarding Loops VLT Peer 2 Dell_VLTpeer2 conf protocol spanning tree pvst Dell_VLTpeer2 conf pvst no disable Dell_VLTpeer2 conf pvst vlan 1000 bridge priority 4096 Configure both ends of the VLT interconnect trunk with identical PVST configurations When you enable VLT the show spann...

Page 1064: ...ample eVLT Configuration Step Examples In Domain 1 configure the VLT domain and VLTi on Peer 1 Domain_1_Peer1 configure Domain_1_Peer1 conf interface port channel 1 Domain_1_Peer1 conf if po 1 channel member TenGigabitEthernet 1 8 9 Domain_1_Peer1 conf vlt domain 1000 Domain_1_Peer1 conf vlt domain peer link port channel 1 Domain_1_Peer1 conf vlt domain back up destination 10 16 130 11 Domain_1_Pe...

Page 1065: ...VLT port channel on Peer 2 Domain_1_Peer2 conf interface range tengigabitethernet 1 28 29 Domain_1_Peer2 conf if range te 1 28 29 port channel protocol LACP Domain_1_Peer2 conf if range te 1 28 29 port channel 100 mode active Domain_1_Peer2 conf if range te 1 28 29 no shutdown In Domain 2 configure the VLT domain and VLTi on Peer 3 Domain_2_Peer3 configure Domain_2_Peer3 conf interface port channe...

Page 1066: ...ACP Domain_2_Peer4 conf if range te 1 31 32 port channel 100 mode active Domain_2_Peer4 conf if range te 1 31 32 no shutdown PIM Sparse Mode Configuration Example The following sample configuration shows how to configure the PIM Sparse mode designated router functionality on the VLT domain with two VLT port channels that are members of VLAN 4001 For more information refer to PIM Sparse Mode Suppor...

Page 1067: ...on on backup link operation EXEC mode show vlt backup link Display general status information about VLT domains currently configured on the switch EXEC mode show vlt brief Display detailed information about the VLT domain configuration including local and peer port channel IDs local VLT switch status and number of active VLANs on each port channel EXEC mode show vlt detail Display the VLT peer sta...

Page 1068: ... 11 200 18 Peer HeartBeat status Up HeartBeat Timer Interval 1 HeartBeat Timeout 3 UDP Port 34998 HeartBeat Messages Sent 1026 HeartBeat Messages Received 1025 Dell_VLTpeer2 show vlt backup link VLT Backup Link Destination 10 11 200 20 Peer HeartBeat status Up HeartBeat Timer Interval 1 HeartBeat Timeout 3 UDP Port 34998 HeartBeat Messages Sent 1030 HeartBeat Messages Received 1014 The following e...

Page 1069: ...System MAC address 00 01 e8 8a df bc Local System Role Priority 32768 Dell_VLTpeer2 show vlt role VLT Role VLT Role Secondary System MAC address 00 01 e8 8a df bc System Role Priority 32768 Local System MAC address 00 01 e8 8a df e6 Local System Role Priority 32768 The following example shows the show running config vlt command Dell_VLTpeer1 show running config vlt vlt domain 30 peer link port cha...

Page 1070: ...0000 DIS 800 4096 0001 e88a d656 128 4 Po 4 128 5 128 200000 DIS 800 4096 0001 e88a d656 128 5 Po 100 128 101 128 800 FWD VLTi 800 0 0001 e88a dff8 128 101 Po 110 128 111 128 00 FWD vlt 800 4096 0001 e88a d656 128 111 Po 111 128 112 128 200000 DIS vlt 800 4096 0001 e88a d656 128 112 Po 120 128 121 128 2000 FWD vlt 800 4096 0001 e88a d656 128 121 Dell_VLTpeer2 show spanning tree rstp brief Executin...

Page 1071: ... 0 0 exit Configure the VLT interconnect VLTi Dell_VLTpeer1 conf interface port channel 100 Dell_VLTpeer1 conf if po 100 no ip address Dell_VLTpeer1 conf if po 100 channel member fortyGigE 1 48 52 Dell_VLTpeer1 conf if po 100 no shutdown Dell_VLTpeer1 conf if po 100 exit Configure the port channel to an attached device Dell_VLTpeer1 conf interface port channel 110 Dell_VLTpeer1 conf if po 110 no i...

Page 1072: ...the port channel to an attached device Dell_VLTpeer2 conf interface port channel 110 Dell_VLTpeer2 conf if po 110 no ip address Dell_VLTpeer2 conf if po 110 switchport Dell_VLTpeer2 conf if po 110 channel member fortyGigE 1 48 Dell_VLTpeer2 conf if po 110 no shutdown Dell_VLTpeer2 conf if po 110 vlt peer lag port channel 110 Dell_VLTpeer2 conf if po 110 end Verify that the port channels used in th...

Page 1073: ...es not boot up The VLTi is forced to a down state A syslog error message and an SNMP trap are generated The VLT peer does not boot up The VLTi is forced to a down state A syslog error message and an SNMP trap are generated Verify the domain ID matches on both VLT peers Dell Networking OS Version mismatch A syslog error message is generated A syslog error message is generated Follow the correct upg...

Page 1074: ... trap are generated Verify the Dell Networking OS software versions on the VLT peers is compatible For more information refer to the Release Notes for this release VLT LAG ID is not configured on one VLT peer A syslog error message is generated The peer with the VLT configured remains active A syslog error message is generated The peer with the VLT configured remains active Verify the VLT LAG ID i...

Page 1075: ...n associate either a VLT VLAN or a VLT LAG to a PVLAN First configure the VLT interconnect VLTi or a VLT LAG by using the peer link port channel id number command or the VLT VLAN by using the peer link port channel id number peer down vlan vlan interface number command and the switchport command After you specify the VLTi link and VLT LAGs you can associate the same port channel or LAG bundle that...

Page 1076: ...h the peers VLTi is configured as a member of those VLANs This behavior is because of security functionalities in a PVLAN For example if a VLAN is a primary VLT VLAN on one peer and not a primary VLT VLAN on the other peer VLTi is not made a part of that VLAN MAC Synchronization for VLT Nodes in a PVLAN For the MAC addresses that are learned on non VLT ports MAC address synchronization is performe...

