Home
/
Dell
/
Z9000
/
Configuration Manual

Dell Z9000, Configuration Manual

Share

Page: 718 / 968

Dell Z9000 Configuration Manual Download Page 718

To use local authentication for

enable secret

on the console, while using remote authentication on

VTY lines, issue the following commands.

The following example shows enabling local authentication for console and remote authentication for
the VTY lines.

Dell(config)# aaa authentication enable mymethodlist radius tacacs

Dell(config)# line vty 0 9

Dell(config-line-vty)# enable authentication mymethodlist

Server-Side Configuration

•

— When using , Dell Networking sends an initial packet with service type

SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have

an entry for username $enable$.

•

RADIUS

— When using RADIUS authentication, FTOS sends an authentication packet with the

following:

Username: $enab15$

Password: <password-entered-by-user>

Therefore, the RADIUS server must have an entry for this username.

Obscuring Passwords and Keys

By default, the

service password-encryption

command stores encrypted passwords. For greater

security, you can also use the

service obscure-passwords

command to prevent a user from reading

the passwords and keys, including RADIUS, keys, router authentication strings, VRRP
authentication by obscuring this information. Passwords and keys are stored encrypted in the
configuration file and by default are displayed in the encrypted form when the configuration is displayed.
Enabling the

service obscure-passwords

command displays asterisks instead of the encrypted

passwords and keys. This command prevents a user from reading these passwords and keys by obscuring
this information with asterisks.

Password obscuring masks the password and keys for display only but does not change the contents of
the file. The string of asterisks is the same length as the encrypted string for that line of configuration. To
verify that you have successfully obscured passwords and keys, use the

show running-config

command or

show startup-config

command.

If you are using role-based access control (RBAC), only the system administrator and security
administrator roles can enable the

service obscure-password

command.

To enable the obscuring of passwords and keys, use the following command.

• Turn on the obscuring of passwords and keys in the configuration.

CONFIGURATION mode

service obscure-passwords

Example of Obscuring Password and Keys

Dell(config)# service obscure-passwords

718

Security

«
...
716
717
718
719
720
...
»

Summary of Contents for Z9000

Page 1: ...Dell Configuration Guide for the Z9000 System 9 7 0 0 ...

Page 2: ...problem WARNING A WARNING indicates a potential for property damage personal injury or death Copyright 2015 Dell Inc All rights reserved This product is protected by U S and international copyright and intellectual property laws Dell and the Dell logo are trademarks of Dell Inc in the United States and or other jurisdictions All other marks and names mentioned herein may be trademarks of their res...

Page 3: ...face and Running Scripts Using SSH 44 Entering CLI commands Using an SSH Connection 45 Executing Local CLI Scripts Using an SSH Connection 45 Default Configuration 46 Configuring a Host Name 46 Accessing the System Remotely 46 Accessing the System Remotely 46 Configure the Management Port IP Address 46 Configure a Management Route 47 Configuring a Username and Password 47 Configuring the Enable Pa...

Page 4: ...l Buffer 64 Configuration Task List for System Log Management 64 Disabling System Logging 64 Sending System Messages to a Syslog Server 65 Configuring a UNIX System as a Syslog Server 65 Changing System Logging Settings 65 Display the Logging Buffer and the Logging Configuration 66 Configuring a UNIX Logging Facility Level 67 Synchronizing Log Messages 68 Enabling Timestamp on Syslog Messages 68 F...

Page 5: ...meouts 90 Configuring Dynamic VLAN Assignment with Port Authentication 91 Guest and Authentication Fail VLANs 92 Configuring a Guest VLAN 93 Configuring an Authentication Fail VLAN 93 6 Access Control Lists ACLs 95 IP Access Control Lists ACLs 95 CAM Usage 96 Implementing ACLs on Dell Networking OS 97 IP Fragment Handling 98 IP Fragments ACL Examples 98 Layer 4 ACL Rules Examples 99 Configure a St...

Page 6: ... Behavior of Flow Based Monitoring 125 Enabling Flow Based Monitoring 127 7 Access Control List ACL VLAN Groups and Content Addressable Memory CAM 129 Optimizing CAM Utilization During the Attachment of ACLs to VLANs 129 Guidelines for Configuring ACL VLAN groups 130 Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters 131 Configuring ACL VLAN Groups 131 Configuring FP Blocks ...

Page 7: ...dditional Path Add Path Support 177 Advertise IGP Cost as MED for Redistributed Routes 177 Ignore Router ID for Some Best Path Calculations 178 Four Byte AS Numbers 178 AS4 Number Representation 179 AS Number Migration 180 BGP4 Management Information Base MIB 182 Important Points to Remember 182 Configuration Information 183 BGP Configuration 183 Enabling BGP 184 Configuring AS4 Number Representat...

Page 8: ...AS PATH Information 212 Configuring BGP Route Reflectors 212 Aggregating Routes 213 Configuring BGP Confederations 214 Enabling Route Flap Dampening 214 Changing BGP Timers 217 Enabling BGP Neighbor Soft Reconfiguration 217 Route Map Continue 219 Enabling MBGP Configurations 219 BGP Regular Expression Optimization 220 Debugging BGP 220 Storing Last and Bad PDUs 221 Capturing PDUs 222 PDU Counters ...

Page 9: ...g the DHCP Server 255 Using DHCP Clear Commands 255 Configure the System to be a Relay Agent 255 Configure the System to be a DHCP Client 257 DHCP Client on a Management Interface 258 DHCP Client Operation with Other Features 258 Configure the System for User Port Stacking Option 230 259 Configure Secure DHCP 259 Option 82 260 DHCP Snooping 260 Drop DHCP Packets on Snooped VLANs Only 264 Dynamic A...

Page 10: ...rtant FRRP Points 280 Important FRRP Concepts 280 Implementing FRRP 282 FRRP Configuration 282 Creating the FRRP Group 282 Configuring the Control VLAN 283 Configuring and Adding the Member VLANs 284 Setting the FRRP Timers 285 Clearing the FRRP Counters 285 Viewing the FRRP Configuration 286 Viewing the FRRP Information 286 Troubleshooting FRRP 286 Configuration Checks 286 Sample Configuration an...

Page 11: ...ulticast Router 305 Configuring the Switch as Querier 305 Fast Convergence after MSTP Topology Changes 306 Egress Interface Selection EIS for HTTP and IGMP Applications 306 Protocol Separation 307 Enabling and Disabling Management Egress Interface Selection 308 Handling of Management Route Configuration 309 Handling of Switch Initiated Traffic 309 Handling of Switch Destined Traffic 310 Handling o...

Page 12: ... 326 Port Channel Benefits 327 Port Channel Implementation 327 10 100 1000 Mbps Interfaces in Port Channels 328 Configuration Tasks for Port Channel Interfaces 328 Creating a Port Channel 328 Adding a Physical Interface to a Port Channel 329 Reassigning an Interface to a New Port Channel 331 Configuring the Minimum Oper Up Links in a Port Channel 332 332 Assigning an IP Address to a Port Channel 3...

Page 13: ...56 Clearing Interface Counters 356 Enhanced Validation of Interface Ranges 357 19 Internet Protocol Security IPSec 358 Configuring IPSec 359 20 IPv4 Routing 360 IP Addresses 360 Implementation Information 360 Configuration Tasks for IP Addresses 360 Assigning IP Addresses to an Interface 361 Configuring Static Routes 362 Configure Static Routes for the Management Interface 364 IPv4 Path MTU Discov...

Page 14: ...76 UDP Helper with Configured Broadcast Addresses 377 UDP Helper with No Configured Broadcast Addresses 378 Troubleshooting UDP Helper 378 21 IPv6 Routing 379 Protocol Overview 379 Extended Address Space 379 Stateless Autoconfiguration 379 IPv6 Headers 380 IPv6 Header Fields 381 Extension Header Fields 382 Addressing 383 Implementing IPv6 with Dell Networking OS 385 ICMPv6 387 Path MTU Discovery 3...

Page 15: ...ransition Mode 403 Interface Support 403 Adjacencies 403 Graceful Restart 403 Timers 404 Implementation Information 404 Configuration Information 405 Configuration Tasks for IS IS 405 Configuring the Distance of a Route 414 Changing the IS Type 414 Redistributing IPv4 Routes 417 Redistributing IPv6 Routes 418 Configuring Authentication Passwords 418 Setting the Overload Bit 419 Debugging IS IS 420...

Page 16: ...on High Gigabit Ethernet Backplane Ports 444 24 Layer 2 446 Manage the MAC Address Table 446 Clearing the MAC Address Table 446 Setting the Aging Time for Dynamic Entries 446 Configuring a Static MAC Address 447 Displaying the MAC Address Table 447 MAC Learning Limit 447 Setting the MAC Learning Limit 448 mac learning limit Dynamic 448 mac learning limit mac address sticky 449 mac learning limit s...

Page 17: ... by Adjacent LLDP Agents 474 Configuring LLDPDU Intervals 475 Configuring Transmit and Receive Mode 475 Configuring a Time to Live 476 Debugging LLDP 477 Relevant Management Objects 478 26 Microsoft Network Load Balancing 484 NLB Unicast Mode Scenario 484 NLB Multicast Mode Scenario 485 Limitations With Enabling NLB on Switches 485 Benefits and Working of Microsoft Clustering 485 Enable and Disabl...

Page 18: ...le Configurations 509 28 Multiple Spanning Tree Protocol MSTP 513 Protocol Overview 513 Spanning Tree Variations 514 Implementation Information 514 Configure Multiple Spanning Tree Protocol 514 Related Configuration Tasks 514 Enable Multiple Spanning Tree Globally 515 Adding and Removing Interfaces 515 Creating Multiple Spanning Tree Instances 515 Influencing MSTP Root Selection 517 Interoperate w...

Page 19: ...th First OSPFv2 and OSPFv3 550 Protocol Overview 550 Autonomous System AS Areas 550 Area Types 551 Networks and Neighbors 552 Router Types 552 Designated and Backup Designated Routers 554 Link State Advertisements LSAs 554 Router Priority and Cost 556 OSPF with Dell Networking OS 556 Graceful Restart 557 Fast Convergence OSPFv2 IPv4 Only 558 Multi Process OSPFv2 IPv4 only 558 RFC 2328 Compliant OS...

Page 20: ... Policy based Routing 594 PBR Exceptions Permit 597 Sample Configuration 600 Create the Redirect List GOLDAssign Redirect List GOLD to Interface 2 11View Redirect List GOLD 601 33 PIM Sparse Mode PIM SM 605 Implementation Information 605 Protocol Overview 605 Requesting Multicast Traffic 605 Refuse Multicast Traffic 606 Send Multicast Traffic 606 Configuring PIM SM 607 Related Configuration Tasks ...

Page 21: ...RPM 628 ERPM Behavior on a typical Dell Networking OS 630 Decapsulation of ERPM packets at the Destination IP Analyzer 630 36 Private VLANs PVLAN 632 Private VLAN Concepts 632 Using the Private VLAN Commands 633 Configuration Task List 634 Creating PVLAN ports 634 Creating a Primary VLAN 635 Creating a Community VLAN 636 Creating an Isolated VLAN 637 Private VLAN Configuration Example 638 Inspecti...

Page 22: ...d Configured WRED Profiles 672 Displaying WRED Drop Statistics 672 Pre Calculating Available QoS CAM Space 672 Configuring Weights and ECN for WRED 673 Global Service Pools With WRED and ECN Settings 674 Configuring WRED and ECN Attributes 675 Guidelines for Configuring ECN for Classifying and Color Marking Packets 676 Sample configuration to mark non ecn packets as yellow with Multiple traffic cl...

Page 23: ...l Parameters 707 Enabling SNMP Traps for Root Elections and Topology Changes 708 Modifying Interface Parameters 708 Enabling SNMP Traps for Root Elections and Topology Changes 709 Influencing RSTP Root Selection 709 Configuring an EdgePort 709 Configuring Fast Hellos for Link State Detection 710 42 Software Defined Networking SDN 712 43 Security 713 AAA Accounting 713 Configuration Task List for A...

Page 24: ... SA Filter Support 741 Role Based Access Control 741 Overview of RBAC 742 User Roles 744 AAA Authentication and Authorization for Roles 748 Role Accounting 751 Display Information About User Roles 752 44 Service Provider Bridging 754 VLAN Stacking 754 Important Points to Remember 755 Configure VLAN Stacking 756 Creating Access and Trunk Ports 756 Enable VLAN Stacking for a VLAN 757 Configuring the...

