manualshive.com logo in svg

Dell S6000-ON, Configuration Manual

Share
Download
Dell S6000-ON Configuration Manual Download Page 800

• Displaying User Roles
• Displaying Accounting for User Roles
• Displaying Information About Roles Logged into the Switch
• Display Role Permissions Assigned to a Command

Overview of RBAC

With Role-Based Access Control (RBAC), access and authorization is controlled based on a user’s role. 
Users are granted permissions based on their user roles, not on their individual user ID. User roles are 
created for job functions and through those roles they acquire the permissions to perform their 
associated job function. Each user can be assigned only a single role. Many users can have the same role.

The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can 
inherit permissions when you create a new user role, restrict or add commands a user can enter and the 
actions the user can perform. This allows for greater flexibility in assigning permissions for each 
command to each role and as a result, it is easier and much more efficient to administer user rights. If a 
user’s role matches one of the allowed user roles for that command, then command authorization is 
granted.

A constrained RBAC model provides for separation of duty and as a result, provides greater security than 
the hierarchical RBAC model. Essentially, a constrained model puts some limitations around each role’s 
permissions to allow you to partition of tasks. However, some inheritance is possible.

Default command permissions are based on CLI mode (such as configure, interface, router), any specific 
command settings, and the permissions allowed by the privilege and role commands. The role command 
allows you to change permissions based on the role. You can modify the permissions specific to that 
command and/or command option. For more information, see 

Modifying Command Permissions for 

Roles 

.

NOTE: When you enter a user role, you have already been authenticated and authorized. You do 

not need to enter an enable password because you will be automatically placed in EXEC Priv mode.

For greater security, the ability to view event, audit, and security system log is associated with user roles. 
For information about these topics, see 

Audit and Security Logs

.

Privilege-or-Role Mode versus Role-only Mode

By default, the system provides access to commands determined by the user’s role or by the user’s 

privilege level. The user’s role takes precedence over a user’s privilege level. If the system is in “privilege or 

role” mode, then all existing user IDs can continue to access the switch even if they do not have a user 

role defined. To change to more secure mode, use role-based AAA authorization. When role-based only 

AAA authorization is configured, access to commands is determined only by the user’s role. For more 

information, see 

Configuring Role-based Only AAA Authorization.

Configuring Role-based Only AAA Authorization

You can configure authorization so that access to commands is determined only by the user’s role. If the 
user has no user role, access to the system is denied as the user will not be able to login successfully. 
When you enable role-based only AAA authorization using the 

aaa authorization role-only

 command in 

Configuration mode, the Dell Networking OS checks to ensure that you do not lock yourself out and that 
the user authentication is available for all terminal lines.

Pre-requisites

800

Security

Summary of Contents for S6000-ON

Page 1: ...Dell Configuration Guide for the S6000 ON System 9 9 0 0 ...

Page 2: ...problem WARNING A WARNING indicates a potential for property damage personal injury or death Copyright 2015 Dell Inc All rights reserved This product is protected by U S and international copyright and intellectual property laws Dell and the Dell logo are trademarks of Dell Inc in the United States and or other jurisdictions All other marks and names mentioned herein may be trademarks of their res...

Page 3: ...al Console 45 Default Configuration 46 Configuring a Host Name 46 Accessing the System Remotely 47 Accessing the System Remotely 47 Configure the Management Port IP Address 47 Configure a Management Route 48 Configuring a Username and Password 48 Configuring the Enable Password 48 Configuration File Management 49 Copy Files to and from the System 49 Mounting an NFS File System 50 Save the Running ...

Page 4: ...guring a UNIX System as a Syslog Server 65 Track Login Activity 65 Restrictions for Tracking Login Activity 65 Configuring Login Activity Tracking 66 Display Login Statistics 66 Limit Concurrent Login Sessions 67 Restrictions for Limiting the Number of Concurrent Sessions 67 Configuring Concurrent Session Limit 67 Enabling the System to Clear Existing Sessions 68 Changing System Logging Settings 6...

Page 5: ...uring Timeouts 91 Configuring Dynamic VLAN Assignment with Port Authentication 92 Guest and Authentication Fail VLANs 93 Configuring a Guest VLAN 94 Configuring an Authentication Fail VLAN 94 6 Access Control Lists ACLs 96 IP Access Control Lists ACLs 96 CAM Usage 97 Implementing ACLs on Dell Networking OS 98 Important Points to Remember 99 Configuration Task List for Route Maps 100 Configuring Ma...

Page 6: ...ort for ACLs 123 Behavior of Flow Based Monitoring 123 Enabling Flow Based Monitoring 125 7 Bidirectional Forwarding Detection BFD 127 How BFD Works 127 BFD Packet Format 128 BFD Sessions 130 BFD Three Way Handshake 130 Session State Changes 131 Important Points to Remember 132 Configure BFD 132 Configure BFD for Physical Ports 133 Configure BFD for Static Routes 136 Configure BFD for OSPF 138 Con...

Page 7: ...Configuring AS4 Number Representations 179 Configuring Peer Groups 181 Configuring BGP Fast Fall Over 183 Configuring Passive Peering 185 Maintaining Existing AS Numbers During an AS Migration 186 Allowing an AS Number to Appear in its Own AS Path 187 Enabling Graceful Restart 188 Enabling Neighbor Graceful Restart 189 Filtering on an AS Path Attribute 189 Regular Expressions as Filters 191 Redist...

Page 8: ... Addressable Memory CAM 221 CAM Allocation 221 Test CAM Usage 223 View CAM Profiles 223 View CAM ACL Settings 224 View CAM Usage 226 CAM Optimization 227 Troubleshoot CAM Profiling 227 CAM Profile Mismatches 227 QoS CAM Region Limitation 227 Syslog Error When the Table is Full 228 Syslog Warning Upon 90 Percent Utilization of CAM 228 Syslog Warning for Discrepancies Between Configured Extended Pre...

Page 9: ...ple for DSCP and PFC Priorities 252 SNMP Support for PFC and Buffer Statistics Tracking 253 Performing PFC Using DSCP Bits Instead of 802 1p Bits 254 PFC and ETS Configuration Examples 255 Using PFC to Manage Converged Ethernet Traffic 255 Operations on Untagged Packets 255 Generation of PFC for a Priority for Untagged Packets 255 Configure Enhanced Transmission Selection 256 ETS Prerequisites and...

Page 10: ... Using NetBIOS WINS for Address Resolution 292 Creating Manual Binding Entries 292 Debugging the DHCP Server 293 Using DHCP Clear Commands 293 Configure the System to be a DHCP Client 293 Configuring the DHCP Client System 294 DHCP Client on a Management Interface 296 DHCP Client Operation with Other Features 296 Configure the System for User Port Stacking Option 230 297 Configure Secure DHCP 297 ...

Page 11: ...8 Enabling the FCoE Transit Feature 319 Enable FIP Snooping on VLANs 319 Configure the FC MAP Value 319 Configure a Port for a Bridge to Bridge Link 319 Configure a Port for a Bridge to FCF Link 320 Impact on Other Software Features 320 FIP Snooping Restrictions 320 Configuring FIP Snooping 320 Displaying FIP Snooping Information 321 FCoE Transit Configuration Example 327 15 Flex Hash and Optimize...

Page 12: ...ring the Control VLAN 343 Configuring and Adding the Member VLANs 344 Setting the FRRP Timers 345 Clearing the FRRP Counters 346 Viewing the FRRP Configuration 346 Viewing the FRRP Information 346 Troubleshooting FRRP 347 Configuration Checks 347 Sample Configuration and Topology 347 17 GARP VLAN Registration Protocol GVRP 349 Important Points to Remember 349 Configure GVRP 350 Related Configurati...

Page 13: ...ation 368 Handling of Switch Initiated Traffic 368 Handling of Switch Destined Traffic 369 Handling of Transit Traffic Traffic Separation 370 Mapping of Management Applications and Traffic Type 370 Behavior of Various Applications for Switch Initiated Traffic 372 Behavior of Various Applications for Switch Destined Traffic 373 Interworking of EIS With Various Applications 373 Designating a Multica...

Page 14: ...New Port Channel 392 Configuring the Minimum Oper Up Links in a Port Channel 393 Adding or Removing a Port Channel from a VLAN 393 Assigning an IP Address to a Port Channel 395 Deleting or Disabling a Port Channel 395 Load Balancing Through Port Channels 395 Changing the Hash Algorithm 395 Bulk Configuration 397 Interface Range 397 Bulk Configuration Examples 397 Defining Interface Range Macros 39...

Page 15: ...outes 422 Configure Static Routes for the Management Interface 423 Using the Configured Source IP Address in ICMP Messages 423 Configuring the ICMP Source Interface 424 Configuring the Duration to Establish a TCP Connection 424 Enabling Directed Broadcast 425 Resolution of Host Names 425 Enabling Dynamic Resolution of Host Names 425 Specifying the Local System Domain and a List of Domains 426 Conf...

Page 16: ...ting IPv6 with Dell Networking OS 444 ICMPv6 446 Path MTU Discovery 446 IPv6 Neighbor Discovery 447 IPv6 Neighbor Discovery of MTU Packets 448 Configuring the IPv6 Recursive DNS Server 448 Debugging IPv6 RDNSS Information Sent to the Host 449 Displaying IPv6 RDNSS Information 449 Secure Shell SSH Over an IPv6 Transport 450 Configuration Tasks for IPv6 450 Adjusting Your CAM Profile 451 Assigning a...

Page 17: ...ion 468 23 Intermediate System to Intermediate System 470 IS IS Protocol Overview 470 IS IS Addressing 470 Multi Topology IS IS 471 Transition Mode 471 Interface Support 472 Adjacencies 472 Graceful Restart 472 Timers 472 Implementation Information 473 Configuration Information 474 Configuration Tasks for IS IS 474 Configuring the Distance of a Route 483 Changing the IS Type 483 Redistributing IPv...

Page 18: ... Time for Dynamic Entries 511 Configuring a Static MAC Address 512 Displaying the MAC Address Table 512 MAC Learning Limit 512 Setting the MAC Learning Limit 513 mac learning limit Dynamic 513 mac learning limit mac address sticky 514 mac learning limit station move 514 mac learning limit no station move 514 Learning Limit Violation Actions 515 Setting Station Move Violation Actions 515 Recovering...

Page 19: ...uring Transmit and Receive Mode 540 Configuring the Time to Live Value 541 Debugging LLDP 542 Relevant Management Objects 543 27 Microsoft Network Load Balancing 549 NLB Unicast Mode Scenario 549 NLB Multicast Mode Scenario 550 Limitations of the NLB Feature 550 Microsoft Clustering 550 Enable and Disable VLAN Flooding 551 Configuring a Switch for NLB 551 Enabling a Switch for Multicast NLB 551 28...

Page 20: ...STP 578 Protocol Overview 578 Spanning Tree Variations 579 Implementation Information 579 Configure Multiple Spanning Tree Protocol 579 Related Configuration Tasks 579 Enable Multiple Spanning Tree Globally 580 Adding and Removing Interfaces 580 Creating Multiple Spanning Tree Instances 580 Influencing MSTP Root Selection 582 Interoperate with Non Dell Bridges 582 Changing the Region Name or Revis...

Page 21: ...gnated Routers 618 Link State Advertisements LSAs 618 Router Priority and Cost 620 OSPF with Dell Networking OS 620 Graceful Restart 621 Fast Convergence OSPFv2 IPv4 Only 622 Multi Process OSPFv2 with VRF 622 RFC 2328 Compliant OSPF Flooding 623 OSPF ACK Packing 624 Setting OSPF Adjacency with Cisco Routers 624 Configuration Information 625 Configuration Task List for OSPFv2 OSPF for IPv4 625 Conf...

Page 22: ...6 Implementation Information 666 Protocol Overview 666 Requesting Multicast Traffic 666 Refuse Multicast Traffic 667 Send Multicast Traffic 667 Configuring PIM SM 668 Related Configuration Tasks 668 Enable PIM SM 668 Configuring S G Expiry Timers 669 Configuring a Static Rendezvous Point 670 Overriding Bootstrap Router Updates 670 Configuring a Designated Router 671 Creating Multicast Boundaries a...

Page 23: ...ation Information 695 Configure Per VLAN Spanning Tree Plus 695 Related Configuration Tasks 695 Enabling PVST 695 Disabling PVST 696 Influencing PVST Root Selection 696 Modifying Global PVST Parameters 698 Modifying Interface PVST Parameters 699 Configuring an EdgePort 700 PVST in Multi Vendor Networks 700 Enabling PVST Extend System ID 701 PVST Sample Configurations 702 38 Quality of Service QoS ...

Page 24: ...nes for Configuring ECN for Classifying and Color Marking Packets 734 Sample configuration to mark non ecn packets as yellow with Multiple traffic class 734 Classifying Incoming Packets Using ECN and Color Marking 735 Sample configuration to mark non ecn packets as yellow with single traffic class 737 Applying Layer 2 Match Criteria on a Layer 3 Interface 738 Managing Hardware Buffer Statistics 73...

Page 25: ...Accounting 771 Configuration Task List for AAA Accounting 771 AAA Authentication 773 Configuration Task List for AAA Authentication 774 Obscuring Passwords and Keys 776 AAA Authorization 777 Privilege Levels Overview 777 Configuration Task List for Privilege Levels 777 RADIUS 781 RADIUS Authentication 782 Configuration Task List for RADIUS 783 TACACS 786 Configuration Task List for TACACS 786 TACA...

Page 26: ...king for a VLAN 815 Configuring the Protocol Type Value for the Outer VLAN Tag 815 Configuring Dell Networking OS Options for Trunk Ports 815 Debugging VLAN Stacking 816 VLAN Stacking in Multi Vendor Networks 817 VLAN Stacking Packet Drop Precedence 820 Enabling Drop Eligibility 820 Honoring the Incoming DEI Value 821 Marking Egress Packets with a DEI Value 822 Dynamic Mode CoS for VLAN Stacking 8...

Page 27: ...ser Based Security SNMPv3 841 Reading Managed Object Values 842 Writing Managed Object Values 843 Configuring Contact and Location Information using SNMP 844 Subscribing to Managed Object Value Updates using SNMP 845 Enabling a Subset of SNMP Traps 846 Enabling an SNMP Agent to Notify Syslog Server Failure 848 Copy Configuration Files Using SNMP 849 Copying a Configuration File 851 Copying Configu...

Page 28: ...ing Tree Protocol STP 867 Protocol Overview 867 Configure Spanning Tree 867 Related Configuration Tasks 867 Important Points to Remember 868 Configuring Interfaces for Layer 2 Mode 868 Enabling Spanning Tree Protocol Globally 869 Adding an Interface to the Spanning Tree Group 871 Modifying Global Parameters 872 Modifying Interface STP Parameters 873 Enabling PortFast 873 Prevent Network Disruption...

Page 29: ...9 Configuration Task List 899 Setting the Time and Date for the Switch Software Clock 899 Setting the Timezone 899 Set Daylight Saving Time 900 Setting Daylight Saving Time Once 900 Setting Recurring Daylight Saving Time 901 51 Tunneling 903 Configuring a Tunnel 903 Configuring Tunnel Keepalive Settings 904 Configuring a Tunnel Interface 905 Configuring Tunnel Allow Remote Decapsulation 905 Config...

Page 30: ...25 Enhanced VLT 925 VLT Terminology 926 Configure Virtual Link Trunking 927 Important Points to Remember 927 Configuration Notes 928 Primary and Secondary VLT Peers 932 RSTP and VLT 932 VLT Bandwidth Monitoring 932 VLT and IGMP Snooping 933 VLT IPv6 933 VLT Port Delayed Restoration 933 PIM Sparse Mode Support on VLT 933 VLT Routing 935 Non VLT ARP Sync 937 RSTP Configuration 937 Preventing Forward...

Page 31: ...s Points for Multicast Resiliency 970 Configuring VLAN Stack over VLT 971 56 Virtual Extensible LAN VXLAN 975 Overview 975 Components of VXLAN network 976 Components of VXLAN network 976 Functional Overview of VXLAN Gateway 977 VXLAN Frame Format 977 Components of VXLAN Frame Format 978 Configuring and Controlling VXLAN from the NVP Controller GUI 979 Configuring VxLAN Gateway 981 Connecting to an...

Page 32: ...an IPv4 Configuration 1021 VRRP in a VRF Configuration 1026 VRRP for IPv6 Configuration 1031 59 Debugging and Diagnostics 1036 Offline Diagnostics 1036 Important Points to Remember 1036 Running Offline Diagnostics 1036 Trace Logs 1041 Auto Save on Crash or Rollover 1041 Hardware Watchdog Timer 1041 Enabling Environmental Monitoring 1041 Recognize an Overtemperature Condition 1041 Troubleshoot an O...

Page 33: ... Compliance 1065 RFC and I D Compliance 1066 General Internet Protocols 1066 General IPv4 Protocols 1067 General IPv6 Protocols 1069 Border Gateway Protocol BGP 1071 Open Shortest Path First OSPF 1071 Intermediate System to Intermediate System IS IS 1072 Routing Information Protocol RIP 1073 Multicast 1073 Network Management 1074 MIB Location 1080 33 ...

Page 34: ...ntended for system administrators who are responsible for configuring and maintaining networks and assumes knowledge in Layer 2 and Layer 3 networking technologies Conventions This guide uses the following conventions to describe command syntax Keyword Keywords are in Courier a monospaced font and must be entered in the CLI as listed parameter Parameters are in italics and require a number or word...

Page 35: ... related documentation Accessing the Command Line Access the CLI through a serial console port or a Telnet session When the system successfully boots enter the command line in EXEC mode NOTE You must have a password configured on a virtual terminal line before you can Telnet into the system Therefore you must use a console connection when connecting to the system for the first time telnet 172 31 1...

Page 36: ...P services specific to an interface An interface can be physical Management interface 1 Gigabit Ethernet or 10 Gigabit Ethernet or logical Loopback Null port channel or virtual local area network VLAN LINE submode is the mode in which you to configure the console and virtual terminal lines NOTE At any time entering a question mark displays the available command options For example when you are in ...

Page 37: ... for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level NOTE Sub CONFIGURATION modes all have the letters conf in the prompt with more modifiers to identify the mode and slot port subport information Table 1 Dell Networking OS Command Modes CLI Command Mode Prompt Access Command EXEC Dell Access the router through the cons...

Page 38: ...ESS LIST Dell config std nacl ip access list standard IP ACCESS LIST Modes EXTENDED ACCESS LIST Dell config ext nacl ip access list extended IP ACCESS LIST Modes IP COMMUNITY LIST Dell config community list ip community list AUXILIARY Dell config line aux line LINE Modes CONSOLE Dell config line console line LINE Modes VIRTUAL TERMINAL Dell config line vty line LINE Modes STANDARD ACCESS LIST Dell...

Page 39: ...class map CONTROL PLANE Dell conf control cpuqos control plane cpuqos DHCP Dell config dhcp ip dhcp server DHCP POOL Dell config dhcp pool name pool DHCP Mode ECMP Dell conf ecmp group ecmp group id ecmp group EIS Dell conf mgmt eis management egress interface selection FRRP Dell conf frrp ring id protocol frrp LLDP Dell conf lldp or Dell conf if interface lldp protocol lldp CONFIGURATION or INTER...

Page 40: ...otocol spanning tree 0 Dell config span The do Command You can enter an EXEC mode command from any CONFIGURATION mode CONFIGURATION INTERFACE SPANNING TREE and so on without having to return to EXEC mode by preceding the EXEC mode command with the do command The following example shows the output of the do command Dell conf do show system brief Stack MAC 34 17 eb f2 c2 c4 Reload Type normal reload...

Page 41: ...address Dell conf if te 4 17 1 show config interface TenGigabitEthernet 4 17 1 no ip address no shutdown Layer 2 protocols are disabled by default To enable Layer 2 protocols use the no disable command For example in PROTOCOL SPANNING TREE mode enter no disable to enable Spanning Tree Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode usin...

Page 42: ...red commands refer to Command History The BACKSPACE and DELETE keys erase the previous letter Key combinations are available to move quickly across the command line The following table describes these short cut key combinations Short Cut Key Combination Action CNTL A Moves the cursor to the beginning of the command line CNTL B Moves the cursor back one character CNTL D Deletes character at cursor ...

Page 43: ...arch to case insensitive For example the commands show run grep Ethernet returns a search result with instances containing a capitalized Ethernet such as interface TenGigabitEthernet 1 1 1 show run grep ethernet does not return that search result because it only searches for instances containing a non capitalized ethernet show run grep Ethernet ignore case returns instances containing both Etherne...

Page 44: ...regular expression except regular expression grep other regular expression find regular expression save Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode A warning message indicates the username type of connection console or VTY and in the case of a VTY connection the IP address of the terminal on which the conn...

Page 45: ...process completes the system status LEDs remain online green and the console monitor displays the EXEC mode prompt For details about using the command line interface CLI refer to the Accessing the Command Line section in the Configuration Fundamentals chapter Console Access The device has one RJ 45 RS 232 console port an out of band OOB Ethernet port and a micro USB B console port Serial Console T...

Page 46: ...erver for example a PC The pin assignments between the console and a DTE terminal server are as follows Table 2 Pin Assignments Between the Console and a DTE Terminal Server Console Port RJ 45 to RJ 45 Rollover Cable RJ 45 to RJ 45 Rollover Cable RJ 45 to DB 9 Adapter Terminal Server Device Signal RJ 45 Pinout RJ 45 Pinout DB 9 Pin Signal RTS 1 8 8 CTS NC 2 7 6 DSR TxD 3 6 2 RxD GND 4 5 5 GND GND ...

Page 47: ...uring the system for remote access is a three step process as described in the following topics 1 Configure an IP address for the management port Configure the Management Port IP Address 2 Configure a management route with a default gateway Configure a Management Route 3 Configure a username and password Configure a Username and Password Configure the Management Port IP Address To access the syste...

Page 48: ...CONFIGURATION mode username username password encryption type password encryption type specifies how you are inputting the password is 0 by default and is not required 0 is for inputting the password in clear text 7 is for inputting a password that is already encrypted using a Type 7 hash Obtaining the encrypted password from the configuration of another Dell Networking system Configuring the Enab...

Page 49: ...l file to a remote system combine the file origin syntax for a local file location with the file destination syntax for a remote file location To copy a remote file to Dell Networking system combine the file origin syntax for a remote file location with the file destination syntax for a local file location Table 3 Forming a copy Command Location source file url Syntax destination file url Syntax F...

Page 50: ... the device Since multiple mount points exist on a device it is mandatory to specify the mount point to which you want to load the system The f10 mnt nfsdirectory is the root of all mount points To mount an NFS file system perform the following steps Table 4 Mounting an NFS File System File Operation Syntax To mount an NFS file system mount nfs rhost path mount point username password The foreign ...

Page 51: ...ample of Copying to NFS Mount Dell copy flash test txt nfsmount Destination file name test txt 15 bytes successfully copied Dell copy flash ashu capture txt pcap nfsmount Destination file name test txt 15 bytes successfully copied Dell copy flash ashu capture txt pcap nfsmount ashutosh snoop pcap 24 bytes successfully copied Dell Dell copy tftp 10 16 127 35 mashutosh dv maa s4810 test flash Copy t...

Page 52: ... about setting the router overload bit for a specific period of time after a switch reload is implemented refer to the Intermediate System to Intermediate System IS IS section in the Dell Networking OS Command Line Reference Guide Viewing Files You can only view file information and content on local file systems To view a list of files or the contents of a file use the following commands View a li...

Page 53: ...hanges that have not been saved and are preserved after a system reboot Example of the show running config Command Dell show running config Current Configuration Version 9 4 0 0 Last configuration change at Tue Mar 11 21 33 56 2014 by admin Startup config last updated at Tue Mar 11 12 11 00 2014 by default output truncated for brevity Managing the File System The Dell Networking system can use the...

Page 54: ...or File Transfers Stating with Release 9 3 0 1 you can use HTTP to copy files or configuration details to a remote server Use the copy source file url http host port file path command to transfer files to an external server Enter the following source file url keywords and information To copy a file from the internal FLASH enter flash followed by the filename To copy the running configuration enter...

Page 55: ...age file on system s flash drive and optionally compares it to a Dell Networking published hash for that file The MD5 or SHA256 hash provides a method of validating that you have downloaded the original software Calculating the hash on the local image file and comparing the result to the hash published for that file on iSupport provides a high level of confidence that the local copy is exactly the...

Page 56: ...rking software image file to validate Examples Without Entering the Hash Value for Verification MD5 Dell verify md5 flash FTOS SE 9 5 0 0 bin MD5 hash for FTOS SE 9 5 0 0 bin 275ceb73a4f3118e1d6bcf7d75753459 SHA256 Dell verify sha256 flash FTOS SE 9 5 0 0 bin SHA256 hash for FTOS SE 9 5 0 0 bin e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 Examples Entering the Hash Value for Ve...

Page 57: ... available For information about how access and authorization is controlled based on a user s role see Role Based Access Control Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set You can then customize privilege levels 2 14 by restricting access to an EXEC mode command moving commands from EXEC Privilege to EXEC mode restricting access A user ca...

Page 58: ... the command that enters you into the mode For example to allow a user to enter INTERFACE mode use the privilege configure level level interface tengigabitethernet command Next individually identify the INTERFACE LINE ROUTE MAP or ROUTER commands to which you want to allow access using the privilege interface line route map router level level command In the command specify the privilege level of t...

Page 59: ...level is 3 Dell capture Capture packet configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC ip Global IP subcommands monitor Monitoring feature mtrace Trace reverse multicast path from destination to source ping Send echo messages quit Exit from the EXEC show Show running system information output omitted Dell config ou...

Page 60: ...a Privilege Level to a Username To set the user privilege level use the following command Configure a privilege level for a user CONFIGURATION mode username username privilege level Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line use the following command Configure a privilege level for a user CONFIGURATION mode username username privilege level NOTE When...

Page 61: ...audit log contains configuration events and information The types of information in this log consist of the following User logins to the switch System events for network issues or system issues Users making configuration changes The switch logs who made the configuration changes and the date and time of the change However each specific change on the configuration is not logged Only that the config...

Page 62: ...s disabled you can only view system events regardless of RBAC user role To view security logs use the show logging command Example of the show logging auditlog Command For information about the logging extended command see Enabling Audit and Security Logs Dell show logging auditlog May 12 12 20 25 Dell CLI 6 logging extended by admin from vty0 10 14 1 98 May 12 12 20 42 Dell CLI 6 configure termin...

Page 63: ...nfiguring the Logging Message Format Dell conf logging version 0 1 Select syslog version default 0 Dell conf logging version 1 Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server Figure 2 Setting Up a Secure Connection to a Syslog Server Pre requisites To configure a secure connection from the switch to the...

Page 64: ...ll conf logging 127 0 0 1 tcp 5140 Log Messages in the Internal Buffer All error messages except those beginning with BOOTUP Message are log in the internal buffer For example BOOTUP RPM0 CP PORTPIPE INIT SUCCESS Portpipe 0 enabled Configuration Task List for System Log Management There are two configuration tasks for system log management Disable System Logging Send System Messages to a Syslog Se...

Page 65: ...og In the previous lines local7 is the logging facility level and debugging is the severity level Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events When you log in using the console or VTY line the system displays the last successful login details of the current user and the number of unsuccessful login at...

Page 66: ...etails for 12 days Dell config login statistics enable Dell config login statistics time period 12 Display Login Statistics To view the login statistics use the show login statistics command Example of the show login statistics Command The show login statistics command displays the successful and failed login details of the current user in the last 30 days or the custom defined time period Dell sh...

Page 67: ... auxiliary and console lines You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions By default you can use all 10 VTY lines one console line and one auxiliary line You can limit the number of available sessions using the login concurrent session limit command and so restrict users to that specific number of sessions You can optionally co...

Page 68: ...ing concurrent sessions providing an option to close any one of the existing sessions telnet 10 11 178 14 Trying 10 11 178 14 Connected to 10 11 178 14 Escape character is Login admin Password Current sessions for user admin Line Location 2 vty 0 10 14 1 97 3 vty 1 10 14 1 97 Clear existing session line number Enter to cancel When you try to create more than the permitted number of sessions the fo...

Page 69: ...severity level for logging to a syslog server CONFIGURATION mode logging trap level Specify the minimum severity level for logging to the syslog history table CONFIGURATION mode logging history level Specify the size of the logging buffer CONFIGURATION mode logging buffered size NOTE When you decrease the buffer size Dell Networking OS deletes all messages stored in the buffer Increasing the buffe...

Page 70: ...5 CARDDETECTED Line card 12 present TSM 6 SFM_DISCOVERY Found SFM 0 TSM 6 SFM_DISCOVERY Found SFM 1 TSM 6 SFM_DISCOVERY Found SFM 2 TSM 6 SFM_DISCOVERY Found SFM 3 TSM 6 SFM_DISCOVERY Found SFM 4 TSM 6 SFM_DISCOVERY Found SFM 5 TSM 6 SFM_DISCOVERY Found SFM 6 TSM 6 SFM_DISCOVERY Found SFM 7 TSM 6 SFM_SWITCHFAB_STATE Switch Fabric UP TSM 6 SFM_DISCOVERY Found SFM 8 TSM 6 SFM_DISCOVERY Found 9 SFMs ...

Page 71: ...NET news messages sys9 system use sys10 system use sys11 system use sys12 system use sys13 system use sys14 system use syslog for syslog messages user for user programs uucp UNIX to UNIX copy protocol Example of the show running config logging Command To view nondefault settings use the show running config logging command in EXEC mode Dell show running config logging logging buffered 524288 debugg...

Page 72: ...wing optional parameters level severity level the range is from 0 to 7 The default is 2 Use the all keyword to include all messages limit the range is from 20 to 300 The default is 20 To view the logging synchronous configuration use the show config command in LINE mode Enabling Timestamp on Syslog Messages By default syslog messages do not include a time date stamp stating when the error or messa...

Page 73: ...can still use the source interface command to communicate with a particular interface even if no VRF is configured on that interface For more information about FTP refer to RFC 959 File Transfer Protocol NOTE To transmit large files Dell Networking recommends configuring the switch as an FTP server Configuration Task List for File Transfer Services The configuration tasks for file transfer service...

Page 74: ... To configure FTP client parameters use the following commands Enter the following keywords and slot port subport or number information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then ...

Page 75: ...ng either IPv4 or IPv6 rules use either the ipv4 or ipv6 attribute along with the access class access list name command Depending on the attribute that you specify ipv4 or ipv6 the ACL processes either IPv4 or IPv6 rules but not both Using this configuration you can set up two different types of access classes with each class processing either IPv4 or IPv6 rules separately To apply an IP ACL to a ...

Page 76: ... Prompt for the enable password line Prompt for the password you assigned to the terminal line Configure a password for the terminal line to which you assign a method list that contains the line authentication method Configure a password using the password command from LINE mode local Prompt for the system username and password none Do not authenticate the user radius Prompt for a username and pas...

Page 77: ...ilege Mode EXEC timeout is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines To set timeout use the following commands Set the number of minutes and seconds The default is 10 minutes on the console and 30 minutes on VTY Disable EXEC time out by setting the timeout period to 0 LINE mode exec timeout minutes seconds Return to the...

Page 78: ...ter is Login Login admin Password Dell exit Dell telnet 2200 2200 2200 2200 2200 2201 Trying 2200 2200 2200 2200 2200 2201 Connected to 2200 2200 2200 2200 2200 2201 Exit character is FreeBSD i386 freebsd2 force10networks com ttyp1 login admin Dell Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time You can lock CONFIGURATION mode so that only o...

Page 79: ...r terminal message 2 Error Can t lock configuration mode exclusively since the following users are currently configuring the system User admin on line vty1 10 1 1 1 NOTE The CONFIGURATION mode lock corresponds to a VTY session not a user Therefore if you configure a lock and then exit CONFIGURATION mode and another user enters CONFIGURATION mode when you attempt to re enter CONFIGURATION mode you ...

Page 80: ...contains a valid image then the primary boot line is set to A and the secondary and default boot lines are set to a Null String If the secondary partition contains a valid image then the primary boot line is set to B and the secondary and default boot lines are set to a Null String If both the partitions contain invalid images then primary secondary and default boot line values are set to a Null s...

Page 81: ...e primary boot device flash file name systemb BOOT_USER To boot from network BOOT_USER boot change primary boot device tftp file name FTOS SI 9 5 0 169 bin Server IP address 10 16 127 35 BOOT_USER 4 Assign an IP address and netmask to the Management Ethernet interface BOOT_USER interface management ethernet ip address ip_address_with_mask For example 10 16 150 106 16 5 Assign an IP address as the ...

Page 82: ... device in this case a Dell Networking switch The network access device mediates all communication between the end user device and the authentication server so that the network remains secure The network access device uses EAP over Ethernet EAPOL to communicate with the end user device and EAP over RADIUS to communicate with the server NOTE The Dell Networking Operating System OS supports 802 1X w...

Page 83: ...ator The authentication server selects the authentication method verifies the information the supplicant provides and grants it network access privileges Ports can be in one of two states Ports are in an unauthorized state by default In this state non 802 1X traffic cannot be forwarded in or out of the port The authenticator changes the port state to authorized if the server can authenticate the s...

Page 84: ...he authentication method but if it is acceptable the supplicant provides the Requested Challenge information in an EAP response which is translated and forwarded to the authentication server as another Access Request frame 6 If the identity information provided by the supplicant is valid the authentication server sends an Access Accept frame in which network privileges are specified The authentica...

Page 85: ...the supplicant MAC address to the authentication server Attribute 41 NAS Port Type NAS port physical port type 15 indicates Ethernet Attribute 61 NAS Port the physical port number by which the authenticator is connected to the supplicant Attribute 81 Tunnel Private Group ID associate a tunneled session with a particular group of users Configuring 802 1X Configuring 802 1X on a port is a one step p...

Page 86: ...s support only RADIUS as the authentication server If the primary RADIUS server becomes unresponsive the authenticator begins using a secondary RADIUS server if configured 802 1X is not supported on port channels or port channel members Enabling 802 1X Enable 802 1X globally Figure 7 802 1X Enabled 1 Enable 802 1X globally CONFIGURATION mode 86 802 1X ...

Page 87: ...on no shutdown Dell To view 802 1X configuration information for an interface use the show dot1x interface command In the following example the bold lines show that 802 1X is enabled on all ports unauthorized by default Dell show dot1x interface TenGigabitEthernet 2 1 1 802 1x information on Te 2 1 1 Dot1x Status Enable Port Control AUTO Port Auth Status UNAUTHORIZED Re Authentication Disable Unta...

Page 88: ...henticator re transmits a Request Identity frame INTERFACE mode dot1x max eap req number The range is from 1 to 10 The default is 2 The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for which the authenticator re transmits an EAP Request Identity frame after 90 seconds and re transmits for 10 times Configuring a Quiet Period after a ...

Page 89: ... any of the three states ForceAuthorized an authorized state A device connected to this port in this state is never subjected to the authentication process but is allowed to communicate on the network Placing the port in this state is same as disabling 802 1X on the port ForceUnauthorized an unauthorized state A device connected to a port in this state is never subjected to the authentication proc...

Page 90: ...u can configure the authenticator to re authenticate the supplicant periodically If you enable re authentication the supplicant is required to re authenticate every 3600 seconds by default and you can configure this interval You can configure the maximum number of re authentications as well To configure re authentication time settings use the following commands Configure the authenticator to perio...

Page 91: ...e the authenticator waits for a response To terminate the authentication process use the following commands Terminate the authentication process due to an unresponsive supplicant INTERFACE mode dot1x supplicant timeout seconds The range is from 1 to 300 The default is 30 Terminate the authentication process due to an unresponsive authentication server INTERFACE mode dot1x server timeout seconds Th...

Page 92: ...Dell Networking OS supports dynamic VLAN assignment when using 802 1X The basis for VLAN assignment is RADIUS attribute 81 Tunnel Private Group ID Dynamic VLAN assignment uses the standard dot1x procedure 1 The host sends a dot1x packet to the Dell Networking system 2 The system forwards a RADIUS REQEST packet containing the host MAC address and ingress port number 3 The RADIUS server authenticate...

Page 93: ...ynamic VLAN Assignment with Port Authentication Guest and Authentication Fail VLANs Typically the authenticator the Dell system denies the supplicant access to the network until the supplicant is authenticated If the supplicant is authenticated the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates i...

Page 94: ...od using the dot1x guest vlan command from INTERFACE mode View your configuration using the show config command from INTERFACE mode or using the show dot1x interface command from EXEC Privilege mode Example of Viewing Guest VLAN Configuration Dell conf if Te 2 1 1 dot1x guest vlan 200 Dell conf if Te 2 1 1 show config interface TenGigabitEthernet 2 1 1 switchport dot1x guest vlan 200 no shutdown D...

Page 95: ...e as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode 802 1x information on Te 2 1 1 Dot1x Status Enable Port Control FORCE_AUTHORIZED Port Auth Status UNAUTHORIZED Re Authentication Disable Untagged VLAN id None Guest VLAN Disabled Guest VLAN id 200 Auth Fail VLAN Disabled Auth Fail VLAN id 100 Auth Fail Max Attempts 5 Tx Period 9...

Page 96: ...of the filters in the ACL the packet is dropped implicit deny The number of ACLs supported on a system depends on your content addressable memory CAM size For more information refer to User Configurable CAM Allocation and CAM Optimization For complete CAM profiling information refer to Content Addressable Memory CAM NOTE You can apply Layer 3 VRF aware ACLs only at the ingress level VRF Instances ...

Page 97: ... on all platforms NOTE Hot lock ACLs are supported for Ingress ACLs only CAM Usage The following section describes CAM allocation and CAM optimization User Configurable CAM Allocation CAM Optimization User Configurable CAM Allocation Allocate space for IPV6 ACLs by using the cam acl command in CONFIGURATION mode The CAM space is allotted in filter processor FP blocks The total space allocated must...

Page 98: ...g the counters to 0 is transient as the proginal counter values are retained after a few seconds If there is no need to shift the flow in the hardware the counters are not affected This is applicable to the following features L2 Ingress Access list L2 Egress Access list NOTE IP ACLs are supported over VLANs in Dell Networking OS version 6 2 1 1 and higher Assigning ACLs to VLANs When you apply an ...

Page 99: ...Dell config std nacl exit Dell conf ip access list standard acl2 Dell config std nacl permit 20 1 1 0 24 order 0 Dell config std nacl exit Dell conf class map match all cmap1 Dell conf class map match ip access group acl1 Dell conf class map exit Dell conf class map match all cmap2 Dell conf class map match ip access group acl2 Dell conf class map exit Dell conf policy map input pmap Dell conf pol...

Page 100: ... The optional seq keyword allows you to assign a sequence number to the route map instance Configured Route Map Examples The default action is permit and the default sequence number starts at 10 When you use the keyword deny in configuring a route map routes that meet the match filters are not redistributed To view the configuration use the show config command in ROUTE MAP mode Dell config route m...

Page 101: ...nds match commands search for a certain criterion in the routes set commands change the characteristics of routes either adding something or specifying a level When there are multiple match commands with the same parameter under one instance of route map Dell Networking OS does a match between all of those match commands If there are multiple match commands with different parameters Dell Networkin...

Page 102: ...uring Match Routes To configure match criterion for a route map use the following commands Match routes with the same AS PATH numbers CONFIG ROUTE MAP mode match as path as path name Match routes with COMMUNITY list attributes in their path CONFIG ROUTE MAP mode match community community list name exact Match routes whose next hop is a specific interface CONFIG ROUTE MAP mode match interface inter...

Page 103: ... the ORIGIN attribute CONFIG ROUTE MAP mode match origin egp igp incomplete Match routes specified as internal or external to OSPF ISIS level 1 ISIS level 2 or locally generated CONFIG ROUTE MAP mode match route type external type 1 type 2 internal level 1 level 2 local Match routes with a specific tag CONFIG ROUTE MAP mode match tag tag value To create route map instances use these commands There...

Page 104: ...lue as the route s weight CONFIG ROUTE MAP mode set weight value To create route map instances use these commands There is no limit to the number of set commands per route map but the convention is to keep the number of set filters in a route map low Set commands do not require a corresponding match command Configure a Route Map for Route Redistribution Route maps on their own cannot affect traffi...

Page 105: ...et 1 1 1 match metric 255 set level backbone Configure a Route Map for Route Tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol As the route enters a different routing domain it is tagged The tag is passed along with the route as it passes through different routing protocols You can use this tag when the route leaves a routing...

Page 106: ...uent fragment just prior to the implicit deny If you configure an explicit deny the second and subsequent fragments do not hit the implicit permit rule for fragments Loopback interfaces do not support ACLs using the IP fragment option If you configure an ACL with the fragments option and apply it to a Loopback interface the command is accepted but the ACL entries are not actually installed the off...

Page 107: ... and Non Fragmented Packets from a Specified Host In the following example the TCP packets that are first fragments or non fragmented from host 10 1 1 1 with TCP destination port equal to 24 are permitted Additionally all TCP non first fragments from host 10 1 1 1 are permitted All other IP packets that are non first fragments are denied Dell conf ip access list extended ABC Dell conf ext nacl per...

Page 108: ... Example of Viewing the Rules of a Specific ACL on an Interface The following is an example of viewing the rules of a specific ACL on an interface Dell show ip accounting access list ToOspf interface gig 1 6 Standard IP access list ToOspf seq 5 deny any seq 10 deny 10 2 0 0 16 seq 15 deny 10 3 0 0 16 seq 20 deny 10 4 0 0 16 seq 25 deny 10 5 0 0 16 seq 30 deny 10 6 0 0 16 seq 35 deny 10 7 0 0 16 se...

Page 109: ...onfig command in IP ACCESS LIST mode displays the two filters with the sequence numbers 5 and 10 Example of Viewing a Filter Sequence for a Specified Standard ACL and for an Interface Dell config route map ip access standard kigali Dell config std nacl permit 10 1 0 0 16 Dell config std nacl show config ip access list standard kigali seq 5 permit 10 1 0 0 16 Dell config std nacl To view all config...

Page 110: ... host ip address operator port port count byte order fragments When you use the log keyword the CP logs details about the packets that match Depending on how many packets match the log entry and at what rate the CP may become busy as it has to log these packets details Configure Filters TCP Packets To create a filter for TCP packets with a specified sequence number use the following commands 1 Cre...

Page 111: ...tworking OS assign a sequence number based on the order in which the filters are configured Dell Networking OS assigns filters in multiples of five To configure a filter for an extended IP ACL without a specified sequence number use any or all of the following commands Configure a deny or permit filter to examine IP packets CONFIG EXT NACL mode deny permit source mask any host ip address count byt...

Page 112: ... L2 ACL When Dell Networking OS switches the packets first the L3 ACL filters them then the L2 ACL filters them When Dell Networking OS switches the packets the egress L3 ACL does not filter the packet For the following features if you enable counters on rules that have already been configured and a new rule is either inserted or prepended all the existing counters are reset L2 ingress access list...

Page 113: ...erfaces refer to Interfaces Applying an IP ACL To apply an IP ACL standard or extended to a physical or port channel interface use the following commands 1 Enter the interface number CONFIGURATION mode interface interface slot port 2 Configure an IP address for the interface placing it in Layer 3 mode INTERFACE mode ip address ip address 3 Apply an IP ACL to traffic entering or exiting an interfac...

Page 114: ...ress ACL use the ip access group command in EXEC Privilege mode The example shows applying the ACL rules to the newly created access group and viewing the access list Example of Applying ACL Rules to Ingress Traffic and Viewing ACL Configuration To specify ingress use the in keyword Begin applying rules to the ACL with the ip access list extended abcd command To view the access list use the show c...

Page 115: ... Example of Applying ACL Rules to Egress Traffic and Viewing ACL Configuration To specify ingress use the out keyword Begin applying rules to the ACL with the ip access list extended abcd command To view the access list use the show command Dell conf interface TenGigabitEthernet 1 1 1 Dell conf if te 1 1 1 ip access group abcd out Dell conf if te 1 1 1 show config TenGigabitEthernet 1 1 1 no ip ad...

Page 116: ...tual MAC address IP Prefix Lists IP prefix lists control routing policy An IP prefix list is a series of sequential filters that contain a matching criterion examine IP route prefix and an action permit or deny to process routes The filters are processed in sequence so that if a route prefix does not match the criterion in the first filter the second filter if configured is applied When the route ...

Page 117: ...sks for prefix lists as described in the following sections Configuring a prefix list Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists refer to the Dell Networking OS Command Line Interface Reference Guide Creating a Prefix List To create a prefix list use the following commands 1 Create a prefix list and assign it a unique name You are in P...

Page 118: ...signs filters in multiples of five Creating a Prefix List Without a Sequence Number To create a filter without a specified sequence number use the following commands 1 Create a prefix list and assign it a unique name CONFIGURATION mode ip prefix list prefix name 2 Create a prefix list filter with a deny or permit action CONFIG NPREFIXL mode deny permit ip prefix ge min prefix length le max prefix ...

Page 119: ... ge 23 hit count 0 seq 10 permit 0 0 0 0 0 le 32 hit count 0 ip prefix list filter_ospf count 4 range entries 1 sequences 5 10 seq 5 deny 100 100 1 0 24 hit count 0 seq 6 deny 200 200 1 0 24 hit count 0 seq 7 deny 200 200 2 0 24 hit count 0 seq 10 permit 0 0 0 0 0 le 32 hit count 0 The following example shows the show ip prefix list summary command Dell Dell show ip prefix summary Prefix list with...

Page 120: ...a Filter to a Prefix List OSPF To apply a filter to routes in open shortest path first OSPF use the following commands Enter OSPF mode CONFIGURATION mode router ospf Apply a configured prefix list to incoming routes You can specify an interface If you enter the name of a non existent prefix list all routes are forwarded CONFIG ROUTER OSPF mode distribute list prefix list name in interface Apply a ...

Page 121: ...ing does not affect the rules remarks or order in which they are applied Resequencing merely renumbers the rules so that you can place new rules within the list as needed Table 7 ACL Resequencing Rules Resquencing Rules Before Resequencing seq 5 permit any host 1 1 1 1 seq 6 permit any host 1 1 1 2 seq 7 permit any host 1 1 1 3 seq 10 permit any host 1 1 1 4 Rules After Resequencing seq 5 permit a...

Page 122: ... 8 permit ip any host 1 1 1 2 seq 10 permit ip any host 1 1 1 3 seq 12 permit ip any host 1 1 1 4 Remarks that do not have a corresponding rule are incremented as a rule These two mechanisms allow remarks to retain their original position in the list The following example shows remark 10 corresponding to rule 10 and as such they have the same number before and after the command is entered Remark 4...

Page 123: ...em to another port The source port is the monitored port MD and the destination port is the monitoring port MG The port mirroring application maintains and performs all the monitoring operations on the chassis ACL information is sent to the ACL manager which in turn notifies the ACL agent to add entries in the CAM area Duplicate entries in the ACL are not saved When a packet arrives at a port that...

Page 124: ... endpoint to which the packet must be forwarded when a match occurs with the ACL entry If you configure the flow based enable command and do not apply an ACL on the source port or the monitored port both flow based monitoring and port mirroring do not function Flow based monitoring is supported only for ingress traffic and not for egress packets The port mirroring application maintains a database ...

Page 125: ...itoring for a monitoring session MONITOR SESSION mode flow based enable 2 Define access list rules that include the keyword monitor Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor CONFIGURATION mode ip access list For more information see Access Control Lists ACLs 3 Apply the ACL to the monitored port INTERFACE mode ip access group access list ...

Page 126: ... icmp any any monitor count bytes 0 packets 0 bytes seq 10 permit ip 102 1 1 0 24 any monitor count bytes 0 packets 0 bytes seq 15 deny udp any any count bytes 0 packets 0 bytes seq 20 deny tcp any any count bytes 0 packets 0 bytes Dell conf do show monitor session 0 ct maa s4820 2 conf mon sess 0 do show monitor session 0 SessID Source Destination Dir Mode Source IP Dest IP 0 Te 1 1 1 Te 1 1 1 rx...

Page 127: ...hat reside on the line card which frees resources on the route processor Only session state changes are reported to the BFD Manager on the route processor which in turn notifies the routing protocols that are registered with it BFD is an independent and generic protocol which all media topologies and routing protocols can support using any encapsulation Dell Networking has implemented BFD at Layer...

Page 128: ...the complete encapsulation of a BFD control packet inside an IPv4 packet Figure 9 BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed State The current local session state Refer to BFD Sessions Flag A bit that indicates packet function If the poll bit is set the receiving system must respond as soon as possible without regard to its transmit interval...

Page 129: ...ired Min Echo RX The minimum rate at which the local system would like to receive echo packets NOTE Dell Networking OS does not currently support the echo function Authentication Type Authentication Length Authentication Data An optional method for authenticating control packets NOTE Dell Networking OS does not currently support the BFD authentication function Two important parameters are calculat...