Page 1077: ...atches or PVLAN port mode mismatches occur Also you can view these discrepancies if any occur by using the show vlt mismatch command Interoperation of VLT Nodes in a PVLAN with ARP Requests When an ARP request is received and the following conditions are applicable the IP stack performs certain operations The VLAN on which the ARP request is received is a secondary VLAN community or isolated VLAN ...

Page 1078: ...s Primary Secondary No No Promiscuo us Promiscuo us Primary Primary Yes Yes Secondary Community Secondary Isolated No No Access Access Secondary Community Secondary Isolated No No Primary X Primary X Yes Yes Promiscuo us Promiscuo us Primary Primary Yes Yes Secondary Community Secondary Community Yes Yes Secondary Isolated Secondary Isolated Yes Yes Promiscuo us Trunk Primary Normal No No Promiscu...

Page 1079: ...itional VLAN into subdomains identified by a primary and secondary VLAN pair With VLT being a Layer 2 redundancy feature support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved This section contains the following topics that describe how to configure a VLT VLAN or a VLT LAG VLTi link and assign that VLT interface to a PVLAN Creating a VLT LAG or a ...

Page 1080: ...mber that acts as the interconnect trunk VLT DOMAIN CONFIGURATION mode peer link port channel id number The range is from 1 to 128 8 Optional To configure a VLT LAG enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down VLT DOMAIN CONFIGURATION mode peer link port channel id number peer down vlan vlan interface number The range i...

Page 1081: ...RP functionality is supported on VLT peer nodes A proxy ARP enabled device answers the ARP requests that are destined for another host or router The local host forwards the traffic to the proxy ARP enabled device which in turn transmits the packets to the destination By default proxy ARP is enabled To disable proxy ARP use the no proxy arp command in the interface mode To re enable proxy ARP use t...

Page 1082: ... MAC address Proxy ARP is supported for both unicast and broadcast ARP requests Control packets other than ARP requests destined for the VLT peers that reach the undesired and incorrect VLT node are dropped if the ICL link is down Further processing is not done on these control packets The VLT node does not perform any action if it receives gratuitous ARP requests for the VLT peer IP address Proxy...

Page 1083: ... receiver You can configure VLT nodes which function as RP as Multicast Source Discovery Protocol MSDP peers in different domains However you cannot configure the VLT peers as MSDP peers in the same VLT domain In such instances the VLT peer does not support the RP functionality If the same source or RP can be accessed over both a VLT and a non VLT VLAN configure better metrics for the VLT VLANs Ot...

Page 1084: ...LT Peer 1 Configure VLT domain Dell conf vlt domain 1 Dell conf vlt domain peer link port channel 1 Dell conf vlt domain back up destination 10 16 151 116 Dell conf vlt domain primary priority 100 Dell conf vlt domain system mac mac address 00 00 00 11 11 11 Dell conf vlt domain unit id 0 Dell conf vlt domain Dell show running config vlt vlt domain 1 peer link port channel 1 back up destination 10...

Page 1085: ...interface vlan 50 Dell conf if vl 50 vlan stack compatible Dell conf if vl 50 stack member port channel 10 Dell conf if vl 50 stack member port channel 20 Dell show running config interface vlan 50 interface Vlan 50 vlan stack compatible member Port channel 10 20 shutdown Dell Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN Stack VLAN Dell show vlan id 50 Codes Defaul...

Page 1086: ...nf if po 10 no shutdown Dell show running config interface port channel 10 interface Port channel 10 no ip address switchport vlan stack access vlt peer lag port channel 10 no shutdown Dell Dell conf interface port channel 20 Dell conf if po 20 switchport Dell conf if po 20 vlt peer lag port channel 20 Dell conf if po 20 vlan stack trunk Dell conf if po 20 no shutdown Dell show running config inte...

Page 1087: ...lt VLAN G GVRP VLANs R Remote Port Mirroring VLANs P Primary C Community I Isolated O Openflow Q U Untagged T Tagged x Dot1x untagged X Dot1x tagged o OpenFlow untagged O OpenFlow tagged G GVRP tagged M Vlan stack i Internal untagged I Internal tagged v VLT untagged V VLT tagged NUM Status Description Q Ports 50 Active M Po10 Te 1 8 M Po20 Te 1 20 V Po1 Te 1 30 32 Dell Virtual Link Trunking VLT 10...

Page 1088: ... without downtime For example consider a square VLT connecting two data centers If a VM VM1 on Server Rack 1 has C as its default gateway and VM1 performs a virtual movement to Server Rack 2 with no change in default gateway In this case L3 packets destined for C can be routed either by C1 or D1 locally To do this install the local system mac address of C and D in both C1 and D1 so the packets for...

Page 1089: ... VLANs across the VLT domain You must maintain VLAN symmetry within a VLT domain The connection between DCs must be a L3 VLT in eVLT format For more information refer to the eVLT Configuration Example The trace route across the DCs can show extra hops To ensure no traffic drops you must maintain route symmetry across the VLT domains When the routing table across DCs is not symmetrical there is a p...

Page 1090: ...oxy gateway lldp method or the proxy gateway static configuration Proxy gateway LLDP is a dynamic method of installing the local mac addresses in the remote VLT domain which is achieved using a new organizational type length value TLV in LLDP packets You can configure the VLT proxy gateway in a VLT domain using the proxy gateway LLDP command in proxy gateway Configuration mode Specify the port cha...

Page 1091: ...eway TLV is carried on the physical links under the port channel only You must have at least one link connection to each unit of the VLT domain Following are the prerequisites for Proxy Gateway LLDP configuration You must globally enable LLDP You cannot have interface level LLDP disable commands on the interfaces configured for proxy gateway and you must enable both transmission and reception You ...

Page 1092: ... the VLT peer mac transmit command under VLT Domain Proxy Gateway LLDP mode in both C and D VLT domain 1 and C1 and D1 VLT domain 2 This behavior is applicable only in the LLDP configuration and not required in the static configuration Sample Configuration Dell conf vlt domain proxy gateway lldp Dell conf vlt domain pxy gw lldp vlt peer mac transmit Assume the inter chassis link ICL between C1 and...