Page 25: ...g the Polling Intervals 776 Back Off Mechanism 777 sFlow on LAG ports 777 Enabling Extended sFlow 777 Important Points to Remember 778 46 Simple Network Management Protocol SNMP 780 Protocol Overview 780 Implementation Information 780 SNMPv3 Compliance With FIPS 780 Configuration Task List for SNMP 782 Related Configuration Tasks 782 Important Points to Remember 782 Set up SNMP 782 Creating a Comm...

Page 26: ...ntagged Ports to a VLAN 799 Managing Overload on Startup 800 Enabling and Disabling a Port using SNMP 800 Fetch Dynamic MAC Entries using SNMP 801 Deriving Interface Indices 802 Monitor Port Channels 803 Troubleshooting SNMP Operation 804 47 Storm Control 806 Configure Storm Control 806 Configuring Storm Control from INTERFACE Mode 806 Configuring Storm Control from CONFIGURATION Mode 806 48 Spann...

Page 27: ...st 830 Setting the Time and Date for the Switch Software Clock 830 Setting the Timezone 830 Set Daylight Saving Time 831 Setting Daylight Saving Time Once 831 Setting Recurring Daylight Saving Time 832 50 Tunneling 834 Configuring a Tunnel 834 Configuring Tunnel Keepalive Settings 835 Configuring a Tunnel Interface 836 Configuring Tunnel allow remote Decapsulation 836 Configuring Tunnel source any...

Page 28: ...LT Routing 859 Non VLT ARP Sync 861 RSTP Configuration 861 Preventing Forwarding Loops in a VLT Domain 862 Sample RSTP Configuration 862 Configuring VLT 863 PVST Configuration 874 Sample PVST Configuration 874 eVLT Configuration Example 875 eVLT Configuration Step Examples 876 PIM Sparse Mode Configuration Example 878 Verifying a VLT Configuration 879 Additional VLT Sample Configurations 882 Confi...

Page 29: ... Gateway 901 Enabling the VLT Proxy Gateway 902 LLDP Organizational TLV for Proxy Gateway 903 Sample Configurations for LLDP VLT Proxy Gateway 903 Sample Configurations for Static VLT Proxy Gateway 904 Sample Scenario for VLT Proxy Gateway 904 Configuring an LLDP VLT Proxy Gateway 905 55 Virtual Router Redundancy Protocol VRRP 907 VRRP Overview 907 VRRP Benefits 908 VRRP Implementation 908 VRRP Co...

Page 30: ...figuration 949 Troubleshooting Packet Loss 950 Displaying Drop Counters 950 Displaying Dataplane Statistics 951 Displaying Stack Member Counters 952 Enabling Application Core Dumps 952 Mini Core Dumps 953 Enabling TCP Dumps 953 57 Standards Compliance 955 IEEE Compliance 955 RFC and I D Compliance 956 General Internet Protocols 956 General IPv4 Protocols 957 General IPv6 Protocols 958 Border Gatew...

Page 31: ...tended for system administrators who are responsible for configuring and maintaining networks and assumes knowledge in Layer 2 and Layer 3 networking technologies Conventions This guide uses the following conventions to describe command syntax Keyword Keywords are in Courier a monospaced font and must be entered in the CLI as listed parameter Parameters are in italics and require a number or word ...

Page 32: ...t features may occasionally differ between the platforms Differences are noted in each CLI description and related documentation Accessing the Command Line Access the CLI through a serial console port or a Telnet session When the system successfully boots enter the command line in EXEC mode NOTE You must have a password configured on a virtual terminal line before you can Telnet into the system Th...

Page 33: ...e chassis for the first time INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface An interface can be physical Management interface 1 Gigabit Ethernet or 10 Gigabit Ethernet or synchronous optical network technologies SONET or logical Loopback Null port channel or virtual local area network VLAN LINE submode is the mode in whic...

Page 34: ... the CLI mode Move linearly through the command modes except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level NOTE Sub CONFIGURATION modes all have the letters conf in the prompt with more modifiers to identify the mode and slot port information Table 1 Dell Networking OS Command Modes CLI Command Mode Prompt Access ...

Page 35: ... if po 1 interface INTERFACE modes Tunnel Interface Dell conf if tu 1 interface INTERFACE modes VLAN Interface Dell conf if vl 1 interface INTERFACE modes STANDARD ACCESS LIST Dell config std nacl ip access list standard IP ACCESS LIST Modes EXTENDED ACCESS LIST Dell config ext nacl ip access list extended IP ACCESS LIST Modes IP COMMUNITY LIST Dell config community list ip community list AUXILIAR...

Page 36: ...router_ospf ipv6 router ospf ROUTER RIP Dell conf router_rip router rip SPANNING TREE Dell config span protocol spanning tree 0 TRACE LIST Dell conf trace acl ip trace list CLASS MAP Dell config class map class map CONTROL PLANE Dell conf control cpuqos control plane cpuqos DHCP Dell config dhcp ip dhcp server DHCP POOL Dell config dhcp pool name pool DHCP Mode ECMP Dell conf ecmp group ecmp group...

Page 37: ...ing a system boot Hit any key to stop autoboot UPLINK STATE GROUP Dell conf uplink state group groupID uplink state group The following example shows how to change the command mode from CONFIGURATION mode to PROTOCOL SPANNING TREE Example of Changing Command Modes Dell conf protocol spanning tree 0 Dell config span The do Command You can enter an EXEC mode command from any CONFIGURATION mode CONFI...

Page 38: ...mmand line is added to the running configuration file running config To disable a command and remove it from the running config enter the no command then the original command For example to delete an IP address configured on an interface use the no ip address ip address command NOTE Use the help or command as described in Obtaining Help Example of Viewing Disabled Commands Dell conf interface teng...

Page 39: ...ywords that can follow the specified keyword Dell conf clock summer time Configure summer daylight savings time timezone Configure time zone Dell conf clock Entering and Editing Commands Notes for entering commands The CLI is not case sensitive You can enter partial CLI keywords Enter the minimum number of letters to uniquely identify a command For example you cannot enter cl as a partial keyword ...

Page 40: ...es the cursor forward one word Esc D Deletes all characters from the cursor to the end of the word Command History Dell Networking OS maintains a history of previously entered commands for each mode For example When you are in EXEC mode the UP and DOWN arrow keys display the previously entered EXEC mode commands When you are in CONFIGURATION mode the UP or DOWN arrows keys recall the previously en...

Page 41: ... this command used in combination with the show linecard all command Example of the except Keyword Dell show system brief except 0 Slot Status NxtBoot ReqTyp CurTyp Version Ports 2 not present 3 not present 4 not present 5 not present 6 not present The find keyword displays the output of the show command beginning from the first occurrence of specified text The following example shows this command...

Page 42: ...r VTY and in the case of a VTY connection the IP address of the terminal on which the connection was established For example On the system that telnets into the switch this message appears Warning The following users are currently configuring the system User username on line console0 On the system that is connected over the console this message appears Warning User username on line vty0 10 11 130 ...

Page 43: ...without interruption When the boot process completes the RPM and line card status LEDs remain online green and the console monitor displays the EXEC mode prompt For details about using the command line interface CLI refer to the Accessing the Command Line section in the Configuration Fundamentals chapter Console Access The Z9000 has a primary management Ethernet port and an RJ 45 RS 232 console po...

Page 44: ...a PC The pin assignments between the console and a DTE terminal server are as follows Table 2 Pin Assignments Between the Console and a DTE Terminal Server Console Port RJ 45 to RJ 45 Rollover Cable RJ 45 to RJ 45 Rollover Cable RJ 45 to DB 9 Adapter Terminal Server Device Signal RJ 45 Pinout RJ 45 Pinout DB 9 Pin Signal RTS 1 8 8 CTS NC 2 7 6 DSR TxD 3 6 2 RxD GND 4 5 5 GND GND 5 4 5 GND RxD 6 3 ...

Page 45: ... sessions in SSH Therefore you might expect a failure in executing SSH related scripts To avoid denial of service DoS attacks a rate limit of 10 concurrent sessions per minute in SSH is devised Therefore you might experience a failure in executing SSH related scripts when multiple short SSH commands are executed If you issue an interactive command in the SSH session the behavior may not really be ...

Page 46: ... by Telnet or SSH The platform has a dedicated management port and a management routing table that is separate from the IP routing table You can manage all Dell Networking products in band via the front end data ports through interfaces assigned an IP address as well Accessing the System Remotely Configuring the system for remote access is a three step process as described in the following topics ...

Page 47: ... mask in prefix length format xx gateway the next hop for network traffic originating from the management port Configuring a Username and Password To access the system remotely configure a system username and password To configure a system username and password use the following command Configure a username and password to access the system remotely CONFIGURATION mode username username password en...

Page 48: ...other Dell Networking system Configuration File Management Files can be stored on and accessed from various storage media Rename delete and copy files on the system from EXEC Privilege mode Copy Files to and from the System The command syntax for copying files is similar to UNIX The copy command uses the format copy source file url destination file url NOTE For a detailed description of the copy c...

Page 49: ...an NFS File System This feature enables you to quickly access data on an NFS mounted file system You can perform file operations on an NFS mounted file system using supported file commands This feature allows an NFS mounted device to be recognized as a file system This file system is visible on the device and you can execute all file commands that are available on conventional file systems such as...

Page 50: ...tes for a list of approved USB vendors Example of Copying a File to current File System Dell copy tftp 10 16 127 35 mashutosh dv maa s4810 test nfsmount Destination file name dv maa s4810 test 44250499 bytes successfully copied Dell Dell copy ftp 10 16 127 35 nfsmount Source file name test c User name to login remote host mashutosh Example of Logging in to Copy from NFS Mount Dell copy nfsmount te...

Page 51: ...the internal flash on an RPM EXEC Privilege mode copy running config rpm 0 1 flash filename Save the running configuration to an FTP server EXEC Privilege mode copy running config ftp username password hostip hostname filepath filename Save the running configuration to a TFTP server EXEC Privilege mode copy running config tftp hostip hostname filepath filename Save the running configuration to an ...

Page 52: ...07 19 52 22 boot image 15 rw 27674906 Jul 06 2007 02 23 22 boot flash More View Configuration Files Configuration files have three commented lines at the beginning of the file as shown in the following example to help you track the last time any user made a change to the file which user made the changes and when the file was last saved to the startup configuration In the running configuration file...

Page 53: ...ia type read write privileges for each storage device in use Dell show file systems Size b Free b Feature Type Flags Prefixes 520962048 213778432 dosFs2 0 USERFLASH rw flash 127772672 21936128 dosFs2 0 USERFLASH rw slot0 network rw ftp network rw tftp network rw scp You can change the default file system so that file management commands apply to a particular device or memory To change the default ...

Page 54: ...ing method is available for such features In 9 4 0 0 you can enable or disable the VRF application globally across the system by using this capability You can activate VRF application on a device by using the feature vrf command in CONFIGURATION mode NOTE The no feature vrf command is not supported on any of the platforms To enable the VRF feature and cause all VRF related commands to be available...

Page 55: ...iles to an external server Enter the following source file url keywords and information To copy a file from the internal FLASH enter flash followed by the filename To copy the running configuration enter the keyword running config To copy the startup configuration enter the keyword startup config To copy a file on the external FLASH enter usbflash followed by the filename Using Hashes to Validate ...

Page 56: ... image has been transferred to the system but before the image has been installed use the verify md5 sha256 flash img file hash value command in EXEC mode md5 MD5 message digest algorithm sha256 SHA256 Secure Hash Algorithm flash Optional Specifies the flash drive The default is to use the flash drive You can just enter the image file name hash value Optional Specify the relevant hash published on...

Page 57: ... available For information about how access and authorization is controlled based on a user s role see Role Based Access Control Creating a Custom Privilege Level Custom privilege levels start with the default EXEC mode command set You can then customize privilege levels 2 14 by restricting access to an EXEC mode command moving commands from EXEC Privilege to EXEC mode restricting access A user ca...

Page 58: ... to the command that enters you into the mode For example to allow a user to enter INTERFACE mode use the privilege configure level level interface gigabitethernet command Next individually identify the INTERFACE LINE ROUTE MAP or ROUTER commands to which you want to allow access using the privilege interface line route map router level level command In the command specify the privilege level of t...