Page 130: ... least not within the detection time for a particular session Init The local system is communicating Up Both systems are exchanging control packets The session is declared down if A control packet is not received within the detection time Sufficient echo packets are lost Demand mode is active and a control packet is not received in response to a poll packet BFD Three Way Handshake A three way hand...

Page 131: ...hat a session has been established However because both members must send a control packet that requires a response anytime there is a state change or change in a session parameter the passive system sends a final response indicating the state change After this periodic control packets are exchanged Figure 10 BFD Three Way Handshake State Changes Session State Changes The following illustration sh...

Page 132: ...mit and receive intervals with a multiplier of 4 Enable BFD on both ends of a link Demand mode authentication and the Echo function are not supported BFD is not supported on multi hop and virtual links Protocol Liveness is supported for routing protocols only Dell Networking OS supports only OSPF OSPFv3 IS IS and BGP protocols as BFD clients Configure BFD This section contains the following proced...

Page 133: ...BFD for a physical port is a two step process 1 Enable BFD globally 2 Establish a session with a next hop neighbor Related Configuration Tasks Viewing Physical Port Session Parameters Disabling and Re Enabling BFD Enabling BFD Globally You must enable BFD globally on both routers For more information about enabling BFD globally refer to Establishing a Session on Physical Ports To enable the BFD gl...

Page 134: ...n INTERFACE mode bfd neighbor ip address Examples of the show bfd neighbors command To verify that the session is established use the show bfd neighbors command The bold line shows the BFD session R1 conf if te 4 24 1 do show bfd neighbors Active session role Ad Dn Admin Down C CLI I ISIS O OSPF R Static Route RTM LocalAddr RemoteAddr Interface State Rx int Tx int Mult Clients 2 2 2 1 2 2 2 2 Te 4...

Page 135: ... neighbor 2 2 2 2 on interface Te 4 24 1 diag 0 Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role active Dell Networking recommends maintaining the default values To view session parameters use the show bfd neighbors detail command Example of Viewing Session Parameters R1 conf if te 4 24 1 bfd interval 100 min_rx 100 multiplier 4 role pa...

Page 136: ...session state to Ad Dn for neighbor 2 2 2 2 on interface Te 4 24 1 diag 0 If the remote system state changes due to the local state administration being down this message displays R2 01 32 53 RPM0 P RP2 BFDMGR 1 BFD_STATE_CHANGE Changed session state to Down for neighbor 2 2 2 1 on interface Te 2 1 1 diag 7 Configure BFD for Static Routes BFD offers systems a link state detection mechanism for sta...

Page 137: ...in Down C CLI I ISIS O OSPF R Static Route RTM LocalAddr RemoteAddr Interface State Rx int Tx int Mult Clients 2 2 2 1 2 2 2 2 Te 4 24 1 Up 100 100 4 R To view detailed session information use the show bfd neighbors detail command as shown in the examples in Displaying BFD for BGP Information Changing Static Route Session Parameters BFD sessions are configured with default intervals and a default ...

Page 138: ...r static routes use the following command Disable BFD for static routes CONFIGURATION mode no ip route bfd Configure BFD for OSPF When using BFD with OSPF the OSPF protocol registers with the BFD manager BFD sessions are established with all neighboring interfaces participating in OSPF If a neighboring interface fails the BFD agent notifies the BFD manager which in turn notifies the OSPF protocol ...

Page 139: ...shed when the OSPF adjacency is in the Full state Figure 14 Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface use the following commands Establish sessions with all OSPF neighbors ROUTER OSPF mode bfd all neighbors Establish sessions with OSPF neighbors on a single interface INTERFACE mode Bidirectional Forwarding Detect...

Page 140: ...face level the change affects all OSPF sessions on that interface To change parameters for all OSPF sessions or for OSPF sessions on a single interface use the following commands Change parameters for OSPF sessions ROUTER OSPF mode bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive Change parameters for all OSPF sessions on an interface INTERFACE mode ...

Page 141: ...tablish sessions with OSPFv3 neighbors on a single interface INTERFACE mode ipv6 ospf bfd all neighbors To view the established sessions use the show bfd neighbors command Changing OSPFv3 Session Parameters Configure BFD sessions with default intervals and a default role The parameters that you can configure are desired tx interval required min rx interval detection multiplier and system role Conf...

Page 142: ...d To disable BFD sessions use the following commands Disable BFD sessions with all OSPFv3 neighbors ROUTER OSPFv3 mode no bfd all neighbors Disable BFD sessions with OSPFv3 neighbors on a single interface INTERFACE mode ipv6 ospf bfd all neighbors disable Configure BFD for IS IS When using BFD with IS IS the IS IS protocol registers with the BFD manager on the RPM BFD sessions are then established...

Page 143: ...lish BFD with all IS IS neighbors or with IS IS neighbors on a single interface use the following commands Establish sessions with all IS IS neighbors ROUTER ISIS mode bfd all neighbors Establish sessions with IS IS neighbors on a single interface INTERFACE mode isis bfd all neighbors Example of Verifying Sessions with IS IS Neighbors To view the established sessions use the show bfd neighbors com...

Page 144: ...ameters use the show bfd neighbors detail command as shown in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors Command in Displaying BFD for BGP Information Change parameters for all IS IS sessions ROUTER ISIS mode bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive Change parameters for IS IS sessions on a single interface INTERFA...

Page 145: ...otocol IPv4 BGPv4 2 Enable fast fall over for BGP neighbors to reduce convergence time the neighbor fall over command as described in BGP Fast Fall Over Establishing Sessions with BGP Neighbors Before configuring BFD for BGP you must first configure BGP on the routers that you want to interconnect For more information refer to Border Gateway Protocol IPv4 BGPv4 For example the following illustrati...

Page 146: ...If a BFD for BGP neighbor does not receive a control packet within the detection interval the router informs any clients of the BFD session other routing protocols about the failure It then depends on the individual routing protocols that uses the BGP link to determine the appropriate response to the failure condition The typical response is to terminate the peering session for the routing protoco...

Page 147: ...BGP session with a specified neighbor ROUTER BGP mode neighbor ip address peer group name bfd disable Remove the disabled state of a BFD for BGP session with a specified neighbor ROUTER BGP mode no neighbor ip address peer group name bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group the neighbor peer group name bfd command in ROUTER BGP configu...

Page 148: ...d with BGP neighbors including BFD for BGP sessions EXEC Privilege mode show ip bgp neighbors ip address Examples of Verifying BGP Information The following example shows verifying a BGP configuration R2 show running config bgp router bgp 2 neighbor 1 1 1 2 remote as 1 neighbor 1 1 1 2 no shutdown neighbor 2 2 2 2 remote as 1 neighbor 2 2 2 2 no shutdown neighbor 3 3 3 2 remote as 1 neighbor 3 3 3...

Page 149: ...Number of state changes 2 Number of messages from IFA about port state change 0 Number of messages communicated b w Manager and Agent 5 Session Discriminator 10 Neighbor Discriminator 11 Local Addr 2 2 2 3 Local MAC Addr 00 01 e8 66 da 34 Remote Addr 2 2 2 2 Remote MAC Addr 00 01 e8 8a da 7b Int TenGigabitEthernet 6 2 1 State Up Configured parameters TX 100ms RX 100ms Multiplier 3 Neighbor paramet...

Page 150: ...OutQ Up Down State Pfx 1 1 1 2 1 282 281 0 0 0 00 38 12 0 2 2 2 2 1 273 273 0 0 0 04 32 26 0 3 3 3 2 1 282 281 0 0 0 00 38 12 0 The following example shows viewing BFD information for a specified neighbor The bold lines show the message displayed when you enable a BFD session with different configurations Message displays when you enable a BFD session with a BGP neighbor that inherits the global B...

Page 151: ...wn 0 from peer Connections established 1 dropped 0 Last reset never Local host 2 2 2 3 Local port 63805 Foreign host 2 2 2 2 Foreign port 179 E1200i_ExaScale R2 show ip bgp neighbors 2 2 2 3 BGP neighbor is 2 2 2 3 remote AS 1 external link Member of peer group pg1 for session parameters BGP version 4 remote router ID 12 0 0 4 BGP state ESTABLISHED in this state for 00 05 33 Neighbor is using BGP ...

Page 152: ... with the backup routers Refer to Establishing Sessions with All VRRP Neighbors Related Configuration Tasks Changing VRRP Session Parameters Disabling BFD for VRRP Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once or a session can be established with a particular neighbor Figure 17 Establishing Sessions with All VRRP Neighbors To establish...

Page 153: ...in Down C CLI I ISIS O OSPF R Static Route RTM V VRRP LocalAddr RemoteAddr Interface State Rx int Tx int Mult Clients 2 2 5 1 2 2 5 2 Te 4 25 1 Down 1000 1000 3 V To view session state information use the show vrrp command The bold line shows the VRRP BFD session Dell conf if te 4 25 1 do show vrrp TenGigabitEthernet 4 1 1 VRID 1 Net 2 2 5 1 VRF 0 default State Backup Priority 1 Master 2 2 5 2 Hol...

Page 154: ...ontrol packet is sent to all neighbors and sessions on the remote system change to the Down state To disable all VRRP sessions on an interface sessions for a particular VRRP group or for a particular VRRP session on an interface use the following commands Disable all VRRP sessions on an interface INTERFACE mode no vrrp bfd all neighbors Disable all VRRP sessions in a VRRP group VRRP mode bfd disab...

Page 155: ...e 0 State Init Poll bit 0 Final bit 0 Demand bit 0 myDiscrim 6 yourDiscrim 4 minTx 1000000 minRx 1000000 multiplier 3 minEchoRx 0 00 54 38 RPM0 P RP2 BFDMGR 1 BFD_STATE_CHANGE Changed session state to Up for neighbor 2 2 2 2 on interface Te 4 24 1 diag 0 The following example shows hexadecimal output from the debug bfd packet command RX packet dump 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 0...

Page 156: ...The output for the debug bfd event command is the same as the log messages that appear on the console by default 156 Bidirectional Forwarding Detection BFD ...

Page 157: ...u can group autonomous systems into three categories multihomed stub and transit defined by their connections and operation multihomed AS is one that maintains connections to more than one other AS This group allows the AS to remain connected to the Internet in the event of a complete failure of one of their connections However this type of AS does not allow traffic from one AS to pass through on ...

Page 158: ... based on path network policies and or rulesets Unlike most protocols BGP uses TCP as its transport protocol Since each BGP router talking to another router is a session a BGP network needs to be in full mesh This is a topology that has every router directly connected to every other router Each BGP router within an AS must have iBGP sessions with all other BGP routers in the AS For example a BGP n...

Page 159: ...tain increases exponentially Network management quickly becomes impossible Sessions and Peers When two routers communicate using the BGP protocol a BGP session is started The two end points of that session are Peers A Peer is also called a Neighbor Border Gateway Protocol IPv4 BGPv4 159 ...

Page 160: ...en peers the neighbor relation is established and is in the OpenConfirm state This is when the router receives and checks for agreement on the parameters of open messages to establish a session Established Keepalive messages are exchanged next and after successful receipt the router is placed in the Established state Keepalive messages continue to be sent at regular periods established by the Keep...

Page 161: ...hrough eBGP Router B advertises it to all its iBGP peers Routers C and D 2 Router C receives the advertisement but does not advertise it to any peer because its only other peer is Router D an iBGP peer and Router D has already learned it through iBGP from Router B 3 Router D does not advertise the route to Router C because Router C is a nonclient peer and the route advertisement came from Router B...

Page 162: ...a number of best paths is determined this selection criteria is applied to group s best to determine the ultimate best path In non deterministic mode the bgp non deterministic med command is applied paths are compared in the order in which they arrive This method can lead to Dell Networking OS choosing different best paths from a set of paths depending on the order in which they were received from...

Page 163: ...ria apply a An AS_SET has a path length of 1 no matter how many ASs are in the set b A path with no AS_PATH configured has a path length of 0 c AS_CONFED_SET is not included in the AS_PATH length d AS_CONFED_SEQUENCE has a path length of 1 no matter how many ASs are in the AS_CONFED_SEQUENCE 5 Prefer the path with the lowest ORIGIN type IGP is lower than EGP and EGP is lower than INCOMPLETE 6 Pref...

Page 164: ...bor address is used in the BGP neighbor configuration and corresponds to the remote peer used in the TCP connection with the local router After a number of best paths is determined this selection criteria is applied to group s best to determine the ultimate best path In non deterministic mode the bgp non deterministic med command is applied paths are compared in the order in which they arrive This...

Page 165: ...de the preferred path For this example assume the MED is the only attribute applied In the following illustration AS100 and AS200 connect in two places Each connection is a BGP session AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50 This sets up a path preference through the OC3 link The MEDs are advertised to AS100 routers so they know which is the preferr...

Page 166: ...unknown source Generally an IGP indicator means that the route was derived inside the originating AS EGP generally means that a route was learned from an external gateway protocol An INCOMPLETE origin code generally results from aggregation redistribution or other indirect ways of installing routes into BGP In Dell Networking OS these origin codes appear as shown in the following example The quest...

Page 167: ...18508 701 3561 9116 21350 i Next Hop The next hop is the IP address used to reach the advertising router For EBGP neighbors the next hop address is the IP address of the connection between the neighbors For IBGP the EBGP next hop address is carried into the local AS A next hop attribute is set when a BGP speaker advertises itself to another BGP speaker outside its local AS and when advertising rou...

Page 168: ...th to its peers for a given address prefix If the best path becomes unavailable the BGP speaker withdraws its path from its local RIB and recalculates a new best path This situation requires both IGP and BGP convergence and can be a lengthy process BGP add path also helps switchover to the next new best path when the current best path is unavailable Advertise IGP Cost as MED for Redistributed Rout...

Page 169: ...er convergence Four Byte AS Numbers You can use the 4 Byte 32 bit format when configuring autonomous system numbers ASNs The 4 Byte support is advertised as a new BGP capability 4 BYTE AS in the OPEN message If a 4 Byte BGP speaker has sent and received this capability from another speaker all the messages will be 4 octet The behavior of a 4 Byte BGP speaker is different with the peer depending on...

Page 170: ... 65535 is represented using ASDOT notation as higher 2 bytes in decimal lower 2 bytes in decimal For example AS 65546 is represented as 1 10 ASDOT representation combines the ASPLAIN and ASDOT representations AS numbers less than 65536 appear in integer format asplain AS numbers equal to or greater than 65536 appear in the decimal format asdot For example the AS number 65526 appears as 65526 and t...

Page 171: ... version is 28093 local router ID is 172 30 1 57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress When migrating one AS to another perhaps combining ASs an eBGP network may lose its routing to an iBGP if the ASN changes Migration can be diffic...

Page 172: ...If an inbound route map is used to prepend the as path to the update from the peer the Local AS is added first For example consider the topology described in the previous illustration If Router B has an inbound route map applied on Router C to prepend 65001 65002 to the as path the following events take place on Router B 1 Receive and validate the update 2 Prepend local as 200 to as path 3 Prepend...

Page 173: ... the pointer to the NLRI in the peer s Adj Rib Out PA Index f10BgpM2PathAttrIndex field in various tables is used to retrieve specific attributes from the PA table The Next Hop RR Cluster list and Originator ID attributes are not stored in the PA Table and cannot be retrieved using the index passed in command These fields are not populated in f10BgpM2PathAttrEntry f10BgpM2PathAttrClusterEntry and ...

Page 174: ... the configuration If a received update route matches with a local prefix then that route is discarded This behavior results from an incorrect BGP configuration To overcome this issue you can trigger a route refresh after you properly configure BGP Traps notifications specified in the BGP4 MIB draft draft ietf idr bgp4 mibv2 05 txt are not supported Such traps bgpM2Established and bgpM2BackwardTra...

Page 175: ...m Dell Networking OS supports one autonomous system AS and assigns the AS number ASN To establish BGP sessions and route traffic configure at least one BGP neighbor or peer In BGP routers with an established TCP connection are called neighbors or peers After a connection is established the neighbors exchange full BGP routing tables with incremental updates afterward In addition neighbors exchange ...

Page 176: ... Byte ASNs enable this command Disable 4 Byte support and return to the default 2 Byte format by using the no bgp four octet as support command You cannot disable 4 Byte support if you currently have a 4 Byte ASN configured Disabling 4 Byte AS numbers also disables ASDOT and ASDOT number representation All AS numbers are displayed in ASPLAIN format b Enable IPv4 multicast or IPv6 mode CONFIG ROUTE...

Page 177: ... memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up Down State Pfx 10 10 21 1 65123 0 0 0 0 0 never Active 10 10 32 3 65123 0 0 0 0 0 never Active 100 10 92 9 65192 0 0 0 0 0 never Active 192 168 10 1 65123 0 0 0 0 0 never Active 192 168 12 2 65123 0 0 0 0 0 never Active R2 The following example shows the show ip bgp summary command output 4 byte AS number displays R2 show ip bgp summary BGP ro...

Page 178: ...neighbors BGP neighbor is 10 114 8 60 remote AS 18508 external link BGP version 4 remote router ID 10 20 20 20 BGP state ESTABLISHED in this state for 00 01 58 Last read 00 00 14 hold time is 90 keepalive interval is 30 seconds Received 18552 messages 0 notifications 0 in queue Sent 11568 messages 0 notifications 0 in queue Received 18549 updates Sent 11562 updates Minimum time between advertiseme...

Page 179: ... Term Description ASPLAIN Default method for AS number representation With the ASPLAIN notation a 32 bit binary AS number is translated into a decimal value ASDOT A representation splits the full binary 4 byte AS number into two words of 16 bits separated by a decimal point high order 16 bit value low order 16 bit value ASDOT A representation combines the ASPLAIN and ASDOT representations AS numbe...

Page 180: ...ng example shows the bgp asnotation asdot command output Dell conf router_bgp bgp asnotation asdot Dell conf router_bgp sho conf router bgp 100 bgp asnotation asdot bgp four octet as support neighbor 172 30 1 250 remote as 18508 neighbor 172 30 1 250 local as 65057 neighbor 172 30 1 250 route map rmap1 in neighbor 172 30 1 250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 17...

Page 181: ...eer group name peer group 2 Enable the peer group CONFIG ROUTERBGP mode neighbor peer group name no shutdown By default all peer groups are disabled 3 Create a BGP neighbor CONFIG ROUTERBGP mode neighbor ip address remote as as number 4 Enable the neighbor CONFIG ROUTERBGP mode neighbor ip address no shutdown 5 Add an enabled neighbor to the peer group CONFIG ROUTERBGP mode neighbor ip address pee...

Page 182: ...re a new set of BGP policies for a peer group always reset the peer group by entering the clear ip bgp peer group peer group name command in EXEC Privilege mode To view the configuration use the show config command in CONFIGURATION ROUTER BGP mode When you create a peer group it is disabled shutdown The following example shows the creation of a peer group zanzibar in bold Dell conf router_bgp neig...

Page 183: ...ns is 5 seconds For address family IPv4 Unicast BGP neighbor is zanzibar peer group internal Number of peers in this group 26 Peer group members outbound optimized 10 68 160 1 10 68 161 1 10 68 162 1 10 68 163 1 10 68 164 1 10 68 165 1 10 68 166 1 10 68 167 1 10 68 168 1 10 68 169 1 10 68 170 1 10 68 171 1 10 68 172 1 10 68 173 1 10 68 174 1 10 68 175 1 10 68 176 1 10 68 177 1 10 68 178 1 10 68 17...

Page 184: ...d Dell sh ip bgp neighbors BGP neighbor is 100 100 100 100 remote AS 65517 internal link Member of peer group test for session parameters BGP version 4 remote router ID 30 30 30 5 BGP state ESTABLISHED in this state for 00 19 15 Last read 00 00 15 last write 00 00 06 Hold time is 180 keepalive interval is 60 seconds Received 52 messages 0 notifications 0 in queue Sent 45 messages 5 notifications 0...

Page 185: ...nable a peer group the software sends an OPEN message to initiate a TCP connection If you enable passive peering for the peer group the software does not send an OPEN message but it responds to an OPEN message When a BGP neighbor connection with authentication configured is rejected by a passive peer group Dell Networking OS does not allow another passive peer group on the same subnet to connect w...

Page 186: ... be sure to reconfigure your routers with the new information and disable this feature Allow external routes from this neighbor CONFIG ROUTERBGP mode neighbor IP address peer group name local as as number no prepend Peer Group Name 16 characters AS number 0 to 65535 2 Byte or 1 to 4294967295 4 Byte or 0 1 to 65535 65535 Dotted format No Prepend specifies that local AS values are not prepended to a...

Page 187: ... is detected if the local ASN is present more than the specified number of times in the command Allow this neighbor ID to use the AS path the specified number of times CONFIG ROUTER BGP mode neighbor IP address peer group name allowas in number Peer Group Name 16 characters Number 1 through 10 Format IP Address A B C D You must Configure Peer Groups before assigning it to an AS Example of Viewing ...

Page 188: ...d Speeds convergence by advertising a special update packet known as an end of RIB marker This marker indicates the peer has been updated with all routes in the local RIB If you configure your system to do so Dell Networking OS can perform the following actions during a hot failover Save all forwarding information base FIB and content addressable memory CAM entries on the line card and continue fo...

Page 189: ...r group CONFIG ROUTER BGP mode neighbor ip address peer group name graceful restart Set the maximum restart time for the neighbor or peer group CONFIG ROUTER BGP mode neighbor ip address peer group name graceful restart restart time time in seconds The default is 120 seconds Local router supports graceful restart for this neighbor or peer group as a receiver only CONFIG ROUTER BGP mode neighbor ip...

Page 190: ... mode AS PATH ACL mode exit 4 Enter ROUTER BGP mode CONFIGURATION mode router bgp as number 5 Use a configured AS PATH ACL for route filtering and manipulation CONFIG ROUTER BGP mode neighbor ip address peer group name filter list as path name in out If you assign an non existent or empty AS PATH ACL the software allows all routes Example of the show ip bgp paths Command To view all BGP path attri...

Page 191: ...ore sequences of the immediately previous character or pattern plus Matches 1 or more sequences of the immediately previous character or pattern question Matches 0 or 1 sequence of the immediately previous character or pattern parenthesis Specifies patterns for multiple use when one of the multiplier metacharacters follows asterisk plus sign or question mark brackets Matches any enclosed character...

Page 192: ... no shutdown neighbor 10 155 15 2 remote as 32 neighbor 10 155 15 2 filter list 1 in neighbor 10 155 15 2 shutdown Dell conf router_bgp ex Dell conf ex Dell show ip as path access lists ip as path access list Eagle deny 32 Dell Redistributing Routes In addition to filtering routes you can add routes from other routing instances or protocols to the BGP process With the redistribute command you can ...

Page 193: ...ers use the following commands 1 Allow the advertisement of multiple paths for the same address prefix without the new paths replacing any previous ones CONFIG ROUTER BGP mode bgp add path both received send path count count The range is from 2 to 64 2 Allow the specified neighbor peer group to send receive multiple path advertisements CONFIG ROUTER BGP mode neighbor add path NOTE The path count p...

Page 194: ...ting specific community numbers or types of community CONFIG COMMUNITYLIST mode deny permit community number local AS no advertise no export quote regexp regular expression list regexp regular expression community number use AA NN format where AA is the AS number 2 Bytes or 4 Bytes and NN is a value specific to that autonomous system local AS routes with the COMMUNITY attribute of NO_EXPORT_SUBCON...

Page 195: ...es against regular expression is also supported Match against a regular expression using the following keyword regexp regular expression Example of the show ip extcommunity lists Command To set or modify an extended community attribute use the set extcommunity rt soo ASN NN IPADDR NN command To view the configuration use the show config command in CONFIGURATION COMMUNITY LIST or CONFIGURATION EXTC...

Page 196: ...or outgoing routes CONFIG ROUTER BGP mode neighbor ip address peer group name route map map name in out To view the BGP configuration use the show config command in CONFIGURATION ROUTER BGP mode To view a route map configuration use the show route map command in EXEC Privilege mode To view which BGP routes meet an IP community or IP extended community list s criteria use the show ip bgp community ...

Page 197: ...ere AA is the AS number 2 or 4 Bytes and NN is a value specific to that autonomous system local AS routes with the COMMUNITY attribute of NO_EXPORT_SUBCONFED and are not sent to EBGP peers no advertise routes with the COMMUNITY attribute of NO_ADVERTISE and are not advertised no export routes with the COMMUNITY attribute of NO_EXPORT none remove the COMMUNITY attribute additive add the communities...

Page 198: ...0 195 171 0 16 100 0 209 7170 1455 i i 6 10 0 0 15 195 171 0 16 100 0 209 7170 1455 i i 6 14 0 0 15 205 171 0 16 100 0 209 7170 1455 i i 6 133 0 0 21 205 171 0 16 100 0 209 7170 1455 i i 6 151 0 0 16 205 171 0 16 100 0 209 7170 1455 i More Changing MED Attributes By default Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS To change how the MED...

Page 199: ...to the neighbor or peer group s incoming or outgoing routes CONFIG ROUTER BGP mode neighbor ip address peer group name route map map name in out To view the BGP configuration use the show config command in CONFIGURATION ROUTER BGP mode To view a route map configuration use the show route map command in EXEC Privilege mode Changing the NEXT_HOP Attribute You can change how the NEXT_HOP attribute is...

Page 200: ... path to a destination You can enable multipath to allow up to 64 parallel paths to a destination NOTE Dell Networking recommends not using multipath and add path simultaneously in a route reflector To allow more than one path use the following command The show ip bgp network command includes multipath information for that network Enable multiple parallel paths CONFIG ROUTER BGP mode maximum paths...

Page 201: ...nd in EXEC Privilege mode To filter routes using prefix lists use the following commands 1 Create a prefix list and assign it a name CONFIGURATION mode ip prefix list prefix name 2 Create multiple prefix list filters with a deny or permit action CONFIG PREFIX LIST mode seq sequence number deny permit any ip prefix ge le ge minimum prefix length to be matched le maximum prefix length to me matched ...

Page 202: ...g Route Maps To filter routes using a route map use these commands 1 Create a route map and assign it a name CONFIGURATION mode route map map name permit deny sequence number 2 Create multiple route map filters with a match or set action CONFIG ROUTE MAP mode match set For information about configuring route maps see Access Control Lists ACLs 3 Return to CONFIGURATION mode CONFIG ROUTE MAP mode ex...

Page 203: ...y the AS PATH ACL map to inbound routes out apply the AS PATH ACL to outbound routes To view which commands are configured use the show config command in CONFIGURATION ROUTER BGP mode and the show ip as path access list command in EXEC Privilege mode To forward all routes not meeting the AS PATH ACL criteria include the permit filter in your AS PATH ACL Configuring BGP Route Reflectors BGP route r...

Page 204: ...regate must be in the routing table for the configured aggregate to become active To aggregate routes use the following command AS_SET includes AS_PATH and community information from the routes included in the aggregated route Assign the IP address and mask of the prefix to be aggregated CONFIG ROUTER BGP mode aggregate address ip address mask advertise map map name as set attribute map map name s...

Page 205: ...295 4 Byte All Confederation routers must be either 4 Byte or 2 Byte You cannot have a mix of router ASN support To view the configuration use the show config command in CONFIGURATION ROUTER BGP mode Enabling Route Flap Dampening When EBGP routes become unavailable they flap and the router issues both WITHDRAWN and UPDATE notices A flap is when a route is withdrawn is readvertised after being with...

Page 206: ...uppress time the range is from 1 to 255 The maximum number of minutes a route can be suppressed The default is four times the half life value The default is 60 minutes route map map name name of a configured route map Only match commands in the configured route map are supported Use this parameter to apply route dampening to selective routes Enter the following optional parameters to configure rou...

Page 207: ... how to configure values to reuse or restart a route In the following example default 15 is the set time before the value decrements bgp dampening 2 is the set re advertise value bgp dampening 2 2000 is the suppress value and bgp dampening 2 2000 3000 is the time to suppress a route Default values are also shown Dell conf router_bgp bgp dampening 1 45 Half life time for the penalty default 15 rout...

Page 208: ...60 seconds holdtime the range is from 3 to 65536 Time interval in seconds between the last keepalive message and declaring the router dead The default is 180 seconds Configure timer values for all neighbors CONFIG ROUTER BGP mode timers bgp keepalive holdtime keepalive the range is from 1 to 65535 Time interval in seconds between keepalive messages sent to the neighbor routers The default is 60 se...

Page 209: ...e characteristic configured with this command Clear all information or only specific details EXEC Privilege mode clear ip bgp vrf vrf name neighbor address AS Numbers ipv4 peer group name soft in out Clears all peers neighbor address Clears the neighbor with this IP address AS Numbers Peers AS numbers to be cleared ipv4 Clears information for the IPv4 address family peer group name Clears all memb...

Page 210: ...h a Continue Clause If the route map entry contains sets with the continue clause the set actions operation is performed first followed by the continue clause jump to the specified route map entry If a set actions operation occurs in the first route map entry and then the same set action occurs with a different value in a subsequent route map entry the last set of actions overrides the previous se...

Page 211: ...policies that contain regular expressions to match against as paths and communities might take a lot of CPU processing time thus affect BGP routing convergence Also show bgp commands that get filtered through regular expressions can to take a lot of CPU cycles especially when the database is large This feature is turned on by default If necessary use the bgp regex eval optz disable command in CONF...

Page 212: ...mmand Storing Last and Bad PDUs Dell Networking OS stores the last notification sent received and the last bad protocol data unit PDU received on a per peer basis The last bad PDU is the one that causes a notification to be issued In the following example the last seven lines shown in bold are the last PDUs Example of the show ip bgp neighbor Command to View Last and Bad PDUs Dell conf router_bgp ...

Page 213: ... and 100 MB The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction Setting the buffer size to a value lower than the current maximum might cause captured PDUs to be freed to set the new limit NOTE Memory on RP1 is not pre allocated and is allocated only when a PDU needs to be captured The bu...

Page 214: ... for BGP neighbor 172 30 1 250 Available buffer size 29165743 192991 packet s captured using 11794257 bytes Dell conf router_bgp do sho ip bg s BGP router identifier 172 30 1 56 local AS number 65056 BGP table version is 313511 main routing table version 313511 207896 network entrie s and 207896 paths using 42364576 bytes of memory 59913 BGP path attribute entrie s using 2875872 bytes of memory 59...

Page 215: ...oop 0 R1 conf if lo 0 ip address 192 168 128 1 24 R1 conf if lo 0 no shutdown R1 conf if lo 0 show config interface Loopback 0 ip address 192 168 128 1 24 no shutdown R1 conf if lo 0 int te 1 21 1 R1 conf if te 1 21 1 ip address 10 0 1 21 24 R1 conf if te 1 21 1 no shutdown R1 conf if te 1 21 1 show config interface TengigabitEthernet 1 21 1 ip address 10 0 1 21 24 no shutdown R1 conf if te 1 21 1...

Page 216: ...8 128 2 24 R2 conf if lo 0 no shutdown R2 conf if lo 0 show config interface Loopback 0 ip address 192 168 128 2 24 no shutdown R2 conf if lo 0 int te 2 11 1 R2 conf if te 2 11 1 ip address 10 0 1 22 24 R2 conf if te 2 11 1 no shutdown R2 conf if te 2 11 1 show config interface TengigabitEthernet 2 11 1 ip address 10 0 1 22 24 no shutdown R2 conf if te 2 11 1 int te 2 31 1 R2 conf if te 2 31 1 ip ...

Page 217: ...9 R3 conf router_bgp neighbor 192 168 128 1 no shut R3 conf router_bgp neighbor 192 168 128 1 update source loop 0 R3 conf router_bgp neighbor 192 168 128 2 remote 99 R3 conf router_bgp neighbor 192 168 128 2 no shut R3 conf router_bgp neighbor 192 168 128 2 update loop 0 R3 conf router_bgp show config Example of Enabling Peer Groups Router 1 conf R1 conf router bgp 99 R1 conf router_bgp network 1...

Page 218: ...n 0 from peer Connections established 2 dropped 1 Last reset 00 00 57 due to user reset Notification History Connection Reset Sent 1 Recv 0 Last notification len 21 sent 00 00 57 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host 192 168 128 1 Local port 179 Foreign host 192 168 128 2 Foreign port 65464 BGP neighbor is 192 168 128 3 remote AS 100 external link Member of peer grou...

Page 219: ...3 conf router bgp 100 R3 conf router_bgp neighbor AAA peer group R3 conf router_bgp neighbor AAA no shutdown R3 conf router_bgp neighbor CCC peer group R3 conf router_bgp neighbor CCC no shutdown R3 conf router_bgp neighbor 192 168 128 2 peer group BBB R3 conf router_bgp neighbor 192 168 128 2 no shutdown R3 conf router_bgp neighbor 192 168 128 1 peer group BBB R3 conf router_bgp neighbor 192 168 ...

Page 220: ... denied 0 withdrawn 0 from peer Connections established 6 dropped 5 Last reset 00 12 01 due to Closed by neighbor Notification History HOLD error Timer expired Sent 1 Recv 0 Connection Reset Sent 2 Recv 2 Last notification len 21 received 00 12 01 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host 192 168 128 2 Local port 65464 Foreign host 192 168 128 1 Foreign port 179 BGP neig...

Page 221: ...ATION mode The CAM space is allotted in field processor FP blocks The total space allocated must equal 13 FP blocks The following table lists the default CAM allocation settings NOTE There are 16 FP blocks but the system flow requires three blocks that cannot be reallocated The following table displays the default CAM allocation settings To display the default CAM allocation enter the show cam acl...

Page 222: ...CoE ACL fcoeacl 0 ISCSI Opt ACL iscsioptacl 0 You must enter the ipv6acl and vman dual qos allocations as a factor of 2 2 4 6 8 10 All other profile allocations can use either even or odd numbered ranges You can only have one odd number group when setting the CAM on the S6000 and S6000 ON switches For the new settings to take effect you must save the new CAM settings to the startup config write me...

Page 223: ...EXEC Privilege mode show cam acl 4 Reload the system EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service policy use the test cam usage command To verify the actual CAM space required create a Class Map with all required ACL rules then execute the test cam usage command in Privilege mode The Status column in the command output indicat...

Page 224: ... profile command shows the current profile and microcode NOTE If you select the CAM profile from CONFIGURATION mode the output of this command does not reflect any changes until you save the running configuration and reload the chassis Example of show running config cam profile Command Dell show running config cam profile cam profile default microcode default Dell View CAM ACL Settings The show ca...

Page 225: ...ing from CONFIGURATION mode the output of this command does not reflect any changes until you save the running configuration and reload the chassis The default values for the show cam acl command are Dell show cam acl Chassis Cam ACL Current Settings in block sizes 1 block 128 entries L2Acl 6 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 IpMacAcl 0 VmanQos 0 VmanDualQos 0 EcfmAcl 0 FcoeAcl 0 iscsiO...

Page 226: ...iew the amount of CAM space available used and remaining in each ACL partition using the show cam usage command from EXEC Privilege mode Example of the show cam usage Command Dell show cam usage Stackunit Portpipe CAM Partition Total CAM Used CAM Available CAM 1 0 IN L3 ACL 512 1 511 IN V6 ACL 0 0 0 IN L2 ACL 768 0 768 OUT L3 ACL 158 5 153 OUT V6 ACL 158 0 158 OUT L2 ACL 206 7 199 6 0 IN L3 ACL 51...

Page 227: ...to match the new system profile After installing a secondary RPM into a chassis copy the running configuration to the startup configuration Change to the default profile if downgrading to a Dell Networking OS version earlier than 6 3 1 1 Use the CONFIGURATION mode commands so that the profile is change throughout the system Use the EXEC Privilege mode commands to match the profile of a component t...

Page 228: ...otup Unified Forwarding Table UFT Modes Unified Forwarding Table UFT consolidates the resources of several search tables Layer 2 Layer 3 Hosts and Layer 3 Route Longest Prefix Match LPM into a single flexible resource Dell Networking OS supports several UFT modes to extract the forwarding tables as required By default Dell Networking OS initializes the table sizes to UFT mode 2 profile since it pr...

Page 229: ...n flash by default Dell conf Dell conf end Dell 01 13 44 STKUNIT0 M CP SYS 5 CONFIG_I Configured from console Dell 2 Display the hardware forwarding table mode in the current boot and in the next boot EXEC Privilege show hardware forwarding table mode Dell show hardware forwarding table mode Current Settings Next Boot Settings Mode Default scaled l3 routes L2 MAC Entries 160K 32K L3 Host Entries 1...

Page 230: ...reases security on the system by protecting the routing processor from unnecessary or DoS traffic giving priority to important control plane and management traffic CoPP uses a dedicated control plane configuration through the ACL and QoS command line interfaces CLIs to provide filtering and rate limiting capabilities for the control plane packets The following illustration shows an example of the ...

Page 231: ... protocol ICMP share same queue Q6 Q6 has 400 PPS of bandwidth by default The desired rate of ICMP is 100 PPS and the remaining 300 PPS is assigned to BGP If ICMP packets come at 400 PPS BGP packets may be dropped though ICMP packets are rate limited to 100 PPS You can solve this by increasing Q6 bandwidth to 700 PPS to allow both ICMP and BGP packets and then applying per flow CoPP for ICMP and B...

Page 232: ...ne service policy for each port pipe 1 Create a Layer 2 extended ACL for control plane traffic policing for a particular protocol CONFIGURATION mode mac access list extended name cpu qos permit arp frrp gvrp isis lacp lldp stp 2 Create a Layer 3 extended ACL for control plane traffic policing for a particular protocol CONFIGURATION mode ip access list extended name cpu qos permit bgp dhcp dhcp rel...

Page 233: ...llowing example shows creating the QoS input policy Dell conf qos policy in rate_limit_200k cpu qos Dell conf in qos policy cpuqos rate police 200 40 peak 500 40 Dell conf in qos policy cpuqos exit Dell conf qos policy in rate_limit_400k cpu qos Dell conf in qos policy cpuqos rate police 400 50 peak 600 50 Dell conf in qos policy cpuqos exit Dell conf qos policy in rate_limit_500k cpu qos Dell con...

Page 234: ...creating a CoPP service policy is to create QoS policies for the desired CPU bound queue and associate it with a particular rate limit The QoS policies are assigned to a control plane service policy for each port pipe 1 Create a QoS input policy for the router and assign the policing CONFIGURATION mode qos policy input name cpu qos 2 Create an input policy map to assign the QoS policy to the desir...

Page 235: ... service policy rate limit cpu queues cpuq_rate_policy Displaying CoPP Configuration The CLI provides show commands to display the protocol traffic assigned to each control plane queue and the current rate limit applied to each queue Other show commands display statistical information for trouble shooting CoPP operation To view the rates for each queue use the show cpu queue rate cp command Viewin...

Page 236: ...pe Queue EgPort Rate kbps ARP any 0x0806 Q5 Q6 CP _ FRRP 01 01 e8 00 00 10 11 any Q7 CP _ LACP 01 80 c2 00 00 02 0x8809 Q7 CP _ LLDP any 0x88cc Q7 CP _ GVRP 01 80 c2 00 00 21 any Q7 CP _ STP 01 80 c2 00 00 00 any Q7 CP _ ISIS 01 80 c2 00 00 14 15 any Q7 CP _ 09 00 2b 00 00 04 05 any Q7 CP Dell To view the queue mapping for IPv6 protocols use the show ipv6 protocol queue mapping command Example of ...

Page 237: ...working switches that support a unified fabric and consolidate multiple network infrastructures use a single input output I O device called a converged network adapter CNA A CNA is a computer input output device that combines the functionality of a host bus adapter HBA with a network interface controller NIC Multiple adapters on different devices for several traffic types are no longer required Da...

Page 238: ...02 1Qau Congestion Notification Data Center Bridging Exchange DCBx protocol NOTE Dell Networking OS supports only the PFC ETS and DCBx features in data center bridging Priority Based Flow Control In a data center network priority based flow control PFC manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to conges...

Page 239: ... or TLV mismatch DCBx is disabled and PFC or ETS cannot be enabled PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation PFC uses DCB MIB IEEE 802 1azd2 5 and PFC MIB IEEE 802 1bb d2 2 PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation PFC u...

Page 240: ...tency storage or server cluster traffic in a traffic class to receive more bandwidth and restrict best effort LAN traffic assigned to a different traffic class The following figure shows how ETS allows you to allocate bandwidth when different traffic types are classed according to 802 1p priority and mapped to priority groups Figure 29 Enhanced Transmission Selection The following table lists the ...

Page 241: ...s Determination of possible mismatch in DCB configuration on a peer link Configuration of a peer device over a DCB link DCBx requires the link layer discovery protocol LLDP to provide the path to exchange DCB parameters with peer devices Exchanged parameters are sent in organizationally specific TLVs in LLDP data units The following LLDP TLVs are supported for DCB parameter exchange PFC parameters...

Page 242: ...k unit CONFIGURATION mode Dell conf dcb enable pfc queues NOTE To save the pfc buffering configuration changes save the configuration and reboot the system NOTE Dell Networking OS Behavior DCB is not supported if you enable link level flow control on one or more interfaces For more information refer to Ethernet Pause Frames DCB Maps and its Attributes This topic contains the following sections tha...

Page 243: ...is not applied on specific 802 1p priorities ETS assigns equal bandwidth to each 802 1p priority As a result PFC and lossless port queues are disabled on 802 1p priorities and all priorities are mapped to the same priority queue and equally share the port bandwidth To change the ETS bandwidth allocation configured for a priority group in a DCB map do not modify the existing DCB map configuration I...

Page 244: ...ea Network LAN traffic To configure PFC follow these steps 1 Create a DCB Map CONFIGURATION mode dcb map dcb map name The dcb map name variable can have a maximum of 32 characters 2 Create a PFC group CONFIGURATION mode priority group group num bandwidth bandwidth strict priority pfc on The range for priority group is from 0 to 7 Set the bandwidth in percentage The percentage range is from 1 to 10...

Page 245: ...o rate the traffic limit Egress drops are not observed on Port B since traffic flow on priorities is mapped to loss less queues Port B acting as Ingress If the traffic congestion is on PORT B Egress DROP is on PORT A or C as the PFC is not enabled on PORT B Refer the following configuration for queue to dot1p mapping Dell conf do show qos dot1p queue mapping Dot1p Priority 0 1 2 3 4 5 6 7 Queue 2 ...

Page 246: ... enhancement to the existing Ethernet pause functionality PFC stops traffic transmission for specified priorities CoS values without impacting other priority classes Different traffic types are assigned to different priority classes When traffic congestion occurs PFC sends a pause frame to a peer device with the CoS priority values of the traffic that needs to be stopped DCBx provides the link lev...

Page 247: ...igure a DCB map an error message is displayed if the PFC dot1p priorities result in more than two lossless queues When you apply a DCB map an error message is displayed if link level flow control is already enabled on an interface You cannot enable PFC and link level flow control at the same time on an interface In a switch stack configure all stacked ports with the same PFC configuration Dell Net...

Page 248: ...map to more than one port You cannot apply a DCB map on an interface that has been already configured for PFC using thepfc priority command or which is already configured for lossless queues pfc no drop queues command dcb map name INTERFACE Configuring PFC without a DCB Map In a network topology that uses the default ETS bandwidth allocation assigns equal bandwidth to each priority you can also en...

Page 249: ...ort A Port B Port C Port B PFC no drop queues are configured for queues 1 2 on Port B PFC capability is enabled on priorities 3 4 on PORT A and C Port B acting as Egress During the congestion traffic pump on priorities 3 and 4 from PORT A and PORT C is at full line rate PORT A and C send out the PFCs to rate the traffic limit Egress drops are not observed on Port B since traffic flow on priorities...

Page 250: ...AP 5 Apply the DCB map created to disable the PFC operation on the interface dcb map name default INTERFACE 6 Configure the port queues that still function as no drop queues for lossless traffic For the dot1p queue assignments The maximum number of lossless queues globally supported on a port is 2 You cannot configure PFC no drop queues on an interface on which a DCB map with PFC enabled has been ...

Page 251: ...up to a maximum of 4 lossless PFC queues By configuring 4 lossless queues you can configure 4 different priorities and assign a particular priority to each application that your network is used to process For example you can assign a higher priority for time sensitive applications and a lower priority for other services such as file transfers You can configure the amount of buffer space to be allo...

Page 252: ...ackets come in with packet dot1p 2 alone are assign to PG6 on ingress The packets come in with packet dot1p 2 alone use Q1 as per dot1p to Queue classification Table 2 on the egress port When Peer sends a PFC message for Priority 2 based on above PRIO2COS table TABLE 2 Queue 1 is halted Queue 1 starts buffering the packets with Dot1p 2 This causes PG6 buffer counter to increase on the ingress sinc...

Page 253: ...B with additional tables to display the PFC and BST counters and statistics The following new tables are added in F10 FPSTATS MIB in Dell Networking OS 9 3 0 1 fpEgrQBuffSnapshotTable fpIngPgBuffSnapshotTable fpStatsPerPgTable pfcPerPrioTable fpEgrQBuffSnapsh otTable This table fetches the BST statistics at Egress Port for the buffer used This table displays the Snapshot of the Buffer cells used b...

Page 254: ...t Dot1p is halted from scheduling on that port thus honoring the PFC from the peer If a queue is congested due to packets with a specific Dot1p and PFC is enabled for that Dot1p switch will transit out PFC frames for that Dot1p The packet Dot1p to Queue mapping for classification on the ingress must be same as the mapping of Dot1p to the Queue to be halted on the egress used for PFC honoring Dell ...

Page 255: ...ware PRIO2COS setting for honoring the PFC protocol packets from the Peer switches is as per above Packet Dot1p queue table Table 2 The packets that come in with packet dot1p 2 alone will be assigned to PG6 on ingress The packets that come in with packet dot1p 2 alone will use Q1 as per dot1p to Queue classification Table 2 on the egress port When Peer sends a PFC message for Priority 2 based on a...

Page 256: ...f the DCBx version used on a port is CIN refer to Configuring DCBx When allocating bandwidth or configuring a queue scheduler for dot1p priorities in a priority group on a DCBx CIN interface take into account the CIN bandwidth allocation refer to Configuring Bandwidth Allocation for DCBx CIN and dot1p queue mapping NOTE The IEEE 802 1Qaz CEE and CIN versions of ETS are supported Creating an ETS Pr...

Page 257: ...iorities mapped to the same queue must be in the same priority group Configure all 802 1p priorities in priority groups associated with an ETS output policy You can assign each dot1p priority to only one priority group By default all 802 1p priorities are grouped in priority group 0 and 100 of the port bandwidth is assigned to priority group 0 The complete bandwidth is equally assigned to each pri...

Page 258: ...ng strict priority command The priority group for strict priority scheduling scheduler strict command Configuring Bandwidth Allocation for DCBx CIN After you apply an ETS output policy to an interface if the DCBx version used in your data center network is CIN you may need to configure a QoS output policy to overwrite the default CIN bandwidth allocation This default setting divides the bandwidth ...

Page 259: ...lgorithm Dell Networking OS de queues all frames of strict priority traffic before servicing any other queues A queue with strict priority traffic can starve other queues in the same port ETS assigned bandwidth allocation and strict priority scheduling apply only to data queues not to control queues Dell Networking OS supports hierarchical scheduling on an interface The control traffic on Dell Net...

Page 260: ...e parameters are not negotiated by DCBx with peer devices you can apply a QoS output policy with WRED and or rate shaping on a DCBx CIN enabled interface In this case the WRED or rate shaping configuration in the QoS output policy must take into account the bandwidth allocation or queue scheduler configured in the DCB map Priority Group Configuration Notes When you configure priority groups in a D...

Page 261: ...heduling such as groups 1 and 3 in the example the strict priority group whose traffic is mapped to one queue takes precedence over the strict priority group whose traffic is mapped to two queues Therefore in this example scheduling traffic to priority group 1 mapped to one strict priority queue takes precedence over scheduling traffic to priority group 3 mapped to two strict priority queues Using...

Page 262: ...figuration of DCBx enabled ports and propagate DCB configurations learned from peer DCBx devices internally to other switch ports use the following DCBx port roles Auto upstream The port advertises its own configuration to DCBx peers and is willing to receive peer configuration The port also propagates its configuration to other ports on the switch The first auto upstream that is capable of receiv...

Page 263: ...onfigured to serve as a source of configuration information on the switch Peer DCB configurations received on the port are propagated to other DCBx auto configured ports If the peer configuration is compatible with a port configuration DCBx is enabled on the port On a configuration source port the link with a DCBx peer is enabled when the port receives a DCB configuration that can be internally pr...

Page 264: ...nged between a DCBx enabled port and a peer port without requiring that a peer port and the local port use the same configured values for the configurations to be compatible For example ETS uses an asymmetric exchange of parameters between DCBx peers Symmetric DCB parameters are exchanged between a DCBx enabled port and a peer port but requires that each configured parameter value be the same for ...