Page 1093: ... domain 1 gets an L3 hit at C1 in VLT domain 2 they are switched to both D1 via ICL and C via inter DC link This may lead to packet duplication Therefore if C s MAC address is learned at C1 the packet does not flood to D1 and only switches to C and avoids packet duplication With the existing hardware capabilities you can only disable VLT Proxy Gateway only for 500 VLANs using exclude VLAN configur...

Page 1094: ...s VPNs for customers VRF is also referred to as VPN routing and forwarding VRF acts like a logical router while a physical router may include many routing tables a VRF instance uses only a single routing table VRF uses a forwarding table that designates the next hop for each data packet a list of devices that may be called upon to forward the packet and a set of rules and routing protocols that go...

Page 1095: ...y have the ability to configure different virtual routers where entries in the FIB that belong to one VRF cannot be accessed by another VRF on the same device Only Layer 3 interfaces can belong to a VRF VRF is supported on following types of interface Physical Ethernet interfaces Port channel interfaces static dynamic using LACP VLAN interfaces Loopback interfaces VRF supports route redistribution...

Page 1096: ...fault VRF Configuration rollback for commands introduced or modified Yes No LLDP protocol on the port Yes No 802 1x protocol on the VLAN port Yes No OSPF RIP ISIS BGP on physical and logical interfaces Yes Yes NOTE OSPF supported on all VRF ports OSPF V2 and BGP V4 are supported on non default VRF ports also Others supported only on default VRF ports Dynamic Port channel LACP on VLAN port or a Lay...

Page 1097: ...nterfaces and LAGs Yes No IPv4 ARP Yes Yes IPv6 Neighbor Discovery Yes Yes Layer 2 ACLs on VLANs Yes No FEED Yes No Layer 2 QoS Yes Yes Support for storm control broadcast and unknown unicast Yes No sFlow Yes No VRRP on physical and logical interfaces Yes Yes VRRPV3 Yes Yes Secondary IP Addresses Yes No Following IPv6 capabilities No Basic Yes No OSPFv3 Yes Yes IS IS Yes Yes BGP Yes Yes ACL Yes No...

Page 1098: ... Command Mode 1 Load CAM memory for the VRF feature feature vrf CONFIGURATION After you load VRF CAM CLI parameters that allow you to configure non default VRFs are made available on the system Creating a Non Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances 1 to 63 and the default VRF 0 Task Command Syntax Command Mode Create a non default VRF instan...

Page 1099: ...a front end port to a management VRF perform the following steps Task Command Syntax Command Mode Enter the front end interface that you want to assign to a management interface interface tengigabitethernet 1 1 CONFIGURATION Assign the interface to management VRF NOTE Before assigning a front end port to a management VRF ensure that no IP address is configured on the interface ip vrf forwarding ma...

Page 1100: ...stance are subsequently tied to the VRF instance process id range 0 65535 router ospf process id vrf vrf name CONFIGURATION Once the OSPF process and the VRF are tied together the OSPF Process ID cannot be used again in the system Configuring VRRP on a VRF Instance You can configure the VRRP feature on interfaces that belong to a VRF instance In a virtualized network that consists of multiple VRFs...

Page 1101: ... You can assign a management interface to a management VRF Task Command Syntax Command Mode Create a management VRF ip vrf management CONFIGURATION Assign a management port to a management VRF interface management VRF MODE When Management VRF is configured the following interface range or interface group commands are disabled ipv6 nd dad Duplicated Address Detection ipv6 nd dns server Configure DN...

Page 1102: ...are not supported when Management VRF is configured Configuring a Static Route To configure a static route perform the following steps Task Command Syntax Command Mode Configure a static route that points to a management interface management route ip address mask managementethernet ormanagement route ipv6 address prefix length managementethernet NOTE You can also have the management route to point...

Page 1103: ...Figure 134 Setup OSPF and Static Routes Virtual Routing and Forwarding VRF 1103 ...

Page 1104: ...shown in Figure1 and Figure 2 Router 1 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface TenGigabitEthernet 3 1 no ip address switchport no shutdown interface TenGigabitEthernet 1 1 ip vrf forwarding blue ip address 10 0 0 1 24 no shutdown 1104 Virtual Routing and Forwarding VRF ...

Page 1105: ...down interface Vlan 256 ip vrf forwarding green ip address 3 0 0 1 24 tagged TenGigabitEthernet 3 1 no shutdown router ospf 1 vrf blue router id 1 0 0 1 network 1 0 0 0 24 area 0 network 10 0 0 0 24 area 0 router ospf 2 vrf orange router id 2 0 0 1 network 2 0 0 0 24 area 0 network 20 0 0 0 24 area 0 ip route vrf green 31 0 0 0 24 3 0 0 2 Router 2 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 inter...

Page 1106: ...arding green ip address 3 0 0 2 24 tagged TenGigabitEthernet 3 1 no shutdown router ospf 1 vrf blue router id 1 0 0 2 network 11 0 0 0 24 area 0 network 1 0 0 0 24 area 0 passive interface TenGigabitEthernet 2 1 router ospf 2 vrf orange router id 2 0 0 2 network 21 0 0 0 24 area 0 network 2 0 0 0 24 area 0 passive interface TenGigabitEthernet 2 2 ip route vrf green30 0 0 0 24 3 0 0 1 The following...

Page 1107: ...ination Gateway Dist Metric Last Change C 1 0 0 0 24 Direct Vl 128 0 0 00 20 48 C 10 0 0 0 24 Direct Te 1 1 0 0 00 10 06 O 11 0 0 0 24 via 1 0 0 2 Vl 128 110 2 00 11 13 Dell show ip route vrf orange Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 ...

Page 1108: ... vrf VRF Name VRF ID Interfaces default vrf 0 Te 3 0 3 Te 2 0 17 21 47 Ma 0 0 Ma 1 0 Nu 0 Vl 1 blue 1 Te 2 1 Vl 128 orange 2 Te 2 2 Vl 192 green 3 Te 2 3 Vl 256 Dell show ip ospf 1 neighbor Neighbor ID Pri State Dead Time Address Interface Area 1 0 0 1 1 FULL BDR 00 00 36 1 0 0 1 Vl 128 0 Dell sh ip ospf 2 neighbor Neighbor ID Pri State Dead Time Address Interface Area 2 0 0 1 1 FULL BDR 00 00 33 ...