Page 59: ...privilege level is 3 Dell capture Capture packet configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC ip Global IP subcommands monitor Monitoring feature mtrace Trace reverse multicast path from destination to source ping Send echo messages quit Exit from the EXEC show Show running system information output omitted Dell...

Page 60: ...d Applying a Privilege Level to a Username To set the user privilege level use the following command Configure a privilege level for a user CONFIGURATION mode username username privilege level Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line use the following command Configure a privilege level for a user CONFIGURATION mode username username privilege leve...

Page 61: ...sing the logging extended command in CONFIGURATION mode Audit Logs The audit log contains configuration events and information The types of information in this log consist of the following User logins to the switch System events for network issues or system issues Users making configuration changes The switch logs who made the configuration changes and the date and time of the change However each ...

Page 62: ...trator user role can view the audit logs Only the RBAC security administrator and system administrator user role can view the security logs If extended logging is disabled you can only view system events regardless of RBAC user role To view security logs use the show logging command Example of the show logging auditlog Command For information about the logging extended command see Enabling Audit a...

Page 63: ...log messages format as described in RFC 3164 The BSD syslog Protocol 1 Displays syslog message format as described in RFC 5424 The SYSLOG Protocol Example of Configuring the Logging Message Format Dell conf logging version 0 1 Select syslog version default 0 Dell conf logging version 1 Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to secur...

Page 64: ...AAA authorization Dell conf logging localhost tcp port Dell conf logging 127 0 0 1 tcp 5140 Log Messages in the Internal Buffer All error messages except those beginning with BOOTUP Message are log in the internal buffer For example BOOTUP RPM0 CP PORTPIPE INIT SUCCESS Portpipe 0 enabled Configuration Task List for System Log Management There are two configuration tasks for system log management D...

Page 65: ...n a 4 1 BSD UNIX system local7 debugging var log ftos log Add line on a 5 7 SunOS UNIX system local7 debugging var adm ftos log In the previous lines local7 is the logging facility level and debugging is the severity level Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location The default is to log all mess...

Page 66: ...se the show logging command in EXEC privilege mode When RBAC is enabled the security logs are filtered based on the user roles Only the security administrator and system administrator can view the security logs Example of the show logging Command Dell show logging syslog logging enabled Console logging level Debugging Monitor logging level Debugging Buffer logging level Debugging 40 Messages Logge...

Page 67: ...for Configure a UNIX Logging Facility Level Configuring a UNIX Logging Facility Level You can save system log messages with a UNIX system logging facility To configure a UNIX logging facility level use the following command Specify one of the following parameters CONFIGURATION mode logging facility facility type auth for authorization messages cron for system scheduler messages daemon for system d...

Page 68: ... Enter LINE mode CONFIGURATION mode line console 0 vty number end number aux 0 Configure the following parameters for the virtual terminal lines number the range is from zero 0 to 8 end number the range is from 1 to 8 You can configure multiple virtual terminals at one time by entering a number and an end number 2 Configure a level and set the maximum number of messages to print LINE mode logging ...

Page 69: ...sing the file transfer protocol FTP One FTP application is copying the system image files over an interface on to the system however FTP is not supported on virtual local area network VLAN interfaces For more information about FTP refer to RFC 959 File Transfer Protocol NOTE To transmit large files Dell Networking recommends configuring the switch as an FTP server Configuration Task List for File ...

Page 70: ...ange directory cd command until you have configured ftp server topdir To view the FTP configuration use the show running config ftp command in EXEC privilege mode Configuring FTP Client Parameters To configure FTP client parameters use the following commands Enter the following keywords and slot port or number information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet the...

Page 71: ...ommand Apply an ACL to a VTY line LINE mode ip access class access list Example of an ACL that Permits Terminal Access To view the configuration use the show config command in LINE mode Dell config std nacl show config ip access list standard myvtyacl seq 5 permit host 10 11 0 1 Dell config std nacl line vty 0 Dell config line vty show config line vty 0 access class myvtyacl Dell Networking OS Beh...

Page 72: ...ethod list from Step 1 to a terminal line CONFIGURATION mode login authentication method list name default 3 If you used the line authentication method in the method list you applied to the terminal line configure a password for the terminal line LINE mode password Example of Terminal Line Authentication In the following example VTY lines 0 2 use a single authentication method line Dell conf aaa a...

Page 73: ...evice allows 120 Telnet sessions per minute allowing the login and logout of 10 Telnet sessions 12 times in a minute If the system reaches this non practical limit the Telnet service is stopped for 10 minutes You can use console and SSH service to access the system during downtime Telnet to the peer RPM You do not need to configure the management port on the peer RPM to be able to telnet to it EXE...

Page 74: ... deny access to others Viewing the Configuration Lock Status If you attempt to enter CONFIGURATION mode when another user has locked it you may view which user has control of CONFIGURATION mode using the show configuration lock command from EXEC Privilege mode You can then send any user a message using the send command from EXEC Privilege mode Alternatively you can clear any line using the clear c...

Page 75: ...ress Esc when prompted to abort the boot process during bootup hit any key NOTE You must enter the CLI commands The system rejects them if they are copied and pasted 4 The Grub menu displays Enter c to get to the Grub boot load command line grub prompt 5 Set the system parameters to ignore the enable password when the system reloads and reboot the environment grub set stconfigignore true grub save...

Page 76: ...rt the boot process You enter grub on the Z9000 as indicated by the grub prompt during bootup hit any key NOTE You must enter the CLI commands The system rejects them if they are copied and pasted 4 The Grub menu displays Enter c to get to the Grub boot load command line grub prompt 5 Set the system parameters to ignore the enable password when the system reloads and save the environment uBoot mod...

Page 77: ...e power cord and reinsert it 2 Press the ESC key when the following message appears Press Esc to stop autoboot during bootup Press ESC key 3 Use the arrow keys to select Force10 Boot from the list then press the C key to enter GRUB CLI mode The command prompt changes to grub GRUB mode 4 Set the Primary Boot Parameter GRUB mode set primary_boot f10boot location 5 Optional Set the Secondary and Defa...

Page 78: ...tack unit 0 nvram Warning Restoring factory defaults will delete the existing persistent settings stacking fanout etc After restoration the unit s will be powercycled immediately Proceed with caution Proceed with factory settings Confirm yes no yes Restore status Unit Nvram Config 0 Success Power cycling the unit s Restoring Factory Default Environment Variables The Boot line determines the locati...

Page 79: ...fter restoring factory default settings you must stop the boot process in BLI In case the system fails to reload the image from the partition perform the following steps 1 Power cycle the chassis pull the power cord and reinsert it 2 Press any key to abort the boot process while the system prompts to 3 Press c to get into the grub mode You immediately enter the grub mode which is indicated by the ...

Page 80: ...grub reboot 80 Management ...

Page 81: ...diary network access device in this case a Dell Networking switch The network access device mediates all communication between the end user device and the authentication server so that the network remains secure The network access device uses EAP over Ethernet EAPOL to communicate with the end user device and EAP over RADIUS to communicate with the server NOTE The Dell Networking Operating System ...

Page 82: ...ll Networking switch is the authenticator The authentication server selects the authentication method verifies the information the supplicant provides and grants it network access privileges Ports can be in one of two states Ports are in an unauthorized state by default In this state non 802 1X traffic cannot be forwarded in or out of the port The authenticator changes the port state to authorized...

Page 83: ...ticator 5 The supplicant can negotiate the authentication method but if it is acceptable the supplicant provides the Requested Challenge information in an EAP response which is translated and forwarded to the authentication server as another Access Request frame 6 If the identity information provided by the supplicant is valid the authentication server sends an Access Accept frame in which network...

Page 84: ...the supplicant MAC address to the authentication server Attribute 41 NAS Port Type NAS port physical port type 15 indicates Ethernet Attribute 61 NAS Port the physical port number by which the authenticator is connected to the supplicant Attribute 81 Tunnel Private Group ID associate a tunneled session with a particular group of users Configuring 802 1X Configuring 802 1X on a port is a one step p...

Page 85: ...s support only RADIUS as the authentication server If the primary RADIUS server becomes unresponsive the authenticator begins using a secondary RADIUS server if configured 802 1X is not supported on port channels or port channel members Enabling 802 1X Enable 802 1X globally Figure 6 802 1X Enabled 1 Enable 802 1X globally CONFIGURATION mode 802 1X 85 ...

Page 86: ...ion no shutdown Dell To view 802 1X configuration information for an interface use the show dot1x interface command In the following example the bold lines show that 802 1X is enabled on all ports unauthorized by default Dell show dot1x interface TenGigabitEthernet 2 1 802 1x information on Te 2 1 Dot1x Status Enable Port Control AUTO Port Auth Status UNAUTHORIZED Re Authentication Disable Untagge...

Page 87: ...e transmits a Request Identity frame INTERFACE mode dot1x max eap req number The range is from 1 to 10 The default is 2 The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for which the authenticator re transmits an EAP Request Identity frame after 90 seconds and re transmits a maximum of 10 times Configuring a Quiet Period after a Fai...

Page 88: ...horizing or Unauthorizing a Port IEEE 802 1X requires that a port can be manually placed into any of three states ForceAuthorized an authorized state A device connected to this port in this state is never subjected to the authentication process but is allowed to communicate on the network Placing the port in this state is same as disabling 802 1X on the port ForceUnauthorized an unauthorized state...

Page 89: ... State Initialize Re Authenticating a Port You can configure the authenticator for periodic re authentication After the supplicant has been authenticated and the port has been authorized you can configure the authenticator to re authenticate the supplicant periodically If you enable re authentication the supplicant is required to re authenticate every 3600 seconds but you can configure this interv...

Page 90: ...State Initialize Configuring Timeouts If the supplicant or the authentication server is unresponsive the authenticator terminates the authentication process after 30 seconds by default You can configure the amount of time the authenticator waits for a response To terminate the authentication process use the following commands Terminate the authentication process due to an unresponsive supplicant I...

Page 91: ...the user should do after finishing this task optional Configuring Dynamic VLAN Assignment with Port Authentication Dell Networking OS supports dynamic VLAN assignment when using 802 1X The basis for VLAN assignment is RADIUS attribute 81 Tunnel Private Group ID Dynamic VLAN assignment uses the standard dot1x procedure 1 The host sends a dot1x packet to the Dell Networking system 2 The system forwa...

Page 92: ...5 Verify that the port has been authorized and placed in the desired VLAN refer to the illustration in Dynamic VLAN Assignment with Port Authentication Guest and Authentication Fail VLANs Typically the authenticator the Dell system denies the supplicant access to the network until the supplicant is authenticated If the supplicant is authenticated the authenticator enables the port and places it in...

Page 93: ...iguring timeouts refer to Configuring Timeouts Configure a port to be placed in the Guest VLAN after failing to respond within the timeout period using the dot1x guest vlan command from INTERFACE mode View your configuration using the show config command from INTERFACE mode or using the show dot1x interface command from EXEC Privilege mode Example of Viewing Guest VLAN Configuration Dell conf if T...

Page 94: ...ig command from INTERFACE mode as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode 802 1x information on Te 2 1 Dot1x Status Enable Port Control FORCE_AUTHORIZED Port Auth Status UNAUTHORIZED Re Authentication Disable Untagged VLAN id None Guest VLAN Disabled Guest VLAN id 200 Auth Fail VLAN Disabled Auth Fail VLAN id 100 Auth Fail...

Page 95: ...dressable Memory CAM IP Access Control Lists ACLs In Dell Networking switch routers you can create two different types of IP ACLs standard or extended A standard ACL filters packets based on the source IP packet An extended ACL filters traffic based on the following criteria IP protocol number Source IP address Destination IP address Source TCP port number Destination TCP port number Source UDP po...

Page 96: ...or the new settings to take effect CAM Optimization When you enable this command if a policy map containing classification rules ACL and or dscp ip precedence rules is applied to more than one physical interface on the same port pipe only a single copy of the policy is written only one FP entry is used When you disable this command the system behaves as described in this chapter Test CAM Usage Thi...

Page 97: ...ord the CP has to log the details about the packets that match Depending on how many packets match the log entry and at what rate the CP might become busy as it has to log these packets details However the other processors RP1 and RP2 are unaffected This option is typically useful when debugging some problem related to control traffic We have used this option numerous times in the field and have n...