Page 265: ...ream ports other than the configuration source are marked as willing disabled The internally propagated DCB configuration is refreshed on all auto configuration ports and each port may begin configuration negotiation with a DCBx peer again Auto Detection and Manual Configuration of the DCBx Version When operating in Auto Detection mode the DCBx version auto command a DCBx port automatically detect...

Page 266: ...ple Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port For DCBx on a port interface enable LLDP in both Send TX and Receive RX mode the protocol lldp mode command refer to the example in CONFIGURATION versus INTERFACE Configurations in the Link Layer Discovery Protocol LLDP chapter If multiple DCBx peer ports ...

Page 267: ... information PROTOCOL LLDP mode no DCBx port role config source auto downstream auto upstream manual auto upstream configures the port to receive a peer configuration The configuration source is elected from auto upstream ports auto downstream configures the port to accept the internally propagated DCB configuration from a configuration source config source configures the port to serve as the conf...

Page 268: ...tion To verify the DCBx configuration on a port use the show interface DCBx detail command Configuring DCBx Globally on the Switch To globally configure the DCBx operation on a switch follow these steps 1 Enter Global Configuration mode EXEC PRIVILEGE mode configure 2 Enter LLDP Configuration mode to enable DCBx operation CONFIGURATION mode no protocol lldp 3 Configure the DCBx version used on all...

Page 269: ... TLVs The default is Application Priority TLVs are enabled and advertise FCoE and iSCSI NOTE To disable TLV transmission use the no form of the command for example no advertise DCBx appln tlv iscsi 6 Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs PROTOCOL LLDP mode no fcoe priority bits priority bitmap The priority bitmap range is from 1 to FF The default...

Page 270: ...ging operations auto detect timer enables traces for DCBx auto detect timers config exchng enables traces for DCBx configuration exchanges fail enables traces for DCBx failures mgmt enables traces for DCBx management frames resource enables traces for DCBx system resource frames sem enables traces for the DCBx state machine tlv enables traces for DCBx TLVs Verifying the DCB Configuration To displa...

Page 271: ...ow stack unit 0 11 all stack ports all pfc details Displays the PFC configuration applied to ingress traffic including priorities and link delay show stack unit 0 11 all stack ports all ets details Displays the ETS configuration applied to ingress traffic on stack links including priorities and link delay Examples of the show Commands The following example shows the show dot1p queue mapping comman...

Page 272: ...1 pfc detail Interface TenGigabitEthernet 1 4 1 Admin mode is on Admin is enabled Remote is enabled Remote Willing Status is enabled Local is enabled Oper status is recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quanta Application Priority TLV Parameters FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FC...

Page 273: ...ere exchanged with peer Recommend Remote PFC configuration parameters were received from peer Internally propagated PFC configuration parameters were received from configuration source PFC DCBx Oper status Operational status for exchange of PFC configuration on local port match up or mismatch down State Machine Type Type of state machine used for DCBx exchanges of PFC parameters Feature for legacy...

Page 274: ... Number of PFC error packets received PFC TLV Statistics Pause Tx pkts Number of PFC pause frames transmitted PFC TLV Statistics Pause Rx pkts Number of PFC pause frames received The following example shows the show interface pfc statistics command Dell show interfaces te 1 1 1 pfc statistics Interface TenGigabitEthernet 1 1 1 Priority Received PFC Frames Transmitted PFC Frames 0 0 0 1 0 0 2 0 0 3...

Page 275: ...LV Pkts Dell conf show interfaces tengigabitethernet 1 1 1 ets detail Interface TenGigabitEthernet 1 1 1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 0 ETS 2 0 ETS 3 0 ETS 4 0 ETS 5 0 ETS 6 0 ETS 7 0 ETS Priority Bandwidth TSA 0 13 ETS 1 13 ETS 2 13 ETS 3 13 ETS 4 12 ETS 5 12...

Page 276: ...etail command Dell conf show interfaces tengigabitethernet 1 1 1 ets detail Interface TenGigabitEthernet 1 1 1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 0 ETS 2 0 ETS 3 0 ETS 4 0 ETS 5 0 ETS 6 0 ETS 7 0 ETS Priority Bandwidth TSA 0 13 ETS 1 13 ETS 2 13 ETS 3 13 ETS 4 12 ET...

Page 277: ...min mode ETS mode on or off Admin Parameters ETS configuration on local port including priority groups assigned dot1p priorities and bandwidth allocation Remote Parameters ETS configuration on remote peer port including Admin mode enabled if a valid TLV was received or disabled priority groups assigned dot1p priorities and bandwidth allocation If the ETS Admin mode is enabled on the remote port fo...

Page 278: ...e following example shows the show stack unit all stack ports all pfc details command Dell conf show stack unit all stack ports all pfc details stack unit 1 stack port all Admin mode is On Admin is enabled Priority list is 4 5 Local is enabled Priority list is 4 5 Link Delay 45556 pause quantum 0 Pause Tx pkts 0 Pause Rx pkts stack unit 2 stack port all Admin mode is On Admin is enabled Priority l...

Page 279: ... Address 00 01 e8 8a df a0 Port Role is Manual DCBx Operational Status is Enabled Is Configuration Source FALSE Local DCBx Compatibility mode is IEEEv2 5 Local DCBx Configured mode is IEEEv2 5 Peer Operating version is IEEEv2 5 Local DCBx TLVs Transmitted ERPFi 1 Input PFC TLV pkts 2 Output PFC TLV pkts 0 Error PFC pkts 0 PFC Pause Tx pkts 0 Pause Rx pkts 1 Input ETS Conf TLV Pkts 1 Output ETS Con...

Page 280: ...Total DCBx Frame errors 0 Total DCBx Frames unrecognized 0 The following table describes the show interface DCBx detail command fields Table 23 show interface DCBx detail Command Description Field Description Interface Interface type with chassis slot and port number Port Role Configured DCBx port role auto upstream auto downstream config source or manual DCBx Operational Status Operational status...

Page 281: ...TLVs received from peer device Peer DCBx Status Sequence Number Sequence number transmitted in Control TLVs received from peer device Peer DCBx Status Acknowledgment Number Acknowledgement number transmitted in Control TLVs received from peer device Total DCBx Frames transmitted Number of DCBx frames sent from local port Total DCBx Frames received Number of DCBx frames received from remote peer po...

Page 282: ...amic buffer capability perform the following steps 1 Enable the DCB application By default DCB is enabled and link level flow control is disabled on all interfaces CONFIGURATION mode dcb enable 2 Configure the shared PFC buffer size and the total buffer size A maximum of 4 lossless queues are supported CONFIGURATION mode dcb pfc shared buffer size 4000 dcb pfc total buffer size 5000 3 Configure th...

Page 283: ... on stack ports CONFIGURATION mode dcb pfc total buffer size buffer size stack unit all port set port pipe all Port set number range is from 0 to 3 Sample DCB Configuration The following shows examples of using PFC and ETS to manage your data center traffic In the following example Incoming SAN traffic is configured for priority based flow control Outbound LAN IPC and SAN traffic is mapped into th...

Page 284: ...lobal Configuration mode to map ingress dot1p frames to the queues shown in the following table For more information refer to QoS dot1p Traffic Classification and Queue Assignment The following describes the dot1p priority class group assignment dot1p Value in the Incoming Frame Priority Group Assignment 0 LAN 1 LAN 2 LAN 284 Data Center Bridging DCB ...

Page 285: ...1 Enabling DCB Dell conf dcb enable 2 Configure DCB map and enable PFC and ETS Dell conf service class dynamic dot1p Or Dell conf interface tengigabitethernet 1 1 1 Dell conf if te 1 1 1 service class dynamic dot1p 3 Apply DCB map to relevant interface dcb map test priority group 1 bandwidth 50 pfc on priority group 2 bandwidth 45 pfc off priority group 3 bandwidth 5 pfc on priority pgid 2 2 2 1 3...

Page 286: ...e offering configuration parameters to the client DHCP Client This is a network device requesting configuration parameters from the server Relay Agent This is an intermediary network device that passes DHCP messages between the client and server when the server is not on the same subnet as the host DHCP Packet Format and Options DHCP uses the user datagram protocol UDP as its transport protocol Th...

Page 287: ...P Message Type Option 53 1 DHCPDISCOVER 2 DHCPOFFER 3 DHCPREQUEST 4 DHCPDECLINE 5 DHCPACK 6 DHCPNACK 7 DHCPRELEASE 8 DHCPINFORM Parameter Request List Option 55 Clients use this option to tell the server which parameters it requires It is a series of octets where each octet is DHCP option code Renewal Time Option 58 Specifies the amount of time after the IP address is granted that the client attem...

Page 288: ...o the offer requesting the offered values 4 After receiving a DHCPREQUEST the server binds the clients unique identifier the hardware address plus IP address to the accepted configuration parameters and stores the data in a database called a binding table The server then broadcasts a DHCPACK message which signals to the client that it may begin using the assigned parameters 5 When the client leave...

Page 289: ...kets Dell Networking OS provides 40000 entries that can be divided between leased addresses and excluded addresses By extension the maximum number of pools you can configure depends on the subnet mask that you give to each pool For example if all pools were configured for a 24 mask the total would be 40000 253 approximately 158 If the subnet is increased more pools can be configured The maximum su...

Page 290: ... DHCP servers respond to different types of requests from clients primarily granting renewing and terminating leases Providing Administration Services DHCP servers include functionality that allows an administrator to implement policies that govern how DHCP performs its other tasks Configuring the Server for Automatic Address Allocation Automatic address allocation is an address assignment method ...

Page 291: ...iguring the Dell system to be a DHCP server is a three step process 1 Configuring the Server for Automatic Address Allocation 2 Specifying a Default Gateway Related Configuration Tasks Configure a Method of Hostname Resolution Creating Manual Binding Entries Debugging the DHCP Server Using DHCP Clear Commands Excluding Addresses from the Address Pool The DHCP server assumes that all IP addresses i...

Page 292: ...ution service that Microsoft DHCP clients use to correlate host names to IP addresses within a group of networks Microsoft DHCP clients can be one of four types of NetBIOS nodes broadcast peer to peer mixed or hybrid 1 Specify the NetBIOS WINS name servers in order of preference that are available to Microsoft Dynamic Host Configuration Protocol DHCP clients DHCP POOL mode netbios name server addr...

Page 293: ...ommand Display debug information for DHCP server EXEC Privilege mode debug ip dhcp server events packets Using DHCP Clear Commands To clear DHCP binding entries address conflicts and server counters use the following commands Clear DHCP binding entries for the entire binding table EXEC Privilege mode clear ip dhcp binding Clear a DHCP binding entry for an individual IP address EXEC Privilege mode ...

Page 294: ... type normal reload command and save it to the startup configuration FTOS reload type normal reload FTOS write memory FTOS reload To re enable Jumpstart mode for the next reload enter the reload type jump start command Configuring the DHCP Client System This section describes how to configure and view an interface as a DHCP client to receive an IP address Dell Networking OS Behavior The ip address...

Page 295: ...cp Dynamically assigned IP addresses can be released without removing the DHCP client operation on the interface on a switch configured as a DHCP client 3 Manually acquire a new IP address from the DHCP server by releasing a dynamically acquired IP address while retaining the DHCP client configuration on the interface EXEC Privilege mode release dhcp interface type slot port subport 4 Acquire a ne...

Page 296: ...he DHCP IP address and renew it on the management interface Management routes added by the DHCP client have higher precedence over the same statically configured management route Static routes are not removed from the running configuration if a dynamically acquired management route added by the DHCP client overwrites a static management route Management routes added by the DHCP client are not adde...

Page 297: ...Doing so guarantees that this router becomes the VRRP group owner To use the router as the VRRP owner if you enable a DHCP client on an interface that is added to a VRRP group assign a priority less than 255 but higher than any other priority assigned in the group Configure the System for User Port Stacking Option 230 Set the stacking option variable to provide stack port detail on the DHCP server...

Page 298: ...d a reply out the interface on which the request was received rather than flooding it on the entire VLAN The relay agent strips Option 82 from DHCP responses before forwarding them to the client To insert Option 82 into DHCP packets follow this step Insert Option 82 into DHCP packets CONFIGURATION mode ip dhcp relay information option trust downstream For routers between the relay agent and the DH...

Page 299: ...orwarded across non snooped VLANs Because DHCP packets are dropped no new IP address assignments are made However DHCPRELEASE and DHCPDECLINE packets are allowed so that the DHCP snooping table can decrease in size After the table usage falls below the maximum limit of 4000 entries new IP address assignments are allowed NOTE DHCP server packets are dropped on all not trusted interfaces of a system...

Page 300: ...an id ipv6 ipv6 address interface interface type interface number lease value Clearing the Binding Table To clear the binding table use the following command Delete all of the entries in the binding table EXEC Privilege mode clear ip dhcp snooping binding Clearing the DHCP IPv6 Binding Table To clear the DHCP IPv6 binding table use the following command Delete all of the entries in the binding tab...

Page 301: ...g Enabled Vlans Vl 10 List of DAI Trust ports Te 1 4 1 Displaying the Contents of the DHCPv6 Binding Table To display the contents of the DHCP IPv6 binding table use the following command Display the contents of the binding table EXEC Privilege mode show ipv6 dhcp snooping biniding Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snoo...

Page 302: ... 00 4d 69 e8 f2 172740 D Vl 10 Te 1 5 1 Total number of Entries in the table 4 Dynamic ARP Inspection Dynamic address resolution protocol ARP inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding table ARP is a stateless protocol that provides no authentication mechanism Network devices accept ARP requests and replies from any device ARP r...

Page 303: ...ow L2Protocol has 87 entries L2SystemFlow has 15 entries Six L2SystemFlow entries are used by Layer 2 protocols leaving nine for DAI L2Protocol can have a maximum of 100 entries you must expand this region to capacity before you can increase the size of L2SystemFlow This is relevant when you are enabling DAI on VLANs If for example you want to enable DAI on 16 VLANs you need seven more entries in ...

Page 304: ...validation against the binding table All ports are untrusted by default To bypass the ARP inspection use the following command Specify an interface as trusted so that ARPs are not validated against the binding table INTERFACE mode arp inspection trust Dynamic ARP inspection is supported on Layer 2 and Layer 3 Source Address Validation Using the DHCP binding table Dell Networking OS can perform thr...

Page 305: ...o enable IP source address validation use the following command NOTE If you enable IP source guard using the ip dhcp source address validation command and if there are more entries in the current DHCP snooping binding table than the available CAM space SAV may not be applied to all entries To ensure that SAV is applied correctly to all entries enable the ip dhcp source address validation command b...

Page 306: ...rface for the entire system use the show ip dhcp snooping source address validation interface command in EXEC Privilege mode Viewing the Number of SAV Dropped Packets The following output of the show ip dhcp snooping source address validation discard counters command displays the number of SAV dropped packets Dell show ip dhcp snooping source address validation discard counters deny access list on...

Page 307: ... counters command Dell clear ip dhcp snooping source address validation discard counters To clear the number of SAV dropped packets on a particular interface use the clear ip dhcp snooping source address validation discard counters interface interface command Dell clear ip dhcp snooping source address validation discard counters interface TenGigabitEthernet 1 1 1 Dynamic Host Configuration Protoco...

Page 308: ...he default hash algorithm is 24 Enabling Deterministic ECMP Next Hop Deterministic ECMP next hop arranges all ECMPs in order before writing them into the content addressable memory CAM For example suppose the RTM learns eight ECMPs in the order that the protocols and interfaces came up In this case the forwarding information base FIB and CAM sorts them so that the ECMPs are always arranged This im...

Page 309: ...s from 0 to 4095 Link Bundle Monitoring Link bundle monitoring allows the system to monitor the use of multiple links for an uneven distribution Monitoring linked ECMP bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time A global default threshold of 60 is Link bundle monitoring allows the system to monitor the use of multiple links for an...

Page 310: ...a maximum ECMP per route To configure the maximum number of paths use the following command NOTE For the new settings to take effect save the new ECMP settings to the startup config write mem then reload the system Configure the maximum number of paths per ECMP group CONFIGURATION mode ip ecmp group maximum paths 2 64 Enable ECMP group path management CONFIGURATION mode ip ecmp group path fallback...

Page 311: ...automatically for each unique ecmp group when you configure multipath routes to the same network The system can generate a maximum of 512 unique ecmp groups The ecmp group indices are generated in even numbers 0 2 4 6 1022 and are for information only You can configure ecmp group with id 2 for link bundle monitoring This ecmp group is different from the ecmp group index 2 that is created by config...

Page 312: ...host table size is bigger compared to the LPM When you move the IPv4 32 route prefix entry in host table more space is obtained that can be utilized for other route prefix entries Support for ECMP in host table ECMP support in the L3 host table is available on S6000 S6000 ON Z9100 ON and S6100 ON platforms IPv6 128 prefix route entries and IPv4 32 prefix entries which are moved to host table can h...

Page 313: ...an end device sends and receives over the network As a result the switch can enforce zoning configurations ensure that end devices use their assigned addresses and secure the network from unauthorized access and denial of service DoS attacks To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network FIP establishes virtual point to point links between FCoE end d...

Page 314: ...rver and an FCoE switch FCF The following table lists the FIP functions Table 26 FIP Functions FIP Function Description FIP VLAN discovery FCoE devices ENodes discover the FCoE VLANs on which to transmit and receive FIP and FCoE traffic FIP discovery FCoE end devices and FCFs are automatically discovered Initialization FCoE devices learn ENodes from the FLOGI and FDISC to allow immediate login and...

Page 315: ...rts configured for ENode mode for server facing ports and FCF mode for a trusted port directly connected to an FCF Enable FIP snooping on the switch configure the FIP snooping parameters and configure CAM allocation for FCoE When you enable FIP snooping all ports on the switch by default become ENode ports Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows ...

Page 316: ...ping on a Dell Networking Switch The following sections describe how to configure the FIP snooping feature on a switch Allocate CAM resources for FCoE Perform FIP snooping allowing and parsing FIP frames globally on all VLANs or on a per VLAN basis To assign a MAC address to an FCoE end device server ENode or storage device after a server successfully logs in set the FCoE MAC address prefix FC MAP...

Page 317: ... all VLANs or an individual VLAN 4 Configure FCF mode for a FIP snooping bridge to FCF link For a sample FIP snooping configuration refer to FIP Snooping Configuration Example Statistical information is available for FIP Snooping related information For available commands refer to the FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide FIP Snooping Prerequisites Before you ...

Page 318: ...CLs are not installed FIP and FCoE traffic is not blocked and FIP packets are not processed The existing per VLAN and FIP snooping configuration is stored The configuration is re applied the next time you enable the FIP snooping feature You must apply the CAM ACL space for the FCoE region before enabling the FIP Snooping feature If you do not apply CAM ACL space the following error message is disp...

Page 319: ...st configure at least one interface for FCF FCoE Forwarder mode on a FIP snooping enabled VLAN You can configure multiple FCF trusted interfaces in a VLAN A maximum of eight VLANS are supported for FIP snooping on the switch When enabled globally FIP snooping processes FIP packets in traffic only from the first eight incoming VLANs When enabled on a per VLAN basis FIP snooping is supported on up t...

Page 320: ...2500 bytes when a port is in Switchport mode the FIP snooping feature is enabled on the switch and FIP snooping is enabled on all or individual VLANs Link aggregation group LAG FIP snooping is supported on port channels on ports on which PFC mode is on PFC is operationally up STP If you enable an STP protocol STP RSTP PVSTP or MSTP on the switch and ports enter a blocking state when the state chan...

Page 321: ...e FIP snooping on all VLANs or on a specified VLAN CONFIGURATION mode or VLAN INTERFACE mode fip snooping enable 6 Configure the port for bridge to FCF links INTERFACE mode or CONFIGURATION mode fip snooping port mode fcf NOTE To disable the FCoE transit feature or FIP snooping on VLANs use the no version of a command for example no feature fip snooping or no fip snooping enable Displaying FIP Sno...

Page 322: ...port slot interface port channel port channel number Clears the statistics on the FIP packets snooped on all VLANs a specified VLAN or a specified port interface show fip snooping system Displays information on the status of FIP snooping on the switch enabled or disabled including the number of FCoE VLANs FCFs ENodes and currently active sessions show fip snooping vlan Displays information on the ...

Page 323: ...he show fip snooping config command Dell show fip snooping config FIP Snooping Feature enabled Status Enabled FIP Snooping Global enabled Status Enabled Global FC MAP Value 0X0EFC00 FIP Snooping enabled VLANs VLAN Enabled FC MAP 100 TRUE 0X0EFC00 The following example shows the show fip snooping enode command Dell show fip snooping enode Enode MAC Enode Interface FCF MAC VLAN FC ID d4 ae 52 1b e3 ...

Page 324: ...y the FCF The following example shows the show fip snooping statistics interface vlan command VLAN and port Dell show fip snooping statistics interface vlan 100 Number of Vlan Requests 0 Number of Vlan Notifications 0 Number of Multicast Discovery Solicits 2 Number of Unicast Discovery Solicits 0 Number of FLOGI 2 Number of FDISC 16 Number of FLOGO 0 Number of Enode Keep Alive 9021 Number of VN Po...

Page 325: ...r of FLOGO 0 Number of Enode Keep Alive 0 Number of VN Port Keep Alive 0 Number of Multicast Discovery Advertisement 4451 Number of Unicast Discovery Advertisement 2 Number of FLOGI Accepts 2 Number of FLOGI Rejects 0 Number of FDISC Accepts 16 Number of FDISC Rejects 0 Number of FLOGO Accepts 0 Number of FLOGO Rejects 0 Number of CVL 0 Number of FCF Discovery Timeouts 0 Number of VN Port Session ...

Page 326: ...LOGI Rejects Number of FIP FLOGI reject frames received on the interface Number of FDISC Accepts Number of FIP FDISC accept frames received on the interface Number of FDISC Rejects Number of FIP FDISC reject frames received on the interface Number of FLOGO Accepts Number of FIP FLOGO accept frames received on the interface Number of FLOGO Rejects Number of FIP FLOGO reject frames received on the i...

Page 327: ...tch On the FIP snooping bridge DCBx is configured as follows A server facing port is configured for DCBx in an auto downstream role An FCF facing port is configured for DCBx in an auto upstream or configuration source role The DCBx configuration on the FCF facing port is detected by the server facing port and the DCB PFC configuration on both ports is synchronized For more information about how to...

Page 328: ... auto downstream NOTE A port is enabled by default for bridge ENode links Example of Configuring the FCF Facing Port Dell conf interface tengigabitethernet 1 5 1 Dell conf if te 1 5 1 portmode hybrid Dell conf if te 1 5 1 switchport Dell conf if te 1 5 1 fip snooping port mode fcf Dell conf if te 1 5 1 protocol lldp Dell conf if te 1 5 1 lldp dcbx port role auto upstream Example of Configuring FIP...

Page 329: ...the L4 header Flex hash uses the RTAG7 bins 2 and 3 overlay bins These bins must be enabled for flex hash to be configured If you configure flex hash by using the load balance ingress port enable and the load balance flexhash commands the show ip flow and show port channel flow commands are not operational Flex hash settings and these show commands are mutually exclusive only one of these capabili...

Page 330: ... physical ports to be aggregated faster You can configure the optimal switchover functionality for LACP even if you do not enable the fast boot mode on the system This command applies to dynamic port channel interfaces only When applied on a static port channel this command has no effect If you configure the optimized booting time capability and perform a reload of the system the LACP application ...

Page 331: ...is unexpected and undefined Fast boot uses the Symmetric Multiprocessing SMP utility that is enabled on the Intel CPU on the S6000 Switch to enhance the speed of the system startup SMP is supported on the S6000 platform For the fast boot feature to reduce the traffic disruption significantly the following conditions apply 1 When LACP is used between the ToR switch and the adjacent devices LACP is ...

Page 332: ...following changes when you perform a fast boot The system saves all dynamic ARP entries to a database on the flash drive A file is generated to indicate that the system is undergoing a fast boot which is used after the system comes up After the Dell Networking OS image is loaded and activated and the appropriate software components come up the following additional actions are performed If a databa...

Page 333: ...sions on which Graceful Restart has been negotiated This behavior is to force the peer to perform the helper role so that any routes advertised by the restarting system are retained and the peering session will not go down due to BGP Hold timeout Termination of TCP connections is not initiated on BGP sessions without GR because such a closure might cause the peer to immediately purge routes learnt...

Page 334: ...multipath and ECMP behavior The system delays the computation and installation of additional paths to a destination into the BGP routing information base RIB and forwarding table for a certain period of time Additional paths if any are automatically computed and installed without the need for any manual intervention in any of the following conditions After 30 seconds of the system returning online...

Page 335: ...ds If disk in not accessible in 20 seconds unexpected and undefined behavior of the VMs occurs You can optimize the booting time of the ToR nodes that experience a single point of failure to reduce the outage in traffic handling operations RRoCE is bursty and uses the entire 10 Gigabit Ethernet interface Although RRoCE and normal data traffic are propagated in separate network portions it may be n...

Page 336: ...ed packets that are received on Layer 3 physical interfaces are dropped To enable the routing of tagged packets the port that receives such tagged packets needs to be configured as a switchport and must be bound to a VLAN as a tagged member port A lite subinterface is similar to a normal Layer 3 physical interface except that additional provisioning is performed to set the VLAN ID for encapsulatio...

Page 337: ...tatus of the Ring by sending ring health frames RHF around the Ring from its Primary port and returning on its Secondary port If the Master node misses three consecutive RHFs the Master node determines the ring to be in a failed state The Master then sends a Topology Change RHF to the Transit Nodes informing them that the ring has changed This causes the Transit Nodes to flush their forwarding tab...

Page 338: ...ault state and unblocks its Secondary port The Master node clears its routing table and sends a control frame to all other ring nodes instructing them to clear their routing tables as well Immediately after clearing its routing table each node begins learning the new topology Ring Restoration The Master node continues sending ring health frames out its primary port even when operating in the Ring ...

Page 339: ...erconnected by a common switch in a figure eight style topology A switch can act as a Master node for one FRRP group and a Transit for another FRRP group or it can be a Transit node for both rings In the following example FRRP 101 is a ring with its own Control VLAN and FRRP 202 has its own Control VLAN running on another ring A Member VLAN that spans both rings is added as a Member VLAN to both F...

Page 340: ...reaks down the ring The Master node transmits ring status check frames at specified intervals You can run multiple physical rings on the same switch One Master node per ring all other nodes are Transit Each node has two member interfaces primary and secondary There is no limit to the number of nodes on a ring Master node ring port states blocking pre forwarding forwarding and disabled Transit node...

Page 341: ...one of four states Blocking State Accepts ring protocol packets but blocks data packets LLDP FEFD or other Layer 2 control packets are accepted Only the Master node Secondary port can enter this state Pre Forwarding State A transition state before moving to the Forward state Control traffic is forwarded but data traffic is blocked The Master node Secondary port transitions through this state durin...

Page 342: ...vents of ring failure or ring restoration only Implementing FRRP FRRP is media and speed independent FRRP is a Dell proprietary protocol that does not interoperate with any other vendor You must disable the spanning tree protocol STP on both the Primary and Secondary interfaces before you can enable FRRP All ring ports must be Layer 2 ports This is required for both Master and Transit nodes A VLAN...

Page 343: ...VLAN ports All ports on the ring must use the same VLAN ID for the control VLAN You cannot configure a VLAN as both a control VLAN and member VLAN on the same ring Only two interfaces can be members of a control VLAN the Master Primary and Secondary ports Member VLANs across multiple rings are not supported in Master nodes To create the control VLAN for this FRRP group use the following commands o...

Page 344: ...mode mode master 5 Identify the Member VLANs for this FRRP group CONFIG FRRP mode member vlan vlan id range VLAN ID Range VLAN IDs for the ring s member VLANS 6 Enable FRRP CONFIG FRRP mode no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2 Their status as Control or Member is determined at the FRRP group commands For more information ab...

Page 345: ...slot port subport control vlan vlan id Interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information subport Slot Port subport Slot and Port ID for the interface Range is entered Slot Port subport Slot Port subport VLAN ID Identification number ...

Page 346: ...D the range is from 1 to 255 Clear the counters associated with all FRRP groups EXEC PRIVELEGED mode clear frrp Viewing the FRRP Configuration To view the configuration for the FRRP group use the following command Show the configuration for this FRRP group CONFIG FRRP mode show configuration Viewing the FRRP Information To view general FRRP information use one of the following commands Show the in...

Page 347: ...umber of rings allowed on a chassis is 255 Sample Configuration and Topology The following example shows a basic FRRP topology Example of R1 MASTER interface TenGigabitEthernet 1 24 1 no ip address switchport no shutdown interface TenGigabitEthernet 1 31 1 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 1 24 1 31 1 no shutdown interface Vlan 201 no i...

Page 348: ...sit no disable Example of R3 TRANSIT interface TenGigabitEthernet 3 14 1 no ip address switchport no shutdown interface TenGigabitEthernet 3 21 1 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 3 14 1 21 1 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 3 14 1 21 1 no shutdown protocol frrp 101 interface primary TenGigabitEther...

Page 349: ...tic configuration The idea is to configure switches at the edge and have the information dynamically propagate into the core As such the edge ports must still be statically configured with VLAN membership information and they do not run GVRP It is this information that is propagated to create dynamic VLAN membership in the core of the network Important Points to Remember GVRP propagates VLAN membe...

Page 350: ...at connects to a switch where you want GVRP information exchanged In the following example GVRP is configured on VLAN trunk ports Figure 39 Global GVRP Configuration Example Basic GVRP configuration is a two step process 1 Enabling GVRP Globally 2 Enabling GVRP on a Layer 2 Interface Related Configuration Tasks Configure GVRP Registration Configure a GARP Timer 350 GARP VLAN Registration Protocol ...

Page 351: ...if te 1 21 1 no shutdown Dell conf if te 1 21 1 show config interface TenGigabitEthernet 1 21 1 no ip address switchport gvrp enable no shutdown To inspect the interface configuration use the show config command from INTERFACE mode or use the show gvrp interface command in EXEC or EXEC Privilege mode Configure GVRP Registration Configure GVRP registration There are two GVRP registration modes Fixe...

Page 352: ...tion using GVRP There are three GARP timer settings Join A GARP device reliably transmits Join messages to other devices by sending each Join message two times To define the interval between the two sending operations of each Join message use this parameter The Dell Networking OS default is 200ms Leave When a GARP device expects to de register a piece of attribute information it sends out a Leave ...

Page 353: ... Networking OS displays this message if an attempt is made to configure an invalid GARP timer Dell conf garp timers join 300 Error Leave timer should be 3 Join timer GARP VLAN Registration Protocol GVRP 353 ...

Page 354: ... Overview IGMP has three versions Version 3 obsoletes and is backwards compatible with version 2 version 2 obsoletes version 1 IGMP Version 2 IGMP version 2 improves on version 1 by specifying IGMP Leave messages which allows hosts to notify routers that they no longer care about traffic for a particular group Leave messages reduce the amount of time that the router takes to stop forwarding traffi...

Page 355: ...dds the group to the list of multicast groups associated with its outgoing port to the subnet Multicast traffic for the group is then forwarded to that subnet Sending an Unsolicited IGMP Report A host does not have to wait for a general query to join a group It may send an unsolicited IGMP Membership Report also called an IGMP Join message to the querier Leaving a Multicast Group The following des...

Page 356: ...p Specific and General queries still refresh the existing state Reporting is more efficient and robust hosts do not suppress query responses non suppression helps track state and enables the immediate leave and IGMP snooping features state change reports are retransmitted to insure delivery and a single membership report bundles multiple statements from a single host rather than sending an individ...

Page 357: ...uery to verify that there are no hosts interested in any other sources The multicast router must satisfy all hosts if they have conflicting requests For example if another host on the subnet is interested in traffic from 10 11 1 3 the router cannot record the include request There are no other interested hosts so the request is recorded At this point the multicast routing protocol prunes the tree ...

Page 358: ...essary 2 The querier before making any state changes sends a group and source query to see if any other host is interested in these two sources queries for state changes are retransmitted multiple times If any are they respond with their current state information and the querier refreshes the relevant state information 3 Separately in the following illustration the querier sends a general query to...

Page 359: ...st routing command 2 Enable a multicast routing protocol Related Configuration Tasks Viewing IGMP Enabled Interfaces Selecting an IGMP Version Viewing IGMP Groups Adjusting Timers Preventing a Host from Joining a Group Enabling IGMP Immediate Leave IGMP Snooping Fast Convergence after MSTP Topology Changes Internet Group Management Protocol IGMP 359 ...

Page 360: ...king OS enables IGMP version 2 by default which supports version 1 and 2 hosts but is not compatible with version 3 on the same subnet If hosts require IGMP version 3 you can switch to IGMP version 3 To switch to version 3 use the following command Switch to a different IGMP version INTERFACE mode ip igmp version Example of the ip igmp version Command Dell conf if te 1 13 1 ip igmp version 3 Dell ...

Page 361: ...a query it does not respond immediately but rather starts a delay timer The delay time is set to a random value between 0 and the maximum response time The host sends a response when the timer expires in version 2 if another host responds before the timer expires the timer is nullified and no response is sent The maximum response time is the amount of time that the querier waits for a response to ...

Page 362: ...ts to generate a forwarding table that associates ports with multicast groups so that when they receive multicast frames they can forward them only to interested receivers Multicast packets are addressed with multicast MAC addresses which represent a group of devices rather than one unique device Switches forward multicast frames out of all ports in a virtual local area network VLAN by default eve...

Page 363: ...ling Multicast Flooding Specifying a Port as Connected to a Multicast Router Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell conf ip igmp snooping enable Dell conf do show running config igmp ip igmp snooping enable Dell conf Removing a Group Port Association To configure or view the remove a group port association feature use the following commands Configure the ...

Page 364: ...icast routers EXEC Privilege mode show ip igmp snooping mrouter Configuring the Switch as Querier To configure the switch as a querier use the following command Hosts that do not support unsolicited reporting wait for a general query before sending a membership report When the multicast source and receivers are in the same VLAN multicast traffic is not routed and so there is no querier Configure t...

Page 365: ...S feature to isolate the management and front end port domains for HTTP and IGMP traffic Also EIS enables you to configure the responses to switch destined traffic by using the management port IP address as the source IP address This information is sent out of the switch through the management port instead of the front end port The management EIS feature is applicable only for the out of band OOB ...

Page 366: ...ent application SSH links to and from an unknown destination uses the management default route Protocol Separation When you configure the application application type command to configure a set of management applications with TCP UDP port numbers to the OS the following table describes the association between applications and their port numbers Table 33 Association Between Applications and Port Nu...

Page 367: ... egress interface selection using the management egress interface selection command NOTE Egress Interface Selection EIS works only with IPv4 routing When the feature is enabled using the management egress interface selection command the following events are performed The CLI prompt changes to the EIS mode In this mode you can run the application and no application commands Applications can be conf...

Page 368: ... the management route CLI is installed to both the management EIS routing table and default routing table As per existing behavior for routes in the default routing table conflicting front end port routes if configured has higher precedence over management routes So there can be scenarios where the same management route is present in the EIS routing table but not in the default routing table Route...

Page 369: ...outing table type for the ARP entry For the clear arp cache command upon receiving the ARP delete request the route corresponding to the destination IP is identified The ARP entries learned in the management EIS routing table are also cleared Therefore a separate control over clearing the ARP entries learned via routes in the EIS table is not present If the ARP entry for a destination is cleared i...

Page 370: ...tch Packets received on the management port with destination on the front end port is dropped Packets received on the front end port with destination on the management port is dropped A separate drop counter is incremented for this case This counter is viewed using the netstat command like all other IP layer counters Consider a scenario in which ip1 is an address assigned to the management port an...

Page 371: ...d is not terminating on the switch Drop the packets that are received on the front end data port with destination on the management port Drop the packets that received on the management port with destination as the front end data port Switch Destined Traffic This phenomenon occurs where traffic is terminated on the switch Traffic has not originated from the switch and is not transiting the switch ...

Page 372: ...plications ping and traceroute using the source ip option the management port IP address should be specified as the source IP address If management port is down or route lookup fails packets are dropped Default Behavior Route lookup is done in the default routing table and appropriate egress port is selected Table 35 Behavior of Various Applications for Switch Initiated Traffic Protocol Behavior w...

Page 373: ... lookup for ICMP based applications ping and traceroute you must configure ICMP as a management application If the management port is down or the route lookup fails packets are dropped If source IP address does not match the management port IP address route lookup is done in the default routing table Default Behavior Route lookup is done in the default routing table and appropriate egress port is ...

Page 374: ...he EIS routing table It is applicable to the default routing table only to avoid unnecessary double ARP entries Sflow sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Designating a Multicast Router Interface To designate an interface as a multicast router interface use the following command Dell N...

Page 375: ...nfiguration Interface Types View Basic Interface Information Enabling a Physical Interface Physical Interfaces Management Interfaces VLAN Interfaces Loopback Interfaces Null Interfaces Port Channel Interfaces Advanced Interface Configuration Bulk Configuration Defining Interface Range Macros Monitoring and Maintaining Interfaces Splitting QSFP Ports to SFP Ports Link Dampening Link Bundle Monitori...

Page 376: ...e chassis EXEC mode show interfaces This command has options to display the interface status IP and MAC addresses and multiple counters for the amount and type of traffic passing through the interface If you configured a port channel interface this command lists the interfaces configured in the port channel NOTE To end output from the system such as the output from the show interfaces command ente...

Page 377: ... the show ip interfaces brief command in EXEC Privilege mode In the following example TenGigabitEthernet interface 1 6 1 is in Layer 3 mode because an IP address has been assigned to it and the interface s status is operationally up Dell show ip interface brief Interface IP Address OK Method Status Protocol TenGigabitEthernet 1 1 1 unassigned NO Manual administratively down down TenGigabitEthernet...

Page 378: ...ace INTERFACE mode show config Dell conf if te 1 5 1 show config interface TenGigabitEthernet 1 5 1 no ip address portmode hybrid switchport rate interval 8 mac learning limit 10 no station move no shutdown 2 Reset an interface to its factory default state CONFIGURATION mode default interface interface type slot port subport Dell conf default interface tengigabitethernet 1 5 1 3 Verify the configu...

Page 379: ...terface provides dedicated management access to the system Stack unit interfaces support Layer 2 and Layer 3 traffic over the 10 Gigabit Ethernet and 40 Gigabit Ethernet 25 Gigabit Ethernet 40 Gigabit Ethernet 50 Gigabit Ethernet and 100 Gigabit Ethernet interfaces These interfaces can also become part of virtual interfaces such as virtual local area networks VLANs or port channels For more inform...

Page 380: ...dia 0 88 QSFP 4x1000BASE T US0XJYD04162059 Yes 0 89 QSFP 4x1000BASE T US0XJYD04162059 Yes 0 90 QSFP 4x1000BASE T US0XJYD04162059 Yes 0 91 QSFP 4x1000BASE T US0XJYD04162059 Yes show interface transceiver QSFP 0 Serial ID Base Fields QSFP 0 Id 0x0d QSFP 0 Ext Id 0x00 QSFP 0 Connector 0x0c QSFP 0 Transceiver Code 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00 QSFP 0 Encoding 0x05 QSFP 0 Length SFM Km 0x00 Q...

Page 381: ...down Dell conf if Configuring Layer 2 Interface Mode To configure an interface in Layer 2 mode use the following commands Enable the interface INTERFACE mode no shutdown Place the interface in Layer 2 switching mode INTERFACE mode switchport To view the interfaces in Layer 2 mode use the show interfaces switchport command in EXEC mode Configuring Layer 3 Network Mode When you assign an IP address ...

Page 382: ... interface commands in EXEC mode Configuring Layer 3 Interface Mode To assign an IP address use the following commands Enable the interface INTERFACE mode no shutdown Configure a primary IP address and mask on the interface INTERFACE mode ip address ip address mask secondary The ip address must be in dotted decimal format A B C D and the mask must be in slash format xx Add the keyword secondary if...

Page 383: ... a management route removes the route from both the EIS routing table and the default routing table If the management port is down or route lookup fails in the management EIS routing table the outgoing interface is selected based on route lookup from the default routing table If a route in the EIS table conflicts with a front end port route the front end port route has precedence Due to protocol A...

Page 384: ...ege mode To view the addresses use the show interface managementethernet command as shown in the following example If you try to configure a third IPv6 address an error message displays If you enable auto configuration all IPv6 addresses on that management interface are auto configured The first IPv6 address that you configure on the management interface is the primary address If deleted you must ...

Page 385: ... route command to point to the Management interface Alternatively you can use the virtual ip command to manage a system with one or two RPMs A virtual IP is an IP address assigned to the system not to any management interfaces and is a CONFIGURATION mode command When a virtual IP address is assigned to the system the active management interface of the RPM is recognized by the virtual IP address no...

Page 386: ...de as shown in the following example To display the routing table use the show ip route command in EXEC Privilege mode Dell show int TenGigabitEthernet 1 1 1 TenGigabitEthernet 1 1 1 is up line protocol is up Description This is the Managment Interface Hardware is Force10Eth address is 00 01 e8 cc cc ce Current address is 00 01 e8 cc cc ce Pluggable media not present Interface index is 46449666 In...

Page 387: ...t To assign another VLAN ID to the default VLAN use the default vlan id vlan id command To assign an IP address to an interface use the following command Configure an IP address and mask on the interface INTERFACE mode ip address ip address mask secondary ip address mask enter an address in dotted decimal format A B C D The mask must be in slash format 24 secondary the IP address is the interface ...

Page 388: ... Null interface is the ip unreachable command Port Channel Interfaces Port channel interfaces support link aggregation as described in IEEE Standard 802 3ad This section covers the following topics Port Channel Definition and Standards Port Channel Benefits Port Channel Implementation Configuration Tasks for Port Channel Interfaces Port Channel Definition and Standards Link aggregation is defined ...

Page 389: ...instead of in the order in which the ports come up With this implementation load balancing yields predictable results across line card resets and chassis reloads A physical interface can belong to only one port channel at a time Each port channel must contain interfaces of the same interface type speed Port channels can contain a mix of 1G 10G 40G The interface speed 10 100 or 1000 Mbps the port c...

Page 390: ...To configure a port channel use the following commands 1 Create a port channel CONFIGURATION mode interface port channel id number 2 Ensure that the port channel is active INTERFACE PORT CHANNEL mode no shutdown After you enable the port channel you can place it in Layer 2 or Layer 3 mode To place the port channel in Layer 2 mode or configure an IP address to place the port channel in Layer 3 mode...

Page 391: ...port channel INTERFACE PORT CHANNEL mode show config Examples of the show interfaces port channel Commands To view the port channel s status and channel members in a tabular format use the show interfaces port channel brief command in EXEC Privilege mode as shown in the following example Dell show int port brief LAG Mode Status Uptime Ports 1 L2L3 up 00 06 03 Te 1 6 1 Up Te 1 12 1 Up 2 L2L3 up 00 ...

Page 392: ...re also applied to the physical interfaces within the port channel For example if the port channel is in Layer 2 mode you cannot add an IP address or a static MAC address to an interface that is part of that port channel In the following example interface TenGigabitEthernet 1 6 1 is part of port channel 5 which is in Layer 2 mode and an error message appeared when an IP address was configured Dell...

Page 393: ...t be in oper up status to consider the port channel to be in oper up status To set the oper up status of your links use the following command Enter the number of links in a LAG that must be in oper up status INTERFACE mode minimum links number The default is 1 Example of Configuring the Minimum Oper Up Links in a Port Channel Dell config t Dell conf int po 1 Dell conf if po 1 minimum links 5 Dell ...

Page 394: ...embership on individual ports INTERFACE mode Dell conf if vlan tagged 2 3 4 2 Use the switchport command in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell conf if switchport 3 Verify the manually configured VLAN membership show interfaces switchport interface command EXEC mode Dell conf interface tengigabitethernet 1 1 1 Dell conf if te 1 1 ...

Page 395: ...he hash algorithm distributes traffic among Equal Cost Multi path ECMP paths and LAG members The distribution is based on a flow except for packet based hashing A flow is identified by the hash and is assigned to one link In packet based hashing a single flow can be distributed on the LAG and uses one link Packet based hashing is used to load balance traffic across a port channel based on the IP I...

Page 396: ...alue to get better hash value Hash seed is used to compute the hash value By default hash seed is chassis MAC 32 bits we can also change the hash seed by the following command CONFIGURATION mode hash algorithm seed seed value Change to another algorithm CONFIGURATION mode hash algorithm ecmp crc16 crc16cc crc32LSB crc32MSB crc upper dest ip lsb xor1 xor2 xor4 xor8 xor16 Example of the hash algorit...

Page 397: ...xisting interfaces are excluded from the interface range prompt NOTE When creating an interface range interfaces appear in the order they were entered and are not sorted The show range command is available under Interface Range mode This command allows you to display all interfaces that have been validated under the interface range context The show configuration command is also available under Int...

Page 398: ...e 2 1 1 2 3 2 Exclude a Smaller Port Range The following is an example show how the smaller of two port ranges is omitted in the interface range prompt Example of the Interface Range Prompt for Multiple Port Ranges Dell conf interface range tengigabitethernet 2 1 1 2 4 2 tengigab 2 1 1 2 2 2 Dell conf if range te 2 1 1 2 4 2 Overlap Port Ranges The following is an example showing how the interface...

Page 399: ...terfaceslot port subport Define the Interface Range The following example shows how to define an interface range macro named test to select Ten Gigabit Ethernet interfaces 5 1 through 5 4 Example of the define interface range Command for Macros Dell config define interface range test tengigabitethernet 5 1 1 5 4 1 Choosing an Interface Range Macro To use an interface range macro use the following ...

Page 400: ...t Dell monitor interface Te 3 1 1 Dell uptime is 1 day s 4 hour s 31 minute s Monitor time 00 00 00 Refresh Intvl 2s Interface Te 3 1 1 Disabled Link is Down Linespeed is 1000 Mbit Traffic statistics Current Rate Delta Input bytes 0 0 Bps 0 Output bytes 0 0 Bps 0 Input packets 0 0 pps 0 Output packets 0 0 pps 0 64B packets 0 0 pps 0 Over 64B packets 0 0 pps 0 Over 127B packets 0 0 pps 0 Over 255B ...

Page 401: ...n two ports do not start the test on both ends of the cable Enable the interface before starting the test Enable the port to run the test or the test prints an error message 2 Displays TDR test results EXEC Privilege mode show tdr tengigabitethernet slot port subport Fanning out 40G Ports Dynamically The device supports the Fan out Interfaces without reboot on Dell Networking OS It aims at convert...

Page 402: ... Enabling quad mode on stack unit 1 port 24 Please verify whether the configs related to interface Fo 1 24 are cleaned up before proceeding further confirm yes no yes Dell conf 00 02 24 STKUNIT1 M CP IFMGR 5 DYNAMIC_FANOUT Port 24 in slot 1 has been fanned out Dell conf 00 02 27 S6000 ON 1 IFAGT 5 INSERT_OPTICS_QSFP Optics QSFP inserted in slot 1 port 24 2 00 02 27 S6000 ON 1 IFAGT 5 INSERT_OPTICS...

Page 403: ...or SFP cables This interface enables you to directly plug in an SFP or SFP cable originating at a 10 Gigabit Ethernet port on a switch or server You can use QSFP optical cables without a QSA to split a 40 Gigabit port on a switch or a server into four 10 Gigabit ports To split the ports enable the fan out mode Similarly you can enable the fan out mode to configure the QSFP port on a device to act ...

Page 404: ...cables plugged in Dell Networking OS generates an SFP or SFP Removed event You can use the QSA on any of the ports The QSA module does not have a designated EEPROM To recognize a QSA Dell Networking OS reads the EEPROM corresponding to an SFP or SFP module that is plugged into QSA The access location of this EEPROM is different from the EEPROM location of the QSFP module The diagnostics applicatio...

Page 405: ...SFP 1 1 Serial ID Base Fields SFP 1 1 Id 0x0d SFP 1 1 Ext Id 0x00 SFP 1 1 Connector 0x23 Dell show interfaces tengigabitethernet 1 2 1 transceiver SFP 2 1 Serial ID Base Fields SFP 2 1 Id 0x0d SFP 2 1 Ext Id 0x00 SFP 2 1 Connector 0x23 Dell show interfaces tengigabitethernet 1 3 1 transceiver SFP 3 1 Serial ID Base Fields SFP 3 1 Id 0x0d SFP 3 1 Ext Id 0x00 SFP 3 1 Connector 0x23 Dell show interfa...

Page 406: ...ucing excessive interface flapping improves network stability by penalizing misbehaving interfaces and redirecting traffic improves convergence times and stability throughout the network by isolating failures so that disturbances are not propagated Important Points to Remember Link dampening is not supported on VLAN interfaces Link dampening is disabled when the interface is configured for port mo...