Page 1109: ...n active route summary route Gateway of last resort is not set Destination Gateway Dist Metric Last Change C 2 0 0 0 24 Direct Vl 192 0 0 00 26 44 O 20 0 0 0 24 via 2 0 0 1 Vl 192 110 2 00 14 22 C 21 0 0 0 24 Direct Te 2 2 0 0 00 20 38 Dell show ip route vrf green Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA ext...

Page 1110: ...her virtual domains Inter VRF Route Leaking enables a VRF to leak or export routes that are present in its RTM to one or more VRFs Previous FTOS releases support static route leaking which enables route leaking through static commands Dynamic Route Leaking introduced in the 9 7 0 0 release enables a source VRF to share both its connected routes as well as dynamically learnt routes from various pro...

Page 1111: ...ort tag value should be configured on VRF Red and VRF blue as route import tag target VRF that is importing the routes For a reply communication VRF red and VRF blue are configured with two different route export tags one for each and those two values are configured as route import tags on VRF shared To configure route leaking perform the following steps 1 Configure VRF shared using the following ...

Page 1112: ...e vrf VRF Green O 33 3 3 3 32 via 133 3 3 3 110 0 00 00 11 C 133 3 3 0 24 Direct Te 1 13 0 0 22 39 61 Dell show ip route vrf VRF Shared O 44 4 4 4 32 via 144 4 4 4 110 0 00 00 11 C 144 4 4 0 24 Direct Te 1 4 0 0 00 32 36 Show routing tables of VRFs after route export and route import tags are configured Dell show ip route vrf VRF Red O 11 1 1 1 32 via 111 1 1 1 110 0 00 00 10 C 111 1 1 0 24 Direct...

Page 1113: ...destination VRF IPv6 link local routes will never be leaked from one VRF to another Configuring Route Leaking with Filtering When you initalize route leaking from one VRF to another all the routes are exposed to the target VRF If the size of the source VRF s RTM is considerablly large an import operation results in the duplication of the target VRF s RTM with the source RTM entries To mitigate thi...

Page 1114: ... OSPF and BGP as the matching criteria for exporting routes from vrf red 4 Configure the export target in the source VRF with route map export_ospfbgp_protocol ip route export 1 1 export_ospfbgp_protocol 5 Configure VRF blue ip vrf vrf blue interface tengigabitethernet 1 22ip vrf forwarding VRF blueip address x x x x 255 x x x A non default VRF named VRF blue is created and the interface 1 22 is a...

Page 1115: ...arget VRF B has specified filtering options to match BGP the BGP route is not leaked as that route is not active in the Source VRF The export target and import target support only the match protocol and match prefix list options Other options that are configured in the route maps are ignored You can expose a unique set of routes from the Source VRF for Leaking to other VRFs For example in VRF red ...

Page 1116: ...55 VRRP routers on a network The following example shows a typical network configuration using VRRP Instead of configuring the hosts on the network 10 10 10 0 with the IP address of either Router A or Router B as their default router their default router is the IP address configured on the virtual router When any host on the LAN segment wants to access the Internet it sends packets to the IP addre...

Page 1117: ...s VRRP Implementation Within a single VRRP group up to 12 virtual IP addresses are supported Virtual IP addresses can belong to the primary or secondary IP address subnet configured on the interface You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet The S4820T supports varying number of maximum VRRP groups per interface The S4820T suppo...

Page 1118: ...ended Advertise Interval Groups Interface Total VRRP Groups S4820T S4820T Less than 250 1 second 12 Between 250 and 450 2 3 seconds 24 Between 450 and 600 3 4 seconds 36 Between 600 and 800 4 seconds 48 Between 800 and 1000 5 seconds 84 Between 1000 and 1200 7 seconds 100 Between 1200 and 1500 8 seconds 120 VRRP Configuration By default VRRP is not configured Configuration Task List The following ...

Page 1119: ...ll conf if te 1 1 vrid 111 The following examples how to verify the VRRP configuration Dell conf if te 1 1 show conf interface TenGigabitEthernet 1 1 ip address 10 10 10 1 24 vrrp group 111 no shutdown Configuring the VRRP Version for an IPv4 Group For IPv4 you can configure a VRRP group to use one of the following VRRP versions VRRPv2 as defined in RFC 3768 Virtual Router Redundancy Protocol VRRP...

Page 1120: ...onf if te 1 1 vrid 100 version 3 3 Set the backup switches to version 3 Dell_backup_switch1 conf if te 1 1 vrid 100 version 3 Dell_backup_switch2 conf if te 1 2 vrid 100 version 3 Assign Virtual IP addresses Virtual routers contain virtual IP addresses configured for that VRRP group VRID A VRRP group does not transmit VRRP packets until you assign the Virtual IP address to the VRRP group The devic...

Page 1121: ...aster stack unit the VRRP virtual addresses are disabled To re enable VRRP execute the mac address table station move refresh arp command Configuring a Virtual IP Address To configure a virtual IP address use the following commands 1 Configure a VRRP group INTERFACE mode vrrp group vrrp id The VRID range is from 1 to 255 2 Configure virtual IP addresses for this VRID INTERFACE VRID mode virtual ad...

Page 1122: ...ther Master or Backup Setting VRRP Group Virtual Router Priority Setting a virtual router priority to 255 ensures that router is the owner virtual router for the VRRP group VRRP elects the MASTER router by choosing the router with the highest priority The default priority for a virtual router is 100 The higher the number the higher the priority If the MASTER router fails VRRP begins the election p...

Page 1123: ...es the password in its VRRP transmission The receiving router uses that password to verify the transmission NOTE You must configure all virtual routers in the VRRP group the same you must enable authentication with the same password or authentication is disabled To configure simple authentication use the following command Configure a simple text password INTERFACE VRID mode authentication type sim...

Page 1124: ...ell conf if te 1 1 vrid 111 The following example shows how to verify preempt is disabled using the show conf command Dell conf if te 1 1 vrid 111 show conf vrrp group 111 authentication type simple 7 387a7f2df5969da4 no preempt priority 255 virtual address 10 10 10 1 virtual address 10 10 10 2 virtual address 10 10 10 3 virtual address 10 10 10 10 Changing the Advertisement Interval By default th...