Page 98: ...and subsequent packets It extends the existing ACL command syntax with the fragments keyword for all Layer 3 rules applicable to all Layer protocols permit deny ip tcp udp icmp Both standard and extended ACLs support IP fragments Second and subsequent fragments are allowed because a Layer 4 rule cannot be applied to these fragments If the packet is to be denied eventually the first fragment would ...

Page 99: ...O 0 the packet is permitted If a packet s FO 0 the next ACL entry is processed Deny ACL line with L3 information only and the fragments keyword is present If a packet s L3 information does match the L3 information in the ACL line the packet s FO is checked If a packet s FO 0 the packet is denied If a packet s FO 0 the next ACL line is processed Example of Permitting All Packets from a Specified Ho...

Page 100: ...ndard IP ACL uses the source IP address as its match criterion 1 Enter IP ACCESS LIST mode by naming a standard IP access list CONFIGURATION mode ip access list standard access listname 2 Configure a drop or forward filter CONFIG STD NACL mode seq sequence number deny permit source mask any host ip address count byte dscp order fragments NOTE When assigning sequence numbers to filters keep in mind...

Page 101: ... software assigns filters in multiples of five 1 Configure a standard IP ACL and assign it a unique name CONFIGURATION mode ip access list standard access list name 2 Configure a drop or forward IP ACL filter CONFIG STD NACL mode deny permit source mask any host ip address count byte dscp order fragments When you use the log keyword the CP logs details about the packets that match Depending on how...

Page 102: ...ses IP host addresses TCP addresses TCP host addresses UDP addresses and UDP host addresses Because traffic passes through the filter in the order of the filter s sequence you can configure the extended IP ACL by first entering IP ACCESS LIST mode and then assigning a sequence number to the filter Configuring Filters with a Sequence Number To configure filters with a sequence number use the follow...

Page 103: ...nfiguring multiple filters assign sequence numbers in multiples of five or another number The example below shows how the seq command orders the filters according to the sequence number assigned In the example filter 15 was configured before filter 5 but the show config command displays the filters in the correct order Dell config ext nacl seq 15 deny ip host 112 45 0 0 any log Dell config ext nac...

Page 104: ...cp host 123 55 34 0 any Dell config ext nacl permit udp 154 44 123 34 0 0 255 255 host 34 6 0 0 Dell config ext nacl show config ip access list extended nimule seq 5 deny tcp host 123 55 34 0 any seq 10 permit udp 154 44 0 0 0 0 255 255 host 34 6 0 0 Dell config ext nacl To view all configured IP ACLs and the number of packets processed through the ACL use the show ip accounting access list comman...

Page 105: ...al or port channel interface and the traffic is either forwarded or dropped depending on the criteria and actions specified in the ACL The same ACL may be applied to different interfaces and that changes its functionality For example you can take ACL ABCD and apply it using the in keyword and it becomes an ingress access list If you apply the same ACL using the out keyword it becomes an egress acc...

Page 106: ...ng ACL entries 1 Create an ACL that uses rules with the count option Refer to Configure a Standard IP ACL Filter 2 Apply the ACL as an inbound or outbound ACL on an interface 3 show ip accounting access list EXEC Privilege mode View the number of packets matching the ACL Configure Ingress ACLs Ingress ACLs are applied to interfaces and to traffic entering the system These system wide ACLs eliminat...

Page 107: ...accounting access list Extended Ingress IP access list abcd on tengigabitethernet 1 1 1 seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1 1 1 2 Configure Egress ACLs Egress ACLs are applied to line cards and affect the traffic leaving the system Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack malicious and incidental by explicitly all...

Page 108: ...warding blue Dell conf if te 1 2 show config interface TenGigabitEthernet 1 2 ip vrf forwarding blue no ip address shutdown Dell conf if te 1 2 Dell conf if te 1 2 Dell conf if te 1 2 end Dell Applying Egress Layer 3 ACLs Control Plane By default packets originated from the system are not filtered by egress ACLs For example if you initiate a ping session from the system and apply an egress ACL to ...

Page 109: ... 16 the first 16 bits of the address 112 24 0 0 match all addresses between 112 24 0 0 to 112 24 255 255 The following examples show permit or deny filters for specific routes using the le and ge parameters where x x x x x represents a route prefix To deny only 8 prefixes enter deny x x x x x ge 8 le 8 To permit routes with the mask greater than 8 but less than 12 enter permit x x x x x ge 8 To de...

Page 110: ... to forward all routes that do not match the prefix list criteria configure a prefix list filter to permit all routes permit 0 0 0 0 0 le 32 The permit all filter must be the last filter in your prefix list To permit the default route only enter permit 0 0 0 0 0 The following example shows how the seq command orders the filters according to the sequence number assigned In the example filter 20 was...

Page 111: ...s were assigned by the software The filters were assigned sequence numbers based on the order in which they were configured for example the first filter was given the lowest sequence number The show config command in PREFIX LIST mode displays the two filters with the sequence numbers 5 and 10 Dell conf nprefixl permit 123 23 0 0 16 Dell conf nprefixl deny 133 24 56 0 8 Dell conf nprefixl show conf...

Page 112: ...c through a configured prefix list use the prefix list in a route redistribution command Apply the prefix list to all traffic redistributed into the routing process The traffic is either forwarded or dropped depending on the criteria and actions specified in the prefix list To apply a filter to routes in RIP use the following commands Enter RIP mode CONFIGURATION mode router rip Apply a configured...

Page 113: ...and in ROUTER OSPF mode or the show running config ospf command in EXEC mode Dell conf router_ospf show config router ospf 34 network 10 2 1 1 255 255 255 255 area 0 0 0 1 distribute list prefix awe in Dell conf router_ospf ACL Resequencing ACL resequencing allows you to re number the rules and remarks in an access or prefix list The placement of rules within the list is critical because packets a...

Page 114: ...ng these commands IPv4 IPv6 or MAC ACL EXEC mode resequence access list ipv4 ipv6 mac access list name StartingSeqNum Step to Increment IPv4 or IPv6 prefix list EXEC mode resequence prefix list ipv4 ipv6 prefix list name StartingSeqNum Step to Increment Examples of Resequencing ACLs When Remarks and Rules Have the Same Number or have Different Numbers Remarks and rules that originally have the sam...

Page 115: ...ds to permit ip any host 1 1 1 2 seq 10 permit ip any host 1 1 1 2 seq 15 permit ip any host 1 1 1 3 seq 20 permit ip any host 1 1 1 4 Dell end Dell resequence access list ipv4 test 2 2 Dell show running config acl ip access list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1 1 1 1 seq 4 permit ip any host 1 1 1 1 remark 6 this remark has no corresponding rule rem...

Page 116: ...next or a specified route map sequence is processed after a match is found Configuration Task List for Route Maps Configure route maps in ROUTE MAP mode and apply the maps in various commands in ROUTER RIP and ROUTER OSPF modes The following list includes the configuration tasks for route maps as described in the following sections Create a route map mandatory Configure route map filters optional ...

Page 117: ... matching instances of a route map Dell show route map route map zakho permit sequence 10 Match clauses Set clauses route map zakho permit sequence 20 Match clauses interface TenGigabitEthernet 1 1 Set clauses tag 35 level stub area Dell To delete all instances of that route map use the no route map map name command To delete just one instance add the sequence number to the command syntax Dell con...

Page 118: ...f the match Command to Match All Specified Values In the next example there is a match only if a route has both of the specified characteristics In this example there a match only if the route has a tag value of 1000 and a metric value of 2000 Also if there are different instances of the same route map then it s sufficient if a permit match happens in any instance of that route map Dell conf route...

Page 119: ...4094 Match destination routes specified in a prefix list IPv4 CONFIG ROUTE MAP mode match ip address prefix list name Match destination routes specified in a prefix list IPv6 CONFIG ROUTE MAP mode match ipv6 address prefix list name Match next hop routes specified in a prefix list IPv4 CONFIG ROUTE MAP mode match ip next hop access list name prefix list prefix list name Match next hop routes speci...

Page 120: ...ds Add an AS PATH number to the beginning of the AS PATH CONFIG ROUTE MAP mode set as path prepend as number as number Generate a tag to be added to redistributed routes CONFIG ROUTE MAP mode set automatic tag Specify an OSPF area or ISIS level for redistributed routes CONFIG ROUTE MAP mode set level backbone level 1 level 1 2 level 2 stub area Specify a value for the BGP route s LOCAL_PREF attrib...

Page 121: ...attributes that can be changed include the metric type for example external and internal route types in OSPF and route tag Use the redistribute command in OSPF RIP ISIS and BGP to set some of these attributes for routes that are redistributed into those protocols Route maps add to that redistribution capability by allowing you to match specific routes and set or change more attributes when redistr...

Page 122: ...d The following example shows a continue clause at the end of a route map module In this example if a match is found in the route map test module 10 module 30 is processed NOTE If you configure the continue clause without specifying a module the next sequential module is processed Example of Using the continue Clause in a Route Map route map test permit 10 match commu comm list1 set community 1 1 ...

Page 123: ...ld has exceeded it is reenabled for this new interval The ACL application sends the ACL logging configuration information and other details such as the action sequence number and the ACL parameters that pertain to that ACL entry The ACL service collects the ACL log and records the following attributes per log message For non IP packets the ACL name sequence number ACL action permit or deny source ...

Page 124: ...it 125 match indices for permit action and 126 match indices for the deny action You can configure ACL logging only on ACLs that are applied to ingress interfaces you cannot enable logging for ACLs on egress interfaces The total available match rule indices is 255 with four match indices used by other modules leaving 251 indices available for ACL logging Configuring ACL Logging This functionality ...

Page 125: ...r a stack unit undergoes a failure the ACL agent registers with the port mirroring application The port mirroring utility downloads the monitoring configuration to the ACL agent The interface manager notifies the port mirroring application about the removal of an interface when an ACL entry associated with that interface to is deleted Behavior of Flow Based Monitoring Activate flow based monitorin...

Page 126: ... enabled for flow based monitoring It downloads monitoring configuration to the ACL agent whenever the ACL agent is registered with the port mirroring application or when flow based monitoring is enabled The show monitor session session id command has been enhanced to display the Type field in the output which indicates whether a particular session is enabled for flow monitoring Example Output of ...

Page 127: ...e mode Dell conf monitor session 0 Dell conf mon sess 0 flow based enable Dell conf ip access list ext testflow Dell config ext nacl seq 5 permit icmp any any count bytes monitor Dell config ext nacl seq 10 permit ip 102 1 1 0 24 any count bytes monitor Dell config ext nacl seq 15 deny udp any any count bytes Dell config ext nacl seq 20 deny tcp any any count bytes Dell config ext nacl exit Dell c...

Page 128: ... 0 Te 1 1 Te 1 2 rx Flow N A N A 128 Access Control Lists ACLs ...

Page 129: ...n CAM To avoid excessive consumption of the CAM space configure ACL VLAN groups which combine all the VLANs that are applied with the same ACL into a single group A class identifier Class ID is assigned for each of the ACLs attached to the VLAN and this Class ID is used as an identifier or locator in the CAM space instead of the VLAN ID This method of processing reduces the number of entries in th...

Page 130: ...escription of the ACL group is added or removed Guidelines for Configuring ACL VLAN groups ACL VLAN groups are supported on the Z9000 platform Keep the following points in mind when you configure ACL VLAN groups The interfaces to which the ACL VLAN group is applied function as restricted interfaces The ACL VLAN group name is used to identify the group of VLANs that is used to perform hierarchical ...

Page 131: ...installed in the FP thereby effectively saving CAM space The optimization is enabled only if you specify the optimized option with the ip access group command This option is not valid for VLAN and LAG interfaces Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters This section describes how to optimize the utilization of CAM blocks by configuring ACL VLAN groups that you can a...

Page 132: ...he number of FP blocks for the various VLAN processes on the system You can use the no version of this command to reset the number of FP blocks to default By default 0 groups are allocated for the ACL in VCAP ACL VLAN groups or CAM optimization is not enabled by default and you need to allocate the slices for CAM optimization 1 Allocate the number of FP blocks for VLAN Open Flow operations CONFIGU...

Page 133: ...r switch The following sample output shows the consumption of CAM blocks for Layer 2 and Layer 3 ACLs in addition to other processes that use CAM space Dell show cam usage Linecard Portpipe CAM Partition Total CAM Used CAM Available CAM 1 0 IN L2 ACL 1008 320 688 IN L2 FIB 32768 1132 31636 IN L3 ACL 12288 2 12286 IN L3 FIB 262141 14 262127 IN L3 SysFlow 2878 45 2833 IN L3 TrcList 1024 0 1024 IN L3...