Page 407: ...00205001500300 Link Dampening Support for XML View the output of the following show commands in XML by adding display xml to the end of the command show interfaces dampening show interfaces dampening summary show interfaces interface x y Configure MTU Size on an Interface In Dell Networking OS Maximum Transmission Unit MTU is defined as the entire Ethernet packet Ethernet header FCS payload The li...

Page 408: ... a temporary stop in data transmission A situation may arise where a sending device may transmit data faster than a destination device can accept it The destination sends a PAUSE frame back to the source stopping the sender s transmission for a period of time An Ethernet interface starts to send pause frames to a sending device when the transmission rate of ingress traffic exceeds the egress port ...

Page 409: ...trol sender and receiver must be on the same port pipe Flow control is not supported across different port pipes To enable pause frames use the following command Control how the system responds to and generates 802 3x pause frames on the Ethernet ports INTERFACE mode flowcontrol rx off on tx off on rx on enter the keywords rx on to process the received flow control frames on this port rx off enter...

Page 410: ...TU of 2100 and an IP MTU 2000 the port channel s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU VLANs All members of a VLAN must have the same IP MTU value Members can have different Link MTU values Tagged members must have a link MTU 4 bytes higher than untagged members to account for the packet tag The VLAN link MTU and IP MTU must be less than or equal to the link M...

Page 411: ... to devices not capable of supporting negotiation or where connectivity issues arise from interoperability issues For 10 100 1000 Ethernet interfaces the negotiation auto command is tied to the speed command Auto negotiation is always enabled when the speed command is set to 1000 or auto Setting the Speed and Duplex Mode of Ethernet Interfaces To discover whether the remote and local interface req...

Page 412: ...00 Mbit Auto Fo 1 4 Down 40000 Mbit Auto Fo 1 5 Down Auto Mbit Auto output omitted In the previous example several ports display Auto in the Speed field In the following example the speed of port 1 1 1 is set to 100Mb and then its auto negotiation is disabled Dell configure Dell config interface tengig 1 1 1 Dell conf if te 1 1 1 speed 100 Dell conf if te 1 1 1 duplex full Dell conf if te 1 1 1 no...

Page 413: ...E mode show config View Advanced Interface Information The following options have been implemented for the show ip running config interfaces commands for only stack unit interfaces When you use the configured keyword only interfaces that have non default configurations are displayed Dummy stack unit interfaces created with the stack unit command are treated like any other physical interface Exampl...

Page 414: ...onfigure rate interval when changing the default value To configure the number of seconds of traffic statistics to display in the show interfaces output use the following command Configure the number of seconds of traffic statistics to display in the show interfaces output INTERFACE mode rate interval Example of the rate interval Command The bold lines shows the default value of 299 seconds the ch...

Page 415: ...S 0 64 byte pkts 0 over 64 byte pkts 0 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts Received 0 input symbol errors 0 runts 0 giants 0 throttles 0 CRC 0 IP Checksum 0 overrun 0 discarded 0 packets output 0 bytes 0 underruns Output 0 Multicasts 0 Broadcasts 0 Unicasts 0 IP Packets 0 Vlans 0 MPLS 0 throttles 0 discarded Rate info interval 100 seconds Input 00 00 ...

Page 416: ...N interface enter the keyword vlan then a number from 1 to 4094 OPTIONAL To clear statistics for all VRRP groups configured enter the keyword vrrp Enter a number from 1 to 255 as the vrid OPTIONAL To clear unknown source address SA drop counters when you configure the MAC learning limit on the interface enter the keywords learning limit Example of the clear counters Command When you enter this com...

Page 417: ... address shut int vlan 5 tagged te 1 1 1 no ip address shut int vlan 100 no ip address no shut int vlan 1000 ip address 1 1 1 1 16 no shut int te 1 1 1 no ip address switchport shut int te 1 2 1 no ip address shut int te 1 3 1 no ip address shut int te 1 4 1 no ip address shut int te 1 10 1 no ip address shut int te 1 34 1 ip address 2 1 1 1 16 shut Dell show running config snip interface TenGigab...

Page 418: ...p address no shutdown interface Vlan 3 tagged te 1 1 1 no ip address shutdown interface Vlan 4 tagged te 1 1 1 no ip address shutdown interface Vlan 5 tagged te 1 1 1 no ip address interface group Vlan 2 Vlan 100 no ip address no shutdown interface group Vlan 3 5 tagged te 1 1 1 no ip address shutdown interface Vlan 1000 ip address 1 1 1 1 16 no shutdown snip Compressed config size 27 lines 418 In...

Page 419: ...acking scenario it will also take care of syncing it to all the standby and member units The following is the sample output Dell write memory compressed Jul 30 08 50 26 STKUNIT0 M CP FILEMGR 5 FILESAVED Copied running config to startup config in flash by default copy compressed config Copy one file after optimizing and reducing the size of the configuration file to another location Dell Networking...

Page 420: ...d host portions of the IP address At its most basic level an IP address is 32 bits composed of network and host portions and represented in dotted decimal format For example 00001010110101100101011110000011 is represented as 10 214 87 131 For more information about IP addressing refer to RFC 791 Internet Protocol Implementation Information You can configure any IP address as a static route except ...

Page 421: ...URATION mode interface slot port subport For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For the Management interface on the stack unit enter the keyword Manag...

Page 422: ...e the VRF option after the next hop to specify which VRF the next hop belongs to This will be used in route leaking cases NOTE For more information on route leaking see the Route Leaking Between VRFs section ip address enter an address in dotted decimal format A B C D mask enter a mask in slash prefix length format X interface enter an interface type then the slot port information distance the ran...

Page 423: ...g OS withdraws the route When the interface comes up Dell Networking OS re installs the route When the recursive resolution is broken Dell Networking OS withdraws the route When the recursive resolution is satisfied Dell Networking OS re installs the route Configure Static Routes for the Management Interface When an IP address that a protocol uses and a static management route exists for the same ...

Page 424: ...ICMP source interface is configured Configuring the Duration to Establish a TCP Connection You can configure the duration for which the device must wait before it attempts to establish a TCP connection Using this capability you can limit the wait times for TCP connection requests Upon responding to the initial SYN packet that requests a connection to the router for a specific service such as SSH o...

Page 425: ...table with the ip host command The following sections describe DNS and the resolution of host names Enabling Dynamic Resolution of Host Names Specifying the Local System Domain and a List of Domains Configuring DNS with Traceroute Name server Domain name and Domain list are VRF specific The maximum number of Name servers and Domain lists per VRF is six Enabling Dynamic Resolution of Host Names By ...

Page 426: ...ist of domain names use the following commands Enter up to 63 characters to configure one domain name CONFIGURATION mode ip domain name name Enter up to 63 characters to configure names to complete unqualified host names CONFIGURATION mode ip domain list name Configure this command up to six times to specify a list of possible domain names Dell Networking OS searches the domain names in the order ...

Page 427: ... enables endstations to learn the MAC addresses of neighbors on an IP network Over time Dell Networking OS creates a forwarding table mapping the MAC addresses to their corresponding IP address This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time For more information about ARP refer to RFC 826 An Ethernet Address Resolution Protocol In Del...

Page 428: ...n For 10G interfaces enter the slot port subport information Example of the show arp Command These entries do not age and can only be removed manually To remove a static ARP entry use the no arp ip address command To view the static entries in the ARP cache use the show arp static command in EXEC privilege mode Dell show arp Protocol Address Age min Hardware Address Interface VLAN CPU Internet 10 ...

Page 429: ... For a VLAN interface enter the keyword vlan then a number from 1 to 4094 NOTE Transit traffic may not be forwarded during the period when deleted ARP entries are resolved again and re installed in CAM Use this option with extreme caution ARP Learning via Gratuitous ARP Gratuitous ARP can mean an ARP request or reply In the context of ARP learning via gratuitous ARP on Dell Networking OS the gratu...

Page 430: ... Request Beginning with Dell Networking OS version 8 3 1 0 when you enable ARP learning via gratuitous ARP the system installs a new ARP entry or updates an existing entry for all received ARP requests Figure 46 ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable ARP learning via gratuitous ARP the system does not look up the target IP It only up...

Page 431: ... messages inform the router of problems in a particular packet These messages are sent only on unicast traffic Configuration Tasks for ICMP The following lists the configuration tasks for ICMP Enabling ICMP Unreachable Messages For a complete listing of all commands related to ICMP refer to the Dell Networking OS Command Line Reference Guide Enabling ICMP Unreachable Messages By default ICMP unrea...

Page 432: ...raffic rate should not exceed 200 packets per second when you enable UDP helper You may specify a maximum of 16 UDP ports UDP helper is compatible with IP helper ip helper address UDP broadcast traffic with port number 67 or 68 are unicast to the dynamic host configuration protocol DHCP server per the ip helper address configuration whether or not the UDP port list contains those ports If the UDP ...

Page 433: ...U 1554 bytes IP MTU 1500 bytes LineSpeed auto ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 07 44 Queueing strategy fifo Input Statistics 0 packets 0 bytes Time since last interface status change 00 07 44 Configurations Using UDP Helper When you enable UDP helper and the destination IP address of an incoming packet is a broadcast address Dell Networking OS suppress...

Page 434: ...ress 1 1 255 255 and forwards the packet to VLAN 100 3 Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured Figure 47 UDP Helper with Broadcast All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface ...

Page 435: ...ged destination address Packet 2 is sent from a host on VLAN 101 It has broadcast MAC address and a destination IP address that matches the configured broadcast address on VLAN 101 In this case Packet 2 is flooded on VLAN 101 with the destination address unchanged because the forwarding process is Layer 2 If you enabled UDP helper the packet is flooded on VLAN 100 as well Figure 49 UDP Helper with...

Page 436: ... on the same interface use the debug ip dhcp command Example Output from the debug ip dhcp Command Packet 0 0 0 0 68 255 255 255 255 67 TTL 128 2005 11 05 11 59 35 RELAY I PACKET BOOTP REQUEST Unicast received at interface 172 21 50 193 BOOTP Request XID 0x9265f901 secs 0 hwaddr 00 02 2D 8D 46 DC giaddr 0 0 0 0 hops 2 2005 11 05 11 59 35 RELAY I BOOTREQUEST Forwarded BOOTREQUEST for 00 02 2D 8D 46...

Page 437: ...d operating systems Most new devices and operating systems support both IPv4 and IPv6 Some key changes in IPv6 are Extended address space Stateless autoconfiguration Header format simplification Improved support for options and extensions Extended Address Space The address format is extended from 32 bits to 128 bits This not only provides room for all anticipated needs it allows for the use of a h...

Page 438: ...ed for consistency include Cur Hop limit M and O flags Reachable time Retrans timer MTU options Preferred and valid lifetime values for the same prefix Only management ports support stateless auto configuration as a host The router redirect functionality in the neighbor discovery protocol NDP is similar to IPv4 router redirect messages NDP uses ICMPv6 redirect messages Type 137 to inform nodes tha...

Page 439: ...ct after reboot of the box This is because the SDK does the LPM partitioning during the chip initialization The longest prefix match LPM table on the S6000 platform supports different types of prefixes for IPv6 and IPv4 The route table also called the LPM table is divided into the following three logical tables 1 IPv4 32 bit LPM table Holds IPv4 Prefixes 2 IPv6 64 bit LPM table Holds IPv6 Prefixes...

Page 440: ...l 20 bits The Flow Label field identifies packets requiring special treatment in order to manage real time data traffic The sending router can label sequences of IPv6 packets so that forwarding routers can process packets within the same flow without needing to reprocess each packet s header separately NOTE All packets in the flow must have the same source and destination addresses Payload Length ...

Page 441: ...uter receives a packet with a Hop Limit of 1 it decrements it to 0 zero The router discards the packet and sends an ICMPv6 message back to the sending router indicating that the Hop Limit was exceeded in transit Source Address 128 bits The Source Address field contains the IPv6 address for the packet originator Destination Address 128 bits The Destination Address field contains the intended recipi...

Page 442: ...eader in 8 byte units but does not include the first 8 bytes Consequently if the header is less than 8 bytes the value is 0 zero Options size varies This field can contain one or more options The first byte if the field identifies the Option type and directs the router how to handle the option 00 Skip and continue processing 01 Discard the packet 10 Discard the packet and send an ICMP Parameter Pr...

Page 443: ...addresses starting with fe80 are assigned only in the local link area The addresses are generated usually automatically by the operating system s IP layer for each network interface This provides instant automatic network connectivity for any IPv6 host and means that if several hosts connect to a common hub or switch they have an instant communication path via their link local IPv6 address Link lo...

Page 444: ...etworking OS Command Line Interface Reference Guide IPv6 Basic Addressing IPv6 address types Unicast Extended Address Space IPv6 neighbor discovery IPv6 Neighbor Discovery IPv6 stateless autoconfiguration Stateless Autoconfiguration IPv6 MTU path discovery Path MTU Discovery IPv6 ICMPv6 ICMPv6 IPv6 ping ICMPv6 IPv6 traceroute ICMPv6 IPv6 SNMP IPv6 Routing Static routing Assigning a Static IPv6 Rou...

Page 445: ...diate System IPv6 IS IS in the Dell Networking OS Command Line Reference Guide OSPF for IPv6 OSPFv3 OSPFv3 in the Dell Networking OS Command Line Reference Guide Equal Cost Multipath for IPv6 IPv6 Services and Management Telnet client over IPv6 outbound Telnet Configuring Telnet with IPv6 Control and Monitoring in the Dell Networking OS Command Line Reference Guide Telnet server over IPv6 inbound ...

Page 446: ... node These messages include Destination Unreachable Packet Too Big Time Exceeded and Parameter Problem messages Informational messages provide diagnostic functions and additional host functions such as Neighbor Discovery and Multicast Listener Discovery These messages also include Echo Request and Echo Reply messages The Dell Networking OS ping and traceroute commands extend to support IPv6 addre...

Page 447: ...ress assigned it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node NOTE To avoid problems with network discovery Dell Networking recommends configuring the static route last or assigning an IPv6 address to the interface and assigning an address to the peer the forwarding router s address less than 10 seconds apart With ARP each node broadcasts A...

Page 448: ...ce using the ipv6 nd dns server ipv6 RDNSS address lifetime infinite command in INTERFACE CONFIG mode The lifetime parameter configures the amount of time the IPv6 host can use the IPv6 RDNSS address for name resolution The lifetime range is 0 to 4294967295 seconds When the maximum lifetime value 4294967295 or the infinite keyword is specified the lifetime to use the RDNSS address does not expire ...

Page 449: ...outer lifetime 1800 sec reachable time 0 ms retransmit time 0 ms SLLA 00 01 e8 8b 75 70 prefix 1212 64 on link autoconfig valid lifetime 2592000 sec preferred lifetime 604800 sec dns server 1000 0001 lifetime 1 sec dns server 3000 0001 lifetime 1 sec dns server 2000 0001 lifetime 0 sec The last 3 lines indicate that the IPv6 RDNSS information was configured correctly dns server 1000 0001 lifetime ...

Page 450: ...G mode Dell conf if te 1 1 1 show configuration The following example uses the show configuration command to display IPv6 RDNSS information interface TenGigabitEthernet 1 1 1 no ip address ipv6 address 1212 12 64 ipv6 nd dns server 1000 1 1 ipv6 nd dns server 3000 1 1 ipv6 nd dns server 2000 1 0 no shutdown Secure Shell SSH Over an IPv6 Transport Dell Networking OS supports both inbound and outbou...

Page 451: ...the system for the new settings Allocate space for IPV6 ACLs Enter the CAM profile name then the allocated amount CONFIGURATION mode cam acl ipv6acl When not selecting the default option enter all of the profiles listed and a range for each The total space allocated must equal 13 The ipv6acl range must be a factor of 2 Show the current CAM settings EXEC mode or EXEC Privilege mode show cam acl Pro...

Page 452: ... command and configure the forwarding router s address specified in the ipv6 route command on a neighbor s interface the IPv6 neighbor does not display in the show ipv6 route command output Set up IPv6 static routes CONFIGURATION mode ipv6 route vrf vrf name prefix type slot port subport forwarding router tag vrf vrf name OPTIONAL name of the VRF prefix IPv6 route prefix type slot port subport int...

Page 453: ...eceive SNMP notifications from a device running Dell Networking OS IPv6 The Dell Networking OS SNMP server commands for IPv6 have been extended to support IPv6 For more information regarding SNMP commands refer to the SNMP and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide snmp server host snmp server user ipv6 snmp server community ipv6 snmp server community acce...

Page 454: ...er For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Example of the show ipv6 interface Command Dell show ipv6 int ManagementEthernet 1 1 ManagementEthernet 1 1 is up line protocol is up IPV6 is enabled Stateless address autoconfiguration is enabled Link Local address fe80 201 e8ff fe8b 386e Global Unicast address es Actual address is 400 201 e8ff fe8b 386e subnet is 400 64 ...

Page 455: ... enter static To display information about an IPv6 Prefix lists enter list and the prefix list name Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command Dell show ipv6 route summary Route Source Active Routes Non active Routes connected 5 0 static 0 0 Total 5 0 The following example shows the show ipv6 route command Dell show ipv6 route Codes C c...

Page 456: ...en the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For the Management interface on the stack unit enter the keyword ManagementEthernet then the slot port information Example of the show running config interface Command Dell show run int Te 2 2 1 interface TenGigabitEthernet 2 2 1 no ip address ipv6 address 3 4 5 6 8 2...

Page 457: ...d host to set the device role as host Use the keyword router to set the device role as router 5 Set the hop count limit POLICY LIST CONFIGURATION mode hop limit maximum minimum limit The hop limit range is from 0 to 254 6 Set the managed address configuration flag POLICY LIST CONFIGURATION mode managed config flag on off 7 Enable verification of the sender IPv6 address in inspected messages from t...

Page 458: ...RATION mode reachable time value The reachability time range is from 0 to 3 600 000 milliseconds 14 Set the advertised retransmission time POLICY LIST CONFIGURATION mode retrans timer value The retransmission time range is from 100 to 4 294 967 295 milliseconds 15 Display the configurations applied on the RA guard policy mode POLICY LIST CONFIGURATION mode show config Example of the show config Co...

Page 459: ...d ra guard policy policy name The policy name string can be up to 140 characters Example of the show ipv6 nd ra guard policy Command Dell show ipv6 nd ra guard policy test ipv6 nd ra guard policy test device role router hop limit maximum 1 match ra ipv6 access list access other config flag on router preference maximum medium trusted port Interfaces Te 1 1 1 Dell Monitoring IPv6 RA Guard To debug I...

Page 460: ... connections The switch uses the snooped information to detect iSCSI sessions and connections established through the switch iSCSI optimization allows you to reduce deployment time and management complexity in data centers In a data center network Dell EqualLogic and Compellent iSCSI storage arrays are connected to a converged Ethernet network using the data center bridging exchange protocol DCBx ...

Page 461: ...nt helps to avoid session interruptions during times of congestion that would otherwise cause dropped iSCSI packets iSCSI DCBx TLVs are supported The following illustration shows iSCSI optimization between servers and a storage array in which a stack of three switches connect installed servers iSCSI initiators to a storage array iSCSI targets in a SAN network iSCSI optimization running on the mast...

Page 462: ...ority or IP DSCP mapping to determine the traffic class queue By default iSCSI flows are assigned to dot1p priority 4 To map incoming iSCSI traffic on an interface to a dot1p priority queue other than 4 use the CoS dot1p priority command refer to QoS dot1p Traffic Classification and Queue Assignment Dell Networking recommends setting the CoS dot1p priority queue to 0 zero You can configure whether...

Page 463: ...ormation for it Any incomplete information of this type would not be available in the show commands Detection and Auto Configuration for Dell EqualLogic Arrays The iSCSI optimization feature includes auto provisioning support with the ability to detect directly connected Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic flows The switch uses the lin...

Page 464: ...i profile compellent command in INTERFACE Configuration mode for example Dell conf if te o 50 iscsi profile compellent Synchronizing iSCSI Sessions Learned on VLT Lags with VLT Peer The following behavior occurs during synchronization of iSCSI sessions If the iSCSI login request packet is received on a port belonging to a VLT lag the information is synced to the VLT peer and the connection is asso...

Page 465: ... the iSCSI feature iSCSI resources are released and the detection of EqualLogic arrays using LLDP is disabled Disabling iSCSI does not remove the MTU flow control portfast or storm control configuration applied as a result of enabling iSCSI NOTE By default CAM allocation for iSCSI is set to 0 This disables session monitoring Default iSCSI Optimization Values The following table lists the default v...

Page 466: ... addressable memory CAM allocation is optional If CAM is not allocated the following features are disabled session monitoring aging class of service You can enable iSCSI even when allocated with zero 0 CAM blocks However if no CAM blocks are allocated session monitoring is disabled and this information the show iscsi command displays this information 2 For a non DCB environment Enable iSCSI CONFIG...

Page 467: ...target port command to remove all IP addresses assigned to the TCP port number To remove a single IP address from the TCP port use the no iscsi target port ip address command 7 Optional Set the QoS policy that is applied to the iSCSI flows CONFIGURATION mode no iscsi cos enable disable dot1p vlan priority value remark dscp dscp value remark enable enables the application of preferential QoS treatm...

Page 468: ... a port INTERFACE mode no iscsi profile compellent The default is Compellent disk arrays are not detected Displaying iSCSI Optimization Information To display information on iSCSI optimization use the following show commands Display the currently configured iSCSI settings show iscsi Display information on active iSCSI sessions on the switch show iscsi sessions Display detailed information on activ...

Page 469: ...ssion detailed command VLT PEER1 Dell show iscsi session detailed Session 0 Target iqn 2010 11 com ixia ixload iscsi TG1 Initiator iqn 2010 11 com ixia ixload initiator iscsi 2c Up Time 00 00 01 28 DD HH MM SS Time for aging out 00 00 09 34 DD HH MM SS ISID 806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10 10 0 44 33345 10 10 0 101 3260 0 VLT PE...

Page 470: ...inter area and intra area traffic by maintaining two separate link databases one for Level 1 routes and one for Level 2 routes A Level 1 2 router does not advertise Level 2 routes to a Level 1 router To establish adjacencies each IS IS router sends different protocol data units PDU For IP traffic the IP addressing information is included in the IS IS hello PDUs and the link state PDUs LSPs This br...

Page 471: ...tended metrics The multi topology ID is shown in the first octet of the IS IS packet Certain MT topologies are assigned to serve predetermined purposes MT ID 0 Equivalent to the standard topology MT ID 1 Reserved for IPv4 in band management purposes MT ID 2 Reserved for IPv6 routing topology MT ID 3 Reserved for IPv4 multicast routing topology MT ID 4 Reserved for IPv6 multicast routing topology M...

Page 472: ...s IS IS graceful restart recognizes that in a modern router the control plane and data plane are functionally separate Restarting the control plane functionality such as the failover of the active route processor module RPM to the backup in a redundant configuration should not necessarily interrupt data packet forwarding This behavior is supported because the forwarding tables previously computed ...

Page 473: ... An MT ID is added to the extended IS reachability TLV type 22 MT Reachable IPv4 Prefixes TLV appears for each IPv4 an IS announces for a given MT ID Its structure is aligned with the extended IS Reachability TLV Type 236 and it adds an MT ID MT Reachable IPv6 Prefixes TLV appears for each IPv6 an IS announces for a given MT ID Its structure is aligned with the extended IS Reachability TLV Type 23...

Page 474: ...ation Tasks for IS IS The following describes the configuration tasks for IS IS Enabling IS IS Configure Multi Topology IS IS MT IS IS Configuring IS IS Graceful Restart Changing LSP Attributes Configuring the IS IS Metric Style Configuring IS IS Cost Changing the IS Type Controlling Routing Updates Configuring Authentication Passwords Setting the Overload Bit Debuging IS IS Enabling IS IS By defa...

Page 475: ...r a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 4 Enter an IPv4 Address INTERFACE mode ip address ip address mask Assign an I...

Page 476: ...y IS IS Vlan 2 TenGigabitEthernet 4 22 1 Loopback 0 Redistributing Distance 115 Generate narrow metrics level 1 2 Accept narrow metrics level 1 2 Generate wide metrics none Accept wide metrics none Dell To view IS IS protocol statistics use the show isis traffic command in EXEC Privilege mode Dell show isis traffic IS IS Level 1 Hellos sent rcvd 4272 1538 IS IS Level 2 Hellos sent rcvd 4272 1538 I...

Page 477: ... each router NOTE When you do not enable transition mode you do not have IPv6 connectivity between routers operating in single topology mode and routers operating in multi topology mode 2 Exclude this router from other router s SPF calculations ROUTER ISIS AF IPV6 mode set overload bit 3 Set the minimum interval between SPF calculations ROUTER ISIS AF IPV6 mode spf interval level l level 2 interva...

Page 478: ...er of times an unacknowledged restart request is sent before the restarting router gives up the graceful restart engagement with the neighbor The range is from 1 to 10 attempts The default is 1 Configure the time for the graceful restart timer T2 that a restarting router uses as the wait time for each database to synchronize ROUTER ISIS mode graceful restart t2 level 1 level 2 seconds level 1 leve...

Page 479: ... 0 level 1 0 level 2 Circuit TenGigabitEthernet 2 10 1 Mode Normal L1 State NORMAL L2 State NORMAL L1 Send Receive RR 0 0 RA 0 0 SA 0 0 T1 time left 0 retry count left 0 L2 Send Receive RR 0 0 RA 0 0 SA 0 0 T1 time left 0 retry count left 0 Dell Example of the show isis interface Command To view all interfaces configured with IS IS routing along with the defaults use the show isis interface comman...

Page 480: ...vel is Level 1 Set the LSP size ROUTER ISIS mode lsp mtu size size the range is from 128 to 9195 The default is 1497 Set the LSP refresh interval ROUTER ISIS mode lsp refresh interval seconds seconds the range is from 1 to 65535 The default is 900 seconds Set the maximum time LSPs lifetime ROUTER ISIS mode max lsp lifetime seconds seconds the range is from 1 to 65535 The default is 1200 seconds Ex...

Page 481: ...nstalled Dell Networking OS supports the following IS IS metric styles Table 44 Metric Styles Metric Style Characteristics Cost Range Supported on IS IS Interfaces narrow Sends and accepts narrow or old TLVs Type Length Value 0 to 63 wide Sends and accepts wide or new TLVs 0 to 16777215 transition Sends both wide new and narrow old TLVs 0 to 63 narrow transition Sends narrow old TLVs and accepts b...

Page 482: ...n an IS IS metric INTERFACE mode isis metric default metric level 1 level 2 default metric the range is from 0 to 63 if the metric style is narrow narrow transition or transition The range is from 0 to 16777215 if the metric style is wide or wide transition Assign a metric for an IPv6 link or interface INTERFACE mode isis ipv6 metric default metric level 1 level 2 default metric the range is from ...

Page 483: ...show isis protocol command in EXEC Privilege mode The show config command in ROUTER ISIS mode displays only non default information If you do not change the IS type the default value level 1 2 is not displayed The default is Level 1 2 router When the IS type is Level 1 2 the software maintains two Link State databases one for each level To view the Link State databases use the show isis database c...

Page 484: ...in PREFIX LIST mode prior to assigning it to the IS IS process For configuration information on prefix lists refer to Access Control Lists ACLs Applying IPv4 Routes To apply prefix lists to incoming or outgoing IPv4 routes use the following commands NOTE These commands apply to IPv4 IS IS only To apply prefix lists to IPv6 routes use ADDRESS FAMILY IPV6 mode shown later Apply a configured prefix l...

Page 485: ...keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Apply a c...

Page 486: ...evel 2 metric value the range is from 0 to 16777215 The default is 0 metric type choose either external or internal The default is internal map name enter the name of a configured route map Include specific OSPF routes in IS IS ROUTER ISIS mode redistribute ospf process id level 1 level 1 2 level 2 metric value match external 1 2 match internal metric type external internal route map map name Conf...

Page 487: ...or internal map name name of a configured route map To view the IS IS configuration globally including both IPv4 and IPv6 settings use the show running config isis command in EXEC Privilege mode To view the current IPv4 IS IS configuration use the show config command in ROUTER ISIS mode To view the current IPv6 IS IS configuration use the show config command in ROUTER ISIS ADDRESS FAMILY IPV6 mode...

Page 488: ...te hop in their shortest path first SPF calculations Remove the overload bit ROUTER ISIS mode no set overload bit Example of Viewing the Overload Bit Setting When the bit is set a 1 is placed in the OL column in the show isis database command output The overload bit is set in both the Level 1 and Level 2 database because the IS type for the router is Level 1 2 Dell show isis database IS IS Level 1...

Page 489: ...arameter interface Enter the type of interface and slot port information to view IS IS information on that interface only View the events that triggered IS IS shortest path first SPF events for debugging purposes EXEC Privilege mode debug isis spf triggers View sent and received LSPs EXEC Privilege mode debug isis update packets interface To view specific information enter the following optional p...

Page 490: ...anges depending on the metric style The following describes the correct value range for the isis metric command Metric Style Correct Value Range for the isis metric Command wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 Maximum Values in the Routing Table IS IS metric styles support different cost ranges for the route The cost range for...

Page 491: ...ow transition default value 10 if the original value is greater than 63 A message is sent to the console wide wide transition original value narrow wide original value narrow transition original value narrow narrow transition original value narrow wide transition original value transition wide original value transition narrow original value transition narrow original value transition wide transiti...

Page 492: ...ide original value is recovered wide transition transition truncated value wide transition original value is recovered wide transition truncated value narrow default value 10 A message is sent to the logging buffer wide transition transition truncated value narrow transition default value 10 A message is sent to the logging buffer Leaks from One Level to Another In the following scenarios each IS ...

Page 493: ...S configuration changes clear the IS IS process re started using the clear isis command The clear isis command must include the tag for the ISIS process The following example shows the response from the router Dell clear isis ISIS not enabled Dell clear isis 9999 You can configure IPv6 IS IS routes in one of the following three different methods Congruent Topology You must configure both IPv4 and ...

Page 494: ...et 3 17 1 ip address 24 3 1 1 24 ipv6 address 24 3 1 76 ip router isis ipv6 router isis no shutdown Dell conf if te 3 17 1 Dell conf router_isis show config router isis metric style wide level 1 metric style wide level 2 net 34 0000 0000 AAAA 00 Dell conf router_isis Dell conf if te 3 17 1 show config interface TenGigabitEthernet 3 17 1 ipv6 address 24 3 1 76 ipv6 router isis no shutdown Dell conf...

Page 495: ...how config interface TenGigabitEthernet 3 17 1 ipv6 address 24 3 1 76 ipv6 router isis no shutdown Dell conf if te 3 17 1 Dell conf router_isis show config router isis net 34 0000 0000 AAAA 00 address family ipv6 unicast multi topology transition exit address family Dell conf router_isis Intermediate System to Intermediate System 495 ...

Page 496: ...entity of the LAG to which the link belongs Move the link to that LAG Enable the transmission and reception functions in an orderly manner The Dell Networking OS implementation of LACP is based on the standards specified in the IEEE 802 3 Carrier sense multiple access with collision detection CSMA CD access method and physical layer specifications LACP functions by constantly exchanging custom MAC...

Page 497: ...s on any link that is configured to be in this state A port in Active state also automatically initiates negotiations with other ports by initiating LACP packets Passive In this state the interface is not in an active negotiating state but LACP runs on the link A port in Passive state also responds to negotiation requests from ports in Active state Ports in Passive state respond to LACP packets De...

Page 498: ...g and Debugging LACP Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel LAG use the following command First you define the LAG and then the LAG interfaces Create a dynamic port channel LAG CONFIGURATION mode interface port channel Create a dynamic port channel LAG CONFIGURATION mode switchport Example of Configuring a LAG Interface Dell conf interface port channe...

Page 499: ... mode active command shown here may be successfully issued as long as there is no existing static channel member configuration in LAG 32 Setting the LACP Long Timeout PDUs are exchanged between port channel LAG interfaces to maintain LACP sessions PDUs are transmitted at either a slow or fast transmission rate depending upon the LACP timeout value The timeout value is the amount of time that a LAG...

Page 500: ...out value use the debug lacp command For more information refer to Monitoring and Debugging LACP Monitoring and Debugging LACP The system log syslog records faulty LACP actions To debug LACP use the following command Debug LACP including configuration and events EXEC mode no debug lacp config events pdu in out interface in out Shared LAG State Tracking Shared LAG state tracking provides the flexib...

Page 501: ...p created for shared LAG state tracking 1 Enter port channel failover group mode CONFIGURATION mode port channel failover group 2 Create a failover group and specify the two port channels that will be members of the group CONFIG PO FAILOVER GRP mode group number port channel number port channel number In the following example LAGs 1 and 2 have been placed into to the same failover group Example of...

Page 502: ...nel up is 1 Port channel is part of failover group 1 Internet address is not set MTU 1554 bytes IP MTU 1500 bytes LineSpeed 40000 Mbit Members in this channel Te 1 17 1 U ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 01 28 Queueing strategy fifo NOTE The set of console messages shown above appear only if you configure shared LAG state tracking on that router you ca...

Page 503: ...pha conf if po 10 show config interface Port channel 10 no ip address switchport no shutdown Alpha conf if po 10 Example of Viewing a LAG Port Configuration The following example inspects a LAG port configuration on ALPHA Alpha sh int TenGigabitEthernet 2 31 1 TenGigabitEthernet 2 31 1 is up line protocol is up Port is part of Port channel 10 Hardware is Force10Eth address is 00 01 e8 06 95 c0 Cur...

Page 504: ...718 bytes 0 underruns 0 64 byte pkts 15 over 64 byte pkts 121 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 136 Multicasts 0 Broadcasts 0 Unicasts 0 Vlans 0 throttles 0 discarded 0 collisions 0 wreddrops Rate info interval 299 seconds Input 00 00 Mbits sec 0 packets sec 0 00 of line rate Output 00 00 Mbits sec 0 packets sec 0 00 of line rate Time since last int...

Page 505: ...Figure 60 Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol LACP 505 ...

Page 506: ... if te 2 31 shutdown Alpha conf if te 2 31 port channel protocol lacp Alpha conf if te 2 31 lacp port channel 10 mode active Alpha conf if te 2 31 lacp no shut Alpha conf if te 2 31 show config interface GigabitEthernet 2 31 no ip address port channel protocol LACP port channel 10 mode active no shutdown Alpha conf if te 2 31 interface Port channel 10 no ip address switchport no shutdown 506 Link ...

Page 507: ... int tengig 3 21 1 Bravo conf no ip address Bravo conf no switchport Bravo conf shutdown Bravo conf if te 3 21 1 port channel protocol lacp Bravo conf if te 3 21 1 lacp port channel 10 mode active Bravo conf if te 3 21 1 lacp no shut Bravo conf if te 3 21 1 end interface TenGigabitEthernet 3 21 1 no ip address port channel protocol LACP port channel 10 mode active no shutdown Bravo conf if te 3 21...

Page 508: ...Figure 62 Inspecting a LAG Port on BRAVO Using the show interface Command 508 Link Aggregation Control Protocol LACP ...

Page 509: ...Figure 63 Inspecting LAG 10 Using the show interfaces port channel Command Link Aggregation Control Protocol LACP 509 ...

Page 510: ...ed on both synchronous and asynchronous lines and can operate in Half Duplex or Full Duplex mode It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection As its name implies it is for point to point connections between exactly two devices and assumes that frames are sent and received in the same order 510 Link Aggregatio...

Page 511: ...deletes the specified entry all deletes all dynamic entries interface deletes all entries for the specified interface vlan deletes all entries for the specified VLAN Setting the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries which means that they are subject to aging For any dynamic entry if no packet arrives on the switch with the MAC address as t...

Page 512: ...mic entries interface displays only entries for the specified interface static displays only static entries vlan displays only entries for the specified VLAN MAC Learning Limit MAC address learning limit is a method of port security on Layer 2 port channel and physical interfaces and VLANs It allows you to set an upper limit on the number of MAC addresses that learned on an interface VLAN After th...

Page 513: ...mic no station move station move NOTE An SNMP trap is available for mac learning limit station move No other SNMP traps are available for MAC Learning Limit including limit violations mac learning limit Dynamic The MAC address table is stored on the Layer 2 forwarding information base FIB region of the CAM The Layer 2 FIB region allocates space for static MAC address entries and dynamic MAC addres...

Page 514: ... allows a MAC address already in the table to be learned from another interface For example if you disconnect a network device from one interface and reconnect it to another interface the MAC address is learned on the new interface When the system detects this station move the system clears the entry learned on the original interface and installs a new entry on the new interface mac learning limit...

Page 515: ... is the default behavior You can configure the system to take an action if a station move occurs using one the following options with the mac learning limit command To display a list of interfaces configured with MAC learning limit or station move violation actions use the following commands Generate a system log message indicating a station move INTERFACE mode station move violation log Shut down...

Page 516: ...lation EXEC Privilege mode mac learning limit reset Reset interfaces in the ERR_Disabled state caused by a learning limit violation EXEC Privilege mode mac learning limit reset learn limit violation interface all Reset interfaces in the ERR_Disabled state caused by a station move violation EXEC Privilege mode mac learning limit reset station move violation interface all NIC Teaming NIC teaming is ...

Page 517: ...e failed NIC until the ARP entry on the switch times out Figure 66 Configuring the mac address table station move refresh arp Command Configure Redundant Pairs Networks that employ switches that do not support the spanning tree protocol STP for example networks with digital subscriber line access multiplexers DSLAM cannot have redundant links between switches because they create switching loops as...

Page 518: ...p it remains as the backup interface for the redundant pair If the interface is a member link of a LAG the following primary backup interfaces are also supported primary interface is a physical interface the backup interface can be a physical interface primary interface is a physical interface the backup interface can be a static or dynamic LAG primary interface is a static or dynamic LAG the back...

Page 519: ...28 04 RPM0 P CP IFMGR 5 L2BKUP_WARN Do not run any Layer2 protocols on Te 3 11 1 and Te 3 11 2 02 28 04 RPM0 P CP IFMGR 5 OSTATE_DN Changed interface state to down Te 3 11 2 02 28 04 RPM0 P CP IFMGR 5 STATE_ACT_STBY Changed interface state to standby te 3 11 2 Example of Configuring Redundant Layer 2 Pairs Dell conf if range te 3 11 1 3 11 2 switchport backup interface TenGigabitEthernet 3 11 1 De...

Page 520: ...NIT0 M CP IFMGR 5 OSTATE_DN Changed interface state to down Po 2 Apr 9 00 15 13 STKUNIT0 M CP IFMGR 5 STATE_ACT_STBY Changed interface state to standby Po 2 Dell conf if po 1 Dell Dell show interfaces switchport backup Interface Status Paired Interface Status Port channel 1 Active Port chato mannel 2 Standby Port channel 2 Standby Port channel 1 Active Dell Dell conf if po 1 switchport backup inte...

Page 521: ...nd failure is detected no intervention is required to reset the interface to bring it back to an FEFD operational state When you enable Aggressive mode on an interface in the same state manual intervention is required to reset the interface FEFD enabled systems comprised of one or more interfaces automatically switchs between four different states Idle Unknown Bi directional and Err disabled 1 An ...

Page 522: ...wn Up Down FEFD enable Normal Bi directional Bi directional Up Up Up Up FEFD enable Aggressive Bi directional Bi directional Up Up Up Up FEFD FEFD disable Normal Locally disabled Unknown Up Up Up Down FEFD FEFD disable Aggressive Locally disabled Err disabled Up Down Up Down Link Failure Normal Unknown Unknown Up Down Up Down Link Failure Aggressive Unknown Unknown Up Down Up Down Important Points...

Page 523: ...mmand in EXEC privilege mode Dell show fefd FEFD is globally ON interval is 3 seconds mode is Normal INTERFACE MODE INTERVAL STATE second Te 1 1 1 Normal 3 Bi directional Te 1 2 1 Normal 3 Admin Shutdown Te 1 3 1 Normal 3 Admin Shutdown Te 1 4 1 Normal 3 Admin Shutdown Dell show run fefd fefd global mode normal fefd global interval 3 Enabling FEFD on an Interface To enable change or disable FEFD o...

Page 524: ...d grep 1 1 Te 1 1 Normal 3 Unknown Debugging FEFD To debug FEFD use the first command To provide output for each packet transmission over the FEFD enabled connection use the second command Display output whenever events occur that initiate or disrupt an FEFD enabled connection EXEC Privilege mode debug fefd events Provide output for each packet transmission over the FEFD enabled connection EXEC Pr...

Page 525: ...Subport Te 1 1 1 Peer info Mgmt Mac 00 01 e8 14 89 25 Slot Port Subport Te 4 1 1 Sender hold time 3 second An RPM Failover In the event that an RPM failover occurs FEFD becomes operationally down on all enabled ports for approximately 8 10 seconds before automatically becoming operational again 02 05 2009 12 40 38 Local7 Debug 10 16 151 12 Feb 5 07 06 09 RPM1 S CP RAM 6 FAILOVER_REQ RPM failover r...

Page 526: ...ype The kind of information included in the TLV Length The value in octets of the TLV after the Length field Value The configuration information that the agent is advertising The chassis ID TLV is shown in the following illustration Figure 69 Type Length Value TLV Segment TLVs are encapsulated in a frame called an LLDP data unit LLDPDU shown in the following table which is transmitted from one LLD...

Page 527: ... sub types are Management TLVs IEEE 802 1 IEEE 802 3 and TIA 1057 Organizationally Specific TLVs Figure 70 LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs management TLVs IEEE 802 1 and 802 3 organizationally specific TLVs and TIA 1057 organizationally specific TLVs Management TLVs A management TLV is an optional TLVs sub type This kind of TLV contains essential mana...

Page 528: ...tem 6 System description A user defined alphanumeric string that identifies the system 7 System capabilities Identifies the chassis as one or more of the following repeater bridge WLAN Access Point Router Telephone DOCSIS cable device end station only or other 8 Management address Indicates the network address of the management interface Dell Networking OS does not currently support this TLV IEEE ...

Page 529: ...ated whether it is currently in a LAG and the port identification of the LAG Dell Networking OS does not currently support this TLV 127 Maximum Frame Size Indicates the maximum frame size capability of the MAC and PHY TIA 1057 LLDP MED Overview Link layer discovery protocol media endpoint discovery LLDP MED as defined by ANSI TIA 1057 provides additional organizationally specific TLVs so that endp...

Page 530: ...e five types of TIA 1057 Organizationally Specific TLVs Table 51 TIA 1057 LLDP MED Organizationally Specific TLVs Type SubType TLV Description 127 1 LLDP MED Capabilities Indicates whether the transmitting device supports LLDP MED what LLDP MED TLVs it supports LLDP device class 127 2 Network Policy Indicates the application type VLAN ID Layer 2 Priority and DSCP value 127 3 Location Identificatio...

Page 531: ... LLDP MED device 127 11 Inventory Asset ID Indicates a user specified device number to manage inventory 127 12 255 Reserved LLDP MED Capabilities TLV The LLDP MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support LLDP MED network connectivity devices must transmit the Network Policies TLV The value of the LLDP MED capabilities fiel...

Page 532: ...onnectivity 5 255 Reserved LLDP MED Network Policies TLV A network policy in the context of LLDP MED is a device s VLAN configuration and associated Layer 2 and Layer 3 configurations LLDP MED network policies TLV include VLAN ID VLAN tagged or untagged status Layer 2 priority DSCP value An integer represents the application type the Type integer shown in the following table which indicates a devi...

Page 533: ...on type for a separate limited voice service for guest users with their own IP telephony handsets and other appliances supporting interactive voice services 4 Guest Voice Signaling Specify this application type only if guest voice control packets use a separate network policy than voice data 5 Softphone Voice Specify this application type only if guest voice control packets use a separate network ...

Page 534: ...t power priority through the CLI Dell Networking also honors the power priority value the powered device sends however the CLI configuration takes precedence Power Value Dell Networking advertises the maximum amount of power that can be supplied on the port By default the power is 15 4W which corresponds to a power value of 130 based on the TIA 1057 specification You can advertise a different powe...

Page 535: ...he INTERFACE level affect only the specific interface they override CONFIGURATION level configurations Example of the protocol lldp Command CONFIGURATION Level R1 conf protocol lldp R1 conf lldp advertise Advertise TLVs disable Disable LLDP protocol globally end Exit from configuration mode exit Exit from LLDP configuration mode hello LLDP hello configuration mode LLDP mode configuration default r...

Page 536: ...isable To undo an LLDP configuration precede the relevant command with the keyword no Enabling LLDP on Management Ports LLDP on management ports is enabled by default To enable LLDP on management ports use the following command 1 Enter Protocol LLDP mode CONFIGURATION mode protocol lldp 2 Enable LLDP PROTOCOL LLDP mode no disable Disabling and Undoing LLDP on Management Ports To disable or undo LL...

Page 537: ...rtise TLVs use the following commands 1 Enter LLDP mode CONFIGURATION or INTERFACE mode protocol lldp 2 Advertise one or more TLVs PROTOCOL LLDP mode advertise dcbx appln tlv dcbx tlv dot3 tlv interface port desc management tlv med Include the keyword for each TLV you want to advertise For management TLVs system capabilities system description For 802 1 TLVs port protocol vlan id port vlan id For ...

Page 538: ... config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description hello 10 no disable Dell conf lldp Dell conf lldp exit Dell conf interface tengigabitethernet 1 31 1 Dell conf if te 1 31 1 show config interface TenGigabitEthernet 1 31 1 no ip address switchport no shutdown Dell conf if te 1...

Page 539: ...rames Out 6547 Total Frames In 4136 Total Neighbor information Age outs 0 Total Frames Discarded 0 Total In Error Frames 0 Total Unrecognized TLVs 0 Total TLVs Discarded 0 Next packet will be sent after 7 seconds The neighbors are given below Remote Chassis ID Subtype Mac address 4 Remote Chassis ID 00 01 e8 06 95 3e Remote Port Subtype Interface name 5 Remote Port ID TeGigabitEthernet 2 11 1 Loca...

Page 540: ...otocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description mode tx no disable R1 conf lldp no mode R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no di...

Page 541: ...ot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Configuring the Time to Live Value The information received from a neighbor expires after a specific amount of time measured in seconds called a time to live TTL The TTL is the product of the LLDPDU transmit interval hello and an integ...

Page 542: ...able R1 conf lldp no multiplier R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Debugging LLDP You can view the TLVs that your system is sending and receiving To view the TLVs use the following commands View a readable version of the...

Page 543: ...DP configuration on the local agent IEEE 802 1AB Organizationally Specific TLVs received and transmitted LLDP MED TLVs Table 55 LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit receive or both msgTxHold lldpMessageTxHoldMultiplie r Multiplier val...

Page 544: ...of times that a neighbor s information is deleted on the local system due to an rxInfoTTL timer expiration statsFramesDiscardedTotal lldpStatsRxPortFramesDisca rdedTotal Total number of LLDP frames received then discarded statsFramesInErrorsTotal lldpStatsRxPortFramesErrors Total number of LLDP frames received on a port with errors statsFramesInTotal lldpStatsRxPortFramesTotal Total number of LLDP...

Page 545: ...e lldpRemPortDesc 5 System Name system name Local lldpLocSysName Remote lldpRemSysName 6 System Description system description Local lldpLocSysDesc Remote lldpRemSysDesc 7 System Capabilities system capabilities Local lldpLocSysCapSupp orted Remote lldpRemSysCapSupp orted 8 Management Address enabled capabilities Local lldpLocSysCapEnabl ed Remote lldpRemSysCapEnab led management address length Lo...

Page 546: ...dpXdot1LocPortVla nId Remote lldpXdot1RemPortVl anId 127 Port and Protocol VLAN ID port and protocol VLAN supported Local lldpXdot1LocProtoVl anSupported Remote lldpXdot1RemProtoV lanSupported port and protocol VLAN enabled Local lldpXdot1LocProtoVl anEnabled Remote lldpXdot1RemProtoV lanEnabled PPVID Local lldpXdot1LocProtoVl anId Remote lldpXdot1RemProtoV lanId 127 VLAN Name VID Local lldpXdot1L...

Page 547: ...olicy Application Type Local lldpXMedLocMediaP olicyAppType Remote lldpXMedRemMedia PolicyAppType Unknown Policy Flag Local lldpXMedLocMediaP olicyUnknown Remote lldpXMedLocMediaP olicyUnknown Tagged Flag Local lldpXMedLocMediaP olicyTagged Remote lldpXMedLocMediaP olicyTagged VLAN ID Local lldpXMedLocMediaP olicyVlanID Remote lldpXMedRemMedia PolicyVlanID L2 Priority Local lldpXMedLocMediaP olicy...