Page 1125: ...e range is from 1 to 255 seconds The default is 1 second For VRRPv3 change the advertisement centisecs interval setting INTERFACE VRID mode advertise interval centisecs centisecs The range is from 25 to 4075 centisecs in units of 25 centisecs The default is 100 centisecs Examples of the advertise interval Command The following example shows how to change the advertise interval using the advertise ...

Page 1126: ...the keyword TenGigabitEthernet then the slot port information For a port channel interface enter the keywords port channel then a number For the S Series the valid port channel numbers are from 1 to 128 For a VLAN interface enter the keyword vlan then a number from 1 to 4094 For a virtual group you can also track the status of a configured object the track object id command by entering its object ...

Page 1127: ...net 1 2 The following example shows how to verify tracking using the show conf command Dell conf if te 1 1 vrid 111 show conf vrrp group 111 advertise interval 10 authentication type simple 7 387a7f2df5969da4 no preempt priority 255 track TenGigabitEthernet 1 2 virtual address 10 10 10 1 virtual address 10 10 10 2 virtual address 10 10 10 3 virtual address 10 10 10 10 The following example shows v...

Page 1128: ...res that VRRP initializes with no errors or conflicts You can configure the delay for up to 15 minutes after which VRRP enables normally NOTE When you reload a node that contains VRRP configuration and is enabled for VLT Dell Networking recommends that you configure the reload timer by using the vrrp delay reload command to ensure that VRRP is functional Otherwise when you reload a VLT node config...

Page 1129: ...onds range is from 0 to 900 The default is 0 VRRP for IPv6 Configuration This section shows VRRP IPv6 topology with CLI configurations Consider an example VRRP for IPv6 configuration in which the IPv6 VRRP group consists of two routers NOTE This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration You can copy and paste from th...

Page 1130: ...lready has MASTER status the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address Router 2 R2 conf interface tengigabitethernet 1 1 R2 conf if te 1 1 no ip address R2 conf if te 1 1 ipv6 address 1 1 64 R2 conf if te 1 1 vrrp group 10 1130 Virtual Router Redundancy Protocol VRRP ...

Page 1131: ...cept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 135 Virtual MAC address 00 00 5e 00 02 0a Virtual IP address 1 10 fe80 10 NOTE Although R2 and R3 have the same default priority 100 R2 is elected master in the VRRPv3 group because the Tengigabitethernet 1 1 interface has a higher IPv6 address than the Tengigabitethernet 1 2 interface on R3 Router 3 R3 conf interface t...

Page 1132: ...r AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 120 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 10 1 1 255 fe80 255 Dell Dell show vrrp vrf vrf1 vlan 400 Vlan 400 IPv6 VRID 255 Version 3 Net fe80 201 e8ff fe8a e9ed VRF 1 vrf1 State Master Priority 200 Master fe80 201 e8ff fe8a e9ed local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 10...

Page 1133: ...aster AdvInt 100 centisec Adv rcvd 548 Bad pkts rcvd 0 Adv sent 0 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 10 1 1 255 fe80 255 Sample Configurations Before you set up VRRP review the following sample configurations VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP This example does not contain comprehensive directions and is intended to provid...

Page 1134: ... tengigabitethernet 2 31 R2 conf if te 2 31 ip address 10 1 1 1 24 R2 conf if te 2 31 vrrp group 99 R2 conf if te 2 31 vrid 99 priority 200 R2 conf if te 2 31 vrid 99 virtual 10 1 1 3 R2 conf if te 2 31 vrid 99 no shut R2 conf if te 2 31 show conf interface TenGigabitEthernet 2 31 ip address 10 1 1 1 24 vrrp group 99 1134 Virtual Router Redundancy Protocol VRRP ...

Page 1135: ...e 3 21 ip address 10 1 1 2 24 R3 conf if te 3 21 vrrp group 99 R3 conf if te 3 21 vrid 99 virtual 10 1 1 3 R3 conf if te 3 21 vrid 99 no shut R3 conf if te 3 21 show conf interface TenGigabitEthernet 3 21 ip address 10 1 1 1 24 vrrp group 99 virtual address 10 1 1 3 no shutdown R3 conf if te 3 21 end R3 show vrrp TenGigabitEthernet 3 21 VRID 99 Net 10 1 1 2 State Backup Priority 100 Master 10 1 1 ...

Page 1136: ...6 address The following example shows configuring VRRP for IPv6 Router 2 and Router 3 Configure a virtual link local fe80 address for each VRRPv3 group created for an interface The VRRPv3 group becomes active as soon as you configure the link local address Afterward you can configure the group s virtual IPv6 address The virtual IPv6 address you configure must be the same as the IPv6 subnet to whic...

Page 1137: ...6a c59f local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 135 Virtual MAC address 00 00 5e 00 02 0a Virtual IP address 1 10 fe80 10 Router 3 R3 conf interface tengigabitethernet 1 2 R3 conf if te 1 2 no ipv6 address R3 conf if te 1 2 ipv6 address 1 2 64 R3 conf if te 1 2 vrrp group 10 R2 conf if te 1 2 vrid ...

Page 1138: ... and Switch 2 have three VRF instances defined VRF 1 VRF 2 and VRF 3 Each VRF has a separate physical interface to a LAN switch and an upstream VPN interface to connect to the Internet Both Switch 1 and Switch 2 use VRRP groups on each VRF instance in order that there is one MASTER and one backup router for each VRF In VRF 1 and VRF 2 Switch 2 serves as owner master of the VRRP group and Switch 1 ...

Page 1139: ...fo The VRID used by the VRRP group 11 in VRF 1 will be 177 S1 conf if te 1 1 vrid 101 priority 100 S1 conf if te 1 1 vrid 101 virtual address 10 10 1 2 S1 conf if te 1 1 no shutdown S1 conf interface TenGigabitEthernet 1 2 S1 conf if te 1 2 ip vrf forwarding VRF 2 S1 conf if te 1 2 ip address 10 10 1 6 24 S1 conf if te 1 2 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 2 will be 178 ...