Page 134: ...9 IN L3 FIB 196607 1 196606 IN L3 SysFlow 2878 0 2878 IN L3 TrcList 1024 0 1024 IN L3 McastFib 9215 0 9215 IN L3 Qos 8192 0 8192 IN L3 PBR 1024 0 1024 OUT L3 ACL 16384 0 16384 11 1 IN L3 ACL 8192 3 8189 IN L3 FIB 196607 1 196606 IN L3 SysFlow 2878 0 2878 IN L3 TrcList 1024 0 1024 IN L3 McastFib 9215 0 9215 IN L3 Qos 8192 0 8192 IN L3 PBR 1024 0 1024 OUT L3 ACL 16384 0 16384 Allocating FP Blocks fo...

Page 135: ...version of these commands By default zero groups are allocated for the ACL in VCAP ACL VLAN groups or CAM optimization is not enabled by default and you need to allocate the slices for CAM optimization To display the number of FP blocks that is allocated for the different VLAN services you can use the show cam acl vlan command After CAM configuration for ACL VLAN groups is performed reboot the sys...

Page 136: ...e on the line card which frees resources on the route processor module RPM Only session state changes are reported to the BFD Manager on the RPM which in turn notifies the routing protocols that are registered with it BFD is an independent and generic protocol which all media topologies and routing protocols can support using any encapsulation Dell Networking has implemented BFD at Layer 3 and wit...

Page 137: ...the complete encapsulation of a BFD control packet inside an IPv4 packet Figure 8 BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed State The current local session state Refer to BFD Sessions Flag A bit that indicates packet function If the poll bit is set the receiving system must respond as soon as possible without regard to its transmit interval...

Page 138: ...ired Min Echo RX The minimum rate at which the local system would like to receive echo packets NOTE Dell Networking OS does not currently support the echo function Authentication Type Authentication Length Authentication Data An optional method for authenticating control packets NOTE Dell Networking OS does not currently support the BFD authentication function Two important parameters are calculat...

Page 139: ...ystems are exchanging control packets The session is declared down if A control packet is not received within the detection time Sufficient echo packets are lost Demand mode is active and a control packet is not received in response to a poll packet BFD Three Way Handshake A three way handshake must take place between the systems that participate in the BFD session The handshake shown in the follo...

Page 140: ...res a response anytime there is a state change or change in a session parameter the passive system sends a final response indicating the state change After this periodic control packets are exchanged Figure 9 BFD Three Way Handshake State Changes Session State Changes The following illustration shows how the session state on a system changes based on the status notification it receives from the re...

Page 141: ...ho function are not supported BFD is not supported on multi hop and virtual links Protocol Liveness is supported for routing protocols only Dell Networking OS supports only OSPF OSPFv3 IS IS BGP and VRRP protocols as BFD clients Configure BFD This section contains the following procedures Configuring BFD for Physical Ports Configure BFD for Static Routes Configure BFD for OSPF Configure BFD for OS...

Page 142: ...ysical port is a two step process 1 Enable BFD globally 2 Establish a session with a next hop neighbor Related Configuration Tasks Viewing Physical Port Session Parameters Disabling and Re Enabling BFD Enabling BFD Globally You must enable BFD globally on both routers For more information about enabling BFD globally refer to Establishing a Session on Physical Ports To enable the BFD globally use t...

Page 143: ...sion INTERFACE mode bfd neighbor ip address Examples of the show bfd neighbors command To verify that the session is established use the show bfd neighbors command The bold line shows the BFD session R1 conf if te 4 24 do show bfd neighbors Active session role Ad Dn Admin Down C CLI I ISIS O OSPF R Static Route RTM LocalAddr RemoteAddr Interface State Rx int Tx int Mult Clients 2 2 2 1 2 2 2 2 Te ...

Page 144: ...r neighbor 2 2 2 2 on interface Te 4 24 diag 0 Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role active Dell Networking recommends maintaining the default values To view session parameters use the show bfd neighbors detail command Example of Viewing Session Parameters R1 conf if te 4 24 bfd interval 100 min_rx 100 multiplier 4 role passi...

Page 145: ... session state to Ad Dn for neighbor 2 2 2 2 on interface Te 4 24 diag 0 If the remote system state changes due to the local state administration being down this message displays R2 01 32 53 RPM0 P RP2 BFDMGR 1 BFD_STATE_CHANGE Changed session state to Down for neighbor 2 2 2 1 on interface Te 2 1 diag 7 Configure BFD for Static Routes BFD offers systems a link state detection mechanism for static...

Page 146: ...ve session role Ad Dn Admin Down C CLI I ISIS O OSPF R Static Route RTM LocalAddr RemoteAddr Interface State Rx int Tx int Mult Clients 2 2 2 1 2 2 2 2 Gi 4 24 Up 100 100 4 R To view detailed session information use the show bfd neighbors detail command as shown in the examples in Displaying BFD for BGP Information Changing Static Route Session Parameters BFD sessions are configured with default i...

Page 147: ...isable BFD for static routes use the following command Disable BFD for static routes CONFIGURATION mode no ip route bfd Configure BFD for OSPF When using BFD with OSPF the OSPF protocol registers with the BFD manager on the RPM BFD sessions are established with all neighboring interfaces participating in OSPF If a neighboring interface fails the BFD agent on the line card notifies the BFD manager ...

Page 148: ...established when the OSPF adjacency is in the Full state Figure 13 Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface use the following commands Establish sessions with all OSPF neighbors ROUTER OSPF mode bfd all neighbors Establish sessions with OSPF neighbors on a single interface 148 Bidirectional Forwarding Detection ...

Page 149: ... you change a parameter at the interface level the change affects all OSPF sessions on that interface To change parameters for all OSPF sessions or for OSPF sessions on a single interface use the following commands Change parameters for OSPF sessions ROUTER OSPF mode bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive Change parameters for all OSPF sess...

Page 150: ...h all OSPFv3 neighbors ROUTER OSPFv3 mode bfd all neighbors Establish sessions with OSPFv3 neighbors on a single interface INTERFACE mode ipv6 ospf bfd all neighbors To view the established sessions use the show bfd neighbors command Changing OSPFv3 Session Parameters Configure BFD sessions with default intervals and a default role The parameters that you can configure are desired tx interval requ...

Page 151: ...before the session is terminated To disable BFD sessions use the following commands Disable BFD sessions with all OSPFv3 neighbors ROUTER OSPFv3 mode no bfd all neighbors Disable BFD sessions with OSPFv3 neighbors on a single interface INTERFACE mode ipv6 ospf bfd all neighbors disable Configure BFD for IS IS When using BFD with IS IS the IS IS protocol registers with the BFD manager on the RPM BF...

Page 152: ...lish BFD with all IS IS neighbors or with IS IS neighbors on a single interface use the following commands Establish sessions with all IS IS neighbors ROUTER ISIS mode bfd all neighbors Establish sessions with IS IS neighbors on a single interface INTERFACE mode isis bfd all neighbors Example of Verifying Sessions with IS IS Neighbors To view the established sessions use the show bfd neighbors com...

Page 153: ...ion parameters use the show bfd neighbors detail command as shown in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors Command in Displaying BFD for BGP Information Change parameters for all IS IS sessions ROUTER ISIS mode bfd all neighbors interval milliseconds min_rx milliseconds multiplier value role active passive Change parameters for IS IS sessions on a single interface ...

Page 154: ...as described in Border Gateway Protocol IPv4 BGPv4 2 Enable fast fall over for BGP neighbors to reduce convergence time the neighbor fall over command as described in BGP Fast Fall Over Establishing Sessions with BGP Neighbors Before configuring BFD for BGP you must first configure BGP on the routers that you want to interconnect For more information refer to Border Gateway Protocol IPv4 BGPv4 For...

Page 155: ...ckets drops due to queue congestion BFD notifies BGP of any failure conditions that it detects on the link Recovery actions are initiated by BGP BFD for BGP is supported only on directly connected BGP neighbors and only in BGP IPv4 networks Up to 128 simultaneous BFD sessions are supported As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for fai...

Page 156: ...peer group using the neighbor bfd command the default BFD session parameters are used interval 100 milliseconds min_rx 100 milliseconds multiplier 3 packets and role active When you explicitly enable or disable a BGP neighbor for a BFD session with the neighbor bfd or neighbor bfd disable commands the neighbor does not inherit the BFD enable disable values configured with the bfd all neighbors com...

Page 157: ...neighbor inherits only the global timer values that are configured with the bfd all neighbors command interval min_rx and multiplier If you explicitly enable or disable a peer group for BFD that has no BFD parameters configured for example advertisement interval using the neighbor peer group name bfd command the peer group inherits any BFD settings configured with the bfd all neighbors command Dis...

Page 158: ... 3 2 Te 6 3 Up 100 100 3 B The following example shows viewing BFD neighbors with full detail The bold lines show the BFD session parameters TX packet transmission RX packet reception and multiplier maximum number of missed packets R2 show bfd neighbors detail Session Discriminator 9 Neighbor Discriminator 10 Local Addr 1 1 1 3 Local MAC Addr 00 01 e8 66 da 33 Remote Addr 1 1 1 2 Remote MAC Addr 0...

Page 159: ...P Uptime 00 02 22 Statistics Number of packets received from neighbor 1428 Number of packets sent to neighbor 1428 Number of state changes 1 Number of messages from IFA about port state change 0 Number of messages communicated b w Manager and Agent 4 The following example shows viewing configured BFD counters R2 show bfd counters bgp Interface TenGigabitEthernet 6 1 Protocol BGP Messages Registrat...

Page 160: ...ays when you enable a BGP neighbor in a peer group for which you enabled a BFD session using the neighbor peer group name bfd command R2 show ip bgp neighbors 2 2 2 2 BGP neighbor is 2 2 2 2 remote AS 1 external link BGP version 4 remote router ID 12 0 0 4 BGP state ESTABLISHED in this state for 00 05 33 Last read 00 00 30 last write 00 00 30 Hold time is 180 keepalive interval is 60 seconds Recei...

Page 161: ...using BGP peer group mode BFD configuration Peer active in peer group outbound optimization Configure BFD for VRRP When using BFD with VRRP the VRRP protocol registers with the BFD manager on the route processor module RPM BFD sessions are established with all neighboring interfaces participating in VRRP If a neighboring interface fails the BFD agent on the line card notifies the BFD manager which...

Page 162: ...aster router does not care about the state of the backup router so it does not participate in any VRRP BFD sessions VRRP BFD sessions on the backup router cannot change to the UP state Configure the master router to establish an individual VRRP session the backup router To establish a session with a particular VRRP neighbor use the following command Establish a session with a particular VRRP neigh...

Page 163: ... Authentication none BFD Neighbors RemoteAddr State 2 2 5 2 Up Dell conf if te 4 25 1 do show vrrp TenGigabitEthernet 4 1 1 VRID 1 Net 2 2 5 1 State Backup Priority 1 Master 2 2 5 2 Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 95 Bad pkts rcvd 0 Adv sent 933 Gratuitous ARP sent 3 Virtual MAC address 00 00 5e 00 01 01 Virtual IP address 2 2 5 4 Authentication none BFD Neighbors RemoteAddr Sta...

Page 164: ...P session on an interface use the following commands Disable all VRRP sessions on an interface INTERFACE mode no vrrp bfd all neighbors Disable all VRRP sessions in a VRRP group VRRP mode bfd disable Disable a particular VRRP session on an interface INTERFACE mode no vrrp bfd neighbor ip address Configuring Protocol Liveness Protocol liveness is a feature that notifies the BFD manager when a clien...

Page 165: ...anged session state to Up for neighbor 2 2 2 2 on interface Te 4 24 diag 0 The following example shows hexadecimal output from the debug bfd packet command RX packet dump 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00 34 13 Sent packet for session with neighbor 2 2 2 2 on Te 4 24 TX packet dump 20 c0 03 18 00 00 00 04 00 00 00 05 00 01 86 a0 00 01 86 a0 00 00 00 00 00 3...