Page 548: ...iceType Remote lldpXMedRemXPoED eviceType Power Source Local lldpXMedLocXPoEPS EPowerSource lldpXMedLocXPoEP DPowerSource Remote lldpXMedRemXPoEP SEPowerSource lldpXMedRemXPoEP DPowerSource Power Priority Local lldpXMedLocXPoEP DPowerPriority lldpXMedLocXPoEPS EPortPDPriority Remote lldpXMedRemXPoEP SEPowerPriority lldpXMedRemXPoEP DPowerPriority Power Value Local lldpXMedLocXPoEPS EPortPowerAv ll...

Page 549: ...hen maps the IP address cluster IP with the MAC address cluster MAC address In Multicast mode the cluster IP address is mapped to a cluster multicast MAC address you configured using a static ARP command After the NLB entry is learned the traffic forwards to all the servers in the VLAN corresponding to the cluster virtual IP address NLB Unicast Mode Scenario Consider a sample topology in which you...

Page 550: ...vant VLAN occurs The maximum number of concurrent clusters that is supported is eight Microsoft Clustering Microsoft clustering allows multiple servers using Microsoft Windows to be represented by one MAC address and IP address to provide transparent failover or balancing Dell Networking OS does not recognize server clusters by default you must configure it to do so When an ARP request is sent to ...

Page 551: ...able a switch for Unicast NLB mode perform the following steps Enter the ip vlan flooding command to specify that all Layer 3 unicast routed data traffic going through a VLAN member port floods across all the member ports of that VLAN CONFIGURATION mode ip vlan flooding There might be some ARP table entries that are resolved through ARP packets which had the Ethernet MAC SA different from the MAC ...

Page 552: ...mac address table static multicast mac address vlan vlan id output range interface 552 Microsoft Network Load Balancing ...

Page 553: ...e transmission control protocol TCP Through this connection peers advertise the sources in their domain 1 When an RP in a PIM SM domain receives a PIM register message from a source it sends a source active SA message to MSDP peers as shown in the following illustration 2 Each MSDP peer receives and forwards the message to its peers away from the originating RP 3 When an MSDP peer receives an SA m...

Page 554: ...in in type length value TLV format The total number of TLVs contained in the SA is indicated in the Entry Count field SA messages are transmitted every 60 seconds and immediately when a new source is detected Figure 78 MSDP SA Message Format 554 Multicast Source Discovery Protocol MSDP ...

Page 555: ...the other RPs informing them that there is an active source for a particular multicast group The result is that each RP is aware of the active sources in the area of the other RPs If any of the RPs fail IP routing converges and one of the RPs becomes the active RP in more than one area New sources register with the backup RP Receivers join toward the new RP and connectivity is maintained Implement...

Page 556: ...nting MSDP from Caching a Local Source Preventing MSDP from Caching a Remote Source Preventing MSDP from Advertising a Local Source Terminating a Peership Clearing Peer Statistics Debugging MSDP MSDP with Anycast RP MSDP Sample Configurations Figure 79 Configuring Interfaces for MSDP 556 Multicast Source Discovery Protocol MSDP ...

Page 557: ...Figure 80 Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol MSDP 557 ...

Page 558: ...Figure 81 Configuring PIM in Multiple Routing Domains 558 Multicast Source Discovery Protocol MSDP ...

Page 559: ...P by peering RPs in different administrative domains 1 Enable MSDP CONFIGURATION mode ip multicast msdp 2 Peer PIM systems in different administrative domains CONFIGURATION mode ip msdp peer connect source Multicast Source Discovery Protocol MSDP 559 ...

Page 560: ... 0 SAs learned from this peer 1 SA Filtering Input S G filter none Output S G filter none Manage the Source Active Cache Each SA originating RP caches the sources inside its domain domain local and the sources which it has learned from its peers domain remote By caching sources domain local receivers experience a lower join latency RPs can transmit SA messages periodically to prevent SA storms onl...

Page 561: ...ted sa Enabling the Rejected Source Active Cache To cache rejected sources use the following command Active sources can be rejected because the RPF check failed the SA limit is reached the peer RP is unreachable or the SA message has a format error Cache rejected sources CONFIGURATION mode ip msdp cache rejected sa Accept Source Active Messages that Fail the RFP Check A default peer is a peer from...

Page 562: ...Figure 83 MSDP Default Peer Scenario 1 562 Multicast Source Discovery Protocol MSDP ...

Page 563: ...Figure 84 MSDP Default Peer Scenario 2 Multicast Source Discovery Protocol MSDP 563 ...

Page 564: ...Figure 85 MSDP Default Peer Scenario 3 564 Multicast Source Discovery Protocol MSDP ...

Page 565: ...CONFIGURATION mode ip msdp default peer ip address list If you do not specify an access list the peer accepts all sources that peer advertises All sources from RPs that the ACL denies are subject to the normal RPF check Example of the ip msdp default peer Command and Viewing Denied Sources Dell conf ip msdp peer 10 0 50 2 connect source Vlan 50 Dell conf ip msdp default peer 10 0 50 2 list fifty M...

Page 566: ...AL Store sources that are received after the limit is reached in the rejected SA cache CONFIGURATION mode ip msdp cache rejected sa 2 Set the upper limit for the number of sources allowed from an MSDP peer CONFIGURATION mode ip msdp peer peer address sa limit The default limit is 100K If the total number of sources received from the peer is already larger than the limit when this configuration is ...

Page 567: ...m Caching a Remote Source To prevent MSDP from caching a remote source use the following commands 1 OPTIONAL Cache sources that the SA filter denies in the rejected SA cache CONFIGURATION mode ip msdp cache rejected sa 2 Prevent the system from caching remote sources learned from a specific peer based on source and group CONFIGURATION mode ip msdp sa filter list out peer list ext acl Example of Ve...

Page 568: ...ter 1 R1 conf do show run msdp ip multicast msdp ip msdp peer 192 168 0 3 connect source Loopback 0 ip msdp sa filter out 192 168 0 3 list mylocalfilter R1 conf do show run acl ip access list extended mylocalfilter seq 5 deny ip host 239 0 0 1 host 10 11 4 2 seq 10 deny ip any any R1 conf do show ip msdp sa cache MSDP Source Active Cache 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpT...

Page 569: ...ket count in out 0 0 SAs learned from this peer 0 SA Filtering Input S G filter myremotefilter Output S G filter none Router 1 R1 conf do show ip msdp peer Peer Addr 192 168 0 3 Local Addr 0 0 0 0 0 Connect Source Lo 0 State Inactive Up Down Time 00 00 03 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 0 0 SAs learned from this peer 0 SA Filtering Clearing Peer Statistics...

Page 570: ...92 168 0 3 rcvd Keepalive msg 03 17 27 MSDP 0 Peer 192 168 0 3 sent Source Active msg Input S G filter none Output S G filter none MSDP with Anycast RP Anycast RP uses MSDP with PIM SM to allow more than one active group to use RP mapping PIM SM allows only active groups to use RP mapping which has several implications traffic concentration PIM SM allows only one active group to RP mapping which m...

Page 571: ...ntical anycast address 2 Sources then register with the topologically closest RP 3 RPs use MSDP to peer with each other using a unique address Figure 87 MSDP with Anycast RP Configuring Anycast RP To configure anycast RP use the following commands 1 In each routing domain that has multiple RPs serving a group create a Loopback interface on each RP serving the group with the same IP address CONFIGU...

Page 572: ... by creating a mesh group A mesh in this context is a topology in which each RP in a set of RPs has a peership with all other RPs in the set When an RP is a member of the mesh group it forwards active source information only to its peers outside of the group To create a mesh group use the following command Create a mesh group CONFIGURATION mode ip msdp mesh group Specifying the RP Address Used in ...

Page 573: ...k 1 ip msdp peer 192 168 0 22 connect source Loopback 1 ip msdp mesh group AS100 192 168 0 22 ip msdp originator id Loopback 1 ip pim rp address 192 168 0 1 group address 224 0 0 0 4 The following example shows an R2 configuration for MSDP with Anycast RP ip multicast routing interface TenGigabitEthernet 2 1 1 ip pim sparse mode ip address 10 11 4 1 24 no shutdown interface TenGigabitEthernet 2 11...

Page 574: ...ycast RP ip multicast routing interface TenGigabitEthernet 3 21 1 ip pim sparse mode ip address 10 11 0 32 24 no shutdown interface TenGigabitEthernet 3 41 1 ip pim sparse mode ip address 10 11 6 34 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 3 32 no shutdown router ospf 1 network 10 11 6 0 24 area 0 network 192 168 0 3 32 area 0 redistribute static redistribute con...

Page 575: ...enGigabitEthernet 1 2 1 ip address 10 11 2 1 24 no shutdown interface TenGigabitEthernet 1 21 1 ip pim sparse mode ip address 10 11 1 12 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 1 32 no shutdown router ospf 1 network 10 11 2 0 24 area 0 network 10 11 1 0 24 area 0 network 192 168 0 1 32 area 0 network 10 11 3 0 24 area 0 ip multicast msdp ip msdp peer 192 168 0 3...

Page 576: ...rface TenGigabitEthernet 3 21 1 ip pim sparse mode ip address 10 11 0 32 24 no shutdown interface TenGigabitEthernet 3 41 1 ip pim sparse mode ip address 10 11 6 34 24 no shutdown interface ManagementEthernet 1 1 ip address 10 11 80 3 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 3 32 no shutdown router ospf 1 network 10 11 6 0 24 area 0 network 192 168 0 3 32 area 0 ...

Page 577: ... address 10 10 42 1 24 no shutdown interface TenGigabitEthernet 4 31 1 ip pim sparse mode ip address 10 11 6 43 24 no shutdown interface Loopback 0 ip address 192 168 0 4 32 no shutdown router ospf 1 network 10 11 5 0 24 area 0 network 10 11 6 0 24 area 0 network 192 168 0 4 32 area 0 ip pim rp address 192 168 0 3 group address 224 0 0 0 4 Multicast Source Discovery Protocol MSDP 577 ...

Page 578: ...spanning tree plus PVST MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances In contrast PVST allows a spanning tree instance for each VLAN This 1 1 approach is not suitable if you have many VLANs because each spanning tree instance costs bandwidth and processing resources In the following illus...

Page 579: ...hen you enable MSTP all ports in Layer 2 mode participate in MSTP Configure Multiple Spanning Tree Protocol Configuring multiple spanning tree is a four step process 1 Configure interfaces for Layer 2 2 Place the interfaces in VLANs 3 Enable the multiple spanning tree protocol 4 Create multiple spanning tree instances and map VLANs to them Related Configuration Tasks The following are the related ...

Page 580: ...ROTOCOL MSTP mode Dell conf protocol spanning tree mstp Dell config mstp show config protocol spanning tree mstp no disable Dell Adding and Removing Interfaces To add and remove interfaces use the following commands To add an interface to the MSTP topology configure it for Layer 2 and add it to a VLAN If you previously disabled MSTP on the interface using the no spanning tree 0 command to enable M...

Page 581: ...d delay 15 max hops 19 Bridge Identifier has priority 32768 Address 0001 e80d b6d6 Configured hello time 2 max age 20 forward delay 15 max hops 20 Current root has priority 32768 Address 0001 e806 953e Number of topology changes 2 last change occured 1d2h ago on Te 1 21 1 Port 374 TenGigabitEthernet 1 21 1 is root Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 374 Designated...

Page 582: ...P2 SPANMGR 5 STP_ROOT_CHANGE MSTP root changed for instance 2 My Bridge ID 0 0001 e809 c24a Old Root 32768 0001 e806 953e New Root 0 0001 e809 c24a R3 conf mstp show config protocol spanning tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 MSTI 2 bridge priority 0 Interoperate with Non Dell Bridges Dell Networking OS supports only one MSTP region A region is a combination of three unique q...

Page 583: ...mount of time an interface waits in the Listening state and the Learning state before it transitions to the Forwarding state Hello time the time interval in which the bridge sends MSTP bridge protocol data units BPDUs Max age the length of time the bridge maintains configuration information before it refreshes that information by recomputing the MST topology Max hops the maximum number of hops a B...

Page 584: ... tree mstp command from EXEC privilege mode Dell conf mstp forward delay 16 Dell conf mstp exit Dell conf do show running config spanning tree mstp protocol spanning tree mstp no disable name my mstp region MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 forward delay 16 MSTI 2 bridge priority 4096 Dell conf Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the...

Page 585: ...use the show config command from INTERFACE mode Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise it does not go through the Learning and Listening states The bpduguard shutdown on violation option cau...

Page 586: ...no spanning tree command in INTERFACE mode Disabling global spanning tree using the no spanning tree command in CONFIGURATION mode Example of Enabling an EdgePort on an Interface To verify that EdgePort is enabled use the show config command from INTERFACE mode Dell conf if te 3 11 1 spanning tree mstp edge port Dell conf if te 3 11 1 show config interface TenGigabitEthernet 3 11 1 no ip address s...

Page 587: ...o MSTP instances tag interfaces to the VLANs Step 1 protocol spanning tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 Step 2 interface TenGigabitEthernet 1 21 1 no ip address switchport no shutdown interface TenGigabitEthernet 1 31 1 no ip address switchport no shutdown Step 3 interface Vlan 100 no ip address tagged TenGigabitEthernet 1 21 1 31 1 no shutdown inter...

Page 588: ...p address switchport no shutdown interface TenGigabitEthernet 2 31 1 no ip address switchport no shutdown Step 3 interface Vlan 100 no ip address tagged TenGigabitEthernet 2 11 1 31 1 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 2 11 1 31 1 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 2 11 1 31 1 no shutdown Router 3 Running Configuration This ex...

Page 589: ...ample uses the following steps 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs 2 Assign Layer 2 interfaces to the MSTP topology 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs Step 1 spanning tree spanning tree configuration name Tahiti spanning tree configuration revision 123 spanning tree MSTi instance 1 spanning tree MSTi vlan 1 10...

Page 590: ... the show running configuration spanning tree mstp in EXEC Privilege mode To monitor and verify that the MSTP configuration is connected and communicating as desired use the debug spanning tree mstp bpdu command Key items to look for in the debug report include MSTP flags indicate communication received from the same region As shown in the following the MSTP routers are located in the same region ...

Page 591: ...8 Indicates MSTP routers are in the single region CIST Root Bridge Id 32768 0001 e806 953e Ext Path Cost 0 Regional Bridge Id 32768 0001 e806 953e CIST Port Id 128 470 Msg Age 0 Max Age 20 Hello 2 Fwd Delay 15 Ver1 Len 0 Ver3 Len 96 Name Tahiti Rev 123 MSTP region name and revision Int Root Path Cost 0 Rem Hops 19 Bridge Id 32768 0001 e8d5 cbbd 4w0d4h INST 1 MSTP Instance Flags 0x78 Reg Root 32768...

Page 592: ...INST 2 Flags 0x70 Reg Root 32768 0001 e8d5 cbbd Int Root Cost Brg Port Prio 32768 128 Rem Hops 20 592 Multiple Spanning Tree Protocol MSTP ...

Page 593: ...ddress the Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic As the upper 5 bits of an IP Multicast address are dropped in the translation 32 different multicast group IDs all map to the same Ethernet address For example 224 0 0 5 is a known IP address for open shortest path first OSPF that maps to the multicast MAC address 01 00 5e ...

Page 594: ...o PIM though it still processes leave messages until the number of entries decreases below 95 of the limit When the limit falls below 95 after hitting the maximum the system begins relearning route entries through IGMP MLD and MSDP If the limit is increased after it is reached subsequent join requests are accepted In this case increase the limit by at least 10 for IGMP and MLD to resume If the lim...

Page 595: ...ollowing command Apply the access list INTERFACE mode ip igmp access group access list name Dell Networking OS Behavior Do not enter the ip igmp access group command before creating the access list If you do after entering your first deny rule Dell Networking OS clears the multicast routing table and re learns all groups even those not covered by the rules in the access list because there is an im...

Page 596: ...on shown in the previous illustration Table 61 Preventing a Host from Joining a Group Description Location Description 1 21 1 Interface TenGigabitEthernet 1 21 1 ip pim sparse mode ip address 10 11 12 1 24 no shutdown 1 31 1 Interface TenGigabitEthernet 1 31 1 ip pim sparse mode 596 Multicast Features ...

Page 597: ...GigabitEthernet 3 1 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 1 Interface TenGigabitEthernet 3 11 1 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 1 Interface TenGigabitEthernet 3 21 1 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode ip address 10 11 3 1 24 untagged TenGigabitEthernet 1 1 1 no shutdown Receiv...

Page 598: ...er to the SPT when the router receives multicast packets at or beyond a specified rate Table 62 Configuring PIM to Switch Over to the SPT IPv4 Configure PIM to switch over to the SPT when the multicast packet rate is at or beyond a specified rate The keyword infinity directs PIM to never switch to the SPT ip pim spt threshold infinity CONFIGURATION IPv6 Configure PIM to switch over to the SPT when...

Page 599: ...on shown in the previous illustration Table 63 Preventing a Source from Transmitting to a Group Description Location Description 1 21 1 Interface TenGigabitEthernet 1 21 1 ip pim sparse mode ip address 10 11 12 1 24 no shutdown 1 31 1 Interface TenGigabitEthernet 1 31 1 ip pim sparse mode Multicast Features 599 ...

Page 600: ... 3 1 1 Interface TenGigabitEthernet 3 1 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 1 Interface TenGigabitEthernet 3 11 1 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 1 Interface TenGigabitEthernet 3 21 1 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode ip address 10 11 3 1 24 untagged TenGigabitEthernet 1 1 ...

Page 601: ...source Excessive traffic is generated when the join process from the RP back to the source is blocked due to a new source group being permitted in the join filter This results in the new source becoming stuck in registering on the DR and the continuous generation of UDP encapsulated registration messages between the DR and RP routers which are being sent to the CPU Prevent the PIM SM router from a...

Page 602: ...ou can configure client applications such as VRRP to receive a notification when the state of a tracked object changes The following example shows how object tracking is performed Router A and Router B are both connected to the internet via interfaces running OSPF Both routers belong to a VRRP group with a virtual router at 10 0 0 1 on the local area network LAN side Neither Router A nor Router B ...

Page 603: ...e link level status goes down the tracked resource status is considered to be DOWN if the link level status goes up the tracked resource status is considered to be UP For logical interfaces such as port channels or virtual local area networks VLANs the link protocol status is considered to be UP if any physical interface under the logical interface is UP Track Layer 3 Interfaces You can create an ...

Page 604: ...e next hop address appears before considering the route DOWN Track a Metric Threshold If you configure a metric threshold to track a route the UP DOWN state of the tracked route is determined by the current metric for the route entered in the routing table To provide a common tracking interface for different clients route metrics are scaled in the range from 0 to 255 where 0 is connected and 255 i...

Page 605: ... in the state of a tracked object is detected The time delay in communicating a state change is specified in seconds VRRP Object Tracking As a client VRRP can track up to 20 objects including route entries and Layer 2 and Layer 3 interfaces in addition to the 12 tracked interfaces supported for each VRRP group You can assign a unique priority cost value from 1 to 254 to each tracked VRRP object or...

Page 606: ...delay used before communicating a change in the status of a tracked interface OBJECT TRACKING mode delay up seconds down seconds Valid delay times are from 0 to 180 seconds The default is 0 3 Optional Identify the tracked object with a text description OBJECT TRACKING mode description text The text string can be up to 80 characters 4 Optional Display the tracking configuration and the tracked obje...

Page 607: ...erface is UP and the interface has a valid IPv6 address The Layer 3 status of an IPv6 interface goes DOWN when its Layer 2 status goes down for a Layer 3 VLAN all VLAN ports must be down or the IPv6 address is removed from the routing table To remove object tracking on a Layer 3 IPv4 IPv6 interface use the no track object id command To configure object tracking on the routing status of a Layer 3 i...

Page 608: ... route is considered to match an entry in the routing table only if the exact IPv4 or IPv6 address and prefix length match an entry in the table For example when configured as a tracked route 10 0 0 0 24 does not match the routing table entry 10 0 0 0 8 Similarly for an IPv6 address 3333 100 200 300 400 80 does not match routing table entry 3333 100 200 300 64 If no route table entry has the exact...

Page 609: ... range from 1 to 1592 where the default is 1 The resolution value used to map static routes is not configurable By default Dell Networking OS assigns a metric of 0 to static routes The resolution value used to map RIP routes is not configurable The RIP hop count is automatically multiplied by 16 to scale it For example a RIP metric of 16 unreachable scales to 256 which considers a route to be DOWN...

Page 610: ... by Dell configure Dell conf track 4 ip route 3 1 1 0 24 reachability vrf vrf1 The following example configures object tracking on the reachability of an IPv6 route Dell conf track 105 ipv6 route 1234 64 reachability Dell conf track 105 delay down 5 Dell conf track 105 description Headquarters Dell conf track 105 end Dell show track 105 Track 105 IPv6 route 1234 64 reachability Description Headqua...

Page 611: ...hange in the UP and or DOWN status of a tracked route OBJECT TRACKING mode delay up seconds down seconds Valid delay times are from 0 to 180 seconds The default is 0 4 Optional Identify the tracked object with a text description OBJECT TRACKING mode description text The text string can be up to 80 characters 5 Optional Configure the metric threshold for the UP and or DOWN routing status to be trac...

Page 612: ...cked Layer 2 or Layer 3 interfaces IPv4 or IPv6 routes or a VRF instance use the show track command You can also display the currently configured per protocol resolution values used to scale route metrics when tracking metric thresholds Display the configuration and status of currently tracked Layer 2 or Layer 3 interfaces IPv4 or IPv6 routes and a VRF instance show track object id brief interface...

Page 613: ...P Route Resolution ISIS 1 OSPF 1 IPv6 Route Resolution ISIS 1 Example of the show track vrf Command Dell show track vrf red Track 5 IP route 192 168 0 0 24 reachability Vrf red Reachability is Up CONNECTED 3 changes last change 00 02 39 First hop interface is TenGigabitEthernet 1 4 1 Example of Viewing Object Tracking Configuration Dell show running config track track 1 ip route 23 0 0 0 8 reachab...

Page 614: ... routers initially exchange HELLO messages to set up adjacencies with neighbor routers The HELLO process is used to establish adjacencies between routers of the AS It is not required that every router within the AS areas establish adjacencies If two routers on the same subnet agree to become neighbors through the HELLO process they begin to exchange network topology information in the form of LSAs...

Page 615: ...d Area 0 0 0 0 and is the core of any AS All other areas must connect to Area 0 Areas can be defined in such a way that the backbone is not contiguous In this case backbone connectivity must be restored through virtual links Virtual links are configured between any backbone routers that share a link to a non backbone area and function as if they were direct links An OSPF backbone is responsible fo...

Page 616: ... link state protocol OSPF sends routing information to other OSPF routers concerning the state of the links between them The state up or down of those links is important Routers that share a link become neighbors on that segment OSPF uses the Hello protocol as a neighbor discovery and keep alive mechanism After two routers are neighbors they may proceed to exchange and synchronize their databases ...

Page 617: ... in the previous example Area Border Router ABR Within an AS an area border router ABR connects one or more areas to the backbone The ABR keeps a copy of the link state database for every area it connects to so it may keep multiple copies of the link state database An ABR takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is c...

Page 618: ...ier The DRs and BDRs are configurable in Dell Networking OS If you do not define DR or BDR the system assigns them OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR The router with the highest priority is elected the DR If there is a tie the router with the higher router ID takes precedence After the DR is elected the BDR is elected the same way...

Page 619: ...nection to a transit network IP address of the DR 3 connection to a stub network IP network subnet number 4 virtual link neighboring router ID LSA Throttling LSA throttling provides configurable interval timers to improve OSPF convergence times The default OSPF static timers 5 seconds for transmission 1 second for acceptance ensures sufficient time for sending and resending LSAs and for system acc...

Page 620: ...uter fails and the cost is assessed a new priority number results Figure 95 Priority and Cost Examples OSPF with Dell Networking OS The Dell Networking OS supports up to 10 000 OSPF routes for OSPFv2 Within the that 10 000 routes you can designate up to 8 000 routes as external and up to 2 000 as inter intra area routes Dell Networking OS version 9 4 0 0 and later support only one OSPFv2 process p...

Page 621: ... forwarding between ingress and egress ports VLANs and so on can continue uninterrupted while the control plane OSPF process comes back to full functionality and rebuilds its routing tables To notify its helper neighbors that the restart process is beginning when a router is attempting to restart gracefully it originates the following link local Grace LSAs An OSPFv2 router sends Type 9 LSAs An OSP...

Page 622: ...shes the active RPM is removed or a power failure happens During an unplanned restart OSPF sends out a Grace LSA when the backup RPM comes online To display the configuration values for OSPF graceful restart enter the show run ospf command for OSPFv2 and the show run ospf and show ipv6 ospf database database summary commands for OSPFv3 Fast Convergence OSPFv2 IPv4 Only Fast convergence allows you ...

Page 623: ...PF mode flood 2328 Example of Viewing the Debug Log for Flooding Behavior To confirm RFC 2328 flooding behavior use the debug ip ospf packet command The following example shows no change in the updated packets shown in bold ACKs 2 shown in bold is printed only for ACK packets The following example shows no change in the updated packets shown in bold ACKs 2 shown in bold is printed only for ACK pac...

Page 624: ...the OSPF dead interval on a Cisco router is by default four times as long as the hello interval Changing the hello interval on the Cisco router automatically changes the dead interval To ensure equal intervals between the routers use the following command Manually set the dead interval of the Dell Networking router to match the Cisco configuration INTERFACE mode ip ospf dead interval x Examples of...

Page 625: ... First version 2 OSPF for IPv4 on the switch Two of the tasks are mandatory others are optional The following configuration tasks include two mandatory tasks and several optional tasks Enabling OSPFv2 mandatory Assigning a Router ID Assigning an OSPFv2 Area mandatory Enable OSPFv2 on Interfaces Configuring Stub Areas Enabling Passive Interfaces Enabling Fast Convergence Changing OSPFv2 Parameters ...

Page 626: ...r OSPFv2 process IDs you must have four interfaces with Layer 3 enabled 1 Assign an IP address to an interface CONFIG INTERFACE mode ip address ip address mask The format is A B C D M If you are using a Loopback interface refer to Loopback Interfaces 2 Enable the interface CONFIG INTERFACE mode no shutdown 3 Return to CONFIGURATION mode to enable the OSPFv2 process globally CONFIGURATION mode rout...

Page 627: ...Supports only single TOS TOS0 routes SPF schedule delay 5 secs Hold time between two SPFs 10 secs Number of area in this router is 0 normal 0 stub 0 nssa 0 Dell Assigning an OSPFv2 Area After you enable OSPFv2 assign the interface to an OSPF area Set up OSPF areas and enable OSPFv2 on an interface with the network command You must have at least one AS area Area 0 This is the backbone area If your ...

Page 628: ...of an interface to an area Example of Enabling OSPFv2 and Assigning an Area to an Interface Dell conf int te 4 14 1 Dell conf if te 4 14 1 ip address 10 10 10 10 24 Dell conf if te 4 14 1 no shutdown Dell conf if te 4 14 1 ex Dell conf router ospf 1 Dell conf router_ospf 1 network 1 2 3 4 24 area 0 Dell conf router_ospf 1 network 10 10 10 10 24 area 1 Dell conf router_ospf 1 network 20 20 20 20 24...

Page 629: ...253 2 Network Type BROADCAST Cost 1 Transmit Delay is 1 sec State DROTHER Priority 1 Designated Router ID 10 168 253 5 Interface address 10 168 0 4 Backup Designated Router ID 192 168 253 3 Interface address 10 168 0 2 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 08 Neighbor Count is 3 Adjacent neighbor count is 2 Adjacent with neighbor 10 168 253 5 Designate...

Page 630: ...face is one that does not send or receive routing information Enabling passive interface suppresses routing updates on an interface Although the passive interface does not send or receive routing updates the network on that interface is still included in OSPF updates sent via other interfaces To suppress the interface s participation on an OSPF interface use the following command This command stop...

Page 631: ...ansmit 5 Hello due in 13 39 46 Neighbor Count is 0 Adjacent neighbor count is 0 TenGigabitEthernet 2 1 1 is up line protocol is down Internet Address 10 1 3 100 24 Area 2 2 2 2 Process ID 34 Router ID 10 1 2 100 Network Type BROADCAST Cost 10 Transmit Delay is 1 sec State DR Priority 1 Designated Router ID 10 1 2 100 Interface address 10 1 3 100 Backup Designated Router ID 0 0 0 0 Interface addres...

Page 632: ...rival 0 secs Number of area in this router is 0 normal 0 stub 0 nssa 0 Dell The following examples shows how to disable fast convergence Dell conf router_ospf 1 no fast converge Dell conf router_ospf 1 ex Dell conf ex Dell show ip ospf 1 Routing Process ospf 1 with ID 192 168 67 2 Supports only single TOS TOS0 routes SPF schedule delay 5 secs Hold time between two SPFs 10 secs Convergence Level 0 ...

Page 633: ...ge is from 1 to 255 Key a character string NOTE Be sure to write down or otherwise record the key You cannot learn the key after it is configured You must be careful when changing this key NOTE You can configure a maximum of six digest keys on an interface Of the available six digest keys the switches select the MD5 key that is common The remaining MD5 keys are unused Change the priority of the in...

Page 634: ...rface address 10 1 2 100 Backup Designated Router ID 10 1 2 100 Interface address 0 0 0 0 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 06 Neighbor Count is 0 Adjacent neighbor count is 0 Dell Enabling OSPFv2 Authentication To enable or change various OSPF authentication parameters use the following commands Set a clear text authentication scheme on the interf...

Page 635: ...rom 40 and 3000 This setting is the time that an OSPFv2 router s neighbors advertises it as fully adjacent regardless of the synchronization state during a graceful restart OSPFv2 terminates this process when the grace period ends 2 Enter the Router ID of the OSPFv2 helper router from which the router does not accept graceful restart assistance CONFIG ROUTEROSPF id mode graceful restart helper rej...

Page 636: ...igure a graceful restart on an OSPFv2 router the show run ospf command displays information similar to the following Dell show run ospf router ospf 1 graceful restart grace period 300 graceful restart role helper only graceful restart mode unplanned only graceful restart helper reject 10 1 1 1 graceful restart helper reject 20 1 1 1 network 10 0 2 0 24 area 0 Dell Creating Filter Routes To filter ...

Page 637: ...e routes use the following command Specify which routes are redistributed into OSPF process CONFIG ROUTEROSPF id mode redistribute bgp connected isis rip static metric metric value metric type type value route map map name tag tag value Configure the following required and optional parameters bgp connected isis rip static enter one of the keywords to redistribute those routes metric metric value t...

Page 638: ...OSPF database Some useful troubleshooting commands are show interfaces show protocols debug IP OSPF events and or packets show neighbors show routes To help troubleshoot OSPFv2 use the following commands View the summary of all OSPF process IDs enables on the router EXEC Privilege mode show running config ospf View the summary information of the IP routes EXEC Privilege mode show ip route summary ...

Page 639: ...run ospf router ospf 4 router id 4 4 4 4 network 4 4 4 0 28 area 1 ipv6 router ospf 999 default information originate always router id 10 10 10 10 Dell Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2 These examples are not comprehensive directions They are intended to give you some guidance with typical configurations You can copy and paste from these...

Page 640: ...2 1 ip address 10 2 12 2 24 no shutdown interface Loopback 10 ip address 192 168 100 100 24 no shutdown OSPF Area 0 Te 3 1 1 and 3 2 1 router ospf 33333 network 192 168 100 0 24 area 0 network 10 0 13 0 24 area 0 network 10 0 23 0 24 area 0 interface Loopback 30 ip address 192 168 100 100 24 no shutdown interface TenGigabitEthernet 3 1 1 ip address 10 1 13 3 24 no shutdown interface TenGigabitEthe...

Page 641: ...SPF process aware of these interfaces assign them to OSPF areas The OSPFv3 ipv6 ospf area command enables OSPFv3 on the interface and places the interface in an area With OSPFv2 two commands are required to accomplish the same tasks the router ospf command to create the OSPF process then the network area command to enable OSPF on an interface NOTE The OSPFv2 network area command enables OSPF on mu...

Page 642: ...o 65535 Default cost is based on the bandwidth Specify how the OSPF interface cost is calculated based on the reference bandwidth method The cost of an interface is calculated as Reference Bandwidth Interface speed ROUTER OSPFv3 auto cost reference bandwidth ref bw To return to the default bandwidth or to assign cost based on the interface type use the no auto cost reference bandwidth ref bw comma...

Page 643: ...mand on each interface that runs OSPFv3 Assign the OSPFv3 process and an OSPFv3 area to this interface CONF INT type slot port mode ipv6 ospf process id area area id process id the process ID number assigned area id the area ID for this interface Assigning OSPFv3 Process ID and Router ID Globally To assign disable or reset OSPFv3 globally use the following commands Enable the OSPFv3 process global...

Page 644: ... configure IPv6 stub areas use the following command Configure the area as a stub area CONF IPV6 ROUTER OSPF mode area area id stub no summary no summary use these keywords to prevent transmission in to the area of summary ASBR LSAs Area ID a number or IP address assigned when creating the area You can represent the area ID as a number from 0 to 65536 if you assign a dotted decimal format rather t...

Page 645: ...NF IPV6 ROUTER OSPF mode redistribute bgp connected static metric metric value metric type type value route map map name tag tag value Configure the following required and optional parameters bgp connected static enter one of the keywords to redistribute those routes metric metric value The range is from 0 to 4294967295 metric type metric type enter 1 for OSPFv3 external route type 1 OR 2 for OSPF...

Page 646: ...eful restart of a neighbor NOTE Enter the ipv6 ospf graceful restart helper reject command in Interface configuration mode Enable OSPFv3 graceful restart globally by setting the grace period in seconds CONF IPV6 ROUTER OSPF mode graceful restart grace period seconds The valid values are from 40 to 1800 seconds Configure an OSPFv3 interface to not act on the Grace LSAs that it receives from a resta...

Page 647: ...atabase summary Examples of the Graceful Restart show Commands The following example shows the show run ospf command Dell show run ospf router ospf 1 router id 200 1 1 1 log adjacency changes graceful restart grace period 180 network 20 1 1 0 24 area 0 network 30 1 1 0 24 area 0 ipv6 router ospf 1 log adjacency changes graceful restart grace period 180 The following example shows the show ipv6 osp...

Page 648: ... packet but leaves the header untouched Tunnel mode is more secure and encrypts both the header and payload On the receiving side an IPsec compliant device decrypts each packet NOTE Dell Networking OS supports only Transport Encryption mode in OSPFv3 authentication with IPsec With IPsec based authentication Crypto images are used to include the IPsec secure socket application programming interface...

Page 649: ...security policy consists of a security policy index SPI and the key used to validate OSPFv3 packets After IPsec is configured for OSPFv3 IPsec operation is invisible to the user You can only enable one security protocol AH or ESP at a time on an interface or for an area Enable IPsec AH with the ipv6 ospf authentication command enable IPsec ESP with the ipv6 ospf encryption command The security pol...

Page 650: ...igure the same authentication policy the same SPI and key on each OSPFv3 interface in a link Enable IPsec authentication for OSPFv3 packets on an IPv6 based interface INTERFACE mode ipv6 ospf authentication null ipsec spi number MD5 SHA1 key encryption type key null causes an authentication policy configured for the area to not be inherited on the interface ipsec spi number the security policy ind...

Page 651: ...lues are 3DES DES AES CBC and NULL For AES CBC only the AES 128 and AES 192 ciphers are supported key specifies the text string used in the encryption All neighboring OSPFv3 routers must share the same key to decrypt information Required lengths of a non encrypted or encrypted key are 3DES 48 or 96 hex digits DES 16 or 32 hex digits AES CBC 32 or 64 hex digits for AES 128 and 48 or 96 hex digits f...

Page 652: ...type optional specifies if the key is encrypted The valid values are 0 key is not encrypted or 7 key is encrypted key specifies the text string used in authentication All neighboring OSPFv3 routers must share key to exchange information For MD5 authentication the key must be 32 hex digits non encrypted or 64 hex digits encrypted For SHA 1 authentication the key must be 40 hex digits non encrypted ...

Page 653: ... is encrypted Valid values 0 key is not encrypted or 7 key is encrypted authentication algorithm specifies the authentication algorithm to use for encryption The valid values are MD5 or SHA1 key specifies the text string used in authentication All neighboring OSPFv3 routers must share key to exchange information For MD5 authentication the key must be 32 hex digits non encrypted or 64 hex digits en...

Page 654: ...2 Inbound ESP Cipher Key 123456789a123456789b123456789c123456789d12345678 Outbound ESP Cipher Key 123456789a123456789b123456789c123456789d12345678 Transform set esp 3des esp md5 hmac Crypto IPSec client security policy data Policy name OSPFv3 1 500 Policy refcount 2 Inbound AH SPI 500 0x1F4 Outbound AH SPI 500 0x1F4 Inbound AH Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Ou...

Page 655: ...esp sas spi 600 0x258 transform esp des esp sha1 hmac in use settings Transport replay detection support N STATUS ACTIVE Troubleshooting OSPFv3 The system provides several tools to troubleshoot OSPFv3 operation on the switch This section describes typical OSPFv3 troubleshooting scenarios NOTE The following troubleshooting section is meant to be a comprehensive list but only to provide some example...

Page 656: ...how ipv6 ospf database View the configuration of OSPFv3 neighbors EXEC Privilege mode show ipv6 ospf neighbor View debug messages for all OSPFv3 interfaces EXEC Privilege mode debug ipv6 ospf event packet type slot port subport For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyG...

Page 657: ...size source protocol type destination and so on For example a network administrator might want to forward a packet that uses TCP across a different next hop than packets using ICMP In these situations you can a configure switch route packet according to a policy applied to interfaces When the packet comes from this source and wants to go to that destination then route it to this next hop or onto t...

Page 658: ...unnel id mandatory Instead if user provides the tunnel destination IP as next hop that would be treated as IPv4 next hop and not tunnel next hop PBR with Multiple Tacking Option Policy based routing with multiple tracking option extends and introduces the capabilities of object tracking to verify the next hop IP address before forwarding the traffic to the next hop The verification method is made ...

Page 659: ...te an exception to a redirect list Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries Because the order of rules is important ensure that you configure an...

Page 660: ...ddress is the Forwarding router s address tunnel is used to configure the tunnel settings tunnel id is used to redirect the traffic track obj id is used to track the object id track is to enable the tracking FORMAT A B C D FORMAT slot port subport ip protocol number or protocol type is the type of protocol to be redirected FORMAT 0 255 for IP protocol number or enter protocol type source ip addres...

Page 661: ... 3 3 3 3 ip host 222 1 1 1 host 77 1 1 1 Applied interfaces None You can apply multiple rules to a single redirect list The rules are applied in ascending order starting with the rule that has the lowest sequence number in a redirect list displays the correct method for applying multiple rules to one list Example Creating Multiple Rules for a Redirect List Dell conf ip redirect list test Dell conf...

Page 662: ...redirect groups on one interface for backup purposes Apply a redirect list policy based routing to an interface INTERFACE mode ip redirect group redirect list name redirect list name is the name of a redirect list to apply to this interface FORMAT up to 16 characters To delete the redirect list from this interface use the no ip redirect group command In this example the list xyz is applied to the ...

Page 663: ... seq 30 redirect 155 1 1 2 track 6 icmp host 8 8 8 8 any Track 5 up Next hop reachable via Po 5 seq 35 redirect 42 1 1 2 icmp host 8 8 8 8 any Next hop reachable via Vl 20 seq 40 redirect 43 1 1 2 tcp 155 55 2 0 24 222 22 2 0 24 Next hop reachable via Vl 30 seq 45 redirect 31 1 1 2 track 200 ip 12 0 0 0 255 0 0 197 13 0 0 0 255 0 0 197 Track 200 up Next hop reachable via Te 1 32 1 Track 200 up Nex...

Page 664: ...ion The following configuration is an example for setting up a PBR These are not comprehensive directions They are intended to give you a some guidance with typical configurations You can copy and paste from these examples to your CLI Be sure you make the necessary changes to support your own IP addresses interfaces names and so on Graphic illustration of the configuration shown below The Redirect...

Page 665: ...Policy based Routing PBR 665 ...

Page 666: ...st routing is supported across default and non default VRFs Protocol Overview PIM SM initially uses unidirectional shared trees to forward multicast traffic that is all multicast traffic must flow only from the rendezvous point RP to the receivers After a receiver receives traffic from the RP PM SM switches to SPT to forward multicast traffic Every multicast group has an RP and a unidirectional sh...

Page 667: ...n PIM Register packets and unicasts them to the RP 2 The RP decapsulates the PIM Register packets and forwards them if there are any receivers for that group The RP sends a PIM Join message towards the source All routers between the RP and the source including the RP create an S G entry and list the interface on which the message was received as an outgoing interface thus recreating a SPT to the s...

Page 668: ...interface 1 Enable multicast routing on the system CONFIGURATION mode ip multicast routing 2 Enable PIM Sparse mode INTERFACE mode ip pim sparse mode Examples of Viewing PIM SM Information To display which interfaces are enabled with PIM SM use the show ip pim interface command from EXEC Privilege mode Dell show ip pim interface Address Interface Ver Nbr Query DR DR Mode Count Intvl Prio 165 87 34...

Page 669: ...net 2 13 1 10 87 31 5 192 1 2 1 uptime 00 01 24 expires 00 02 26 flags FT Incoming interface TenGigabitEthernet 2 11 1 RPF neighbor 0 0 0 0 Outgoing interface list TenGigabitEthernet 1 11 1 TenGigabitEthernet 1 12 1 TenGigabitEthernet 2 13 1 More Configuring S G Expiry Timers By default S G entries expire in 210 seconds You can configure a global expiry time for all S G entries or configure an exp...

Page 670: ... list SGtimer To display the expiry time configuration use the show running configuration pim command from EXEC Privilege mode Configuring a Static Rendezvous Point The rendezvous point RP is a PIM enabled interface on a router that acts as the root a group specific tree every group must have an RP Identify an RP by the IP address of a PIM enabled or Loopback interface ip pim rp address Example of...

Page 671: ...s of the interface out of which it is sent and a DR priority value The router with the greatest priority value is the DR If the priority value is the same for two routers then the router with the greatest IP address is the DR By default the DR priority value is 192 so the IP address determines the DR Assign a DR priority value INTERFACE mode ip pim dr priority priority value Change the interval at...

Page 672: ...ip pim bsr border Remove candidate RP advertisements clear ip pim rp mapping 672 PIM Sparse Mode PIM SM ...

Page 673: ...lticast address allocation problem Applications must use unique multicast addresses because if multiple applications use the same address receivers receive unwanted traffic However global multicast address space is limited Currently GLOP EGLOP is used to statically assign Internet routable multicast addresses but each autonomous system number yields only 255 multicast addresses For short term appl...

Page 674: ...st standard ssm seq 5 permit host 239 0 0 2 R1 conf do show ip pim ssm range Group Address MaskLen 239 0 0 2 32 Use PIM SSM with IGMP Version 2 Hosts PIM SSM requires receivers that support IGMP version 3 You can employ PIM SSM even when receivers support only IGMP version 1 or version 2 by translating G entries to S G entries Translate G entries to S G entries using the ip igmp ssm map acl comman...

Page 675: ...ith IGMPv2 R1 conf do show run pim ip pim rp address 10 11 12 2 group address 224 0 0 0 4 ip pim ssm range ssm R1 conf do show run acl ip access list standard map seq 5 permit host 239 0 0 2 ip access list standard ssm seq 5 permit host 239 0 0 2 R1 conf ip igmp ssm map map 10 11 5 2 R1 conf do show ip igmp groups Total Number of Groups 2 IGMP Connected Group Membership Group Address Interface Mod...

Page 676: ... Router mode INCLUDE Last reporter 10 11 4 2 Last reporter mode INCLUDE Last report received ALLOW Group source list Source address Uptime Expires 10 11 5 2 00 00 05 00 02 04 Member Ports Te 1 2 676 PIM Source Specific Mode PIM SSM ...

Page 677: ...psulate mirrored packet using GRE with IP delivery so that it can be sent across a routed network Important Points to Remember Port Monitoring is supported on both physical and logical interfaces like virtual area network VLAN and port channel The monitored the source MD and monitoring ports the destination MG must be on the same switch In general a monitoring port should have no ip address and no...

Page 678: ...ource Destination Dir Mode Source IP Dest IP 1 Te 1 1 1 Te 2 1 1 both Port N A N A 2 Te 1 1 1 Te 2 2 1 both Port N A N A 3 Te 1 1 1 Te 2 3 1 both Port N A N A 4 Te 1 1 1 Te 2 4 1 both Port N A N A 5 Te 1 1 1 Te 2 5 1 both Port N A N A Dell conf mon sess 5 Dell conf mon ses 300 Dell conf mon sess 300 source tengig 1 17 1 destination tengig 1 4 1 direction tx Error Exceeding max MG ports for this MD...

Page 679: ...s of whether the monitored port MD is a Layer 2 or Layer 3 port If the MD port is a Layer 2 port the frames are tagged with the VLAN ID of the VLAN to which the MD belongs If the MD port is a Layer 3 port the frames are tagged with VLAN ID 4095 If the MD port is in a Layer 3 VLAN the frames are tagged with the respective Layer 3 VLAN ID For example in the configuration source TeGig 6 1 1 destinati...

Page 680: ...rce Destination Dir Mode Source IP Dest IP 0 Te 1 1 1 Te 1 2 1 rx Port N A N A Dell conf monitor session 0 Dell conf mon sess 0 source po 10 dest ten 1 2 1 dir rx Dell conf mon sess 0 do show monitor session SessID Source Destination Dir Mode Source IP Dest IP 0 Te 1 1 1 Te 1 2 1 rx Port N A N A 0 Po 10 Te 1 2 1 rx Port N A N A Dell conf monitor session 1 Dell conf mon sess 1 source vl 40 dest ten...

Page 681: ...ing commands 1 Configure monitor QoS multicast queue ID CONFIGURATION mode monitor multicast queue queue id Dell conf monitor multicast queue 7 2 Verify information about monitor configurations EXEC mode EXEC Privilege mode show run monitor session Dell show run monitor session monitor multicast queue 7 Dell Port Monitoring 681 ...

Page 682: ...ssion 0 Dell conf mon sess 0 flow based enable Dell conf ip access list ext testflow Dell config ext nacl seq 5 permit icmp any any count bytes monitor Dell config ext nacl seq 10 permit ip 102 1 1 0 24 any count bytes monitor Dell config ext nacl seq 15 deny udp any any count bytes Dell config ext nacl seq 20 deny tcp any any count bytes Dell config ext nacl exit Dell conf interface tengigabiteth...

Page 683: ...hat participates in the transport of mirrored traffic must be configured with the reserved L2 VLAN Remote port monitoring supports mirroring sessions in which multiple source and destination ports are distributed across multiple switches Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A The VLAN traffic on monitored links from the acc...

Page 684: ...sion for a reserved VLAN at the same time for multiple remote port mirroring sessions You can enable and disable individual mirroring sessions BPDU monitoring is not required to use remote port mirroring A remote port mirroring session mirrors monitored traffic by prefixing the reserved VLAN tag to monitored packets so that they are copied to the reserve VLAN Mirrored traffic is transported across...

Page 685: ... number of source ports supported in a source session 128 You can configure physical ports and port channels as sources in remote port mirroring and use them in the same source session You can use both Layer 2 configured with the switchport command and Layer 3 ports as source ports You can optionally configure one or more source VLANs to specify the VLAN traffic to be mirrored on source ports You ...

Page 686: ...1 32 destination remote vlan 300 direction rx source Port channel 10 destination remote vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch enter the show monitor session command in EXEC Privilege mode Dell conf do show monitor session SessID Source Destination Dir Mode Source IP Dest IP 1 remote vlan 100 Fo 1 3...

Page 687: ...rder for a rpm session to be active Configuring the sample Source Remote Port Mirroring Dell conf interface vlan 10 Dell conf if vl 10 mode remote port mirroring Dell conf if vl 10 tagged te 1 4 1 Dell conf if vl 10 exit Dell conf monitor session 1 type rpm Dell conf mon sess 1 source te 1 5 1 destination remote vlan 10 dir rx Dell conf mon sess 1 no disable Dell conf mon sess 1 exit Dell conf int...

Page 688: ...A N A 2 Vl 100 remote vlan 20 rx Flow N A N A 3 Po 10 remote vlan 30 both Port N A N A Dell Configuring the sample Source Remote Port Mirroring Dell conf inte te 1 1 1 Dell conf if te 1 1 1 switchport Dell conf if te 1 1 1 no shutdown Dell conf if te 1 1 1 exit Dell conf interface te 1 2 1 Dell conf if te 1 2 1 switchport Dell conf if te 1 2 1 no shutdown Dell conf if te 1 2 1 exit Dell conf inter...