Page 1140: ...3 S2 conf interface TenGigabitEthernet 1 1 S2 conf if te 1 1 ip vrf forwarding VRF 1 S2 conf if te 1 1 ip address 10 10 1 2 24 S2 conf if te 1 1 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if te 1 1 vrid 101 priority 255 S2 conf if te 1 1 vrid 101 virtual address 10 10 1 2 S2 conf if te 1 1 no shutdown S2 conf interface TenGigabitEthernet 1 2 S2 conf if te 1 ...

Page 1141: ... 1 1 no shutdown S1 conf if te 1 1 interface vlan 100 S1 conf if vl 100 ip vrf forwarding VRF 1 S1 conf if vl 100 ip address 10 10 1 5 24 S1 conf if vl 100 tagged TenGigabitethernet 1 1 S1 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S1 conf if vl 100 vrid 101 priority 100 S1 conf if vl 100 vrid 101 virtual address 10 10 1 2 S1 conf if vl 100 no shutdow...

Page 1142: ...00 S2 conf if vl 100 ip vrf forwarding VRF 1 S2 conf if vl 100 ip address 10 10 1 2 24 S2 conf if vl 100 tagged TenGigabitethernet 1 1 S2 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if vl 100 vrid 101 priority 255 S2 conf if vl 100 vrid 101 virtual address 10 10 1 2 S2 conf if vl 100 no shutdown S2 conf if te 1 1 interface vlan 200 S2 conf if v...

Page 1143: ... Net 20 1 1 2 VRF 1 vrf1 State Backup Priority 90 Master 20 1 1 1 Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 377 Bad pkts rcvd 0 Adv sent 0 Gratuitous ARP sent 0 Virtual MAC address 00 00 5e 00 01 0a Virtual IP address 20 1 1 100 Authentication none Dell show vrrp vrf vrf2 port channel 1 Port channel 1 IPv4 VRID 1 Version 2 Net 10 1 1 1 VRF 2 vrf2 State Master Priority 100 Master 10 1 1 1 ...

Page 1144: ...nto Loopback mode and test packets are transmitted through those components Level 2 diagnostics also perform snake tests using virtual local area network VLAN configurations Important Points to Remember You can only perform offline diagnostics on an offline standalone unit or offline member unit of a stack of three or more You cannot perform diagnostics on the management or standby unit in a stack...

Page 1145: ...ts are printed to a file in the flash using the filename format TestReport SU stack unit id txt Log messages differ somewhat when diagnostics are done on a standalone unit and on a stack member 4 View the results of the diagnostic tests EXEC Privilege mode show file flash TestReport SU stack unit id txt Examples of Running Offline Diagnostics The following example shows the offline stack unit stac...

Page 1146: ...Diags confirm yes no yes Dell Dec 15 04 14 07 S4820 0 DIAGAGT 6 DA_DIAG_STARTED Starting diags on stack unit 0 00 12 10 System may take additional time for Driver Init 00 12 10 Approximate time to complete the Diags 6 Mins The following example shows the diag command stack member output from master unit Dell diag stack unit 2 Warning the stack unit will be pulled out of the stack for diagnostic ex...

Page 1147: ...Unit Number 0 Stack Unit EEPROM INFO MFG INFO Data in Chassis Eeprom Mfg Info is listed as Vendor Id 07 Country Code 06 Date Code 10222012 Serial Number SWDG129100003 Part Number 2P7Y5 Product Revision A Product Order Number 02P7Y52BE0005A00123SBC902 S4820T LEVEL 0 DIAGNOSTICS diagS4810DumpPowerGoodStatus 653 ERROR Psu 0 Output voltage is NOT in regulation range Test 1 000 Psu Power Good Test FAIL...

Page 1148: ... or standby units is stored in the flash TRACE_LOG_DIR directory This directory contains files that save trace information when there has been a task crash or timeout On a MASTER unit you can reach the TRACE_LOG_DIR files by FTP or by using the show file command from the flash TRACE_LOG_DIR directory On a Standby unit you can reach the TRACE_LOG_DIR files only by using the show file command from t...

Page 1149: ...ack unit EXEC Privilege mode show hardware stack unit 0 11 cpu data plane statistics This view provides insight into the packet types entering the CPU to see whether CPU bound traffic is internal IPC traffic or network control traffic which the CPU must process View the modular packet buffers details per stack unit and the mode of allocation EXEC Privilege mode show hardware stack unit 0 11 buffer...

Page 1150: ...hell command from the CLI without going into the bShell EXEC Privilege mode show hardware stack unit 0 11 unit 0 1 execute shell cmd command View the Multicast IPMC replication table from the bShell EXEC Privilege mode show hardware stack unit 0 11 unit 0 1 ipmc replication View the internal statistics for each port pipe unit on per port basis EXEC Privilege mode show hardware stack unit 0 11 unit...

Page 1151: ...ature high temperature reaches or exceeds threshold of value C CHMGR 2 TEMP_SHUTDOWN_WARN WARNING temperature is value C approaching shutdown threshold of value C To view the programmed alarm thresholds levels including the shutdown value use the show alarms threshold command Example of the show alarms threshold Command Dell show alarms threshold Temperature Limits deg C Minor Off Minor Major Off ...

Page 1152: ...nder voltage condition check that the correct number of power supplies are installed and their Status light emitting diodes LEDs are lit The following table lists information for SNMP traps and OIDs on S Series environmental monitoring hardware and hardware components Table 87 SNMP Traps and OIDs OID String OID Name Description Receiving Power 1 3 6 1 4 1 6027 3 10 1 2 5 1 6 chSysPortXfpRecvPower ...

Page 1153: ... layer3 qos stack unit stack unit number port set 0 1 show hardware ipv6 e g acl in acl stack unit stack unit number port set number show hardware system flow layer2 stack unit stack unit number port set number counters show hardware drops interface range interface show hardware stack unit id buffer stats snapshot unit id resource x show hardware buffer inteface interface priority group id all que...