Page 166: ...u can group autonomous systems into three categories multihomed stub and transit defined by their connections and operation multihomed AS is one that maintains connections to more than one other AS This group allows the AS to remain connected to the Internet in the event of a complete failure of one of their connections However this type of AS does not allow traffic from one AS to pass through on ...

Page 167: ... based on path network policies and or rulesets Unlike most protocols BGP uses TCP as its transport protocol Since each BGP router talking to another router is a session a BGP network needs to be in full mesh This is a topology that has every router directly connected to every other router Each BGP router within an AS must have iBGP sessions with all other BGP routers in the AS For example a BGP n...

Page 168: ...tain increases exponentially Network management quickly becomes impossible Sessions and Peers When two routers communicate using the BGP protocol a BGP session is started The two end points of that session are Peers A Peer is also called a Neighbor 168 Border Gateway Protocol IPv4 BGPv4 ...

Page 169: ...en peers the neighbor relation is established and is in the OpenConfirm state This is when the router receives and checks for agreement on the parameters of open messages to establish a session Established Keepalive messages are exchanged next and after successful receipt the router is placed in the Established state Keepalive messages continue to be sent at regular periods established by the Keep...

Page 170: ...hrough eBGP Router B advertises it to all its iBGP peers Routers C and D 2 Router C receives the advertisement but does not advertise it to any peer because its only other peer is Router D an iBGP peer and Router D has already learned it through iBGP from Router B 3 Router D does not advertise the route to Router C because Router C is a nonclient peer and the route advertisement came from Router B...

Page 171: ...a number of best paths is determined this selection criteria is applied to group s best to determine the ultimate best path In non deterministic mode the bgp non deterministic med command is applied paths are compared in the order in which they arrive This method can lead to Dell Networking OS choosing different best paths from a set of paths depending on the order in which they were received from...

Page 172: ...ria apply a An AS_SET has a path length of 1 no matter how many ASs are in the set b A path with no AS_PATH configured has a path length of 0 c AS_CONFED_SET is not included in the AS_PATH length d AS_CONFED_SEQUENCE has a path length of 1 no matter how many ASs are in the AS_CONFED_SEQUENCE 5 Prefer the path with the lowest ORIGIN type IGP is lower than EGP and EGP is lower than INCOMPLETE 6 Pref...

Page 173: ...bor address is used in the BGP neighbor configuration and corresponds to the remote peer used in the TCP connection with the local router After a number of best paths is determined this selection criteria is applied to group s best to determine the ultimate best path In non deterministic mode the bgp non deterministic med command is applied paths are compared in the order in which they arrive This...

Page 174: ...de the preferred path For this example assume the MED is the only attribute applied In the following illustration AS100 and AS200 connect in two places Each connection is a BGP session AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50 This sets up a path preference through the OC3 link The MEDs are advertised to AS100 routers so they know which is the preferr...

Page 175: ...unknown source Generally an IGP indicator means that the route was derived inside the originating AS EGP generally means that a route was learned from an external gateway protocol An INCOMPLETE origin code generally results from aggregation redistribution or other indirect ways of installing routes into BGP In Dell Networking OS these origin codes appear as shown in the following example The quest...

Page 176: ...18508 701 3561 9116 21350 i Next Hop The next hop is the IP address used to reach the advertising router For EBGP neighbors the next hop address is the IP address of the connection between the neighbors For IBGP the EBGP next hop address is carried into the local AS A next hop attribute is set when a BGP speaker advertises itself to another BGP speaker outside its local AS and when advertising rou...

Page 177: ...r a given address prefix If the best path becomes unavailable the BGP speaker withdraws its path from its local RIB and recalculates a new best path This situation requires both IGP and BGP convergence and can be a lengthy process BGP add path also helps switchover to the next new best path when the current best path is unavailable Advertise IGP Cost as MED for Redistributed Routes When using mult...

Page 178: ...s for faster convergence Four Byte AS Numbers Dell Networking OS supports 4 Byte 32 bit format when configuring autonomous system numbers ASNs The 4 Byte support is advertised as a new BGP capability 4 BYTE AS in the OPEN message If a 4 Byte BGP speaker has sent and received this capability from another speaker all the messages will be 4 octet The behavior of a 4 Byte BGP speaker is different with...

Page 179: ...ed in the CLI and when displayed in the show commands outputs AS Numbers larger than 65535 is represented using ASDOT notation as higher 2 bytes in decimal lower 2 bytes in decimal For example AS 65546 is represented as 1 10 ASDOT representation combines the ASPLAIN and ASDOT representations AS numbers less than 65536 appear in integer format asplain AS numbers equal to or greater than 65536 appea...

Page 180: ...er_bgp do show ip bgp BGP table version is 28093 local router ID is 172 30 1 57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress When migrating one AS to another perhaps combining ASs an eBGP network may lose its routing to an iBGP if the ASN ...

Page 181: ...If an inbound route map is used to prepend the as path to the update from the peer the Local AS is added first For example consider the topology described in the previous illustration If Router B has an inbound route map applied on Router C to prepend 65001 65002 to the as path the following events take place on Router B 1 Receive and validate the update 2 Prepend local as 200 to as path 3 Prepend...

Page 182: ...enied prefixes are not accounted for F10BgpM2AdjRibsOutRoute stores the pointer to the NLRI in the peer s Adj Rib Out PA Index f10BgpM2PathAttrIndex field in various tables is used to retrieve specific attributes from the PA table The Next Hop RR Cluster list and Originator ID attributes are not stored in the PA Table and cannot be retrieved using the index passed in command These fields are not p...

Page 183: ...Entry table contains 4 byte ASN related parameters based on the configuration If a received update route matches with a local prefix then that route is discarded This behavior results from an incorrect BGP configuration To overcome this issue you can trigger a route refresh after you properly configure BGP Traps notifications specified in the BGP4 MIB draft draft ietf idr bgp4 mibv2 05 txt are not...

Page 184: ... system AS and assigns the AS number ASN To establish BGP sessions and route traffic configure at least one BGP neighbor or peer In BGP routers with an established TCP connection are called neighbors or peers After a connection is established the neighbors exchange full BGP routing tables with incremental updates afterward In addition neighbors exchange KEEPALIVE messages to maintain the connectio...

Page 185: ...he default 2 Byte format by using the no bgp four octet as support command You cannot disable 4 Byte support if you currently have a 4 Byte ASN configured Disabling 4 Byte AS numbers also disables ASDOT and ASDOT number representation All AS numbers are displayed in ASPLAIN format b Enable IPv4 multicast or IPv6 mode CONFIG ROUTER BGP mode address family ipv4 ipv6 vrf Use this command to enter BGP...

Page 186: ...3 0 0 0 0 0 never Active 10 10 32 3 65123 0 0 0 0 0 never Active 100 10 92 9 65192 0 0 0 0 0 never Active 192 168 10 1 65123 0 0 0 0 0 never Active 192 168 12 2 65123 0 0 0 0 0 never Active R2 The following example shows the show ip bgp summary command output 4 byte AS number displays R2 show ip bgp summary BGP router identifier 192 168 10 2 local AS number 48735 59224 BGP table version is 1 main ...

Page 187: ...on 4 remote router ID 10 20 20 20 BGP state ESTABLISHED in this state for 00 01 58 Last read 00 00 14 hold time is 90 keepalive interval is 30 seconds Received 18552 messages 0 notifications 0 in queue Sent 11568 messages 0 notifications 0 in queue Received 18549 updates Sent 11562 updates Minimum time between advertisement runs is 30 seconds For address family IPv4 Unicast BGP table version 21661...

Page 188: ...ed for all previous Dell Networking OS versions It remains the default method with Dell Networking OS With the ASPLAIN notation a 32 bit binary AS number is translated into a decimal value ASDOT representation splits the full binary 4 byte AS number into two words of 16 bits separated by a decimal point high order 16 bit value low order 16 bit value ASDOT representation combines the ASPLAIN and AS...

Page 189: ...ng example shows the bgp asnotation asdot command output Dell conf router_bgp bgp asnotation asdot Dell conf router_bgp sho conf router bgp 100 bgp asnotation asdot bgp four octet as support neighbor 172 30 1 250 remote as 18508 neighbor 172 30 1 250 local as 65057 neighbor 172 30 1 250 route map rmap1 in neighbor 172 30 1 250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 17...

Page 190: ...eer group name peer group 2 Enable the peer group CONFIG ROUTERBGP mode neighbor peer group name no shutdown By default all peer groups are disabled 3 Create a BGP neighbor CONFIG ROUTERBGP mode neighbor ip address remote as as number 4 Enable the neighbor CONFIG ROUTERBGP mode neighbor ip address no shutdown 5 Add an enabled neighbor to the peer group CONFIG ROUTERBGP mode neighbor ip address pee...

Page 191: ...re a new set of BGP policies for a peer group always reset the peer group by entering the clear ip bgp peer group peer group name command in EXEC Privilege mode To view the configuration use the show config command in CONFIGURATION ROUTER BGP mode When you create a peer group it is disabled shutdown The following example shows the creation of a peer group zanzibar in bold Dell conf router_bgp neig...

Page 192: ...ns is 5 seconds For address family IPv4 Unicast BGP neighbor is zanzibar peer group internal Number of peers in this group 26 Peer group members outbound optimized 10 68 160 1 10 68 161 1 10 68 162 1 10 68 163 1 10 68 164 1 10 68 165 1 10 68 166 1 10 68 167 1 10 68 168 1 10 68 169 1 10 68 170 1 10 68 171 1 10 68 172 1 10 68 173 1 10 68 174 1 10 68 175 1 10 68 176 1 10 68 177 1 10 68 178 1 10 68 17...

Page 193: ...d Dell sh ip bgp neighbors BGP neighbor is 100 100 100 100 remote AS 65517 internal link Member of peer group test for session parameters BGP version 4 remote router ID 30 30 30 5 BGP state ESTABLISHED in this state for 00 19 15 Last read 00 00 15 last write 00 00 06 Hold time is 180 keepalive interval is 60 seconds Received 52 messages 0 notifications 0 in queue Sent 45 messages 5 notifications 0...

Page 194: ...nable a peer group the software sends an OPEN message to initiate a TCP connection If you enable passive peering for the peer group the software does not send an OPEN message but it responds to an OPEN message When a BGP neighbor connection with authentication configured is rejected by a passive peer group Dell Networking OS does not allow another passive peer group on the same subnet to connect w...

Page 195: ...r migration be sure to reconfigure your routers with the new information and disable this feature Allow external routes from this neighbor CONFIG ROUTERBGP mode neighbor IP address peer group name local as as number no prepend Peer Group Name 16 characters AS number 0 to 65535 2 Byte or 1 to 4294967295 4 Byte or 0 1 to 65535 65535 Dotted format No Prepend specifies that local AS values are not pre...

Page 196: ... if that ASN matches its own The AS PATH loop is detected if the local ASN is present more than the specified number of times in the command Allow this neighbor ID to use the AS path the specified number of times CONFIG ROUTER BGP mode neighbor IP address peer group name allowas in number Peer Group Name 16 characters Number 1 through 10 Format IP Address A B C D You must Configure Peer Groups bef...

Page 197: ...Deletes all routes from the peer if forwarding state information is not saved Speeds convergence by advertising a special update packet known as an end of RIB marker This marker indicates the peer has been updated with all routes in the local RIB If you configure your system to do so Dell Networking OS can perform the following actions during a hot failover Save all forwarding information base FIB...

Page 198: ... to the Dell Networking OS Command Line Interface Reference Guide Add graceful restart to a BGP neighbor or peer group CONFIG ROUTER BGP mode neighbor ip address peer group name graceful restart Set the maximum restart time for the neighbor or peer group CONFIG ROUTER BGP mode neighbor ip address peer group name graceful restart restart time time in seconds The default is 120 seconds Local router ...

Page 199: ...ltiple times if multiple filters are desired For accepted expressions refer to Regular Expressions as Filters 3 Return to CONFIGURATION mode AS PATH ACL mode exit 4 Enter ROUTER BGP mode CONFIGURATION mode router bgp as number 5 Use a configured AS PATH ACL for route filtering and manipulation CONFIG ROUTER BGP mode neighbor ip address peer group name filter list as path name in out If you assign ...

Page 200: ...except the ones specified within the brackets dollar Matches the end of the input string period Matches any single character including white space asterisk Matches 0 or more sequences of the immediately previous character or pattern plus Matches 1 or more sequences of the immediately previous character or pattern question Matches 0 or 1 sequence of the immediately previous character or pattern par...