Page 689: ...owing to avoid BPDU issues 1 Enable control plane egress acl using the following command mac control plane egress acl 2 Create an extended MAC access list and add a deny rule of 0x0180c2xxxxxx packets using the following commands mac access list extended mac2 seq 5 deny any 01 80 c2 00 00 00 00 00 00 ff ff ff count 3 Apply ACL on that RPM VLAN In this example RPM vlan is 10 Dell show running confi...

Page 690: ...asis is desired The keyword monitor should have been specified in the access list rules for which we need to mirror The maximum number of source ports that can be defined in a session is 128 The system allows to configure upto 4 ERPM sessions ERPM sessions do not copy locally sourced remote VLAN traffic from source trunk ports that carry RPM VLANs ERPM sessions do not copy locally sourced ERPM GRE...

Page 691: ...mon sess 0 source port channel 1 direction tx Dell conf mon sess 0 erpm source ip 1 1 1 1 dest ip 7 1 1 2 Dell conf mon sess 0 no disable Dell conf monitor session 1 type erpm Dell conf mon sess 1 source vlan 11 direction rx Dell conf mon sess 1 erpm source ip 5 1 1 1 dest ip 3 1 1 2 Dell conf mon sess 1 flow based enable Dell conf mon sess 1 no disable Dell show monitor session SessID Source Dest...

Page 692: ...der and sent to the destination ip address Port D s ip address on the sniffer The Header that gets attached to the packet is 38 bytes long If the sniffer does not support IP interface a destination switch will be needed to receive the encapsulated ERPM packet and locally mirror the whole packet to the Sniffer or a Linux Server Decapsulation of ERPM packets at the Destination IP Analyzer In order t...

Page 693: ...ce to be same and listen in the tx direction of the interface Download Write a small script for example erpm py such that it will strip the given ERPM packet starting from the bit where GRE header ends Basically all the bits after 0x88BE need to be removed from the packet and sent out through another interface This script erpm zip is available for download at the following location http en communi...

Page 694: ... Overview PVST is a variation of spanning tree developed by a third party that allows you to configure a separate spanning tree instance for each virtual local area network VLAN For more information about spanning tree refer to the Spanning Tree Protocol STP chapter Figure 101 Per VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree as shown in the following t...

Page 695: ... you intended Configure Per VLAN Spanning Tree Plus Configuring PVST is a four step process 1 Configure interfaces for Layer 2 2 Place the interfaces in VLANs 3 Enable PVST 4 Optionally for load balancing select a nondefault bridge priority for a VLAN Related Configuration Tasks Modifying Global PVST Parameters Modifying Interface PVST Parameters Configuring an EdgePort Flush MAC Addresses after a...

Page 696: ...Dell_E600 conf pvst show config verbose protocol spanning tree pvst no disable vlan 100 bridge priority 4096 Influencing PVST Root Selection As shown in the previous per VLAN spanning tree illustration all VLANs use the same forwarding topology because R2 is elected the root and all TenGigabitEthernet ports have the same cost The following per VLAN spanning tree illustration changes the bridge pri...

Page 697: ...ault value for bridge priority To assign a bridge priority use the following command Assign a bridge priority PROTOCOL PVST mode vlan bridge priority The range is from 0 to 61440 The default is 32768 Example of the show spanning tree pvst vlan Command To display the PVST forwarding topology use the show spanning tree pvst vlan vlan id command from EXEC Privilege mode Dell_E600 conf do show spannin...

Page 698: ...4096 address 0001 e80d b6 d6 Designated port id is 128 385 designated path cost 0 Modifying Global PVST Parameters The root bridge sets the values for forward delay and hello time and overwrites the values set on other PVST bridges Forward delay the amount of time an interface waits in the Listening state and the Learning state before it transitions to the Forwarding state Hello time the time inte...

Page 699: ...Value 100 Mb s Ethernet interfaces 200000 1 Gigabit Ethernet interfaces 20000 10 Gigabit Ethernet interfaces 2000 Port Channel with 100 Mb s Ethernet interfaces 180000 Port Channel with 1 Gigabit Ethernet interfaces 18000 Port Channel with 10 Gigabit Ethernet interfaces 1800 NOTE The Dell Networking OS implementation of PVST uses IEEE 802 1s costs as the default costs Other implementations use IEE...

Page 700: ...and as previously shown Dell Networking OS Behavior Regarding the bpduguard shutdown on violation command behavior If the interface to be shut down is a port channel all the member ports are disabled in the hardware When you add a physical port to a port channel already in an Error Disable state the new member port is also disabled in the hardware When you remove a physical port from a port channe...

Page 701: ... detected and the rules of convergence require that P2 move to blocking state because it has the lowest port ID To keep both ports in a Forwarding state use extend system ID Extend system ID augments the bridge ID with a VLAN ID to differentiate BPDUs on each VLAN so that PVST does not detect a loop and both ports can remain in a Forwarding state Figure 103 PVST with Extend System ID Augment the b...

Page 702: ...face Vlan 200 no ip address tagged TenGigabitEthernet 1 22 32 1 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 1 22 32 1 no shutdown protocol spanning tree pvst no disable vlan 100 bridge priority 4096 Example of PVST Configuration R2 interface TenGigabitEthernet 2 12 1 no ip address switchport no shutdown interface TenGigabitEthernet 2 32 1 no ip address switchport no shut...

Page 703: ...abitEthernet 3 22 1 no ip address switchport no shutdown interface Vlan 100 no ip address tagged TenGigabitEthernet 3 12 22 1 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3 12 22 1 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 3 12 22 1 no shutdown protocol spanning tree pvst no disable vlan 300 bridge priority 4096 Per VLAN Spanning Tree Plus PVS...

Page 704: ...rities on Ingress Traffic Ingress Configure Port based Rate Policing Ingress Configure Port based Rate Shaping Egress Policy Based QoS Configurations Ingress Egress Classify Traffic Ingress Create a Layer 3 Class Map Ingress Set DSCP Values for Egress Packets Based on Flow Ingress Create a Layer 2 Class Map Ingress Create a QoS Policy Ingress Egress Create an Input QoS Policy Ingress Configure Pol...

Page 705: ...ss Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict Priority Queueing Weighted Random Early Detection Egress Create WRED Profiles Egress Quality of Service QoS 705 ...

Page 706: ...Services Field DS Field in the IPv4 Headers RFC 2475 An Architecture for Differentiated Services RFC 2597 Assured Forwarding PHB Group RFC 2598 An Expedited Forwarding PHB You cannot configure port based and policy based QoS on the same interface Port Based QoS Configurations You can configure the following QoS features on an interface NOTE You cannot simultaneously use egress rate shaping and ing...

Page 707: ...ll configure terminal Dell conf interface tengigabitethernet 1 1 1 Dell conf if te 1 1 1 switchport Dell conf if te 1 1 1 dot1p priority 1 Dell conf if te 1 1 1 end Honoring dot1p Priorities on Ingress Traffic By default Dell Networking OS does not honor dot1p priorities on ingress traffic You can configure this feature on physical interfaces and port channels but you cannot configure it on indivi...

Page 708: ...ived untagged frames Though these 4 bytes are not part of the untagged frame received on the wire they are included in the rate metering calculation resulting in metering inaccuracy Configuring Port Based Rate Policing If the interface is a member of a VLAN you may specify the VLAN for which ingress packets are policed Rate policing ingress traffic on an interface INTERFACE mode rate police Exampl...

Page 709: ...because of its smaller buffer size Rate shaping on tagged ports is slightly greater than the configured rate and rate shaping on untagged ports is slightly less than configured rate Rate shaping buffers rather than drops traffic exceeding the specified rate until the buffer is exhausted If any stream exceeds the configured bandwidth on a continuous basis it can consume all of the buffer space that...

Page 710: ...ucting Policy Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic For both class maps Layer 2 and Layer 3 Dell Networking OS matches packets against match criteria in the order that you configure them 710 Quality of Service QoS ...

Page 711: ...n CLASS MAP mode Match any class maps allow up to five ACLs Match all class maps allow only one ACL 4 Link the class map to a queue POLICY MAP mode service queue Example of Creating a Layer 3 Class Map Dell conf ip access list standard acl1 Dell config std nacl permit 20 0 0 0 8 Dell config std nacl exit Dell conf ip access list standard acl2 Dell config std nacl permit 20 1 1 0 24 order 0 Dell co...

Page 712: ...ASS MAP mode Match any class maps allow up to five access lists Match all class maps allow only one You can match against only one VLAN ID 4 Link the class map to a queue POLICY MAP mode service queue Determining the Order in Which ACLs are Used to Classify Traffic When you link class maps to queues using the service queue command Dell Networking OS matches the class maps according to queue priori...

Page 713: ...affic Classifications The following example shows incorrect traffic classifications Dell show running config policy map input policy map input PolicyMapIn service queue 1 class map ClassAF1 qos policy QosPolicyIn 1 service queue 2 class map ClassAF2 qos policy QosPolicyIn 2 Dell show running config class map class map match any ClassAF1 match ip access group AF1 FB1 set ip dscp 10 match ip access ...

Page 714: ...1 0 IP 0x0 0 0 23 64 0 3 32 0 0 0 0 0 12 1 20419 1 10 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 14 1 24511 1 0 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 0 Dot1p to Queue Mapping Requirement The dot1p to queue mapping on the system is global and this is used to configure the PRIO2COS table configuration For DSCP based PFC feature on untagged packets this mapping must be the same as the default dot1p to queue mapping and s...

Page 715: ...duler strict rate shaping and WRED NOTE When changing a service queue configuration in a QoS policy map all QoS rules are deleted and re added automatically to ensure that the order of the rules is maintained As a result the Matched Packets value shown in the show qos statistics command is reset NOTE To avoid issues misconfiguration causes Dell Networking recommends configuring either DCBX or Egre...

Page 716: ...eduler strict It is applied to Qos policy output When scheduler strict is applied to multiple Queues high queue number takes precedence Allocating Bandwidth to Queue Specifying WRED Drop Precedence Configuring Policy Based Rate Shaping To configure policy based rate shaping use the following command Configure rate shape egress traffic QOS POLICY OUT mode rate shape Allocating Bandwidth to Queue Th...

Page 717: ...S policy Specify a WRED profile to yellow and or green traffic QOS POLICY OUT mode wred For more information refer to Applying a WRED Profile to Traffic DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configuration This sections consists of the following topics Creating a DSCP Color Map Displaying Color Maps Display Color Map Config...

Page 718: ... create a DSCP color map 1 Create the color aware map QoS DSCP color map CONFIGURATION mode qos dscp color map color map name 2 Create the color aware map profile DSCP COLOR MAP dscp yellow red list dscp values 3 Apply the map profile to the interface CONFIG INTERFACE mode qos dscp color policy color map name Example Create a DSCP Color Map The following example creates a DSCP color map profile co...

Page 719: ...onfigured Examples for Displaying a DSCP Color Policy Display summary information about a color policy for one or more interfaces Dell show qos dscp color policy summary Interface dscp color map TE 1 10 1 mapONE TE 1 11 1 mapTWO Display summary information about a color policy for a specific interface Dell show qos dscp color policy summary tengigabitethernet 1 10 1 Interface dscp color map TE 1 1...

Page 720: ...y map use the following command Apply an input QoS policy to an input policy map POLICY MAP IN mode policy service queue number qos polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP va...

Page 721: ...warding Flash Override 2 4 32 47 16 23 011XXX AF3 Flash 1 3 16 31 8 15 010XXX AF2 Immediate 1 2 16 31 8 15 001XXX AF1 Priority 0 1 0 15 0 7 000XXX BE Best Effort Best Effort 0 0 0 15 0 7 Enable the trust DSCP feature POLICY MAP IN mode trust diffserv Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature The following table s...

Page 722: ...e bandwidth percentage command in QOS POLICY OUT mode supersedes the service class bandwidth percentage command Guarantee a minimum bandwidth to queues globally CONFIGURATION mode service class bandwidth percentage Applying an Input Policy Map to an Interface To apply an input policy map to an interface use the following command You can apply the same policy map to multiple interfaces and you can ...

Page 723: ...t Policy Map to an Interface To apply an output policy map to an interface use the following command Apply an input policy map to an interface INTERFACE mode service policy output You can apply the same policy map to multiple interfaces and you can modify a policy map after you apply it Enabling QoS Rate Adjustment By default while rate limiting policing and shaping Dell Networking OS does not inc...

Page 724: ... a queue use the Scheduler Strict feature as described in Scheduler Strict The strict priority supersedes bandwidth percentage configuration A queue with strict priority can starve other queues in the same port pipe Assign strict priority to one unicast queue CONFIGURATION mode strict priority The range is from 1 to 3 Queue Classification Requirements for PFC Functionality Queue classification req...

Page 725: ...e Dot1p priority when the ingress packets are untagged but go out to the peer as tagged NOTE L2 qos policy behavior will be retained and would not be changed that is we would not allow to set both DSCP and Dot1p in the L2 Input Qos Policy Example case Consider that two switches A and B are connected back to back via a tagged interface Consider the case where untagged packets arrive on switch A if ...

Page 726: ...evented from consuming too much of the BTM resources WRED uses a profile to specify minimum and maximum threshold values The minimum threshold is the allotted buffer space for specified traffic for example 1000KB on egress If the 1000KB is consumed packets are dropped randomly at an exponential rate until the maximum threshold is reached as shown in the following illustration this procedure is the...

Page 727: ...refer to Honoring DSCP Values on Ingress Packets all traffic defaults to green drop precedence Assign a WRED profile to either yellow or green traffic QOS POLICY OUT mode wred Displaying Default and Configured WRED Profiles To display the default and configured WRED profiles use the following command Display default and configured WRED profiles and their threshold values EXEC mode show qos wred pr...

Page 728: ...orking OS version 7 3 1 there was no way to measure the number of CAM entries a policy map would consume the number of CAM entries that a rule uses is not predictable from 1 to 16 entries might be used per rule depending upon its complexity Therefore it was possible to apply to an interface a policy map that requires more entries than are available In this case the system writes as many entries as...

Page 729: ... to write the policy map to the CAM is greater than the number of available CAM entries and therefore the policy map cannot be applied to an interface in the specified port pipe NOTE The show cam usage command provides much of the same information as the test cam usage command but whether a policy map can be successfully applied to an interface cannot be determined without first measuring how many...

Page 730: ...ps committed rate burst packets command in the QoS Policy Out Configuration mode to configure the committed rate and committed burst size as a measure of pps Alternatively you can use the rate shape kbps peak rate burst KB committed kbps committed rate burst KB command to configure the committed rate and committed burst size as a measure of bytes If you configure the peak rate in pps the peak burs...

Page 731: ...u can use ECN in conjunction with WRED to resolve the dropping of packets under congested conditions Using ECN the packets are marked for transmission at a later time after the network recovers from the heavy traffic state to an optimal load In this manner enhanced performance and throughput are achieved Also the devices can respond to congestion before a queue overflows and packets are dropped en...

Page 732: ...r the minimum of the thresholds between the queue threshold and the service pool threshold When WRED is configured on the global service pool regardless of whether ECN on global service pool is configured and one or more queues are enabled with both WRED and ECN ECN marking takes effect The packets are ECN marked up to shared buffer limits as determined by the shared ratio for that global service ...

Page 733: ...of ECN to mark the packets and reduce the rate of sending packets in a congested heavily loaded network To configure the weight factor for WRED and ECN capabilities global buffer pools for multiple queues and associating a service class with ECN marking perform the following 1 Configure the weight factor for the computation of average queue size This weight value applies to front end ports QOS POL...

Page 734: ... by default all packets less than PIR would be considered as Green But Green packets matching the specific match criteria for which color marking is configured will be over written and marked as Yellow If two rate three color policer is configured along with this feature then x CIR will be marked as Green CIR x PIR will be marked as Yellow PIR x will be marked as Red But Green packets matching the...

Page 735: ...d will be subject to the early WRED drops Typically the TCP acks OAM ICMP ping packets will be non ECN in nature and it is not desirable for this packets getting WRED dropped In such a condition it is necessary that the switch is capable to take differentiated actions for ECN Non ECN packets After classifying packets to ECN Non ECN marking ECN and Non ECN packets to different color packets is perf...

Page 736: ... in the existing L3 ACL command the ecn qualifier can be used along with all other supported ACL match qualifiers such as SIP DIP TCP UDP SRC PORT DST PORT ICMP Until Release 9 3 0 0 ACL supports classification based on the below TCP flags ACK FIN SYN PSH RST URG You can now use the ecn match qualifier along with the above TCP flag for classification The following combination of match qualifiers i...

Page 737: ... requirement can be achieved using either of the two approaches Approach without explicit ECN match qualifiers for ECN packets ip access list standard dscp_50 seq 5 permit any dscp 50 ip access list standard dscp_40 seq 5 permit any dscp 40 ip access list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ip access list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class map match a...

Page 738: ...ayer 2 header configure VLAN tags on a Layer 3 port interface which is configured with an IP address but has no VLAN associated with it You can also configure a VLAN sub interface on the port interface and apply a policy map that classifies packets using the dot1p VLAN ID To apply an input policy map with Layer 2 match criteria to a Layer 3 port interface use the service policy input policy name l...

Page 739: ... which are the values derived from the show command output in the Max Use count mode In Dell Networking OS Release 9 3 0 0 only the Max Use count mode of operation is supported for the computation of maximum counter values Depending on the buffer space statistical values that you can obtain you can modify the settings for buffer area to achieve enhanced reliability and efficiency in the handling o...

Page 740: ...of buffer information such as device level details queue based snapshots or priority group level snapshot in the egress and ingress direction of traffic use show hardware stack unit id buffer stats snapshot unit id resource x EXEC EXEC Privilege mode Dell show hardware stack unit 1 buffer stats snapshot unit 3 resource interface all queue mcast 3 Unit 1 unit 3 port 1 interface Fo 1 144 Q TYPE Q TO...

Page 741: ...napshot resource interface interface priority group id all queue ucast id all mcast id all all to view buffer statistics tracking resource information for a specific interface EXEC EXEC Privilege mode Dell show hardware buffer stats snapshot resource interface fortyGigE 0 0 queue all Unit 0 unit 0 port 1 interface Fo 0 0 Q TYPE Q TOTAL BUFFERED CELLS UCAST 0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4...

Page 742: ...ting table is sent as either a request or response message In RIPv1 automatic updates to the routing table are performed as either one time requests or periodic responses every 30 seconds RIP transports its responses or requests by means of user datagram protocol UDP over port 520 RIP must receive regular routing updates to maintain a correct routing table Response messages containing a router s f...

Page 743: ...OUTER RIP and INTERFACE Commands executed in the ROUTER RIP mode configure RIP globally while commands executed in the INTERFACE mode configure RIP features on that interface only RIP is best suited for small homogeneous networks You must configure all devices within the RIP network to support RIP if they are to participate in the RIP Configuration Task List The following is the configuration task...

Page 744: ...how running config command in EXEC mode or the show config command in ROUTER RIP mode Dell conf router_rip show config router rip network 10 0 0 0 Dell conf router_rip When the RIP process has learned the RIP routes use the show ip rip database command in EXEC mode to view those routes Dell show ip rip database Total number of routes in RIP database 978 160 160 0 0 16 120 1 via 29 10 10 12 00 00 2...

Page 745: ...8 auto summary 29 10 10 0 24 directly connected Fa 1 49 29 0 0 0 8 auto summary 31 0 0 0 8 120 1 via 29 10 10 12 00 00 26 Fa 1 49 31 0 0 0 8 auto summary 192 162 2 0 24 120 1 via 29 10 10 12 00 01 21 Fa 1 49 192 162 2 0 24 auto summary 192 161 1 0 24 120 1 via 29 10 10 12 00 00 27 Fa 1 49 192 161 1 0 24 auto summary 192 162 3 0 24 120 1 via 29 10 10 12 00 01 22 Fa 1 49 192 162 3 0 24 auto summary ...

Page 746: ... Those routes must meet the conditions of the prefix list if not Dell Networking OS drops the route Prefix lists are globally applied on all interfaces running RIP Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process For configuration information about prefix lists refer to Access Control Lists ACLs To apply prefix lists to incoming or outgoing RIP routes use the ...

Page 747: ...ip rip receive version commands in INTERFACE mode You can set one RIP version globally on the system using system This command sets the RIP version for RIP traffic on the interfaces participating in RIP unless the interface was specifically configured for a specific RIP version Set the RIP version sent and received on the system ROUTER RIP mode version 1 2 Set the RIP versions received on that int...

Page 748: ...e no longer sends and receives the same RIP versions as Dell Networking OS does globally shown in bold Dell show ip protocols Routing Protocols is RIP Sending updates every 30 seconds next due in 11 Invalid after 180 seconds hold down 180 flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in effect Outgoing filter for all interfaces is Incoming filter ...

Page 749: ...enable the ip split horizon command on an interface the system does not advertise the summarized address Controlling Route Metrics As a distance vector protocol RIP uses hop counts to determine the best route but sometimes the shortest hop count is a route over the lowest speed link To manipulate RIP routes so that the routing protocol prefers a different route manipulate the route by using the of...

Page 750: ...r RIP routes To enable RIP debugging use the following command debug ip rip interface database events trigger EXEC privilege mode Enable debugging of RIP Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function Dell debug ip rip RIP protocol debug is ON Dell To disable RIP use the no debug ip rip command RIP Configuration Example The examp...

Page 751: ...o display Core 2 RIP setup use the show ip route command To display Core 2 RIP activity use the show ip protocols command The following example shows the show ip rip database command to view the learned RIP routes on Core 2 Core2 conf router_rip end 00 12 24 RPM0 P CP SYS 5 CONFIG_I Configured from console by console Core2 show ip rip database Total number of routes in RIP database 7 10 11 30 0 24...

Page 752: ...R 192 168 2 0 24 via 10 11 20 1 Te 2 3 1 120 1 00 01 20 Core2 R 192 168 1 0 24 via 10 11 20 1 Te 2 3 1 120 1 00 05 22 R 192 168 2 0 24 via 10 11 20 1 Te 2 3 1 120 1 00 05 22 Core2 The following example shows the show ip protocols command to show the RIP configuration activity on Core 2 Core2 show ip protocols Routing Protocol is RIP Sending updates every 30 seconds next due in 17 Invalid after 180...

Page 753: ... learned RIP routes on Core 3 Core3 show ip rip database Total number of routes in RIP database 7 10 11 10 0 24 120 1 via 10 11 20 2 00 00 13 TenGigabitEthernet 3 21 1 10 200 10 0 24 120 1 via 10 11 20 2 00 00 13 TenGigabitEthernet 3 21 1 10 300 10 0 24 120 1 via 10 11 20 2 00 00 13 TenGigabitEthernet 3 21 1 10 11 20 0 24 directly connected TenGigabitEthernet 3 21 1 10 11 30 0 24 directly connecte...

Page 754: ...ets Automatic network summarization is in effect Outgoing filter for all interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control receive version 2 send version 2 Interface Recv Send TenGigabitEthernet 3 21 1 2 2 TenGigabitEthernet 3 11 1 2 2 TenGigabitEthernet 3 24 1 2 2 TenGigabitEthernet 3 23 1 2 2 Routing for Networks 10 11 20 0 10 11 30 0 ...

Page 755: ...e TenGigabitEthernet 3 1 1 ip address 10 11 30 1 24 no shutdown interface TenGigabitEthernet 3 2 1 ip address 10 11 20 1 24 no shutdown interface TenGigabitEthernet 3 4 1 ip address 192 168 1 1 24 no shutdown interface TenGigabitEthernet 3 5 1 ip address 192 168 2 1 24 no shutdown router rip version 2 network 10 11 20 0 network 10 11 30 0 network 192 168 1 0 network 192 168 2 0 Routing Information...

Page 756: ...on Alarm Configuring an RMON Event Configuring RMON Collection Statistics Configuring the RMON Collection History RMON implements the following standard request for comments RFCs for more information refer to the Standards Compliance chapter RFC 2819 RFC 3273 RFC 3434 RFC 4502 Fault Recovery RMON provides the following fault recovery functions Interface Down When an RMON enabled interface goes dow...

Page 757: ... hc alarm command interval time in seconds the alarm monitors the MIB variable the value must be between 1 to 3 600 delta tests the change between MIB variables this option is the alarmSampleType in the RMON Alarm table absolute tests each MIB variable directly this option is the alarmSampleType in the RMON Alarm table rising threshold value value at which the rising threshold alarm is triggered o...

Page 758: ...o log trap community Optional SNMP community string used for this trap Configures the setting of the eventType in the RMON MIB for this row as either snmp trap snmptrap or log and trap This value is identical to the eventCommunityValue in the eventTable in the RMON MIB Default is public description string Optional specifies a description of the event which is identical to the event description in ...

Page 759: ...atistics using a value integer a value from 1 to 65 535 that identifies the RMON group of statistics The value must be a unique index in the RMON History Table owner Optional specifies the name of the owner of the RMON group of statistics The default is a null terminated string ownername Optional records the name of the owner of the RMON group of statistics buckets Optional specifies the maximum n...

Page 760: ...table Table 76 Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Configuring Rapid Spanning Tree Configuring RSTP is a two step process 1 Configure interfaces for Layer 2 2 Enable the rapid spa...

Page 761: ...ions help you avoid these issues and the associated traffic loss caused by using RSTP when you enable VLT on both VLT peers Configure any ports at the edge of the spanning tree s operating domain as edge ports which are directly connected to end stations or server racks Ports connected directly to Layer 3 only routers not running STP should have RSTP disabled or be configured as edge ports Ensure ...

Page 762: ...mode are automatically part of the RST topology Only one path from any bridge to any other bridge is enabled Bridges block a redundant path by disabling one of the link ports To enable RSTP globally for all Layer 2 interfaces use the following commands 1 Enter PROTOCOL SPANNING TREE RSTP mode CONFIGURATION mode protocol spanning tree rstp 2 Enable RSTP PROTOCOL SPANNING TREE RSTP mode no disable E...

Page 763: ... change occurred 00 02 17 ago on Te 1 26 1 Port 377 TenGigabitEthernet 2 1 1 is designated Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 377 Designated root has priority 32768 address 0001 e801 cbb4 Designated bridge has priority 32768 address 0001 e801 cbb4 Designated port id is 128 377 designated path cost 0 Number of transitions to forwarding state 1 BPDU sent 121 receiv...

Page 764: ...ot ID Priority 32768 Address 0001 e801 cbb4 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 32768 Address 0001 e80f 1dad Configured hello time 2 max age 20 forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID Te 3 1 1 128 681 128 20000 BLK 20000 32768 0001 e80b 88bd 128 469 Te 3 2 1 128 682 128 20000 BLK 20000 32768 0001 e80b 88bd 128 470 Te...

Page 765: ...ers Poorly planned modification of the RSTP parameters can negatively affect network performance The following table displays the default values for RSTP Table 77 RSTP Default Values RSTP Parameter Default Value Forward Delay 15 seconds Hello Time 2 seconds Max Age 20 seconds Port Cost 100 Mb s Ethernet interfaces 1 Gigabit Ethernet interfaces 10 Gigabit Ethernet interfaces Port Channel with 100 M...

Page 766: ...face Parameters On interfaces in Layer 2 mode you can set the port cost and port priority values Port cost a value that is based on the interface type The previous table lists the default values The greater the port cost the less likely the port is selected to be a forwarding port Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports hav...

Page 767: ...l conf rstp bridge priority 4096 04 27 59 RPM0 P RP2 SPANMGR 5 STP_ROOT_CHANGE RSTP root changed My Bridge ID 4096 0001 e80b 88bd Old Root 32768 0001 e801 cbb4 New Root 4096 0001 e80b 88bd Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner In this mode an interface forwards frames by default until it receives a BPDU that indi...

Page 768: ...Interface To verify that EdgePort is enabled on a port use the show spanning tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode NOTE Dell Networking recommends using the show config command from INTERFACE mode In the following example the bold line indicates that the interface is in EdgePort mode Dell conf if te 2 1 1 show config interface TenGigabitEthernet ...

Page 769: ...We are the root Configured hello time 50 ms max age 20 forward delay 15 NOTE The hello time is encoded in BPDUs in increments of 1 256ths of a second The standard minimum hello time in seconds is 1 second which is encoded as 256 Millisecond hello times are encoded using values less than 256 the millisecond hello time equals x 1000 256 When you configure millisecond hellos the default hello interva...

Page 770: ...42 Software Defined Networking SDN Dell Networking operating software supports Software Defined Networking SDN For more information refer to the SDN Deployment Guide 770 Software Defined Networking SDN ...

Page 771: ...er As with authentication and authorization you must configure AAA accounting by defining a named list of accounting methods and then applying that list to various virtual terminal line VTY lines Configuration Task List for AAA Accounting The following sections present the AAA accounting configuration tasks Enabling AAA Accounting mandatory Suppressing AAA Accounting for Null Username Sessions opt...

Page 772: ...mmand is applied To prevent accounting records from being generated for sessions that do not have usernames associated with them use the following command Prevent accounting records from being generated for users whose username string is NULL CONFIGURATION mode aaa accounting suppress null username Configuring Accounting of EXEC and Privilege Level Command Usage The network access server monitors ...

Page 773: ... AAA to help secure networks against unauthorized access In the Dell Networking implementation the Dell Networking system acts as a RADIUS or TACACS client and sends authentication requests to a central remote authentication dial in service RADIUS or Terminal access controller access control system plus TACACS server that contains all user authentication and network service access information Dell...

Page 774: ... or TACACS is the last authentication method and the server is not reachable Dell Networking OS allows access even though the username and password credentials cannot be verified Only the console port behaves this way and does so to ensure that users are not locked out of the system if network wide issue prevents access to these servers 1 Define an authentication method list method list name or sp...

Page 775: ... do not set the default list only the local enable is checked This setting has the same effect as issuing an aaa authentication enable default enable command Enabling AAA Authentication RADIUS To enable authentication from the RADIUS server and use TACACS as a backup use the following commands 1 Enable RADIUS and set up TACACS as backup CONFIGURATION mode aaa authentication enable default radius t...

Page 776: ...cure passwords command to prevent a user from reading the passwords and keys including RADIUS TACACS keys router authentication strings VRRP authentication by obscuring this information Passwords and keys are stored encrypted in the configuration file and by default are displayed in the encrypted form when the configuration is displayed Enabling the service obscure passwords command displays aster...

Page 777: ...and is the highest level In this level you can access any command in Dell Networking OS Privilege levels 2 through 14 are not configured and you can customize them for different users and access After you configure other privilege levels enter those levels by adding the level parameter after the enable command or by configuring a user name or password that corresponds to the privilege level For mo...

Page 778: ... enable command to enter EXEC Privilege level 15 After entering the command Dell Networking OS requests that you enter a password Privilege levels are not assigned to passwords rather passwords are assigned to a privilege level You can always change a password for any privilege level To change to a different privilege level enter the enable command then the privilege level If you do not enter a pr...

Page 779: ...ame Enter a text string up to 63 characters maximum long access class access list name Restrict access by access class privilege level The range is from 0 to 15 nopassword No password is required for the user to log in encryption type Enter 0 for plain text or 7 for encrypted text password Enter a string Specify the password for the user Secret Specify the secret for the user 2 Configure a passwor...

Page 780: ...are assigned to privilege level 8 Dell conf username john privilege 8 password john Dell conf enable password level 8 notjohn Dell conf privilege exec level 8 configure Dell conf privilege config level 8 snmp server Dell conf end Dell show running config Current Configuration hostname Force10 enable password level 8 notjohn enable password Force10 username admin password 0 admin username john pass...

Page 781: ...following optional and required parameters encryption type Enter 0 for plain text or 7 for encrypted text password Enter a text string up to 32 characters long To view the password configured for a terminal use the show config command in LINE mode Enabling and Disabling Privilege Levels To enable and disable privilege levels use the following commands Set a user s security level EXEC Privilege mod...

Page 782: ...horization stores a user shell profile and that is applied during user login You may name the relevant named lists with either a unique name or the default name When you enable authorization by the RADIUS server the server returns the following information to the client Idle Time ACL Configuration Information Auto Command Privilege Levels After gaining authorization for the first time you may conf...

Page 783: ...ks for RADIUS Defining a AAA Method List to be Used for RADIUS mandatory Applying the Method List to Terminal Lines mandatory except when using default lists Specifying a RADIUS Server Host mandatory Setting Global Communication Parameters for all RADIUS Server Hosts optional Monitoring RADIUS optional For a complete listing of all Dell Networking OS commands related to RADIUS refer to the Securit...

Page 784: ...ation for the specified RADIUS method list LINE mode login authentication method list name default This procedure is mandatory if you are not using default lists To use the method list CONFIGURATION mode authorization exec methodlist Specifying a RADIUS Server Host When configuring a RADIUS server host you can set different communication parameters such as the UDP port the key password the number ...

Page 785: ...st hostname ip address command Setting Global Communication Parameters for all RADIUS Server Hosts You can configure global communication parameters auth port key retransmit and timeout parameters and specific host communication parameters on the same system However if you configure both global and specific host parameters the specific host parameters override the global parameters for that RADIUS...

Page 786: ...y chapter in the Dell Networking OS Command Reference Guide Choosing TACACS as the Authentication Method One of the login authentication methods available is TACACS and the user s name and password are sent for authentication to the TACACS hosts specified To use TACACS to authenticate users specify at least one TACACS server for the system to communicate with and configure TACACS as one of your au...

Page 787: ...ault tacacs local aaa authentication login LOCAL local tacacs aaa authorization exec default tacacs none aaa authorization commands 1 default tacacs none aaa authorization commands 15 default tacacs none aaa accounting exec default start stop tacacs aaa accounting commands 1 default start stop tacacs aaa accounting commands 15 default start stop tacacs Dell conf Dell conf do show run tacacs tacacs...

Page 788: ...g a TACACS Server Host Dell conf Dell conf aaa authentication login tacacsmethod tacacs Dell conf aaa authentication exec tacacsauthorization tacacs Dell conf tacacs server host 25 1 1 2 key Force Dell conf Dell conf line vty 0 9 Dell config line vty login authentication tacacsmethod Dell config line vty end Specifying a TACACS Server Host To specify a TACACS server host and configure its communic...

Page 789: ...d Overlapping Fragment Attacks Tiny and overlapping fragment attack is a class of attack where configured ACL entries denying TCP port specific traffic is bypassed and traffic is sent to its destination although denied by the ACL RFC 1858 and 3128 proposes a countermeasure to the problem This countermeasure is configured into the line cards and enabled by default Enabling SCP and SSH Secure shell ...

Page 790: ...macs hmac md5 hmac md5 96 hmac sha1 hmac sha1 96 hmac sha2 256 hmac sha2 256 96 SSH server kex algorithms diffie hellman group exchange sha1 diffie hellman group1 sha1 diffie hellman group14 sha1 Password Authentication enabled Hostbased Authentication disabled RSA Authentication disabled Vty Encryption HMAC Remote IP Dell conf To disable SSH server functions use the no ip ssh server enable comman...

Page 791: ...p ssh rhostsfile specify the rhost file the host based authorization uses ip ssh rsa authentication enable enable RSA authentication for the SSHv2 server ip ssh rsa authentication add keys for the RSA authentication show crypto display the public part of the SSH host keys show ip ssh client pub keys display the client public keys used in host based authentication show ip ssh rsa authentication dis...

Page 792: ...ures the time based rekey threshold for an SSH session to 30 minutes Dell conf ip ssh rekey time 30 The following example configures the volume based rekey threshold for an SSH session to 4096 megabytes Dell conf ip ssh rekey volume 4096 Configuring the SSH Server Key Exchange Algorithm To configure the key exchange algorithm for the SSH server use the ip ssh server kex key exchange algorithm comm...

Page 793: ...5 hmac md5 96 hmac sha1 hmac sha1 96 hmac sha2 256 hmac sha2 256 96 The default HMAC algorithms are the following hmac md5 hmac md5 96 hmac sha1 hmac sha1 96 hmac sha2 256 hmac sha2 256 96 When FIPS is enabled the default HMAC algorithm is hmac sha1 96 Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm list Dell conf ip ssh server mac hmac sha...

Page 794: ...ling SSH Password Authentication To view your SSH configuration use the show ip ssh command from EXEC Privilege mode Dell conf ip ssh server enable Dell conf ip ssh password authentication enable Dell show ip ssh SSH server enabled SSH server version v1 and v2 SSH server vrf default SSH server ciphers 3des cbc aes128 cbc aes192 cbc aes256 cbc aes128 ctr aes192 ctr aes256 ctr SSH server macs hmac m...

Page 795: ...ular host This method uses SSH version 2 To configure host based authentication use the following commands 1 Configure RSA Authentication Refer to Using RSA Authentication of SSH 2 Create shosts by copying the public RSA key to the file shosts in the directory ssh and write the IP address of the host to the file cp etc ssh ssh_host_rsa_key pub ssh shosts Refer to the first example 3 Create a list ...

Page 796: ...lient cat rhosts 10 16 127 201 admin Using Client Based SSH Authentication To SSH from the chassis to the SSH client use the following command This method uses SSH version 1 or version 2 If the SSH port is a non default value use the ip ssh server port number command to change the default port number You may only change the port number when SSH is disabled Then use the p option with the ssh comman...

Page 797: ...in the telnet command This capability enables a Telent server or client to look up the correct routing table and establish a connection Example of Using Telnet for Remote Login Dell conf ip telnet server enable Dell conf no ip telnet server enable VTY Line and Access Class Configuration Various methods are available to restrict VTY access in Dell Networking OS These depend on which authentication ...

Page 798: ...ser Dell conf user gooduser password abc privilege 10 access class permitall Dell conf user baduser password abc privilege 10 access class denyall Dell conf Dell conf aaa authentication login localmethod local Dell conf Dell conf line vty 0 9 Dell config line vty login authentication localmethod Dell config line vty end VTY Line Remote Authentication and Authorization Dell Networking OS retrieves ...

Page 799: ... conf Dell conf line vty 0 9 Dell config line vty access class sourcemac Dell config line vty end Role Based Access Control With Role Based Access Control RBAC access and authorization is controlled based on a user s role Users are granted permissions based on their user roles not on their individual user ID User roles are created for job functions and through those roles they acquire the permissi...

Page 800: ...and role commands The role command allows you to change permissions based on the role You can modify the permissions specific to that command and or command option For more information see Modifying Command Permissions for Roles NOTE When you enter a user role you have already been authenticated and authorized You do not need to enter an enable password because you will be automatically placed in ...

Page 801: ...ou configure the authentication method list in the following order TACACS local Dell Networking recommends that authorization method list is configured in the same order TACACS local 4 Specify authorization method list RADIUS TACACS or Local You must at least specify local authorization For consistency the best practice is to define the same authorization method list across all lines in the same o...

Page 802: ...clude FIPS mode enablement password policies inactivity timeouts banner establishment and cryptographic key operations for secure access paths System Administrator sysadmin This role has full access to all the commands in the system exclusive access to commands that manipulate the file system formatting and access to the system shell This role can also create user IDs and user roles The following ...

Page 803: ...u cannot delete the user role 1 Create a new user role CONFIGURATION mode userrole name inherit existing role name 2 Verify that the new user role has inherited the security administrator permissions Dell conf do show userroles EXEC Privilege mode 3 After you create a user role configure permissions for the new user role See Modifying Command Permissions for Roles Example of Creating a User Role T...

Page 804: ... mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route map Route map configuration mode router Router configuration mode Examples Deny Network Administrator from Using the show users Command The following example denies the netadmin role from using the show users command and then verifies that netadmin cannot access the show users command in exec mode Note t...

Page 805: ...mple Remove Security Administrator Access to Line Mode The following example removes the secadmin access to LINE mode and then verifies that the security administrator can no longer access LINE mode using the show role mode configure line command in EXEC Privilege mode Dell conf role configure deleterole secadmin LINE Initial keywords of the command to modify Dell conf role configure deleterole se...

Page 806: ...A Authentication and Authorization for Roles This section describes how to configure AAA Authentication and Authorization for Roles Configuration Task List for AAA Authentication and Authorization for Roles This section contains the following AAA Authentication and Authorization for Roles configuration tasks Configuring AAA Authentication for Roles Configuring AAA Authorization for Roles Configuri...

Page 807: ...rized with either a password that is not specific to their userid or with no password at all Because of the lack of security these methods are not available for role based only mode To configure AAA authorization use the aaa authorization exec command in CONFIGURATION mode The aaa authorization exec command determines which CLI mode the user will start in for their session for example Exec mode or...

Page 808: ...ion ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 9 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa Configuring TACACS and RADIUS VSA Attributes for RBAC For RBAC and privilege levels the Dell Networking OS RADIUS and TACACS implementation supports two vendor specific options privilege level and roles The Dell Netw...

Page 809: ...S user group The user IDs are associated with the user group Role Accounting This section describes how to configure role accounting and how to display active sessions for roles This sections consists of the following topics Configuring AAA Accounting for Roles Applying an Accounting Method to a Role Displaying Active Accounting Sessions for Roles Configuring AAA Accounting for Roles To configure ...

Page 810: ...ord 00 00 26 Elapsed service shell Display Information About User Roles This section describes how to display information about user roles This sections consists of the following topics Displaying User Roles Displaying Information About Roles Logged into the Switch Displaying Active Accounting Sessions for Roles Displaying User Roles To display user roles using the show userrole command in EXEC Pr...

Page 811: ...ow role mode configure interface Role access netadmin sysadmin Dell show role mode configure line Role access netadmin sysadmin Displaying Information About Users Logged into the Switch To display information on all users logged into the switch using the show users command in EXEC Privilege mode The output displays privilege level and or user role The mode is displayed at the start of the output a...

Page 812: ...nditions customers and the provider would still share the 4094 available VLANs Instead 802 1ad allows service providers to add their own VLAN tag to frames traversing the provider network The provider can then differentiate customers even if they use the same VLAN ID and providers can map multiple customers to a single VLAN to overcome the 4094 VLAN limitation Forwarding decisions in the provider ...

Page 813: ...s do not switch untagged traffic To switch traffic add these interfaces to a non default VLAN Stack enabled VLAN Dell Networking cautions against using the same MAC address on different customer VLANs on the same VLAN Stack VLAN This limitation becomes relevant if you enable the port as a multi purpose port carrying single tagged and double tagged traffic Service Provider Bridging 813 ...

Page 814: ...ce provider bridge and is a member of multiple service provider VLANs Physical ports and port channels can be access or trunk ports 1 Assign the role of access port to a Layer 2 port on a provider bridge that is connected to a customer INTERFACE mode vlan stack access 2 Assign the role of trunk port to a Layer 2 port on a provider bridge that is connected to another provider bridge INTERFACE mode ...

Page 815: ...e tag protocol identifier TPID field of the S Tag is user configurable To set the S Tag TPID use the following command Select a value for the S Tag TPID CONFIGURATION mode vlan stack protocol type The default is 9100 To display the S Tag TPID for a VLAN use the show running config command from EXEC privilege mode Dell Networking OS displays the S Tag TPID only if it is a non default value Configur...

Page 816: ...onf if te 1 1 1 interface vlan 100 Dell conf if vl 100 untagged tengigabitethernet 1 1 1 Dell conf if vl 100 interface vlan 101 Dell conf if vl 101 tagged tengigabitethernet 1 1 1 Dell conf if vl 101 interface vlan 103 Dell conf if vl 103 vlan stack compatible Dell conf if vl 103 stack member tengigabitethernet 1 1 1 Dell conf if vl 103 stack do show vlan Codes Default VLAN G GVRP VLANs Q U Untagg...

Page 817: ...s are either double tagged on ingress R4 or the outer tag is removed on egress R3 VLAN Stacking The default TPID for the outer VLAN tag is 0x9100 The system allows you to configure both bytes of the 2 byte TPID Previous versions allowed you to configure the first byte only and thus the systems did not differentiate between TPIDs with a common first byte For example 0x8100 and any other TPID beginn...

Page 818: ...Figure 110 Single and Double Tag TPID Match 818 Service Provider Bridging ...

Page 819: ...Figure 111 Single and Double Tag First byte TPID Match Service Provider Bridging 819 ...

Page 820: ... S Tag indicates to a service provider bridge which packets it should prefer to drop when congested Enabling Drop Eligibility Enable drop eligibility globally before you can honor or mark the DEI value When you enable drop eligibility DEI mapping or marking takes place according to the defaults In this case the CFI is affected according to the following table 820 Service Provider Bridging ...

Page 821: ...edence can have one of three colors Precedence Description Green High priority packets that are the least preferred to be dropped Yellow Lower priority packets that are treated as best effort Red Lowest priority packets that are always dropped regardless of congestion status Honor the incoming DEI value by mapping it to an Dell Networking OS drop precedence INTERFACE mode dei honor 0 1 green red y...

Page 822: ...I DEI Te 1 1 1 Green 0 Te 1 1 1 Yellow 1 Te 2 9 1 Yellow 0 Te 2 10 1 Yellow 0 Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN tagged frames is to use the 802 1p priority bits in the tag to indicate the level of QoS desired When an S Tag is added to incoming customer frames the 802 1p bits on the S Tag may be configured statically for each customer ...

Page 823: ...stack dot1p mapping c tag dot1p 0 7 sp tag dot1p 1 However if the following QoS configuration also exists on the interface traffic is queued to Queue 0 but is policed at 40Mbps qos policy input for queue 3 because class map a of Queue 3 also matches the traffic This is an expected behavior Examples of QoS Interface Configuration and Rate Policing policy map input in layer2 service queue 3 class ma...

Page 824: ...ad EXEC Privilege mode copy running config startup config 3 Reload the system reload 4 Map C Tag dot1p values to a S Tag dot1p value INTERFACE mode vlan stack dot1p mapping c tag dot1p values sp tag dot1p value Separate C Tag values by commas Dashed ranges are permitted Dynamic Mode CoS overrides any Layer 2 QoS configuration in case of conflicts NOTE Because dot1p mapping marks and queues packets...

Page 825: ...frames by the switches in the intermediate network core On egress edge of the intermediate network the MAC address rewritten to the original MAC address and forwarded to the opposing network region shown in the following illustration Dell Networking OS Behavior In Dell Networking OS versions prior to 8 2 1 0 the MAC address that Dell Networking systems use to overwrite the Bridge Group Address on ...

Page 826: ... and later the L2PT MAC address is user configurable so you can specify an address that non Dell Networking systems can recognize and rewrite the address at egress edge Figure 115 VLAN Stacking with L2PT Implementation Information L2PT is available for STP RSTP MSTP and PVST BPDUs No protocol packets are tunneled when you enable VLAN stacking L2PT requires the default CAM profile 826 Service Provi...

Page 827: ... command Overwrite the BPDU with a user specified destination MAC address when BPDUs are tunneled across the provider network CONFIGURATION mode protocol tunnel destination mac The default is 01 01 e8 00 00 00 Setting Rate Limit BPDUs CAM space is allocated in sections called field processor FP blocks There are a total of 13 user configurable FP blocks The default number of blocks for L2PT is 0 yo...

Page 828: ...ridges treat BPDUs originating from the customer network as normal data frames rather than consuming them The same is true for GARP VLAN registration protocol GVRP 802 1ad specifies that provider bridges participating in GVRP use a reserved destination MAC address called the Provider Bridge GVRP Address 01 80 C2 00 00 0D to exchange GARP PDUs instead of the GVRP Address 01 80 C2 00 00 21 specified...

Page 829: ...t sampling sFlow collector analyses the sFlow datagrams received from different devices and produces a network wide view of traffic flows Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port pipe and is decided based on all the ports in that port pipe If you do not enable sFlow on any port specifically the global sampling rate is dow...

Page 830: ...802 1P source priority field is not filled in extended switch element in sFlow datagram Only Destination and Destination Peer AS number are packed in the dst as path field in extended gateway element If the packet being sampled is redirected using policy based routing PBR the sFlow datagram may contain incorrect extended gateway router information The source virtual local area network VLAN field i...

Page 831: ...own in bold Dell show sflow sFlow services are disabled Global default sampling rate 32768 Global default counter polling interval 20 Global extended information enabled none 0 collectors configured 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected 0 sFlow samples dropped due to sub sampling Enabling and Disabling sFlow on an Interface By default sFlow is disabled on all inter...

Page 832: ...0 Global default extended maximum header size 256 bytes Global extended information enabled none 1 collectors configured Collector IP addr 100 1 1 12 Agent IP addr 100 1 1 1 UDP port 6343 VRF Default 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected Example of viewing the sflow max header size extended on an Interface Mode Dell show sflow interface tengigabitethernet 1 1 1 Te ...

Page 833: ...r IP addr 133 33 33 53 Agent IP addr 133 33 33 116 UDP port 6343 77 UDP packets exported 0 UDP packets dropped 165 sFlow samples collected 69 sFlow samples dropped due to sub sampling Stack unit 1 Port set 0 H W sampling rate 8192 Te 1 16 1 configured rate 8192 actual rate 8192 sub sampling rate 1 Te 1 17 1 configured rate 16384 actual rate 16384 sub sampling rate 2 Displaying Show sFlow on an Int...