Page 1154: ...l Mmu Drops EgMac Drops Egress Drops 1 0 0 0 0 0 2 0 0 0 0 0 3 0 0 0 0 0 4 0 0 0 0 0 5 0 0 0 0 0 6 0 0 0 0 0 7 0 0 0 0 0 8 0 0 0 0 0 Example of show hardware drops interface interface Dell show hardware drops interface tengigabitethernet 2 1 Drops in Interface Te 2 1 Ingress Drops Ingress Drops 0 IBP CBP Full Drops 0 PortSTPnotFwd Drops 0 IPv4 L3 Discards 0 Policy Discards 0 Packets dropped by FP ...

Page 1155: ...ngigabitethernet 2 1 1 Drops in Interface Te 2 1 1 Ingress Drops Ingress Drops 0 IBP CBP Full Drops 0 PortSTPnotFwd Drops 0 IPv4 L3 Discards 0 Policy Discards 0 Packets dropped by FP 0 L2 L3 Drops 0 Port bitmap zero Drops 0 Rx VLAN Drops 0 Ingress MAC counters Ingress FCSDrops 0 Ingress MTUExceeds 0 MMU Drops Ingress MMU Drops 0 HOL DROPS TOTAL 0 HOL DROPS on COS0 0 HOL DROPS on COS1 0 HOL DROPS o...

Page 1156: ...o Drops 0 Rx VLAN Drops 0 Ingress MAC counters Ingress FCSDrops 0 Ingress MTUExceeds 0 MMU Drops Ingress MMU Drops 0 HOL DROPS TOTAL 0 HOL DROPS on COS0 0 HOL DROPS on COS1 0 HOL DROPS on COS2 0 HOL DROPS on COS3 0 HOL DROPS on COS4 0 HOL DROPS on COS5 0 HOL DROPS on COS6 0 HOL DROPS on COS7 0 HOL DROPS on COS8 0 HOL DROPS on COS9 0 HOL DROPS on COS10 0 HOL DROPS on COS11 0 HOL DROPS on COS12 0 HO...

Page 1157: ... to see whether CPU bound traffic is internal so called party bus or IPC traffic or network control traffic which the CPU must process Example of Viewing Dataplane Statistics Dell show hardware stack unit 2 cpu data plane statistics bc pci driver statistics for device rxHandle 0 noMhdr 0 noMbuf 0 noClus 0 recvd 0 dropped 0 recvToNet 0 rxError 0 rxDatapathErr 0 rxPkt COS0 0 rxPkt COS1 0 rxPkt COS2 ...

Page 1158: ...over 64 byte pkts 107970 over 127 byte pkts 34 over 255 byte pkts 504838 over 511 byte pkts 1009638 over 1023 byte pkts 0 Multicasts 0 Broadcasts 1649714 Unicasts 0 throttles 0 discarded 0 collisions Rate info interval 45 seconds Input 00 00 Mbits sec 2 packets sec 0 00 of line rate Output 00 06 Mbits sec 8 packets sec 0 00 of line rate Dell Display Stack Member Counters The show hardware stack un...

Page 1159: ...Packet frame Counter 0 RX Unicast Packet Counter 0 RX Multicast Packet Counter 0 RX Broadcast Frame Counter 0 RX Byte Counter 0 RX Control frame counter 0 RX PAUSE frame counter 0 RX Oversized frame counter 0 RX Jabber frame counter 0 RX VLAN tag frame counter 0 RX Double VLAN tag frame counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 46 TX ...

Page 1160: ...Packet Counter 0 RX Packet frame Counter 0 RX Unicast Packet Counter 0 RX Multicast Packet Counter 0 RX Broadcast Frame Counter 0 RX Byte Counter 0 RX Control frame counter 0 RX PAUSE frame counter 0 RX Oversized frame counter 0 RX Jabber frame counter 0 RX VLAN tag frame counter 0 RX Double VLAN tag frame counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte ...

Page 1161: ...st Packet Counter 0 RX Broadcast Frame Counter 0 RX Byte Counter 0 RX Control frame counter 0 RX PAUSE frame counter 0 RX Oversized frame counter 0 RX Jabber frame counter 0 RX VLAN tag frame counter 0 RX Double VLAN tag frame counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 46 TX 64 to 127 Byte Frame Counter 0 TX 128 to 255 Byte Frame Count...

Page 1162: ...Good VLAN Frame Counter 0 RX 1519 to 2047 Byte Frame Counter 0 RX 2048 to 4095 Byte Frame Counter 0 RX 4096 to 9216 Byte Frame Counter 0 RX Good Packet Counter 0 RX Packet Frame Counter 0 RX Unicast Frame Counter 0 RX Multicast Frame Counter 0 RX Broadcast Frame Counter 0 RX Byte Counter 0 RX Control Frame Counter 0 RX Pause Control Frame Counter 0 RX Oversized Frame Counter 0 RX Jabber Frame Coun...

Page 1163: ...he kernel mini core filename format is f10StkUnit Stack_unit_no kcore mini txt The following are sample filenames When a member or standby unit crashes the mini core file gets uploaded to master unit When the master unit crashes the mini core file is uploaded to new master The panic string contains key information regarding the crash Several panic string types exist and they are displayed in regul...

Page 1164: ... The maximum file size for a TCP dump capture is 1MB When a file reaches 1MB a new file is created up to the specified total number of files Maximize the number of packets recorded in a file by specifying the snap length to capture the file headers only The tcpdump command has a finite run process When you enable the tcpdump command it runs until the capture duration timer and or the packet count ...

Page 1165: ...ted RFCs IEEE Compliance The following is a list of IEEE compliance 802 1AB LLDP 802 1D Bridging STP 802 1p L2 Prioritization 802 1Q VLAN Tagging Double VLAN Tagging GVRP 802 1s MSTP 802 1w RSTP 802 1X Network Access Control Port Authentication 802 3ab Gigabit Ethernet 1000BASE T 802 3ac Frame Extensions for VLAN Tagging 802 3ad Link Aggregation with LACP 802 3ae 10 Gigabit Ethernet 10GBASE W 10GB...