Page 201: ...r AAA filter list Eagle in Dell conf router_bgp show conf router bgp 99 neighbor AAA peer group neighbor AAA filter list Eaglein neighbor AAA no shutdown neighbor 10 155 15 2 remote as 32 neighbor 10 155 15 2 filter list 1 in neighbor 10 155 15 2 shutdown Dell conf router_bgp ex Dell conf ex Dell show ip as path access lists ip as path access list Eagle deny 32 Dell Redistributing Routes In additi...

Page 202: ...tor To allow multiple paths sent to peers use the following commands 1 Allow the advertisement of multiple paths for the same address prefix without the new paths replacing any previous ones CONFIG ROUTER BGP mode bgp add path both received send path count count The range is from 2 to 64 2 Allow the specified neighbor peer group to send receive multiple path advertisements CONFIG ROUTER BGP mode n...

Page 203: ... permitting specific community numbers or types of community CONFIG COMMUNITYLIST mode deny permit community number local AS no advertise no export quote regexp regular expression list regexp regular expression community number use AA NN format where AA is the AS number 2 Bytes or 4 Bytes and NN is a value specific to that autonomous system local AS routes with the COMMUNITY attribute of NO_EXPORT...

Page 204: ...mmunities against regular expression is also supported Match against a regular expression using the following keyword regexp regular expression Example of the show ip extcommunity lists Command To set or modify an extended community attribute use the set extcommunity rt soo ASN NN IPADDR NN command To view the configuration use the show config command in CONFIGURATION COMMUNITY LIST or CONFIGURATI...

Page 205: ...or outgoing routes CONFIG ROUTER BGP mode neighbor ip address peer group name route map map name in out To view the BGP configuration use the show config command in CONFIGURATION ROUTER BGP mode To view a route map configuration use the show route map command in EXEC Privilege mode To view which BGP routes meet an IP community or IP extended community list s criteria use the show ip bgp community ...

Page 206: ...utonomous system local AS routes with the COMMUNITY attribute of NO_EXPORT_SUBCONFED and are not sent to EBGP peers no advertise routes with the COMMUNITY attribute of NO_ADVERTISE and are not advertised no export routes with the COMMUNITY attribute of NO_EXPORT none remove the COMMUNITY attribute additive add the communities to already existing communities 3 Return to CONFIGURATION mode CONFIG RO...

Page 207: ...6 14 0 0 15 205 171 0 16 100 0 209 7170 1455 i i 6 133 0 0 21 205 171 0 16 100 0 209 7170 1455 i i 6 151 0 0 16 205 171 0 16 100 0 209 7170 1455 i More Changing MED Attributes By default Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS To change how the MED attribute is used enter any or all of the following commands Enable MED comparison in t...

Page 208: ...g or outgoing routes CONFIG ROUTER BGP mode neighbor ip address peer group name route map map name in out To view the BGP configuration use the show config command in CONFIGURATION ROUTER BGP mode To view a route map configuration use the show route map command in EXEC Privilege mode Changing the NEXT_HOP Attribute You can change how the NEXT_HOP attribute is used To change how the NEXT_HOP attrib...

Page 209: ...ly in a route reflector To allow more than one path use the following command The show ip bgp network command includes multipath information for that network Enable multiple parallel paths CONFIG ROUTER BGP mode maximum paths ebgp ibgp number Filtering BGP Routes Filtering routes allows you to implement BGP policies You can use either IP prefix lists route maps AS PATH ACLs or IP community lists u...

Page 210: ...iple prefix list filters with a deny or permit action CONFIG PREFIX LIST mode seq sequence number deny permit any ip prefix ge le ge minimum prefix length to be matched le maximum prefix length to me matched For information about configuring prefix lists refer to Access Control Lists ACLs 3 Return to CONFIGURATION mode CONFIG PREFIX LIST mode exit 4 Enter ROUTER BGP mode CONFIGURATION mode router ...

Page 211: ...e commands 1 Create a route map and assign it a name CONFIGURATION mode route map map name permit deny sequence number 2 Create multiple route map filters with a match or set action CONFIG ROUTE MAP mode match set For information about configuring route maps refer to Access Control Lists ACLs 3 Return to CONFIGURATION mode CONFIG ROUTE MAP mode exit 4 Enter ROUTER BGP mode CONFIGURATION mode route...

Page 212: ...y the AS PATH ACL map to inbound routes out apply the AS PATH ACL to outbound routes To view which commands are configured use the show config command in CONFIGURATION ROUTER BGP mode and the show ip as path access list command in EXEC Privilege mode To forward all routes not meeting the AS PATH ACL criteria include the permit filter in your AS PATH ACL Configuring BGP Route Reflectors BGP route r...

Page 213: ...regate must be in the routing table for the configured aggregate to become active To aggregate routes use the following command AS_SET includes AS_PATH and community information from the routes included in the aggregated route Assign the IP address and mask of the prefix to be aggregated CONFIG ROUTER BGP mode aggregate address ip address mask advertise map map name as set attribute map map name s...

Page 214: ...295 4 Byte All Confederation routers must be either 4 Byte or 2 Byte You cannot have a mix of router ASN support To view the configuration use the show config command in CONFIGURATION ROUTER BGP mode Enabling Route Flap Dampening When EBGP routes become unavailable they flap and the router issues both WITHDRAWN and UPDATE notices A flap is when a route is withdrawn is readvertised after being with...

Page 215: ... max suppress time the range is from 1 to 255 The maximum number of minutes a route can be suppressed The default is four times the half life value The default is 60 minutes route map map name name of a configured route map Only match commands in the configured route map are supported Use this parameter to apply route dampening to selective routes Enter the following optional parameters to configu...

Page 216: ...o configure values to reuse or restart a route In the following example default 15 is the set time before the value decrements bgp dampening 2 is the set re advertise value bgp dampening 2 2000 is the suppress value and bgp dampening 2 2000 3000 is the time to suppress a route Default values are also shown Dell conf router_bgp bgp dampening 1 45 Half life time for the penalty default 15 route map ...

Page 217: ...60 seconds holdtime the range is from 3 to 65536 Time interval in seconds between the last keepalive message and declaring the router dead The default is 180 seconds Configure timer values for all neighbors CONFIG ROUTER BGP mode timers bgp keepalive holdtime keepalive the range is from 1 to 65535 Time interval in seconds between keepalive messages sent to the neighbor routers The default is 60 se...

Page 218: ...erit the characteristic configured with this command Clear all information or only specific details EXEC Privilege mode clear ip bgp neighbor address AS Numbers ipv4 peer group name soft in out Clears all peers neighbor address Clears the neighbor with this IP address AS Numbers Peers AS numbers to be cleared ipv4 Clears information for the IPv4 address family peer group name Clears all members of...

Page 219: ...h a Continue Clause If the route map entry contains sets with the continue clause the set actions operation is performed first followed by the continue clause jump to the specified route map entry If a set actions operation occurs in the first route map entry and then the same set action occurs with a different value in a subsequent route map entry the last set of actions overrides the previous se...

Page 220: ...policies that contain regular expressions to match against as paths and communities might take a lot of CPU processing time thus affect BGP routing convergence Also show bgp commands that get filtered through regular expressions can to take a lot of CPU cycles especially when the database is large This feature is turned on by default If necessary use the bgp regex eval optz disable command in CONF...

Page 221: ...g all command Storing Last and Bad PDUs Dell Networking OS stores the last notification sent received and the last bad protocol data unit PDU received on a per peer basis The last bad PDU is the one that causes a notification to be issued In the following example the last seven lines shown in bold are the last PDUs Example of the show ip bgp neighbor Command to View Last and Bad PDUs Dell conf rou...

Page 222: ...40 MB the default and 100 MB The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction Setting the buffer size to a value lower than the current maximum might cause captured PDUs to be freed to set the new limit NOTE Memory on RP1 is not pre allocated and is allocated only when a PDU needs to b...

Page 223: ...e enabled for BGP neighbor 172 30 1 250 Available buffer size 29165743 192991 packet s captured using 11794257 bytes Dell conf router_bgp do sho ip bg s BGP router identifier 172 30 1 56 local AS number 65056 BGP table version is 313511 main routing table version 313511 207896 network entrie s and 207896 paths using 42364576 bytes of memory 59913 BGP path attribute entrie s using 2875872 bytes of ...

Page 224: ...onf int loop 0 R1 conf if lo 0 ip address 192 168 128 1 24 R1 conf if lo 0 no shutdown R1 conf if lo 0 show config interface Loopback 0 ip address 192 168 128 1 24 no shutdown R1 conf if lo 0 int te 1 21 R1 conf if te 1 21 ip address 10 0 1 21 24 R1 conf if te 1 21 no shutdown R1 conf if te 1 21 show config interface TengigabitEthernet 1 21 ip address 10 0 1 21 24 no shutdown R1 conf if te 1 21 in...

Page 225: ...ress 192 168 128 2 24 R2 conf if lo 0 no shutdown R2 conf if lo 0 show config interface Loopback 0 ip address 192 168 128 2 24 no shutdown R2 conf if lo 0 int te 2 11 R2 conf if te 2 11 ip address 10 0 1 22 24 R2 conf if te 2 11 no shutdown R2 conf if te 2 11 show config interface TengigabitEthernet 2 11 ip address 10 0 1 22 24 no shutdown R2 conf if te 2 11 int te 2 31 R2 conf if te 2 31 ip addre...

Page 226: ...uter_bgp neighbor 192 168 128 1 no shut R3 conf router_bgp neighbor 192 168 128 1 update source loop 0 R3 conf router_bgp neighbor 192 168 128 2 remote 99 R3 conf router_bgp neighbor 192 168 128 2 no shut R3 conf router_bgp neighbor 192 168 128 2 update loop 0 R3 conf router_bgp show config Example of Enabling Peer Groups Router 1 conf R1 conf router bgp 99 R1 conf router_bgp network 192 168 128 0...

Page 227: ...n 0 from peer Connections established 2 dropped 1 Last reset 00 00 57 due to user reset Notification History Connection Reset Sent 1 Recv 0 Last notification len 21 sent 00 00 57 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host 192 168 128 1 Local port 179 Foreign host 192 168 128 2 Foreign port 65464 BGP neighbor is 192 168 128 3 remote AS 100 external link Member of peer grou...

Page 228: ...3 conf router bgp 100 R3 conf router_bgp neighbor AAA peer group R3 conf router_bgp neighbor AAA no shutdown R3 conf router_bgp neighbor CCC peer group R3 conf router_bgp neighbor CCC no shutdown R3 conf router_bgp neighbor 192 168 128 2 peer group BBB R3 conf router_bgp neighbor 192 168 128 2 no shutdown R3 conf router_bgp neighbor 192 168 128 1 peer group BBB R3 conf router_bgp neighbor 192 168 ...

Page 229: ... denied 0 withdrawn 0 from peer Connections established 6 dropped 5 Last reset 00 12 01 due to Closed by neighbor Notification History HOLD error Timer expired Sent 1 Recv 0 Connection Reset Sent 2 Recv 2 Last notification len 21 received 00 12 01 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host 192 168 128 2 Local port 65464 Foreign host 192 168 128 1 Foreign port 179 BGP neig...

Page 230: ...R VRF ACL etc on the S Series by using the cam acl command in CONFIGURATION mode The CAM space is allotted in Field Processor FP blocks The total space allocated must equal 13 FP blocks NOTE There are 16 FP blocks but the system flow requires three blocks that cannot be reallocated The following table lists the default CAM allocation settings Table 10 Default Cam Allocation Settings CAM Allocation...

Page 231: ... startup config write mem or copy run start then reload the system for the new settings to take effect CAM Allocation for Ingress Use the cam acl egress command to allocate the space for egress L2 IPV4 and IPV6 ACL The total number of available FP blocks is 4 Allocate atleast one group of L2ACL and IPV4 ACL Dell conf do show cam acl egress Chassis Egress Cam ACL Current Settings in block sizes 1 b...

Page 232: ...her sufficient CAM space is available to enable a service policy Create a Class Map with all required ACL rules then execute the test cam usage command in Privilege mode to verify the actual CAM space required The Status column in the command output indicates whether or not the policy can be enabled Example of the test cam usage Command Dell test cam usage service policy input test cam usage stack...