Page 834: ...ckets exported 77 UDP packets exported via RPM 77 UDP packets dropped Configuring Specify Collectors The sflow collector command allows identification of sFlow collectors to which sFlow datagrams are forwarded You can specify up to two sFlow collectors If you specify two collectors the samples are sent to both Identify sFlow collectors to which sFlow datagrams are forwarded CONFIGURATION mode sflo...

Page 835: ...w the actual sampling rate of the interface and the configured sample rate by using the show sflow command sFlow on LAG ports When a physical port becomes a member of a LAG it inherits the sFlow configuration from the LAG port Enabling Extended sFlow Extended sFlow packs additional information in the sFlow datagram depending on the type of sampled packet The S Series and Z9100 ON platforms support...

Page 836: ...lobal extended information enabled none 0 collectors configured 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected 0 sFlow samples dropped due to sub sampling Important Points to Remember To export extended gateway data BGP must learn the IP destination address If the IP destination address is not learned via BGP the Dell Networking system does not export extended gateway data ...

Page 837: ...nected IGP Exported Exported Prior to Dell Networking OS version 7 8 1 0 extended gateway data is not exported because IP DA is not learned via BGP Version 7 8 1 0 allows extended gateway information in cases where the source and destination IP addresses are learned by different routing protocols and for cases where is source is reachable over ECMP BGP BGP Exported Exported Extended gateway data i...

Page 838: ...on information Dell Networking OS supports SNMP version 1 as defined by RFC 1155 1157 and 1212 SNMP version 2c as defined by RFC 1901 and SNMP version 3 as defined by RFC 2571 Dell Networking OS supports up to 16 trap receivers Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via SNMP sets SNMP traps for the spanning tree protocol STP and multiple spanning tree proto...

Page 839: ...r to receive packets from the host and the privacy password to encode the message contents are configured SHA authentication needs to be used with the AES CFB128 privacy algorithm only when FIPS is enabled because SHA is then the only available authentication level If FIPS is disabled you can use MD5 authentication in addition to SHA authentication with the AES CFB128 privacy algorithm You cannot ...

Page 840: ...eriving Interface Indices Monitor Port channels Important Points to Remember Typically 5 second timeout and 3 second retry values on an SNMP server are sufficient for both LAN and WAN applications If you experience a timeout with these values increase the timeout value to greater than 3 seconds and increase the retry value to greater than 2 seconds on your SNMP server User ACLs override group ACLs...

Page 841: ...r SNMP configuration use the show running config snmp command from EXEC Privilege mode Dell conf snmp server community my snmp community ro 22 31 23 STKUNIT0 P CP SNMP 6 SNMP_WARM_START Agent Initialized SNMP WARM_START Dell show running config snmp snmp server community mycommunity ro Setting Up User Based Security SNMPv3 When setting up SNMPv3 you can set users up with one of the following three...

Page 842: ...nfigure the user with a secure authorization password and privacy password CONFIGURATION mode snmp server user name group name oid tree auth md5 auth password priv des56 priv password Configure an SNMPv3 view CONFIGURATION mode snmp server view view name oid tree included excluded Select a User based Security Type Dell conf snmp server host 1 1 1 1 traps oid tree version 3 auth Use the SNMPv3 auth...

Page 843: ...ommunity 10 11 131 161 sysContact 0 The following example shows reading the value of the many managed objects at one time snmpwalk v 2c c mycommunity 10 11 131 161 1 3 6 1 2 1 1 SNMPv2 MIB sysDescr 0 STRING Dell Real Time Operating System Software Dell Operating System Version 1 0 Dell Application Software Version E_MAIN4 9 4 0 0 Copyright c 1999 2014 by Dell Build Time Mon May 12 14 02 22 PDT 200...

Page 844: ...ng system Identify the physical location of the system for example San Jose 350 Holger Way 1st floor lab rack A1 1 CONFIGURATION mode snmp server location text You may use up to 55 characters The default is None From a management station Identify the system manager along with this person s contact information for example an email address or phone number CONFIGURATION mode snmpset v version c commu...

Page 845: ...ional messages enter the keyword informs To send the SNMP version to use for notification messages enter the keyword version To identify the SNMPv1 community string enter the name of the community string 2 Specify which traps the Dell Networking system sends to the trap receiver CONFIGURATION mode snmp server enable traps Enable all Dell Networking enterprise specific and RFC defined traps using t...

Page 846: ...VE Removed SFM 1 MAJOR_SFM Major alarm Switch fabric down MAJOR_SFM_CLR Major alarm cleared Switch fabric up MINOR_SFM MInor alarm No working standby SFM MINOR_SFM_CLR Minor alarm cleared Working standby SFM present TASK SUSPENDED SUSPENDED svce d inst d task s RPM0 P CP CHMGR 2 CARD_PARITY_ERR ABNORMAL_TASK_TERMINATION CRASH task s s CPU_THRESHOLD Cpu s usage above threshold Cpu5SecUsage d CPU_TH...

Page 847: ...OR_ALARM Error CCM Defect detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000 ECFM 5 ECFM_MAC_STATUS_ALARM MAC Status Defect detected by MEP 1 in Domain provider at Level 4 VLAN 3000 ECFM 5 ECFM_REMOTE_ALARM Remote CCM Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 ECFM 5 ECFM_RDI_ALARM RDI Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 entity Enable en...

Page 848: ...r resumes connectivity enter the following command CONFIGURATION MODE snmp server enable traps snmp syslog reachable Table 82 List of Syslog Server MIBS that have read access MIB Object OID Object Values Description dF10SysLogTraps 1 3 6 1 4 1 6027 3 30 1 1 1 reachable2 unreachable Specifies whether the syslog server is reachable or unreachable The following example shows the SNMP trap that is sen...

Page 849: ... the examples The following table lists the relevant MIBs for these functions are Table 83 MIB Objects for Copying Configuration Files via SNMP MIB Object OID Object Values Description copySrcFileType 1 3 6 1 4 1 6027 3 5 1 1 1 1 2 1 Dell Networking OS file 2 running config 3 startup config Specifies the type of file to copy from The range is If copySrcFileType is running config or startup config ...

Page 850: ...le If copyDestFileLocatio n is FTP or SCP you must specify copyServerAddress copyUserName and copyUserPassword copyDestFileName 1 3 6 1 4 1 6027 3 5 1 1 1 1 7 Path if the file is not in the default directory and filename Specifies the name of destination file copyServerAddress 1 3 6 1 4 1 6027 3 5 1 1 1 1 8 IP Address of the server The IP address of the server If you specify copyServerAddress you ...

Page 851: ... message like the following appears In this case increment the index value and enter the command again Error in packet Reason notWritable that object does not support modification Failed object FTOS COPY CONFIG MIB copySrcFileType 101 To complete the command use as many MIB objects in the command as required by the MIB object descriptions shown in the previous table NOTE You can use the entire OID...

Page 852: ...he following command Copy the startup config to the running config from a UNIX machine snmpset c private v 2c force10system ip address copySrcFileType index i 3 copyDestFileType index i 2 Examples of Copying Configuration Files from a UNIX Machine The following example shows how to copy configuration files from a UNIX machine using the object name snmpset c public v 2c m f10 copy config mib 10 11 ...

Page 853: ...e UNIX machine snmpset v 2c c public m f10 copy config mib force10system ip address copySrcFileType index i 3 copyDestFileType index i 1 copyDestFileName index s filepath filename copyDestFileLocation index i 3 copyServerAddress index a server ip address Example of Copying Configuration Files via TFTP From a UNIX Machine snmpset v 2c c private m f10 copy config mib 10 10 10 10 copySrcFileType 4 i ...

Page 854: ...TimeCompleted 1 3 6 1 4 1 6027 3 5 1 1 1 1 13 Time value Specifies the point in the up time clock that the copy operation completed copyFailCause 1 3 6 1 4 1 6027 3 5 1 1 1 1 14 1 bad filename 2 copy in progress 3 disk full 4 file exists 5 file not found 6 timeout 7 unknown Specifies the reason the copy request failed copyEntryRowStatus 1 3 6 1 4 1 6027 3 5 1 1 1 1 15 Row status Specifies the stat...

Page 855: ... CONFIG MIB copyTimeCompleted 110 Timeticks 1179831 3 16 38 31 The following command shows how to get a MIB object value using OID snmpget v 2c c private 10 11 131 140 1 3 6 1 4 1 6027 3 5 1 1 1 1 13 110 SNMPv2 SMI enterprises 6027 3 5 1 1 1 1 13 110 Timeticks 1179831 3 16 38 31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the avail...

Page 856: ... 3 6 1 4 1 6027 3 10 1 2 10 1 2 Contains the core file names and the file paths chSysCoresTimeCreated 1 3 6 1 4 1 6027 3 10 1 2 10 1 3 Contains the time at which core files are created chSysCoresStackUnitNumber 1 3 6 1 4 1 6027 3 10 1 2 10 1 4 Contains information that includes which stack unit or processor the core file was originated from chSysCoresProcess 1 3 6 1 4 1 6027 3 10 1 2 10 1 5 Contai...

Page 857: ... BRIDGE MIB defined in RFC 2674 allows you to use SNMP to manage VLANs Creating a VLAN To create a VLAN use the dot1qVlanStaticRowStatus object The snmpset operation shown in the following example creates VLAN 10 by specifying a value of 4 for instance 10 of the dot1qVlanStaticRowStatus object Example of Creating a VLAN using SNMP snmpset v2c c mycommunity 123 45 6 78 1 3 6 1 2 1 17 7 1 4 3 1 5 10...

Page 858: ...00 1 3 6 1 2 1 17 7 1 4 3 1 4 1107787786 x 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNMPv2 SMI mib 2 17 7 1 4 3 1 2 1107787786 Hex STRING 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...

Page 859: ...OloadSetOverload F10 ISIS MIB f10IsisSysOloadSetOloadOnStartupUntil F10 ISIS MIB f10IsisSysOloadWaitForBgp F10 ISIS MIB f10IsisSysOloadV6SetOverload F10 ISIS MIB f10IsisSysOloadV6SetOloadOnStartupUntil F10 ISIS MIB f10IsisSysOloadV6WaitForBgp To enable overload bit for IPv4 set 1 3 6 1 4 1 6027 3 18 1 1 and IPv6 set 1 3 6 1 4 1 6027 3 18 1 4 To set time to wait set 1 3 6 1 4 1 6027 3 18 1 2 and 1 ...

Page 860: ... MIB Objects for Fetching Dynamic MAC Entries in the Forwarding Database MIB Object OID MIB Description dot1dTpFdbTable 1 3 6 1 2 1 17 4 3 Q BRIDGE MIB List the learned unicast MAC addresses on the default VLAN dot1qTpFdbTable 1 3 6 1 2 1 17 7 1 2 2 Q BRIDGE MIB List the learned unicast MAC addresses on non default VLANs dot3aCurAggFdb Table 1 3 6 1 4 1 6027 3 2 1 1 5 F10 LINK AGGREGATION MIB List...

Page 861: ...amic Po 1 Active Query from Management Station snmpwalk v 2c c techpubs 10 11 131 162 1 3 6 1 4 1 6027 3 2 1 1 5 SNMPv2 SMI enterprises 6027 3 2 1 1 5 1 1 1000 0 1 232 6 149 172 1 INTEGER 1000 SNMPv2 SMI enterprises 6027 3 2 1 1 5 1 2 1000 0 1 232 6 149 172 1 Hex STRING 00 01 E8 06 95 AC SNMPv2 SMI enterprises 6027 3 2 1 1 5 1 3 1000 0 1 232 6 149 172 1 INTEGER 1 SNMPv2 SMI enterprises 6027 3 2 1 ...

Page 862: ...g of the system image in Flash Partition A Chassis MIB chSysSwInPartitionBImg Vers 1 3 6 1 4 1 6027 3 10 1 2 8 1 12 List the version string of the system image in Flash Partition B Chassis MIB The system image can also be retrieved by performing an SNMP walk on the following OID MIB Object is chSysSwModuleTable and the OID is 1 3 6 1 4 1 6027 3 10 1 2 8 Dell show interface Tengigabitethernet 1 21 ...

Page 863: ... 1 INTEGER 1 Status active 2 status inactive Example of Viewing Changed Interface State for Monitored Ports Layer 3 LAG does not include this support SNMP trap works for the Layer 2 Layer 3 default mode LAG SNMPv2 MIB sysUpTime 0 Timeticks 8500842 23 36 48 42 SNMPv2 MIB snmpTrapOID 0 OID IF MIB linkDown IF MIB ifIndex 33865785 INTEGER 33865785 SNMPv2 SMI enterprises 6027 3 1 1 4 1 2 STRING OSTATE_...

Page 864: ...cs use the show ip traffic command When you query an icmpStatsInErrors object in the icmpStats table by using the snmpget or snmpwalk command the output for IPv4 addresses may be incorrectly displayed To correctly display this information under IP and ICMP statistics use the show ip traffic command When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command the...

Page 865: ...unicast pfc llfc interface command EXEC Privilege Example Dell show storm control multicast Tengigabitethernet 1 1 Multicast storm control configuration Interface Direction Packets Second Te 1 1 Ingress 5 Dell To display the storm control unknown unicast configuration use the show storm control unknown unicast interface command EXEC Privilege Configure Storm Control Storm control is supported in I...

Page 866: ...ds spurious PFC LLFC packets Configuring Storm Control from CONFIGURATION Mode To configure storm control from CONFIGURATION mode use the following command From CONFIGURATION mode you can configure storm control for ingress and egress traffic Do not apply per virtual local area network VLAN quality of service QoS on an interface that has storm control enabled either on an interface or globally Con...

Page 867: ...upports three other variations of spanning tree as shown in the following table Table 89 Dell Networking OS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Configure Spanning Tree Configuring spanning tree is a...

Page 868: ...utomatically added to the spanning tree topology at the time you enable the protocol To add interfaces to the spanning tree topology after you enable STP enable the port and configure it for Layer 2 using the switchport command The IEEE Standard 802 1D allows 8 bits for port ID and 8 bits for priority The 8 bits for port ID provide port IDs for 256 ports Configuring Interfaces for Layer 2 Mode All...

Page 869: ...d from INTERFACE mode Dell conf if te 1 1 1 show config interface TenGigabitEthernet 1 1 1 no ip address switchport no shutdown Dell conf if te 1 1 1 Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally it is not enabled by default When you enable STP all physical VLAN and port channel interfaces that are enabled and in Layer 2 mode are automatically part of the Span...

Page 870: ... TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces use the disable command from PROTOCOL SPANNING TREE mode To verify that STP is enabled use the show config command from PROTOCOL SPANNING TREE mode Dell conf protocol spanning tree 0 Dell config span show config protocol spanning tree 0 no disable Dell 870 Spanning Tree Protocol...

Page 871: ...rward delay 0 hold 0 Number of transitions to forwarding state 1 BPDU sent 21 received 486 The port is not in the portfast mode Port 290 TenGigabitEthernet 2 2 1 is Blocking Port path cost 4 Port priority 8 Port Identifier 8 290 More Timers message age 1 forward delay 0 hold 0 Number of transitions to forwarding state 1 BPDU sent 21 received 486 The port is not in the portfast mode To confirm that...

Page 872: ...Ethernet interfaces 10 Gigabit Ethernet interfaces Port Channel with 100 Mb s Ethernet interfaces Port Channel with 1 Gigabit Ethernet interfaces Port Channel with 10 Gigabit Ethernet interfaces 19 4 2 18 3 1 Port Priority 8 Change the forward delay parameter the wait time before the interface enters the Forwarding state PROTOCOL SPANNING TREE mode forward delay seconds The range is from 4 to 30 T...

Page 873: ...o 65535 The default values are listed in Modifying Global Parameters Change the port priority of an interface INTERFACE mode spanning tree 0 priority priority value The range is from 0 to 15 The default is 8 To view the current values for interface parameters use the show spanning tree 0 command from EXEC privilege mode Refer to the second example in Enabling Spanning Tree Protocol Globally Enabli...

Page 874: ...ort after receiving a BPDU to prevent network disruptions and Dell Networking OS displays the following message 3w3d0h RPM0 P RP2 SPANMGR 5 BPDU_GUARD_RX_ERROR Received Spanning Tree BPDU on BPDU guard port Disable TenGigabitEthernet 3 4 1 Enable BPDU Guard using the bpduguard option when enabling PortFast or EdgePort The bpduguard shutdown on violation option causes the interface hardware to be s...

Page 875: ...ate with any of the following methods Perform a shutdown command on the interface Disable the shutdown on violation command on the interface the no spanning tree stp id portfast bpduguard shutdown on violation command Disable spanning tree on the interface the no spanning tree command in INTERFACE mode Disabling global spanning tree the no spanning tree in CONFIGURATION mode Figure 118 Enabling BP...

Page 876: ...t 1 7 1 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge You can also specify that a bridge is the root or the secondary root To change the bridge priority or specify that a bridge is the root or secondary root use the following command Assign a number as the b...

Page 877: ...h connected to an external device The link between Switch C and Switch B is in a Blocking state The flow of STP BPDUs is shown in the illustration In STP topology 2 shown in the upper right STP is enabled on device D on which a software bridge application is started to connect to the network Because the priority of the bridge in device D is lower than the root bridge in Switch A device D is electe...

Page 878: ...panning Tree Protocol MSTP Per VLAN Spanning Tree Plus PVST When enabled on a port root guard applies to all VLANs configured on the port You cannot enable root guard and loop guard at the same time on an STP port For example if you configure root guard on a port on which loop guard is already configured the following error message displays Error LoopGuard is configured Cannot configure RootGuard ...

Page 879: ...dually or collectively use the following commands Enable SNMP traps for spanning tree state changes snmp server enable traps stp Enable SNMP traps for RSTP MSTP and PVST collectively snmp server enable traps xstp Configuring Spanning Trees as Hitless You can configure STP RSTP MSTP and PVST to be hitless configure all or none as hitless When configured as hitless critical protocol state informatio...

Page 880: ...g state A loop is created as both Switch A and Switch C transmit traffic to Switch B As shown in the following illustration STP topology 2 upper right a loop can also be created if the forwarding port on Switch B becomes busy and does not forward BPDUs within the configured forward delay time As a result the blocking port on Switch C transitions to a forwarding state and both Switch A and Switch C...

Page 881: ...tions apply to a port enabled with loop guard Loop guard is supported on any STP enabled port or port channel interface Loop guard is supported on a port or port channel in any spanning tree mode Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Per VLAN Spanning Tree Plus PVST Spanning Tree Protocol STP 881 ...

Page 882: ... port channel interface INTERFACE mode or INTERFACE PORT CHANNEL mode spanning tree 0 mstp rstp pvst loopguard 0 enables loop guard on an STP enabled port assigned to instance 0 mstp enables loop guard on an MSTP enabled port rstp enables loop guard on an RSTP enabled port pvst enables loop guard on a PVST enabled port To disable STP loop guard on a port or port channel interface use the no spanni...

Page 883: ...release does not support automated email notification at the time of hardware fault alert automatic case creation automatic part dispatch or reports SupportAssist requires Dell Networking OS 9 9 0 0 and SmartScripts 9 7 or later to be installed on the Dell Networking device Figure 121 SupportAssist SupportAssist 883 ...

Page 884: ...to save your contact information e g name phone number and or email address which would be used to provide technical support for your Dell products and services Dell may use the information for providing recommendations to improve your IT infrastructure Dell SupportAssist also collects and stores machine diagnostic information which may include but is not limited to configuration information user ...

Page 885: ...rtAssist use the following set of configuration CONFIGURATION mode support assist Dell conf support assist Dell conf supportassist 3 Optional Configure the contact information for the company SUPPORTASSIST mode contact company name company name company next name company next name Dell conf support assist Dell conf supportassist contact company name test Dell conf supportassist cmpy test 4 Optional...

Page 886: ...fer Dell conf supportassist act full transfer 2 Copy an action manifest file for an activity to the system SUPPORTASSIST ACTIVITY mode action manifest get tftp ftp flash file specification local file name Dell conf supportassist act full transfer action manifest get tftp 10 0 0 1 test file Dell conf supportassist act full transfer The custom action manifest file is a JSON file Syntax of the custom...

Page 887: ...conf supportassist act full transfer action manifest show all Dell conf supportassist act full transfer 6 Enable a specific SupportAssist activity SUPPORTASSIST ACTIVITY mode no enable Dell conf supportassist act full transfer enable Dell conf supportassist act full transfer Configuring SupportAssist Company SupportAssist Company mode allows you to configure name address and territory information ...

Page 888: ...ethod and time zone for contacting the person SupportAssist Person configurations are optional for the SupportAssist service To configure SupportAssist person use the following commands 1 Configure the contact name for an individual SUPPORTASSIST mode no contact person first first name last last name Dell conf supportassist contact person first john last doe Dell conf supportassist pers john_doe 2...

Page 889: ...ng commands 1 Configure the name of the remote SupportAssist Server and move to SupportAssist Server mode SUPPORTASSIST mode no server server name Dell conf supportassist server default Dell conf supportassist serv default 2 Configure a proxy for reaching the SupportAssist remote server SUPPORTASSIST SERVER mode no proxy ip address ipv4 address ipv6 address port port number username userid passwor...

Page 890: ...tivity State Last Start Last Success full transfer Success Aug 10 2015 11 15 26 PST Aug 10 2015 11 15 28 PST 2 Display the current configuration and changes from the default values EXEC Privilege mode show running config support assist Dell show running config support assist support assist activity full transfer enable activity manifest install testing contact company name My Company street addres...

Page 891: ... com aeula you agree to allow Dell to provide remote monitoring services of your IT environment and you give Dell the right to collect the Collected Data in accordance with Dells Privacy Policy available at www dell com privacypolicycountryspecific in order to enable the performance of all of the various functions of SupportAssist during your entitlement to receive related repair services from Del...

Page 892: ...r Temporarily or permanently insane time sources are detected and avoided Dell Networking recommends configuring NTP for the most accurate time In Dell Networking OS you can configure other time sources the hardware clock and the software clock NTP is designed to produce three products clock offset roundtrip delay and dispersion all of which are relative to a selected reference clock Clock offset ...

Page 893: ... the preceding level Dell Networking OS synchronizes with a time serving host to get the correct time You can set Dell Networking OS to poll specific NTP time serving hosts for the current time From those time serving hosts the system chooses one NTP host with which to synchronize and serve as a client to the NTP host As soon as a host client relationship is established the networking device propa...

Page 894: ...00 conf do show ntp status Clock is synchronized stratum 2 reference is 192 168 1 1 frequency is 369 623 ppm stability is 53 319 ppm precision is 4294967279 reference time is CD63BCC2 0CBBD000 16 54 26 049 UTC Thu Mar 12 2009 clock offset is 997 529984 msec root delay is 0 00098 sec root dispersion is 10 04271 sec peer dispersion is 10032 715 msec peer mode is client To display the calculated NTP ...

Page 895: ...the following command Configure a source IP address for NTP packets CONFIGURATION mode ntp source interface Enter the following keywords and slot port or number information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback inter...

Page 896: ...n the ntp trusted key command key enter a text string This text string is encrypted 3 Define a trusted key CONFIGURATION mode ntp trusted key number Configure a number from 1 to 4294967295 The number must be the same as the number used in the ntp authentication key command 4 Configure an NTP server CONFIGURATION mode ntp server vrf vrf name hostname ipv4 address ipv6 address key keyid prefer versi...

Page 897: ...5 421 UTC Thu Apr 2 2009 xmt CD7F5368 D0535000 15 8 24 813 UTC Thu Apr 2 2009 1w6d23h NTP rcv packet from 192 168 1 1 leap 0 mode 4 version 3 stratum 1 ppoll 1024 rtdel 0000 0 000000 rtdsp AF587 10959 090820 refid 4C4F434C 76 79 67 76 ref CD7E14FD 43F7CED9 16 29 49 265 UTC Wed Apr 1 2009 org CD7F5368 D0535000 15 8 24 813 UTC Thu Apr 2 2009 rec CD7F5368 D0000000 15 8 24 812 UTC Thu Apr 2 2009 xmt C...

Page 898: ...spersion a signed fixed point number indicating the maximum error relative to the primary reference source at the root of the synchronization subnet in seconds Only positive values greater than zero are possible Reference Clock Identifier sys refid peer refid pkt refid This is a 32 bit code identifying the particular reference clock In the case of stratum 0 unspecified or stratum 1 primary referen...

Page 899: ...he time in hours minutes seconds For the hour variable use the 24 hour format for example 17 15 00 is 5 15 pm month enter the name of one of the 12 months in English You can enter the name of a day to change the order of the display to time day month year day enter the number of the day The range is from 1 to 31 You can enter the name of a month to change the order of the display to time day month...

Page 900: ...ou can enter the name of a day to change the order of the display to time day month year start day enter the number of the day The range is from 1 to 31 You can enter the name of a month to change the order of the display to time day month year start year enter a four digit number as the year The range is from 1993 to 2035 start time enter the time in hours minutes For the hour variable use the 24...

Page 901: ...me of a day to change the order of the display to time day month year start day Enter the number of the day The range is from 1 to 31 You can enter the name of a month to change the order of the display to time day month year start year Enter a four digit number as the year The range is from 1993 to 2035 start time Enter the time in hours minutes For the hour variable use the 24 hour format exampl...

Page 902: ...at Mar 14 2009 Summer time ends 00 00 00 pacific Sat Nov 7 2009 NOTE If you enter CR after entering the recurring command parameter and you have already set a one time daylight saving time date the system uses that time and date as the recurring setting The following example shows the clock summer time recurring parameters Dell conf clock summer time pacific recurring 1 4 Week number to start firs...

Page 903: ...el but in IPv6IP mode the logical address must be an IPv6 address The following sample configuration shows a tunnel configured in IPv6 mode carries IPv6 and IPv4 traffic Dell conf interface tunnel 1 Dell conf if tu 1 tunnel source 30 1 1 1 Dell conf if tu 1 tunnel destination 50 1 1 1 Dell conf if tu 1 tunnel mode ipip Dell conf if tu 1 ip address 1 1 1 1 24 Dell conf if tu 1 ipv6 address 1 1 64 D...

Page 904: ...can configure a tunnel keepalive target keepalive interval and attempts NOTE By default the tunnel keepalive is disabled The following sample configuration shows how to use the tunnel keepalive command Dell conf if te 1 12 1 show config interface TenGigabitEthernet 1 12 1 ip address 40 1 1 1 24 ipv6 address 500 10 1 64 no shutdown Dell conf if te 1 12 1 Dell conf interface tunnel 1 Dell conf if tu...

Page 905: ...ered TenGigabitEthernet 1 1 1 ipv6 unnumbered TenGigabitEthernet 1 1 1 tunnel source 40 1 1 1 tunnel mode ipip decapsulate any no shutdown Dell conf if tu 1 Configuring Tunnel Allow Remote Decapsulation You can configure an IPv4 or IPV6 address or prefix whose tunneled packet is accepted for decapsulation If you do not configure allow remote entries tunneled packets from any remote peer address ar...

Page 906: ...s 1abd 1 64 tunnel source anylocal tunnel allow remote 40 1 1 2 tunnel mode ipip decapsulate any no shutdown Guidelines for Configuring Multipoint Receive Only Tunnels You can configure up to eight remote end points for a multipoint receive only tunnel The maximum number of remote end points supported for all multipoint receive only tunnels on the switch depends on the hardware table size to setup...

Page 907: ...us of a multipoint receive only tunnel interface always remains up Packets from the remote addresses configured for a multipoint receive only tunnel are decapsulated and are not marked for neighbor resolution as for a standard tunnel s destination address Connected routes for the tunnel interface s IP subnet do not point towards the tunnel but towards the switch CPU for the receive only tunnel The...

Page 908: ...r system type follow the procedures in the Dell Networking OS Release Notes Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center You can reach Technical Support On the web http www dell com support By email Dell Force10_Technical_Support Dell com By phone US and Canada 866 965 5800 International 408 965 5800 90...

Page 909: ... of all commands related to Dell Networking OS VLANs refer to these Dell Networking OS Command Reference Guide chapters Interfaces 802 1X GARP VLAN Registration Protocol GVRP Service Provider Bridging Per VLAN Spanning Tree Plus PVST The following table lists the defaults for VLANs in Dell Networking OS Feature Default Spanning Tree group ID All VLANs are part of Spanning Tree group 0 Mode Layer 2...

Page 910: ...t Dell conf if show config interface TenGigabitEthernet 1 2 1 no ip address switchport no shutdown Dell conf if end Dell show vlan Codes Default VLAN G GVRP VLANs NUM Status Q Ports 1 Active U Te 1 2 1 T Te 1 1 1 Port Based VLANs Port based VLANs are a broadcast domain defined by different ports or interfaces In Dell Networking OS a port based VLAN can contain interfaces from different line cards ...

Page 911: ...ration Task List This section contains the following VLAN configuration tasks Creating a Port Based VLAN mandatory Assigning Interfaces to a VLAN optional Assigning an IP Address to a VLAN optional Enabling Null VLAN as the Default VLAN Creating a Port Based VLAN To configure a port based VLAN create the VLAN and then add physical interfaces or port channel LAG interfaces to the VLAN NOTE The Defa...

Page 912: ...ed untagged and placed in the Default VLAN To view which interfaces are tagged or untagged and to which VLAN they belong use the show vlan command The following example shows that six VLANs are configured and two interfaces are assigned to VLAN 2 The Q column in the show vlan command example notes whether the interface is tagged T or untagged U For more information about this command refer to the ...

Page 913: ...an end Dell show vlan Codes Default VLAN G GVRP VLANs NUM Status Q Ports 1 Inactive 2 Active T Po1 So 0 0 1 T Te 1 1 1 3 Active T Po1 So 0 0 1 T Te 1 2 1 4 Active T Po1 So 0 0 1 When you remove a tagged interface from a VLAN using the no tagged interface command it remains tagged only if it is a tagged interface in another VLAN If the tagged interface is removed from the only VLAN to which it belo...

Page 914: ...et 1 2 1 Dell conf if vlan show config interface Vlan 4 no ip address untagged TenGigabitEthernet 1 2 1 Dell conf if vlan end Dell show vlan Codes Default VLAN G GVRP VLANs NUM Status Q Ports 1 Inactive 2 Active T Po1 So 0 0 1 T Te 1 3 1 3 Active T Po1 So 0 0 1 T Te 1 1 1 4 Active U Te 1 2 1 The only way to remove an interface from the Default VLAN is to place the interface in Default mode by usin...

Page 915: ... in deployments where a Layer 2 port can receive both tagged and untagged traffic on the same physical port The classic example is connecting a voice over IP VOIP phone and a PC to the same port of the switch The VOIP phone is configured to generate tagged packets with VLAN VOICE VLAN and the attached PC generates untagged packets NOTE When a hybrid port is untagged in a VLAN but it receives tagge...

Page 916: ...period customers are able to access each other s networks Dell Networking OS has a Null VLAN to eliminate this vulnerability When you enable the Null VLAN all ports are placed into it by default so even if you activate the physical ports of multiple customers no traffic is allowed to traverse the links until each port is place in another VLAN To enable Null VLAN use the following command Disable t...

Page 917: ... without downtime For example consider a square VLT connecting two data centers If a VM VM1 on Server Rack 1 has C as its default gateway and VM1 performs a virtual movement to Server Rack 2 with no change in default gateway In this case L3 packets destined for C can be routed either by C1 or D1 locally To do this install the local system mac address of C and D in both C1 and D1 so the packets for...

Page 918: ...3 mode on another VLT domain is not supported You must always configure the same mode for the VLANs across the VLT domain You must maintain VLAN symmetry within a VLT domain The connection between DCs must be a L3 VLT in eVLT format For more information refer to the eVLT Configuration Example The trace route across the DCs can show extra hops To ensure no traffic drops you must maintain route symm...

Page 919: ...es of C and D in the local VLT domain must be installed in C1 and D1 in the remote VLT domain and vice versa You can install the mac address in two methods the proxy gateway lldp method or the proxy gateway static configuration Proxy gateway LLDP is a dynamic method of installing the local mac addresses in the remote VLT domain which is achieved using a new organizational type length value TLV in ...

Page 920: ...e interface is typically a VLT port channel that connects to a remote VLT domain The new proxy gateway TLV is carried on the physical links under the port channel only You must have at least one link connection to each unit of the VLT domain Following are the prerequisites for Proxy Gateway LLDP configuration You must globally enable LLDP You cannot have interface level LLDP disable commands on th...

Page 921: ...figure the VLT peer mac transmit command under VLT Domain Proxy Gateway LLDP mode in both C and D VLT domain 1 and C1 and D1 VLT domain 2 This behavior is applicable only in the LLDP configuration and not required in the static configuration Sample Configuration Dell conf vlt domain proxy gateway lldp Dell conf vlt domain pxy gw lldp vlt peer mac transmit Assume the inter chassis link ICL between ...

Page 922: ...rdware capabilities you can only disable VLT Proxy Gateway only for 500 VLANs using exclude VLAN configuration Configuring a Static VLT Proxy Gateway You can configure a proxy gateway in VLT domains A proxy gateway allows you to locally route the packets that are destined to an L3 endpoint of the other VLT domain Apply the following configurations in the Core L3 Routers C and D in local VLT domain...

Page 923: ...xy Configuration on C switch or C1 switch Switch_C conf Switch_C conf vlt domain 1 Switch_C conf vlt domain1 proxy gateway lldp Switch_C conf vlt domain1 pxy gw lldp peer domain link port channel 1 VLT Proxy Gateway 923 ...

Page 924: ...ll available uplink bandwidth Provides fast convergence if either the link or a device fails Optimized forwarding with virtual router redundancy protocol VRRP Provides link level resiliency Assures high availability CAUTION Dell Networking does not recommend enabling Stacking and VLT simultaneously If you enable both features at the same time unexpected behavior occurs As shown in the following ex...

Page 925: ...routing layer For better resiliency in the aggregation Dell Networking recommends running the internal gateway protocol IGP on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system Enhanced VLT An enhanced VLT eVLT configuration creates a port channel between two VLT domains by allowing two different VLT domains using different VLT domain ID numbers connected by a ...

Page 926: ...devices It is also associated to the configuration mode that you must use to assign VLT global parameters VLT peer device One of a pair of devices that are connected with the special port channel known as the VLT interconnect VLTi VLT peer switches have independent management planes A VLT interconnect between the VLT chassis maintains synchronization of L2 L3 control planes across the two VLT peer...

Page 927: ...ou enable the VLT ports Only use the lacp ungroup member independent command if the system connects to nodes using bare metal provisioning BMP to upgrade or boot from the network Ensure that you configure all port channels where LACP ungroup is applicable as hybrid ports and as untagged members of a VLAN BMP uses untagged dynamic host configuration protocol DHCP packets to communicate with the DHC...

Page 928: ...rt and the TPID of the ICL is set as 8100 Layer 2 Protocol Tunneling is not supported in VLT Configuration Notes When you configure VLT the following conditions apply VLT domain A VLT domain supports two chassis members which appear as a single logical device to network access devices connected to VLT ports through a port channel A VLT domain consists of the two core chassis the interconnect trunk...

Page 929: ...discovery protocol LLDP flow control port monitoring jumbo frames and data center bridging DCB When you enable the VLTi link the link between the VLT peer switches is established if the following configured information is true on both peer switches the VLT system MAC address matches the VLT unit id is not identical NOTE If you configure the VLT system MAC address or VLT unit id on only one of the ...

Page 930: ...ut down In one possible topology a switch uses the BMP feature to receive its IP address configuration files and boot image from a DHCP server that connects to the switch through the VLT domain In the port channel used by the switch to connect to the VLT domain configure the port interfaces on each VLT peer as hybrid ports before adding them to the port channel refer to Connecting a VLT Domain to ...

Page 931: ... tables are identical on both VLT peers Both the VRRP master and backup peers must be able to locally forward L3 traffic in the same way In a VLT domain although both VLT peers actively participate in L3 forwarding as the VRRP master or backup router the show vrrp command output displays one peer as master and the other peer as backup Failure scenarios On a link failover when a VLT port channel fa...

Page 932: ...buted to the entire layer 2 network which can cause a network wide flush of learned MAC and ARP addresses requiring these addresses to be re learned However enabling RSTP can detect potential loops caused by non system issues such as cabling errors or incorrect configurations To minimize possible topology changes after link or node failure RSTP is useful for potential loop detection Configure RSTP...

Page 933: ...s simultaneously VLT Port Delayed Restoration When a VLT node boots up if the VLT ports have been previously saved in the start up configuration they are not immediately enabled To ensure MAC and ARP entries from the VLT per node are downloaded to the newly enabled VLT node the system allows time for the VLT ports on the new node to be enabled and begin receiving traffic The delay restore feature ...

Page 934: ... the designated router DR if they are incorrectly hashed In addition to being first hop or last hop routers the peer node can also act as an intermediate router On a VLT enabled PIM router if any PIM neighbor is reachable through a Spanned Layer 3 L3 VLAN interface this must be the only PIM enabled interface to reach that neighbor A Spanned L3 VLAN is any L3 VLAN configured on both peers in a VLT ...

Page 935: ...ou must add the VLT ports as a member of one or more VLANs and assign IP addresses to these VLANs VLT Unicast and VLT Multicast routing protocols require VLAN IP interfaces for operation Protocols such as BGP ISIS OSPF and PIM are compatible with VLT Unicast Routing and VLT Multicast Routing Spanned VLANs Any VLAN configured on both VLT peer nodes is referred to as a Spanned VLAN The VLT Interconn...

Page 936: ... routes between VLT peers When you enable VLT Multicast Routing the multicast routing table is synced between the VLT peers Only multicast routes configured with a Spanned VLAN IP as their IIF are synced between VLT peers For multicast routes with a Spanned VLAN IIF only OIFs configured with a Spanned VLAN IP interface are synced between VLT peers The advantages of syncing the multicast routes bet...

Page 937: ...ecify a value in seconds from 1 to 1200 4 Configure a PIM SM compatible VLT node as a designated router DR For more information refer to Configuring a Designated Router 5 Configure a PIM enabled external neighboring router as a rendezvous point RP For more information refer to Configuring a Static Rendezvous Point 6 Configure the VLT VLAN routing metrics to prefer VLT VLAN interfaces over non VLT ...

Page 938: ...LT domain take the following steps 1 Configure RSTP in the core network and on each peer switch as described in Rapid Spanning Tree Protocol RSTP Disabling RSTP on one VLT peer may result in a VLT domain failure 2 Enable RSTP on each peer switch PROTOCOL SPANNING TREE RSTP mode no disable 3 Configure each peer switch with a unique bridge priority PROTOCOL SPANNING TREE RSTP mode bridge priority Sa...

Page 939: ...he VLT domain The primary and secondary switch roles in the VLT domain are automatically assigned after you configure both sides of the VLTi NOTE If you use a third party ToR unit to avoid potential problems if you reboot the VLT peers Dell recommends using static LAGs on the VLTi between VLT peers 2 Enable VLT and create a VLT domain ID VLT automatically selects a system MAC address 3 Configure a...

Page 940: ...mon peering VLT uses the domain ID to automatically create a VLT MAC address for the domain If you do not configure the system explicitly the system mac address of the primary will be the VLT MAC address for the domain To disable VLT use the no vlt domain command NOTE Do not use MAC addresses such as reserved or multicast 2 Configure the IP address of the management interface on the remote VLT pee...

Page 941: ...peer switch to configure the IP address of this switch as the endpoint of the VLT backup link and to configure the same port channel for the VLT interconnect Configuring a VLT Backup Link To configure a VLT backup link use the following command 1 Specify the management interface to be used for the backup link through an out of band management network CONFIGURATION mode interface managementethernet...

Page 942: ... connect cable the two VLT peers on each side of the VLT interconnect the system elects a primary and secondary VLT peer device To configure the primary and secondary roles before the election process use the primary priority command Enter a lower value on the primary peer and a higher value on the secondary peer If the primary peer fails the secondary peer with the higher priority takes the prima...

Page 943: ...itch in the VLT domain 1 Configure the same port channel to be used to connect to an attached device and enter interface configuration mode CONFIGURATION mode interface port channel id number 2 Remove an IP address from the interface INTERFACE PORT CHANNEL mode no ip address 3 Place the interface in Layer 2 mode INTERFACE PORT CHANNEL mode switchport 4 Add one or more port interfaces to the port c...

Page 944: ...tion mode for a specified VLT domain CONFIGURATION mode vlt domain domain id The range of domain IDs is from 1 to 1000 2 Enter the port channel number that acts as the interconnect trunk VLT DOMAIN CONFIGURATION mode peer link port channel id number The range is from 1 to 128 3 Enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is do...

Page 945: ...erval seconds You can optionally specify the time interval used to send hello messages The range is from 1 to 5 seconds 6 When you create a VLT domain on a switch Dell Networking OS automatically creates a VLT system MAC address used for internal system operations VLT DOMAIN CONFIGURATION mode system mac mac address mac address To explicitly configure the default MAC address for the domain by ente...

Page 946: ...ttached device INTERFACE PORT CHANNEL mode vlt peer lag port channel id number Valid port channel ID numbers are from 1 to 128 11 Ensure that the port channel is active INTERFACE PORT CHANNEL mode no shutdown 12 Add links to the eVLT port Configure a range of interfaces to bulk configure CONFIGURATION mode interface range port channel id 13 Enable LACP on the LAN port INTERFACE mode port channel p...

Page 947: ...e the peer 2 management ip interface ip for which connectivity is present in VLT peer 1 EXEC Privilege mode show running config vlt 7 Configure the peer 1 management ip interface ip for which connectivity is present in VLT peer 1 EXEC mode or EXEC Privilege mode show interfaces interface 8 Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit shown in the following exam...

Page 948: ...f if po 1 channel member TenGigabitEthernet 1 4 1 1 4 4 Configure the backup link between the VLT peer units 1 Configure the peer 2 management ip interface ip for which connectivity is present in VLT peer 1 2 Configure the peer 1 management ip interface ip for which connectivity is present in VLT peer 2 Dell 2 show running config vlt vlt domain 5 peer link port channel 1 back up destination 10 11 ...

Page 949: ...no shutdown Dell 2 show interfaces port channel 2 brief Codes L LACP Port channel LAG Mode Status Uptime Ports L 2 L2L3 up 03 33 14 Te 1 4 1 Up In the ToR unit configure LACP on the physical ports s60 1 show running config interface tengigabitethernet 1 8 1 interface TenGigabitEthernet 1 8 1 no ip address port channel protocol LACP port channel 100 mode active no shutdown s60 1 show running config...

Page 950: ... is supported in a VLT domain Before you configure VLT on peer switches configure PVST in the network PVST is required for initial loop prevention during the VLT startup phase You may also use PVST for loop prevention in the network outside of the VLT port channel Run PVST on both VLT peer switches PVST instance will be created for every VLAN configured in the system PVST instances running in the ...

Page 951: ...iority 0 Address 90b1 1cf4 9b79 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 0 Address 90b1 1cf4 9b79 We are the root of Vlan 1000 Configured hello time 2 max age 20 forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID Po 1 128 2 128 188 FWD vltI 0 0 90b1 1cf4 9b79 128 2 Po 2 128 3 128 2000 FWD vlt 0 0 90b1 1cf4 9b79 128 3 Te 1 10 1 128 2...

Page 952: ...00 0a Domain_1_Peer1 conf vlt domain unit id 0 Configure eVLT on Peer 1 Domain_1_Peer1 conf interface port channel 100 Domain_1_Peer1 conf if po 100 switchport Domain_1_Peer1 conf if po 100 vlt peer lag port channel 100 Domain_1_Peer1 conf if po 100 no shutdown Add links to the eVLT port channel on Peer 1 Domain_1_Peer1 conf interface range tengigabitethernet 1 16 1 1 16 2 Domain_1_Peer1 conf if r...

Page 953: ...mac address 00 0b 00 0b 00 0b Domain_2_Peer3 conf vlt domain unit id 0 Configure eVLT on Peer 3 Domain_2_Peer3 conf interface port channel 100 Domain_2_Peer3 conf if po 100 switchport Domain_2_Peer3 conf if po 100 vlt peer lag port channel 100 Domain_2_Peer3 conf if po 100 no shutdown Add links to the eVLT port channel on Peer 3 Domain_2_Peer3 conf interface range tengigabitethernet 1 19 1 1 19 2 ...

Page 954: ... tagged port channel 101 VLT_Peer1 conf if vl 4001 tagged port channel 102 VLT_Peer1 conf if vl 4001 no shutdown VLT_Peer1 conf if vl 4001 exit The following example shows how to configure the VLTi port as a static multicast router port for the VLAN VLT_Peer1 conf interface vlan 4001 VLT_Peer1 conf if vl 4001 ip igmp snooping mrouter interface port channel 128 VLT_Peer1 conf if vl 4001 exit VLT_Pe...

Page 955: ...T peer switch including the status of port channels used in the VLT interconnect trunk and to connect to access devices EXEC mode show spanning tree rstp Display the current status of a port or port channel interface used in the VLT domain EXEC mode show interfaces interface interface specify one of the following interface types For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEther...

Page 956: ...stem version 6 3 Delay Restore timer 90 seconds Delay Restore Abort Threshold 60 seconds Peer Routing Disabled Peer Routing Timeout timer 0 seconds Multicast peer routing timeout 150 seconds Dell The following example shows the show vlt detail command Dell_VLTpeer1 show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status Active VLANs 100 100 UP UP 10 20 30 127 2 UP UP 20 30 Dell_VLTpeer2 ...

Page 957: ... Hello s Sent 148 ICL Hello s Received 98 Dell_VLTpeer2 show vlt statistics VLT Statistics HeartBeat Messages Sent 994 HeartBeat Messages Received 978 ICL Hello s Sent 89 ICL Hello s Received 89 The following example shows the show spanning tree rstp command The bold section displays the RSTP state of port channels in the VLT domain Port channel 100 is used in the VLT interconnect trunk VLTi to co...

Page 958: ... 128 111 Po 111 128 112 128 200000 DIS vlt 0 0 0001 e88a dff8 128 112 Po 120 128 121 128 2000 FWD vlt 0 0 0001 e88a dff8 128 121 Additional VLT Sample Configurations To configure VLT configure a backup link and interconnect trunk create a VLT domain configure a backup link and interconnect trunk and connect the peer switches in a VLT domain to an attached access device switch or server Review the ...

Page 959: ...onf vlt domain back up destination 10 11 206 23 Dell_VLTpeer2 conf vlt domain exit Configure the backup link Dell_VLTpeer2 conf interface ManagementEthernet 1 1 Dell_VLTpeer2 conf if ma 1 1 ip address 10 11 206 35 Dell_VLTpeer2 conf if ma 1 1 no shutdown Dell_VLTpeer2 conf if ma 1 1 exit Configure the VLT interconnect VLTi Dell_VLTpeer2 conf interface port channel 100 Dell_VLTpeer2 conf if po 100 ...

Page 960: ...dth monitoring A syslog error message and an SNMP trap is generated when the VLTi bandwidth usage goes above the 80 threshold and when it drops below 80 A syslog error message and an SNMP trap is generated when the VLTi bandwidth usage goes above its threshold Depending on the traffic that is received the traffic can be offloaded inVLTi Domain ID mismatch The VLT peer does not boot up The VLTi is ...

Page 961: ...to a down state A syslog error message is generated The VLT peer does not boot up The VLTi is forced to a down state A syslog error message is generated Verify the unit ID is correct on both VLT peers Unit ID numbers must be sequential on peer units for example if Peer 1 is unit ID 0 Peer 2 unit ID must be 1 Version ID mismatch A syslog error message and an SNMP trap are generated A syslog error m...

Page 962: ...T being a Layer 2 redundancy mechanism support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities To achieve maximum VLT resiliency you should configure the PVLAN IDs and mappings to be identical on both the VLT peer nodes The association of PVLAN with the VLT LAG must also be identical After the VLT LAG is configured to be a member of either the primary or secondar...

Page 963: ...VLTi link is configured as a PVLAN or normal VLAN on both the peers If a PVLAN is configured as a VLT VLAN on one peer and a non VLT VLAN on another peer the VLTi is added as a member of that VLAN by verifying the PVLAN parity on both the peers In such a case if a PVLAN is present as a VLT PVLAN on at least one of the peers then symmetric configuration of the PVLAN is validated to cause the VLTi t...

Page 964: ...the peer If any differences are identified the VLTi link is either added or removed from the VLAN When the peer node restarts and returns online all the PVLAN configurations are exchanged across the peers Based on the information received from the peer a bulk synchronization of MAC addresses that belong to spanned PVLANs is performed During the booting phase or when the ICL link attempts to come u...