Page 1166: ...tocol 7 6 1 793 Transmission Control Protocol 7 6 1 854 Telnet Protocol Specification 7 6 1 959 File Transfer Protocol FTP 7 6 1 1321 The MD5 Message Digest Algorithm 7 6 1 1350 The TFTP Protocol Revision 2 7 6 1 1661 The Point to Point Protocol PPP 1989 PPP Link Quality Monitoring 1990 The PPP Multilink Protocol MP 1994 PPP Challenge Handshake Authentication Protocol CHAP 2460 Internationalizatio...

Page 1167: ...s 7 6 1 1191 Path MTU Discovery 7 6 1 1305 Network Time Protocol Version 3 Specification Implementation and Analysis 7 6 1 1519 Classless Inter Domain Routing CIDR an Address Assignment and Aggregation Strategy 7 6 1 1542 Clarifications and Extensions for the Bootstrap Protocol 7 6 1 1812 Requirements for IP Version 4 Routers 7 6 1 2131 Dynamic Host Configuration Protocol 7 6 1 2338 Virtual Router...

Page 1168: ...Pv6 Global Unicast Address Format 7 8 1 4007 IPv6 Scoped Address Architecture 8 3 12 0 4291 Internet Protocol Version 6 IPv6 Addressing Architecture 7 8 1 4443 Internet Control Message Protocol ICMPv6 for the IPv6 Specification 7 8 1 4861 Neighbor Discovery for IPv6 8 3 12 0 4862 IPv6 Stateless Address Autoconfiguration 8 3 12 0 5175 IPv6 Router Advertisement Flags Option 8 3 12 0 Border Gateway P...

Page 1169: ...entation of Autonomous System AS Numbers 8 1 2 draft ietf idrbgp4 20 A Border Gateway Protocol 4 BGP 4 7 8 1 draft ietf idrrestart 06 Graceful Restart Mechanism for BGP 7 8 1 Open Shortest Path First OSPF The following table lists the Dell Networking OS support per platform for OSPF protocol Table 92 Open Shortest Path First OSPF RFC Full Name S Series Z Series 1587 The OSPF Not So Stubby Area NSS...

Page 1170: ... IS ACruythpetongtircaapthioicn 3784 Intermediate System to Intermediate System IS IS Extensions in Support of Generalized Multi Protocol Label Switching GMPLS 5120 MT ISIS Multi Topology MT Routing in Intermediate System to Intermediate Systems IS ISs 5306 Restart Signaling for IS IS 5308 Routing IPv6 with IS IS 8 3 10 0 draft ietf isis igpp2p over lan 06 Point to point operation over LAN in link...

Page 1171: ... 3618 Multicast Source Discovery Protocol MSDP 3810 Multicast Listener Discovery Version 2 MLDv2 for IPv6 3973 Protocol Independent Multicast Dense Mode PIM DM Protocol Specification Revised 4541 Considerations for Internet Group Management Protocol IGMP and Multicast Listener Discovery MLD Snooping Switches 7 6 1 IGMPv1 v2 draft ietf pim sm v2 new 05 Protocol Independent Multicast Sparse Mode PIM...

Page 1172: ...dges except for the dot1dTpLearnedEntryDisc ards object 7 6 1 1724 RIP Version 2 MIB Extension 1850 OSPF Version 2 Management Information Base 7 6 1 1901 Introduction to Community based SNMPv2 7 6 1 2011 SNMPv2 Management Information Base for the Internet Protocol using SMIv2 7 6 1 2012 SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2 7 6 1 2013 SNMPv2 Managemen...

Page 1173: ... 7 6 1 2572 Message Processing and Dispatching for the Simple Network Management Protocol SNMP 7 6 1 2574 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMPv3 7 6 1 2575 View based Access Control Model VACM for the Simple Network Management Protocol SNMP 7 6 1 2576 Coexistence Between Version 1 Version 2 and Version 3 of the Internet standard Network Managem...

Page 1174: ...ged Objects for Bridges with Traffic Classes Multicast Filtering and Virtual LAN Extensions 7 6 1 2787 Definitions of Managed Objects for the Virtual Router Redundancy Protocol 7 6 1 2819 Remote Network Monitoring Management Information Base Ethernet Statistics Table Ethernet History Control Table Ethernet History Table Alarm Table Event Table Log Table 7 6 1 2863 The Interfaces Group MIB 7 6 1 28...

Page 1175: ...vice RADIUS Usage Guidelines 7 6 1 3815 Definitions of Managed Objects for the Multiprotocol Label Switching MPLS Label Distribution Protocol LDP 4001 Textual Conventions for Internet Network Addresses 8 3 12 4292 IP Forwarding Table MIB 9 5 0 0 9 5 0 0 9 5 0 0 4750 OSPF Version 2 Management Information Base 9 5 0 0 9 5 0 0 9 5 0 0 4502 RMON v2 MIB 9 5 0 0 9 5 0 0 9 5 0 0 5060 Protocol Independent...

Page 1176: ...nes a YANG data model for the configuration of network interfaces Used in the Programmatic Interface RESTAPI feature 9 2 0 0 9 2 0 0 9 2 0 0 IEEE 802 1AB Management Information Base module for LLDP configuration statistics local system data and remote systems data components 7 7 1 IEEE 802 1AB The LLDP Management Information Base extension module for IEEE 802 1 organizationally defined discovery i...

Page 1177: ...reachability issue It reports the autonomous system of the next hop multiple next hop support and policy routing support FORCE10 CS CHASSIS MIB Force10 C Series Enterprise Chassis MIB FORCE10 IF EXTENSION MIB Force10 Enterprise IF Extension MIB extends the Interfaces portion of the MIB 2 RFC 1213 by providing proprietary SNMP OIDs for other counters displayed in the show interfaces output 7 6 1 FO...

Page 1178: ...B Location You can find Force10 MIBs under the Force10 MIBs subhead on the Documentation page of iSupport https www force10networks com CSPortal20 KnowledgeBase Documentation aspx You also can obtain a list of selected MIBs and their OIDs at the following URL https www force10networks com CSPortal20 Main Login aspx Some pages of iSupport require a login To request an iSupport account go to https w...

Search results

Summary of Contents for S4820T

Reviews:

Related manuals for S4820T

Brands by name

Popular brands

Dell S4820T, Configuration Manual

Search results

Summary of Contents for S4820T

Reviews:

Related manuals for S4820T

Brands by name

Popular brands