Page 965: ...Trunk Primary Normal No No Trunk Trunk Normal Normal Yes Yes Promiscuo us Trunk Primary Primary Yes No Trunk Access Primary Secondary No No Promiscuo us Promiscuo us Primary Primary Yes Yes Promiscuo us Access Primary Secondary No No Promiscuo us Promiscuo us Primary Primary Yes Yes Secondary Community Secondary Isolated No No Access Access Secondary Community Secondary Isolated No No Primary X Pr...

Page 966: ...and identical on both the VLT peers PVLANs provide Layer 2 isolation between ports within the same VLAN A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair With VLT being a Layer 2 redundancy feature support for configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved This section contains the following topics t...

Page 967: ...he range of domain IDs is from 1 to 1000 7 Enter the port channel number that acts as the interconnect trunk VLT DOMAIN CONFIGURATION mode peer link port channel id number The range is from 1 to 128 8 Optional To configure a VLT LAG enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down VLT DOMAIN CONFIGURATION mode peer link por...

Page 968: ...ifying the new secondary VLAN to be added to the list Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes A proxy ARP enabled device answers the ARP requests that are destined for another host or router The local host forwards the traffic to the proxy ARP enabled device which in turn transmits the packets to the destination By default proxy ARP is enab...

Page 969: ...s stopped when the VLT peer s MAC address is removed from the ARP database because of the peer routing timer expiry The source hardware address in the ARP response contains the VLT peer MAC address Proxy ARP is supported for both unicast and broadcast ARP requests Control packets other than ARP requests destined for the VLT peers that reach the undesired and incorrect VLT node are dropped if the I...

Page 970: ...nloaded to the device Only S G routes are used to forward the multicast traffic from the source to the receiver You can configure VLT nodes which function as RP as Multicast Source Discovery Protocol MSDP peers in different domains However you cannot configure the VLT peers as MSDP peers in the same VLT domain In such instances the VLT peer does not support the RP functionality If the same source ...

Page 971: ...omain Dell conf vlt domain 1 Dell conf vlt domain peer link port channel 1 Dell conf vlt domain back up destination 10 16 151 116 Dell conf vlt domain primary priority 100 Dell conf vlt domain system mac mac address 00 00 00 11 11 11 Dell conf vlt domain unit id 0 Dell conf vlt domain Dell show running config vlt vlt domain 1 peer link port channel 1 back up destination 10 16 151 116 primary prior...

Page 972: ...tible Dell conf if vl 50 stack member port channel 10 Dell conf if vl 50 stack member port channel 20 Dell show running config interface vlan 50 interface Vlan 50 vlan stack compatible member Port channel 10 20 shutdown Dell Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN Stack VLAN Dell show vlan id 50 Codes Default VLAN G GVRP VLANs R Remote Port Mirroring VLANs P P...

Page 973: ...fig interface port channel 10 interface Port channel 10 no ip address switchport vlan stack access vlt peer lag port channel 10 no shutdown Dell Dell conf interface port channel 20 Dell conf if po 20 switchport Dell conf if po 20 vlt peer lag port channel 20 Dell conf if po 20 vlan stack trunk Dell conf if po 20 no shutdown Dell show running config interface port channel 20 interface Port channel ...

Page 974: ... Remote Port Mirroring VLANs P Primary C Community I Isolated O Openflow Q U Untagged T Tagged x Dot1x untagged X Dot1x tagged o OpenFlow untagged O OpenFlow tagged G GVRP tagged M Vlan stack i Internal untagged I Internal tagged v VLT untagged V VLT tagged NUM Status Description Q Ports 50 Active M Po10 Te 1 8 1 M Po20 Te 1 20 1 V Po1 Te 1 30 32 1 Dell 974 Virtual Link Trunking VLT ...

Page 975: ...verview The switch acts as the VXLAN gateway and performs the VXLAN Tunnel End Point VTEP functionality VXLAN is a technology where in the data traffic from the virtualized servers is transparently transported over an existing legacy network Figure 130 VXLAN Gateway Virtual Extensible LAN VXLAN 975 ...

Page 976: ...VTEP tunnels Distribute the VTEPs to MAC binding to all relevant VTEPs Provide an interface for cloud orchestration in cloud data center management VTEP VXLAN Tunnel End Point VTEPs work as the open vSwitch running on the hypervisor on a virtualized server or as the VXLAN Gateway or as the Service Node SN that is responsible for flooding The VTEPs are responsible for encapsulation and decapsulatio...

Page 977: ...N from VMWare is the network orchestrator VXLAN communicates with the VTEP using a standard protocol called OvsDb Protocol The protocol uses the JSON RPC based message format The VTEP acts according to the TOR schema defined by VMWare The solution is very specific to VMWare based orchestration platforms and does not work with other orchestration platforms VXLAN Frame Format VXLAN provides a mechan...

Page 978: ...ayload packet is an IPv4 packet The initial VXLAN draft does not include an IPv6 implementation but it is planned for the next draft Outer IP Header The Outer IP Header consists of the following components Protocol It is set to 0 11 to indicate that the frame contains a UDP packet Source IP It is the IP address of originating VTEP Destination IP It is the IP address of target VTEP Outer UDP Header...

Page 979: ...e s FCS is not included but new FCS is generated on the outer Ethernet frame Configuring and Controlling VXLAN from the NVP Controller GUI To configure and control VXLAN from the NVP controller GUI follow these steps 1 Create Hypervisor To create a Hypervisor or server the required fields are the IP address and SSL certificate of the server The following are the snapshots of the user interface for...

Page 980: ...unicast multicast traffic replication The following is the snapshot of the user interface for the creation of service node Figure 135 Create Service Node 3 Create VXLAN Gateway To create a VXLAN L2 Gateway the IP address of the Gateway is mandatory The following is the snapshot of the user interface in creating a VXLAN Gateway Figure 136 Create Gateway 4 Create Logical Switch 980 Virtual Extensibl...

Page 981: ... network It binds the virtual access ports in the GW to logical network VXLAN and VLAN Figure 138 Create Logical Switch Port NOTE For more details about NVP controller configuration refer to the NVP user guide from VMWare Configuring VxLAN Gateway To configure the VxLAN gateway on the switch follow these steps 1 Connecting to NVP controller 2 Advertising VXLAN access ports to controller Connecting...

Page 982: ...000 The default value is 30000 milliseconds 6 fail mode Optional VxLAN INSTANCE mode fail mode secure If the local VTEP loses connectivity with the controller it will delete all its database and hardware flows resources 7 no shut VxLAN INSTANCE mode Advertising VXLAN Access Ports to Controller To advertise the access ports to the controller use the following command In INTERFACE mode vxlan instanc...

Page 983: ...04 The following example shows the show vxlan vxlan instance statistics interface command Dell show vxlan vxlan instance 1 statistics interface fortyGigE 1 12 100 Port Fo 1 12 Vlan 100 Rx Packets 13 Rx Bytes 1317 Tx Packets 13 Tx Bytes 1321 The following example shows the show vxlan vxlan instance physical locator command Dell show vxlan vxlan instance 1 physical locator Instance 1 Tunnel count 1 ...

Page 984: ...Name VNID bffc3be0 13e6 4745 9f6b 0bcbc5877f01 4656 Dell n instance 1 logical network n 2a8d5d19 8845 4365 ad04 243f0b6df252 Name 2a8d5d19 8845 4365 ad04 243f0b6df252 Description Tunnel Key 2 VFI 28674 Unknown Multicast MAC Tunnels 192 168 122 133 vxlan_over_ipv4 up Port Vlan Bindings Te 0 80 VLAN 0 0x80000001 Fo 0 124 VLAN 0 0x80000004 The following example shows the show vxlan vxlan instance sta...

Page 985: ...e nodes for forwarding Broadcast unknown Unicast and Multicast Traffic BUM When one of the service nodes goes down or bfd is down in that service node the gateway switches to the alternate service node for Broadcast unknown Unicast and Multicast Traffic BUM Examples of the show bfd neighbors command To verify that the session is established use the show bfd neighbors command Dell_GW1 show bfd neig...

Page 986: ...ks VPNs for customers VRF is also referred to as VPN routing and forwarding VRF acts like a logical router while a physical router may include many routing tables a VRF instance uses only a single routing table VRF uses a forwarding table that designates the next hop for each data packet a list of devices that may be called upon to forward the packet and a set of rules and routing protocols that g...

Page 987: ...ay have the ability to configure different virtual routers where entries in the FIB that belong to one VRF cannot be accessed by another VRF on the same device Only Layer 3 interfaces can belong to a VRF VRF is supported on following types of interface Physical Ethernet interfaces Port channel interfaces static dynamic using LACP VLAN interfaces Loopback interfaces VRF supports route redistributio...

Page 988: ...tus for Non default VRF Configuration rollback for commands introduced or modified Yes No LLDP protocol on the port Yes No 802 1x protocol on the VLAN port Yes No OSPF RIP ISIS BGP on physical and logical interfaces Yes Yes NOTE OSPF supported on all VRF ports OSPF V2 and BGP V4 are supported on non default VRF ports also Others supported only on default VRF ports Dynamic Port channel LACP on VLAN...

Page 989: ...nterfaces and LAGs Yes No IPv4 ARP Yes Yes IPv6 Neighbor Discovery Yes Yes Layer 2 ACLs on VLANs Yes No FEED Yes No Layer 2 QoS Yes Yes Support for storm control broadcast and unknown unicast Yes No sFlow Yes No VRRP on physical and logical interfaces Yes Yes VRRPV3 Yes Yes Secondary IP Addresses Yes No Following IPv6 capabilities No Basic Yes No OSPFv3 Yes Yes IS IS Yes Yes BGP Yes Yes ACL Yes No...

Page 990: ...de 1 Load CAM memory for the VRF feature feature vrf CONFIGURATION After you load VRF CAM CLI parameters that allow you to configure non default VRFs are made available on the system Creating a Non Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances 1 to 63 and the default VRF 0 Table 95 Creating a Non Default VRF Instance Task Command Syntax Command Mo...

Page 991: ...end port to a management VRF perform the following steps Table 97 Assigning a Front end Port to a Management VRF Task Command Syntax Command Mode Enter the front end interface that you want to assign to a management interface interface tengigabitethernet 1 1 1 CONFIGURATION Assign the interface to management VRF NOTE Before assigning a front end port to a management VRF ensure that no IP address i...

Page 992: ... commands under this OSPF instance are subsequently tied to the VRF instance process id range 0 65535 router ospf process id vrf vrf name CONFIGURATION Once the OSPF process and the VRF are tied together the OSPF Process ID cannot be used again in the system Configuring VRRP on a VRF Instance You can configure the VRRP feature on interfaces that belong to a VRF instance In a virtualized network th...

Page 993: ...a management interface to a management VRF Table 101 Configuring Management VRF Task Command Syntax Command Mode Create a management VRF ip vrf management CONFIGURATION Assign a management port to a management VRF interface management VRF MODE When Management VRF is configured the following interface range or interface group commands are disabled ipv6 nd dad Duplicated Address Detection ipv6 nd dn...

Page 994: ...onfiguring a Static Route To configure a static route perform the following steps Table 102 Configuring a Static Route Task Command Syntax Command Mode Configure a static route that points to a management interface management route ip address mask managementethernet ormanagement route ipv6 address prefix length managementethernet NOTE You can also have the management route to point to a front end ...

Page 995: ...Figure 140 Setup OSPF and Static Routes Virtual Routing and Forwarding VRF 995 ...

Page 996: ...hown in Figure1 and Figure 2 Router 1 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface TenGigabitEthernet 3 1 1 no ip address switchport no shutdown interface TenGigabitEthernet 1 1 1 ip vrf forwarding blue ip address 10 0 0 1 24 no shutdown 996 Virtual Routing and Forwarding VRF ...

Page 997: ...utdown interface Vlan 256 ip vrf forwarding green ip address 3 0 0 1 24 tagged TenGigabitEthernet 3 1 1 no shutdown router ospf 1 vrf blue router id 1 0 0 1 network 1 0 0 0 24 area 0 network 10 0 0 0 24 area 0 router ospf 2 vrf orange router id 2 0 0 1 network 2 0 0 0 24 area 0 network 20 0 0 0 24 area 0 ip route vrf green 31 0 0 0 24 3 0 0 2 Router 2 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 i...

Page 998: ...ip address 3 0 0 2 24 tagged TenGigabitEthernet 3 1 1 no shutdown router ospf 1 vrf blue router id 1 0 0 2 network 11 0 0 0 24 area 0 network 1 0 0 0 24 area 0 passive interface TenGigabitEthernet 2 1 1 router ospf 2 vrf orange router id 2 0 0 2 network 21 0 0 0 24 area 0 network 2 0 0 0 24 area 0 passive interface TenGigabitEthernet 2 2 1 ip route vrf green30 0 0 0 24 3 0 0 1 The following shows ...

Page 999: ...nge C 1 0 0 0 24 Direct Vl 128 0 0 00 20 48 C 10 0 0 0 24 Direct Te 1 1 1 0 0 00 10 06 O 11 0 0 0 24 via 1 0 0 2 Vl 128 110 2 00 11 13 Dell show ip route vrf orange Codes C connected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1...

Page 1000: ...Dell show ip vrf VRF Name VRF ID Interfaces default vrf 0 Te 3 1 1 3 1 3 Te 2 1 1 2 17 1 2 21 1 2 32 4 Ma 1 1 Ma 2 1 Nu 0 Vl 1 blue 1 Te 2 1 1 Vl 128 orange 2 Te 2 2 1 Vl 192 green 3 Te 2 3 1 Vl 256 Dell show ip ospf 1 neighbor Neighbor ID Pri State Dead Time Address Interface Area 1 0 0 1 1 FULL BDR 00 00 36 1 0 0 1 Vl 128 0 Dell sh ip ospf 2 neighbor Neighbor ID Pri State Dead Time Address Inter...

Page 1001: ...level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active route summary route Gateway of last resort is not set Destination Gateway Dist Metric Last Change C 2 0 0 0 24 Direct Vl 192 0 0 00 26 44 O 20 0 0 0 24 via 2 0 0 1 Vl 192 110 2 00 14 22 C 21 0 0 0 24 Direct Te 2 2 1 0 0 00 20 38 Dell show ip route vrf green Codes C connected S static R RIP B BGP IN internal BGP EX external B...

Page 1002: ...te Leaking enables a VRF to leak or export routes that are present in its RTM to one or more VRFs Dynamic Route Leaking enables a source VRF to share both its connected routes as well as dynamically learnt routes from various protocols such as ISIS OSPF BGP and so on with other default or non default VRFs You can also leak global routes to be made available to VRFs As the global RTM usually contai...

Page 1003: ...utes corresponding to VRF Red and VRF Blue are leaked to VRF Shared For leaking the routes from VRF Shared to VRF Red and VRF Blue you can configure route export tag on VRF shared source VRF who is exporting the routes the same route export tag value should be configured on VRF Red and VRF blue as route import tag target VRF that is importing the routes For a reply communication VRF red and VRF bl...

Page 1004: ...rface is assigned to it 10 Configure the import target in the source VRF VRF Shared for reverse communication with VRF red and VRF blue ip vrf vrf shared ip route import 2 2 ip route import 3 3 The show run output for the above configuration is as follows ip vrf VRF Red ip route export 2 2 ip route import 1 1 ip vrf VRF Blue ip route export 3 3 ip route import 1 1 ip vrf VRF Green ip vrf VRF share...

Page 1005: ...0 32 36 C 144 4 4 0 24 Direct VRF shared Te 1 4 1 0 0 00 32 36 Dell show ip route vrf VRF Blue O 22 2 2 2 32 via 122 2 2 2 110 0 00 00 11 C 122 2 2 0 24 Direct Te 1 12 1 0 0 22 39 61 O 44 4 4 4 32 via vrf shared 144 4 4 4 0 0 00 32 36 C 144 4 4 0 24 Direct vrf shared Te 1 4 1 0 0 00 32 36 Dell show ip route vrf VRF Green O 33 3 3 3 32 via 133 3 3 3 110 0 00 00 11 C 133 3 3 0 24 Direct Te 1 13 1 0 ...

Page 1006: ...cify matching criteria for importing or exporting routes between VRFs NOTE You must use the match source protocol or match ip address commands in conjunction with the route map command to be able to define the match criteria for route leaking Consider a scenario where you have created two VRF tables VRF red and VRF blue VRF red exports routes with the export_ospfbgp_protocol route map to VRF blue ...

Page 1007: ...hing criteria for importing routes into VRF blue Dell config route map match source protocol ospf This action specifies that the route map contains OSPF as the matching criteria for importing routes into vrf blue 8 Configure the import target in VRF blue with route map import_ospf_protociol ip route import 1 1 import_ospf_protocol When you import routes into VRF blue using the route map import_osp...

Page 1008: ... BGP the BGP route is not leaked as that route is not active in the Source VRF The export target and import target support only the match protocol and match prefix list options Other options that are configured in the route maps are ignored You can expose a unique set of routes from the Source VRF for Leaking to other VRFs For example in VRF red there is no option for exporting one set of routes f...

Page 1009: ... and allows for up to 255 VRRP routers on a network The following example shows a typical network configuration using VRRP Instead of configuring the hosts on the network 10 10 10 0 with the IP address of either Router A or Router B as their default router their default router is the IP address configured on the virtual router When any host on the LAN segment wants to access the Internet it sends ...

Page 1010: ...long to the primary or secondary IP address subnet configured on the interface You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet Z Series supports a total of 255 VRRP groups on a switch The total number of VRRP groups per system should be less than 512 The following recommendations shown may vary depending on various factors like addre...

Page 1011: ...7 seconds 100 Between 1200 and 1500 8 seconds 120 VRRP Configuration By default VRRP is not configured Configuration Task List The following list specifies the configuration tasks for VRRP Creating a Virtual Router mandatory Configuring the VRRP Version for an IPv4 Group optional Assign Virtual IP Addresses mandatory Setting VRRP Group Virtual Router Priority optional Configuring VRRP Authenticati...

Page 1012: ...onfigure a VRRP group to use one of the following VRRP versions VRRPv2 as defined in RFC 3768 Virtual Router Redundancy Protocol VRRP VRRPv3 as defined in RFC 5798 Virtual Router Redundancy Protocol VRRP Version 3 for IPv4 and IPv6 You can also migrate a IPv4 group from VRRPv2 to VRRP3 To configure the VRRP version for IPv4 use the version command in INTERFACE mode Example Configuring VRRP to Use ...

Page 1013: ...nsmitting VRRP packets configure at least one virtual IP address in a VRRP group The virtual IP address is the IP address of the virtual router and does not require the IP address mask You can configure up to 12 virtual IP addresses on a single VRRP group VRID The following rules apply to virtual IP addresses The virtual IP addresses must be in the same subnet as the primary or secondary IP addres...

Page 1014: ...ion NOTE In the following example the primary IP address and the virtual IP addresses are on the same subnet Dell conf if te 1 1 1 show conf interface TenGigabitEthernet 1 1 1 ip address 10 10 10 1 24 vrrp group 111 priority 255 virtual address 10 10 10 1 virtual address 10 10 10 2 virtual address 10 10 10 3 vrrp group 222 no shutdown The following example shows the same VRRP group VRID 111 config...

Page 1015: ...e breakers to decide which is MASTER The router with the higher IP address becomes MASTER To configure the VRRP group s priority use the following command Configure the priority for the VRRP group INTERFACE VRID mode priority priority The range is from 1 to 255 The default is 100 Examples of the priority Command Dell conf if te 1 2 1 vrrp group 111 Dell conf if te 1 2 1 vrid 111 priority 125 To ve...

Page 1016: ...e Dell conf if te 1 1 1 vrid 111 authentication type simple 7 force10 The following example shows verifying the VRRP authentication configuration using the show conf command The bold section shows the encrypted password Dell conf if te 1 1 1 vrid 111 show conf vrrp group 111 authentication type simple 7 387a7f2df5969da4 priority 255 virtual address 10 10 10 1 virtual address 10 10 10 2 virtual add...

Page 1017: ...ng OS recommends increasing the VRRP advertisement interval to a value higher than the default value of one second If you do change the time interval between VRRP advertisements on one router change it on all participating routers If are using VRRP version 2 you must configure the timer values in multiple of whole seconds For example a timer value of 3 seconds or 300 centisecs are valid and equiva...

Page 1018: ...own the VRRP group s priority decreases by a default value of 10 also known as cost If the tracked interface s state goes up the VRRP group s priority increases by 10 The lowered priority of the VRRP group may trigger an election As the Master Backup VRRP routers are selected based on the VRRP group s priority tracking features ensure that the best VRRP router is the Master for that group The sum ...

Page 1019: ...riority INTERFACE VRID mode track interface priority cost cost The cost range is from 1 to 254 The default is 10 Optional Display the configuration and the UP or DOWN state of tracked objects including the client VRRP group that is tracking an object s state EXEC mode or EXEC Privilege mode show track Optional Display the configuration and the UP or DOWN state of tracked interfaces and objects in ...

Page 1020: ...ng the VRRP status Dell show vrrp TenGigabitEthernet 1 8 1 IPv6 VRID 1 Version 3 Net fe80 201 e8ff fe01 95cc VRF 0 default vrf State Master Priority 100 Master fe80 201 e8ff fe01 95cc local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 310 Virtual MAC address 00 00 5e 00 02 01 Virtual IP address 2007 1 fe80 1 ...

Page 1021: ...vior occurs When the system reloads VRRP waits 600 seconds 10 minutes to bring up VRRP on all interfaces that are up and configured for VRRP When an interface comes up and becomes operational the system waits 300 seconds 5 minutes to bring up VRRP on that interface To set the delay time for VRRP initialization use the following commands Set the delay time for VRRP initialization on an individual i...

Page 1022: ...RRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2 R2 conf interface tengigabitethernet 2 31 1 R2 conf if te 2 31 1 ip address 10 1 1 1 24 R2 conf if te 2 31 1 vrrp group 99 R2 conf if te 2 31 1 vrid 99 priority 200 R2 conf if te 2 31 1 vrid 99 virtual 10 1 1 3 R2 conf if te 2 31 1 vrid 99 no shut R2 conf if te 2 31 1...

Page 1023: ...abitethernet 3 21 1 R3 conf if te 3 21 1 ip address 10 1 1 2 24 R3 conf if te 3 21 1 vrrp group 99 R3 conf if te 3 21 1 vrid 99 virtual 10 1 1 3 R3 conf if te 3 21 1 vrid 99 no shut R3 conf if te 3 21 1 show conf interface TenGigabitEthernet 3 21 1 ip address 10 1 1 1 24 vrrp group 99 virtual address 10 1 1 3 no shutdown R3 conf if te 3 21 1 end R3 show vrrp TenGigabitEthernet 3 21 1 VRID 99 Net 1...

Page 1024: ...6 address The following example shows configuring VRRP for IPv6 Router 2 and Router 3 Configure a virtual link local fe80 address for each VRRPv3 group created for an interface The VRRPv3 group becomes active as soon as you configure the link local address Afterward you can configure the group s virtual IPv6 address The virtual IPv6 address you configure must be the same as the IPv6 subnet to whic...

Page 1025: ...fe6a c59f local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 135 Virtual MAC address 00 00 5e 00 02 0a Virtual IP address 1 10 fe80 10 Router 3 R3 conf interface tengigabitethernet 1 2 1 R3 conf if te 1 2 1 no ipv6 address R3 conf if te 1 2 1 ipv6 address 1 2 64 R3 conf if te 1 2 1 vrrp group 10 R2 conf if te...

Page 1026: ...Switch 2 have three VRF instances defined VRF 1 VRF 2 and VRF 3 Each VRF has a separate physical interface to a LAN switch and an upstream VPN interface to connect to the Internet Both Switch 1 and Switch 2 use VRRP groups on each VRF instance in order that there is one MASTER and one backup router for each VRF In VRF 1 and VRF 2 Switch 2 serves as owner master of the VRRP group and Switch 1 serve...

Page 1027: ... VRID used by the VRRP group 11 in VRF 1 will be 177 S1 conf if te 1 1 1 vrid 101 priority 100 S1 conf if te 1 1 1 vrid 101 virtual address 10 10 1 2 S1 conf if te 1 1 1 no shutdown S1 conf interface TenGigabitEthernet 1 2 1 S1 conf if te 1 2 1 ip vrf forwarding VRF 2 S1 conf if te 1 2 1 ip address 10 10 1 6 24 S1 conf if te 1 2 1 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 2 will...

Page 1028: ...terface TenGigabitEthernet 1 1 1 S2 conf if te 1 1 1 ip vrf forwarding VRF 1 S2 conf if te 1 1 1 ip address 10 10 1 2 24 S2 conf if te 1 1 1 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if te 1 1 1 vrid 101 priority 255 S2 conf if te 1 1 1 vrid 101 virtual address 10 10 1 2 S2 conf if te 1 1 1 no shutdown S2 conf interface TenGigabitEthernet 1 2 1 S2 conf if t...

Page 1029: ...1 1 no shutdown S1 conf if te 1 1 1 interface vlan 100 S1 conf if vl 100 ip vrf forwarding VRF 1 S1 conf if vl 100 ip address 10 10 1 5 24 S1 conf if vl 100 tagged TenGigabitethernet 1 1 1 S1 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S1 conf if vl 100 vrid 101 priority 100 S1 conf if vl 100 vrid 101 virtual address 10 10 1 2 S1 conf if vl 100 no shut...

Page 1030: ...f forwarding VRF 1 S2 conf if vl 100 ip address 10 10 1 2 24 S2 conf if vl 100 tagged TenGigabitethernet 1 1 1 S2 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if vl 100 vrid 101 priority 255 S2 conf if vl 100 vrid 101 virtual address 10 10 1 2 S2 conf if vl 100 no shutdown S2 conf if te 1 1 1 interface vlan 200 S2 conf if vl 200 ip vrf forwardin...

Page 1031: ...Bad pkts rcvd 0 Adv sent 0 Gratuitous ARP sent 0 Virtual MAC address 00 00 5e 00 01 0a Virtual IP address 20 1 1 100 Authentication none Dell show vrrp vrf vrf2 port channel 1 Port channel 1 IPv4 VRID 1 Version 2 Net 10 1 1 1 VRF 2 vrf2 State Master Priority 100 Master 10 1 1 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 419 Gratuitous ARP sent 1 Virtual MAC...

Page 1032: ... IP addresses interfaces names and so on NOTE In a VRRP or VRRPv3 group if two routers come up with the same priority and another router already has MASTER status the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address Router 2 R2 conf interface tengigabitethernet 1 1 1 R2 conf if te 1 1 1 no ip address R2 conf if te 1 1 1 ipv6 address 1 1 64...

Page 1033: ... AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 135 Virtual MAC address 00 00 5e 00 02 0a Virtual IP address 1 10 fe80 10 NOTE Although R2 and R3 have the same default priority 100 R2 is elected master in the VRRPv3 group because the Tengigabitethernet 1 1 interface has a higher IPv6 address than the Tengigabitethernet 1 2 interface on R3 Route...

Page 1034: ...t 120 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 10 1 1 255 fe80 255 Dell Dell show vrrp vrf vrf1 vlan 400 Vlan 400 IPv6 VRID 255 Version 3 Net fe80 201 e8ff fe8a e9ed VRF 1 vrf1 State Master Priority 200 Master fe80 201 e8ff fe8a e9ed local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 339 Virtu...

Page 1035: ...6 VRID 255 Version 3 Net fe80 201 e8ff fe8a fd76 VRF 2 vrf2 State Backup Priority 90 Master fe80 201 e8ff fe8a e9ed Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 548 Bad pkts rcvd 0 Adv sent 0 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 10 1 1 255 fe80 255 Virtual Router Redundancy Protocol VRRP 1035 ...

Page 1036: ...nto Loopback mode and test packets are transmitted through those components Level 2 diagnostics also perform snake tests using virtual local area network VLAN configurations Important Points to Remember You can only perform offline diagnostics on an offline standalone unit or offline member unit of a stack of three or more You cannot perform diagnostics on the management or standby unit in a stack...

Page 1037: ... unit id txt Log messages differ somewhat when diagnostics are done on a standalone unit and on a stack member 4 View the results of the diagnostic tests EXEC Privilege mode show file flash TestReport SU stack unit id txt Examples of Running Offline Diagnostics The following example shows the offline stack unit stack unit number command Dell offline stack unit 1 Warning offline of unit will bring ...

Page 1038: ...0 12 10 System may take additional time for Driver Init 00 12 10 Approximate time to complete the Diags 6 Mins The following example shows the diag command stack member output from master unit Dell diag stack unit 2 Warning the stack unit will be pulled out of the stack for diagnostic execution Proceed with Diags confirm yes no yes Warning diagnostic execution will cause multiple link flaps on the...

Page 1039: ... Detect Test PASS Test 3 000 Psu0 Presence Test PASS diagS6000PsuPresenceTest 1022 ERROR Psu 1 is not present Test 3 001 Psu1 Presence Test NOT PRESENT Test 3 Psu Presence Test NOT PRESENT Test 4 000 Psu0 Source Type Test PASS diagS6000IsPsuGood 954 ERROR Psu 1 Power supply is not present Test 4 001 Psu1 Source Type Test NOT PRESENT Test 4 Psu Source Type Test NOT PRESENT Test 5 000 Psu0 Status Mo...

Page 1040: ...2c Access Test PASS Test 13 006 I2c Access Test PASS Test 13 007 I2c Access Test PASS Test 13 008 I2c Access Test PASS Test 13 009 I2c Access Test PASS Test 13 010 I2c Access Test PASS Test 13 011 I2c Access Test PASS f10DiagI2cRead 203 ERROR i2c_read failed dev dev i2c2 i2c addr 0x51 offset 0 reglen 0x1 buflen 0x1 flags 0 rv 1 diagS6000I2cAccessTest 2606 ERROR FanTray2 Eeprom Device ABSENT Test 1...

Page 1041: ...e command from the flash TRACE_LOG_DIR directory NOTE Non management member units do not support this functionality Hardware Watchdog Timer The hardware watchdog command automatically reboots an Dell Networking OS switch router with a single RPM that is unresponsive This is a last resort mechanism intended to prevent a manual power cycle Enabling Environmental Monitoring The device components use ...

Page 1042: ...ing information 1 Use the show environment commands to monitor the temperature levels 2 Check air flow through the system Ensure that the air ducts are clean and that all fans are working correctly 3 After the software has determined that the temperature levels are within normal limits you can re power the card safely To bring back the line card online use the power on command in EXEC mode In addi...

Page 1043: ...perature of the connected optics NOTE These OIDs only generate if you enable the enable optic info update interval is enabled command Hardware MIB Buffer Statistics 1 3 6 1 4 1 6027 3 16 1 1 4 fpPacketBufferTable View the modular packet buffers details per stack unit and the mode of allocation 1 3 6 1 4 1 6027 3 16 1 1 5 fpStatsPerPortTable View the forwarding plane statistics containing the packe...

Page 1044: ...status Dedicated buffers introduce a trade off They provide each interface with a guaranteed minimum buffer to prevent an overused and congested interface from starving all other interfaces However this minimum guarantee means that the buffer manager does not reallocate the buffer to an adjacent congested interface which means that in some cases memory is under used Dynamic buffer this pool is sha...

Page 1045: ... In this case Reduce the dedicated buffer on all queues interfaces Increase the dynamic buffer on all interfaces Increase the cell pointers on a queue that you are expecting will receive the largest number of packets To define change and apply buffers use the following commands Define a buffer profile for the FP queues CONFIGURATION mode buffer profile fp fsqueue Define a buffer profile for the CS...

Page 1046: ...terface might prevent other interfaces from receiving the configured dynamic allocation which causes packet loss You cannot allocate more than the available memory for the dedicated buffers If the system determines that the sum of the configured dedicated buffers allocated to the queues is more than the total available memory the configuration is rejected returning a syslog message similar to the ...

Page 1047: ...erprofile The following example shows viewing the default buffer profile on an interface Dell show buffer profile detail interface tengigabitethernet 1 10 1 Interface Te 1 10 1 Buffer profile fsqueue fp Dynamic buffer 1256 00 Kilobytes Queue Dedicated Buffer Buffer Packets Kilobytes 0 3 00 256 1 3 00 256 2 3 00 256 3 3 00 256 4 3 00 256 5 3 00 256 6 3 00 256 7 3 00 256 The following example shows ...

Page 1048: ...d buffer profiles Similarly when you configure buffer profile global you cannot not apply a buffer profile on any single interface A message similar to the following displays Error Global pre defined buffer profile already applied Failed to apply user defined buffer profile on interface Te 1 1 1 Please remove global pre defined buffer profile To apply a predefined buffer profile use the following ...

Page 1049: ...stem flow layer2 stack unit stack unit number port set number counters show hardware drops interface range interface show hardware stack unit id buffer stats snapshot unit id resource x show hardware buffer inteface interface priority group id all queue id all buffer info show hardware buffer stats snapshot resource interface interface priority group id all queue ucast id all mcast id all all show...

Page 1050: ...ROPS on COS4 0 HOL DROPS on COS5 0 HOL DROPS on COS6 0 HOL DROPS on COS7 0 HOL DROPS on COS8 0 HOL DROPS on COS9 0 HOL DROPS on COS10 0 HOL DROPS on COS11 0 HOL DROPS on COS12 0 HOL DROPS on COS13 0 HOL DROPS on COS14 0 HOL DROPS on COS15 0 HOL DROPS on COS16 0 HOL DROPS on COS17 0 TxPurge CellErr 0 Aged Drops 0 Egress MAC counters Egress FCS Drops 0 Egress FORWARD PROCESSOR Drops IPv4 L3UC Aged D...

Page 1051: ... on COS15 0 HOL DROPS on COS16 0 HOL DROPS on COS17 0 TxPurge CellErr 0 Aged Drops 0 Egress MAC counters Egress FCS Drops 0 Egress FORWARD PROCESSOR Drops IPv4 L3UC Aged Drops 0 TTL Threshold Drops 0 INVALID VLAN CNTR Drops 0 L2MC Drops 0 PKT Drops of ANY Conditions 0 Hg MacUnderflow 0 TX Err PKT Counter 0 Error counters Internal Mac Transmit Errors 0 Unknown Opcodes 0 Internal Mac Receive Errors ...

Page 1052: ...ss FORWARD PROCESSOR Drops IPv4 L3UC Aged Drops 0 TTL Threshold Drops 0 INVALID VLAN CNTR Drops 0 L2MC Drops 0 PKT Drops of ANY Conditions 0 Hg MacUnderflow 0 TX Err PKT Counter 0 Error counters Internal Mac Transmit Errors 0 Unknown Opcodes 0 Internal Mac Receive Errors 0 Dell show hardware stack unit 1 drops UNIT No 1 Total Ingress Drops 6804353 Total IngMac Drops 0 Total Mmu Drops 124904297 Tot...

Page 1053: ... 18 18 0 0 0 0 0 19 19 0 0 0 0 0 20 20 0 0 0 0 0 21 21 0 0 0 0 0 22 22 0 0 0 0 0 23 23 0 0 0 0 0 24 24 0 0 0 0 0 25 25 0 0 0 0 0 26 26 0 0 0 0 0 27 27 0 0 0 0 0 28 28 0 0 0 0 0 29 29 0 0 0 0 0 30 30 0 0 0 0 0 31 31 0 0 0 0 0 32 32 0 0 0 0 0 33 33 0 0 0 0 0 34 34 0 0 0 0 0 35 35 0 0 0 0 0 36 36 0 0 0 0 0 37 37 0 0 0 0 0 38 38 0 0 0 0 0 39 39 0 0 Debugging and Diagnostics 1053 ...

Page 1054: ...0 0 0 0 52 63 0 0 0 0 0 52 64 0 0 0 0 0 53 65 0 0 0 0 0 53 66 0 0 0 0 0 53 67 0 0 0 0 0 53 68 0 0 0 0 0 54 1 69 0 0 0 0 0 54 2 70 0 0 0 0 0 54 3 71 0 0 0 0 0 54 4 72 0 0 0 0 0 Internal 53 0 0 0 0 0 Internal 57 4659499 0 0 0 0 Dataplane Statistics The show hardware stack unit cpu data plane statistics command provides insight into the packet types coming to the CPU The show hardware stack unit cpu ...

Page 1055: ...ics for device rxHandle 0 noMhdr 0 noMbuf 0 noClus 0 recvd 0 dropped 0 recvToNet 0 rxError 0 rxDatapathErr 0 rxPkt COS0 0 rxPkt COS1 0 rxPkt COS2 0 rxPkt COS3 0 rxPkt COS4 0 rxPkt COS5 0 rxPkt COS6 0 rxPkt COS7 0 rxPkt UNIT0 0 rxPkt UNIT1 0 rxPkt UNIT2 0 rxPkt UNIT3 0 transmitted 0 txRequested 0 noTxDesc 0 txError 0 txReqTooLarge 0 txInternalError 0 txDatapathErr 0 txPkt COS0 0 txPkt COS1 0 txPkt ...

Page 1056: ...ets sec 0 00 of line rate Output 00 06 Mbits sec 8 packets sec 0 00 of line rate Dell Display Stack Member Counters The show hardware stack unit stack unit number counters details port stats detail register command displays internal receive and transmit statistics based on the selected command option The following example is a sample of the output for the counters option Example of Displaying Stac...

Page 1057: ... 0 RX Double VLAN tag frame counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 46 TX 64 to 127 Byte Frame Counter 0 TX 128 to 255 Byte Frame Counter 0 TX 256 to 511 Byte Frame Counter 0 TX 512 to 1023 Byte Frame Counter 0 TX 1024 to 1518 Byte Frame Counter 0 TX 1519 to 1522 Byte Good VLAN Frame Counter 0 TX 1519 to 2047 Byte Frame Counter 0 TX...

Page 1058: ...g frame counter 0 RX Double VLAN tag frame counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 0 TX 64 to 127 Byte Frame Counter 0 TX 128 to 255 Byte Frame Counter 0 TX 256 to 511 Byte Frame Counter 0 TX 512 to 1023 Byte Frame Counter 0 TX 1024 to 1518 Byte Frame Counter 0 TX 1519 to 1522 Byte Good VLAN Frame Counter 0 TX 1519 to 2047 Byte Fram...

Page 1059: ... RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 46 TX 64 to 127 Byte Frame Counter 0 TX 128 to 255 Byte Frame Counter 0 TX 256 to 511 Byte Frame Counter 0 TX 512 to 1023 Byte Frame Counter 0 TX 1024 to 1518 Byte Frame Counter 0 TX 1519 to 1522 Byte Good VLAN Frame Counter 0 TX 1519 to 2047 Byte Frame Counter 0 TX 2048 to 4095 Byte Frame Counter 0 TX...

Page 1060: ...frame counter 0 RX Oversized frame counter 0 RX Jabber frame counter 0 RX VLAN tag frame counter 0 RX Double VLAN tag frame counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 46 TX 64 to 127 Byte Frame Counter 0 TX 128 to 255 Byte Frame Counter 0 TX 256 to 511 Byte Frame Counter 0 TX 512 to 1023 Byte Frame Counter 0 TX 1024 to 1518 Byte Frame ...

Page 1061: ...Byte Counter 0 RX Control frame counter 0 RX PAUSE frame counter 0 RX Oversized frame counter 0 RX Jabber frame counter 0 RX VLAN tag frame counter 0 RX Double VLAN tag frame counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 0 TX 64 to 127 Byte Frame Counter 0 TX 128 to 255 Byte Frame Counter 0 TX 256 to 511 Byte Frame Counter 0 TX 512 to 102...

Page 1062: ...rame Counter 0 RX Byte Counter 0 RX Control Frame Counter 0 RX Pause Control Frame Counter 0 RX Oversized Frame Counter 0 RX Jabber Frame Counter 0 RX VLAN Tag Frame Counter 0 RX Double VLAN Tag Frame Counter 0 RX RUNT Frame Counter 0 RX Fragment Counter 0 RX VLAN Tagged Packets 0 RX Ingress Dropped Packet 0 RX MTU Check Error Frame Counter 0 RX PFC Frame Priority 0 0 RX PFC Frame Priority 1 0 RX ...

Page 1063: ...ypes exist and they are displayed in regular English text to enable easier understanding of the crash cause Example of Application Mini Core Dump Listings Dell dir Directory of flash 1 drw 16384 Jan 01 1980 00 00 00 00 00 2 drwx 1536 Sep 03 2009 16 51 02 00 00 3 drw 512 Aug 07 2009 13 05 58 00 00 TRACE_LOG_DIR 4 d 512 Aug 07 2009 13 06 00 00 00 ADMIN_DIR 5 rw 8693 Sep 03 2009 16 50 56 00 00 startu...

Page 1064: ...rded in a file by specifying the snap length to capture the file headers only The tcpdump command has a finite run process When you enable the tcpdump command it runs until the capture duration timer and or the packet count counter threshold is met If you do not set a threshold the system uses a default of a 5 minute capture duration and or a single 1k file as the stopping point for the dump You c...

Page 1065: ...iance The following is a list of IEEE compliance 802 1AB LLDP 802 1D Bridging STP 802 1p L2 Prioritization 802 1Q VLAN Tagging Double VLAN Tagging GVRP 802 1s MSTP 802 1w RSTP 802 1X Network Access Control Port Authentication 802 3ab Gigabit Ethernet 1000BASE T 802 3ac Frame Extensions for VLAN Tagging 802 3ad Link Aggregation with LACP 802 3ae 10 Gigabit Ethernet 10GBASE W 10GBASE X 802 3af Power...

Page 1066: ...m Protocol 7 6 1 793 Transmission Control Protocol 7 6 1 854 Telnet Protocol Specification 7 6 1 959 File Transfer Protocol FTP 7 6 1 1321 The MD5 Message Digest Algorithm 7 6 1 1350 The TFTP Protocol Revision 2 7 6 1 1661 The Point to Point Protocol PPP 1989 PPP Link Quality Monitoring 1990 The PPP Multilink Protocol MP 1994 PPP Challenge Handshake Authentication Protocol CHAP 2460 Internationali...

Page 1067: ...ries S Series 7 9 1 Internet Protocol 7 6 1 7 9 2 Internet Control Message Protocol 7 6 1 8 2 6 An Ethernet Address Resolution Protocol 7 6 1 1 0 2 7 Using ARP to Implement Transparent Subnet Gateways 7 6 1 1 0 3 5 DOMAIN NAMES IMPLEMENTATI ON AND SPECIFICATIO N client 7 6 1 1 0 4 2 A Standard for the Transmission of IP Datagrams over IEEE 802 Networks 7 6 1 1 1 9 1 Path MTU Discovery 7 6 1 Standa...

Page 1068: ... 6 1 1 5 4 2 Clarifications and Extensions for the Bootstrap Protocol 7 6 1 1 8 1 2 Requirements for IP Version 4 Routers 7 6 1 2 1 3 1 Dynamic Host Configuration Protocol 7 6 1 2 3 3 8 Virtual Router Redundancy Protocol VRRP 7 6 1 3 0 2 1 Using 31 Bit Prefixes on IPv4 Point to Point Links 7 7 1 3 0 4 6 DHCP Relay Agent Information Option 7 8 1 3 0 VLAN Aggregation for Efficient IP 7 8 1 1068 Stan...

Page 1069: ...rm for general IPv6 protocols Table 109 General IPv6 Protocols RF C Full Name Z Series S Series 18 86 DNS Extensions to support IP version 6 7 8 1 19 81 Pa rtia l Path MTU Discovery for IP version 6 7 8 1 24 60 Internet Protocol Version 6 IPv6 Specificatio n 7 8 1 24 62 Pa rtia l IPv6 Stateless Address Autoconfig uration 7 8 1 24 64 Transmissio n of IPv6 Packets over Ethernet Networks 7 8 1 Standa...

Page 1070: ...ed Address Architectur e 8 3 12 0 42 91 Internet Protocol Version 6 IPv6 Addressing Architectur e 7 8 1 44 43 Internet Control Message Protocol ICMPv6 for the IPv6 Specificatio n 7 8 1 48 61 Neighbor Discovery for IPv6 8 3 12 0 48 62 IPv6 Stateless Address Autoconfig uration 8 3 12 0 51 75 IPv6 Router Advertisem ent Flags Option 8 3 12 0 1070 Standards Compliance ...

Page 1071: ...ute Refresh Capability for BGP 4 7 8 1 3065 Autonomous System Confederations for BGP 7 8 1 4360 BGP Extended Communities Attribute 7 8 1 4893 BGP Support for Four octet AS Number Space 7 8 1 5396 Textual Representation of Autonomous System AS Numbers 8 1 2 draft ietf idrbgp4 20 A Border Gateway Protocol 4 BGP 4 7 8 1 draft ietf idrrestart 06 Graceful Restart Mechanism for BGP 7 8 1 Open Shortest P...

Page 1072: ...name Exchange Mechanism for IS IS 2966 Domain wide Prefix Distribution with Two Level IS IS 3373 Three Way Handshake for Intermediate System to Intermediate System IS IS Point to Point Adjacencies 3567 IS IS ACruythpetongtircaapthioicn 3784 Intermediate System to Intermediate System IS IS Extensions in Support of Generalized Multi Protocol Label Switching GMPLS 5120 MT ISIS Multi Topology MT Routi...

Page 1073: ...s the Dell Networking OS support per platform for Multicast protocol Table 114 Multicast RFC Full Name Z Series S Series 1112 Host Extensions for IP Multicasting 7 8 1 2236 Internet Group Management Protocol Version 2 7 8 1 3376 Internet Group Management Protocol Version 3 7 8 1 3569 An Overview of Source Specific Multicast SSM 7 8 1 SSM for IPv4 3618 Multicast Source Discovery Protocol MSDP draft...

Page 1074: ...twork Management Protocol SNMP 7 6 1 1212 Concise MIB Definitions 7 6 1 1215 A Convention for Defining Traps for use with the SNMP 7 6 1 1493 Definitions of Managed Objects for Bridges except for the dot1dTpLearnedEntryDisc ards object 7 6 1 1724 RIP Version 2 MIB Extension 1850 OSPF Version 2 Management Information Base 7 6 1 1901 Introduction to Community based SNMPv2 7 6 1 2011 SNMPv2 Managemen...

Page 1075: ...Statements for Internet Standard Management Framework 7 6 1 2571 An Architecture for Describing Simple Network Management Protocol SNMP Management Frameworks 7 6 1 2572 Message Processing and Dispatching for the Simple Network Management Protocol SNMP 7 6 1 2574 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMPv3 7 6 1 2575 View based Access Control Model V...

Page 1076: ...pped 7 6 1 2698 A Two Rate Three Color Marker 9 5 0 0 9 5 0 0 9 5 0 0 3635 Definitions of Managed Objects for the Ethernet like Interface Types 7 6 1 2674 Definitions of Managed Objects for Bridges with Traffic Classes Multicast Filtering and Virtual LAN Extensions 7 6 1 2787 Definitions of Managed Objects for the Virtual Router Redundancy Protocol 7 6 1 2819 Remote Network Monitoring Management I...

Page 1077: ...r the Simple Network Management Protocol SNMP 7 6 1 3434 Remote Monitoring MIB Extensions for High Capacity Alarms High Capacity Alarm Table 64 bits 7 6 1 3580 IEEE 802 1X Remote Authentication Dial In User Service RADIUS Usage Guidelines 7 6 1 3815 Definitions of Managed Objects for the Multiprotocol Label Switching MPLS Label Distribution Protocol LDP 4001 Textual Conventions for Internet Networ...

Page 1078: ... Base for Intermediate System to Intermediate System IS IS isisSysObject top level scalar objects isisISAdjTable isisISAdjAreaAddrTable isisISAdjIPAddrTable isisISAdjProtSuppTable draft ietf netmod interfaces cfg 03 Defines a YANG data model for the configuration of network interfaces Used in the Programmatic Interface RESTAPI feature 9 2 0 0 9 2 0 0 9 2 0 0 IEEE 802 1AB Management Information Bas...

Page 1079: ...4 mibv2 05 7 8 1 f10 bmp mib Force10 Bare Metal Provisioning MIB 9 2 0 0 9 2 0 0 9 2 0 0 FORCE10 FIB MIB Force10 CIDR Multipath Routes MIB The IP Forwarding Table provides information that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue It reports the autonomous system of the next hop multiple next hop support and policy routing support FORCE10 CS...

Page 1080: ...MIB enables the user to view CAM usage information 7 6 1 FORCE10 TC MIB Force10 Textual Convention 7 6 1 FORCE10 TRAP ALARM MIB Force10 Trap Alarm MIB 7 6 1 MIB Location You can find Force10 MIBs under the Force10 MIBs subhead on the Documentation page of iSupport https www force10networks com CSPortal20 KnowledgeBase Documentation aspx You also can obtain a list of selected MIBs and their OIDs at...

Reviews:

No comments

Brands by name

Popular brands

Load more brands