Page 233: ...ntil you save the running configuration and reload the chassis Example of show running config cam profile Command Dell show running config cam profile cam profile default microcode default Dell View CAM ACL Settings Thisshow cam acl command shows the cam acl setting that will be loaded after the next reload Example of Viewing CAM ACL Settings Dell conf do show cam acl Chassis Cam ACL Current Setti...

Page 234: ...ad the chassis The default values for the show cam acl command are Dell show cam acl Chassis Cam ACL Current Settings in block sizes 1 block 128 entries L2Acl 6 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 IpMacAcl 0 VmanQos 0 VmanDualQos 0 EcfmAcl 0 FcoeAcl 0 iscsiOptAcl 0 ipv4pbr 0 vrfv4Acl 0 Openflow 0 fedgovacl 0 Stack unit 0 Current Settings in block sizes 1 block 128 entries L2Acl 6 Ipv4Acl ...

Page 235: ... usage Stackunit Portpipe CAM Partition Total CAM Used CAM Available CAM 0 0 IN L3 ACL 512 1 511 IN V6 ACL 0 0 0 IN L2 ACL 768 0 768 OUT L3 ACL 158 5 153 OUT V6 ACL 158 0 158 OUT L2 ACL 206 7 199 7 0 IN L3 ACL 512 1 511 IN V6 ACL 0 0 0 IN L2 ACL 768 0 768 OUT L3 ACL 158 5 153 OUT V6 ACL 158 0 158 OUT L2 ACL 206 7 199 Codes cam usage is above 90 Dell CAM Optimization When you enable this command if...

Page 236: ...rading to and Dell Networking OS version earlier than 6 3 1 1 Use the CONFIGURATION mode commands so that the profile is change throughout the system Use the EXEC Privilege mode commands to match the profile of a component to the profile of the target system QoS CAM Region Limitation To store QoS service policies the default CAM profile allocates a partition within the IPv4Flow region If the QoS C...

Page 237: ...reases security on the system by protecting the routing processor from unnecessary or DoS traffic giving priority to important control plane and management traffic CoPP uses a dedicated control plane configuration through the ACL and QoS command line interfaces CLIs to provide filtering and rate limiting capabilities for the control plane packets The following illustration shows an example of the ...

Page 238: ... protocol ICMP share same queue Q6 Q6 has 400 PPS of bandwidth by default The desired rate of ICMP is 100 PPS and the remaining 300 PPS is assigned to BGP If ICMP packets come at 400 PPS BGP packets may be dropped though ICMP packets are rate limited to 100 PPS You can solve this by increasing Q6 bandwidth to 700 PPS to allow both ICMP and BGP packets and then applying per flow CoPP for ICMP and B...

Page 239: ...fic policing for a particular protocol CONFIGURATION mode mac access list extended name cpu qos permit arp frrp gvrp isis lacp lldp stp 2 Create a Layer 3 extended ACL for control plane traffic policing for a particular protocol CONFIGURATION mode ip access list extended name cpu qos permit bgp dhcp dhcp relay ftp icmp igmp msdp ntp ospf pim ip ssh telnet vrrp 3 Create an IPv6 ACL for control plan...

Page 240: ... cpu qos Dell conf in qos policy cpuqos rate police 200 40 peak 500 40 Dell conf in qos policy cpuqos exit Dell conf qos policy in rate_limit_400k cpu qos Dell conf in qos policy cpuqos rate police 400 50 peak 600 50 Dell conf in qos policy cpuqos exit Dell conf qos policy in rate_limit_500k cpu qos Dell conf in qos policy cpuqos rate police 500 50 peak 1000 50 Dell conf in qos policy cpuqos exit ...

Page 241: ...roughly equivalent to 2 pps The basics for creating a CoPP service policy is to create QoS policies for the desired CPU bound queue and associate it with a particular rate limit The QoS policies are assigned to a control plane service policy for each port pipe 1 Create a QoS input policy for the router and assign the policing CONFIGURATION mode qos policy input name cpu qos 2 Create an input polic...

Page 242: ...NA RS RA packets not given high priority leads to the session establishment problem To solve this issue starting from release 9 4 0 0 IPv6 NDP packets use different CPU queues when compared to the Generic IPv6 multicast traffic These entries are installed in system when application is triggered CPU Processing of CoPP Traffic The systems use FP rules to take the packets to control plane by CopyToCP...

Page 243: ...eled to the master unit are isolated from the data queues and the control queues in the backplane links Control traffic must be sent over the control queues Q4 Q7 on higig links After reaching the master unit tunneled packets must be transmitted to the CPU using the Q0 Q11 queues The backplane ports can have a maximum of 4 control queues So when we have more than n CMIC queues for well known proto...

Page 244: ... enable cases each VLT node will have route entry for link local address of both self and peer VLT node Peer VLT link local entry will have egress port as ICL link And Actual link local address will have entry to CopyToCpu But NDP packets destined to peer VLT node needs to be taken to CPU and tunneled to the peer VLT node NDP packets in VLT peer routing disable case NDP packets intended to peer VL...

Page 245: ...y in LPM table is used for soft forwarding and generating ICMP unreachable messages to the source If this is in place then irrespective of whether it is 64 subnet or 64 subnet it doesn t have any effect as there would always be LPM hit and traffic are sent to CPU Unknown unicast L3 packets are terminated to the CPU CoS queue which is also shared for other types of control plane packets like ARP Re...

Page 246: ...ap to match to the class map and qos policy for each desired protocol CONFIGURATION mode Dell conf policy map input ospfv3_policy cpu qos Dell conf policy map in cpuqos class map ospfv3 qos policy ospfv3_rate 5 Enter Control Plane mode CONFIGURATION mode Dell conf control plane cpuqos 6 Assign the protocol based service policy on the control plane Enabling this command on a port pipe automatically...

Page 247: ...ing for the MAC protocols use the show mac protocol queue mapping command Example of Viewing Queue Mapping for MAC Protocols Dell show mac protocol queue mapping Protocol Destination Mac EtherType Queue EgPort Rate kbps ARP any 0x0806 Q5 Q6 CP _ FRRP 01 01 e8 00 00 10 11 any Q7 CP _ LACP 01 80 c2 00 00 02 0x8809 Q7 CP _ LLDP any 0x88cc Q7 CP _ GVRP 01 80 c2 00 00 21 any Q7 CP _ STP 01 80 c2 00 00 ...

Page 248: ...e offering configuration parameters to the client DHCP Client This is a network device requesting configuration parameters from the server Relay Agent This is an intermediary network device that passes DHCP messages between the client and server when the server is not on the same subnet as the host DHCP Packet Format and Options DHCP uses the user datagram protocol UDP as its transport protocol Th...

Page 249: ...P Message Type Option 53 1 DHCPDISCOVER 2 DHCPOFFER 3 DHCPREQUEST 4 DHCPDECLINE 5 DHCPACK 6 DHCPNACK 7 DHCPRELEASE 8 DHCPINFORM Parameter Request List Option 55 Clients use this option to tell the server which parameters it requires It is a series of octets where each octet is DHCP option code Renewal Time Option 58 Specifies the amount of time after the IP address is granted that the client attem...

Page 250: ...o the offer requesting the offered values 4 After receiving a DHCPREQUEST the server binds the clients unique identifier the hardware address plus IP address to the accepted configuration parameters and stores the data in a database called a binding table The server then broadcasts a DHCPACK message which signals to the client that it may begin using the assigned parameters 5 When the client leave...

Page 251: ...DHCP Snooping globally and you have any configured L2 ports any IP ACL MAC ACL or DHCP source address validation ACL does not block DHCP packets Dell Networking OS provides 40K entries that can be divided between leased addresses and excluded addresses By extension the maximum number of pools you can configure depends on the subnet mask that you give to each pool For example if all pools were conf...

Page 252: ...o allocate addresses to clients for a limited time The DHCP server maintains information about each of the leases including lease length Responding To Client Requests DHCP servers respond to different types of requests from clients primarily granting renewing and terminating leases Providing Administration Services DHCP servers include functionality that allows an administrator to implement polici...

Page 253: ...and configuration data that DHCP hosts need Configuring the Dell system to be a DHCP server is a three step process 1 Configuring the Server for Automatic Address Allocation 2 Specifying a Default Gateway Related Configuration Tasks Configure a Method of Hostname Resolution Creating Manual Binding Entries Debugging the DHCP Server Using DHCP Clear Commands Excluding Addresses from the Address Pool...

Page 254: ...esolution Windows internet naming service WINS is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a group of networks Microsoft DHCP clients can be one of four types of NetBIOS nodes broadcast peer to peer mixed or hybrid 1 Specify the NetBIOS WINS name servers in order of preference that are available to Microsoft Dynamic Host Configuration...

Page 255: ...nd Display debug information for DHCP server EXEC Privilege mode debug ip dhcp server events packets Using DHCP Clear Commands To clear DHCP binding entries address conflicts and server counters use the following commands Clear DHCP binding entries for the entire binding table EXEC Privilege mode clear ip dhcp binding Clear a DHCP binding entry for an individual IP address EXEC Privilege mode clea...

Page 256: ...wn address as the relay device Responses from the server are unicast back to the relay agent on port 67 and the relay agent rewrites the destination address and forwards the packet to the client subnet via broadcast or unicast depending whether the client has set or cleared the BROADCAST flag in the DHCP Client PDUs NOTE DHCP Relay is not available on Layer 2 interfaces and VLANs on the Z Series a...

Page 257: ...ddress A DHCP server manages and assigns IP addresses to clients from an address pool stored on the server For more information refer to Configuring the Server for Automatic Address Allocation Dynamically assigned IP addresses are supported only on Ethernet interfaces 10Gigabit 40 Gigabit and 100 1000 10000 Ethernet Interfaces The DHCP client is supported on VLAN and port channel interfaces The pu...

Page 258: ...he DHCP IP address and renew it on the management interface Management routes added by the DHCP client have higher precedence over the same statically configured management route Static routes are not removed from the running configuration if a dynamically acquired management route added by the DHCP client overwrites a static management route Management routes added by the DHCP client are not adde...

Page 259: ...Doing so guarantees that this router becomes the VRRP group owner To use the router as the VRRP owner if you enable a DHCP client on an interface that is added to a VRRP group assign a priority less than 255 but higher than any other priority assigned in the group Configure the System for User Port Stacking Option 230 Set the stacking option variable to provide stack port detail on the DHCP server...

Page 260: ...d a reply out the interface on which the request was received rather than flooding it on the entire VLAN The relay agent strips Option 82 from DHCP responses before forwarding them to the client To insert Option 82 into DHCP packets follow this step Insert Option 82 into DHCP packets CONFIGURATION mode ip dhcp relay information option trust downstream For routers between the relay agent and the DH...

Page 261: ...ntain a list of snooped VLANs When the binding table is exhausted DHCP packets are dropped on snooped VLANs while these packets are forwarded across non snooped VLANs Because DHCP packets are dropped no new IP address assignments are made However DHCPRELEASE and DHCPDECLINE packets are allowed so that the DHCP snooping table can decrease in size After the table usage falls below the maximum limit ...

Page 262: ...an id vlan id ipv6 ipv6 address interface interface type interface number lease value Clearing the Binding Table To clear the binding table use the following command Delete all of the entries in the binding table EXEC Privilege mode clear ip dhcp snooping binding Clearing the DHCP IPv6 Binding Table To clear the DHCP IPv6 binding table use the following command Delete all of the entries in the bin...

Page 263: ...ping Enabled Vlans Vl 10 List of DAI Trust ports Te 1 4 Displaying the Contents of the DHCPv6 Binding Table To display the contents of the DHCP IPv6 binding table use the following command Display the contents of the binding table EXEC Privilege mode show ipv6 dhcp snooping biniding Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp sno...

Page 264: ...0 4d 69 e8 f2 172740 D Vl 10 Te 1 5 Total number of Entries in the table 4 Dynamic ARP Inspection Dynamic address resolution protocol ARP inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding table ARP is a stateless protocol that provides no authentication mechanism Network devices accept ARP requests and replies from any device ARP repli...

Page 265: ...emFlow has 15 entries Six L2SystemFlow entries are used by Layer 2 protocols leaving nine for DAI L2Protocol can have a maximum of 100 entries you must expand this region to capacity before you can increase the size of L2SystemFlow This is relevant when you are enabling DAI on VLANs If for example you want to enable DAI on 16 VLANs you need seven more entries in this case reconfigure the SystemFlo...

Page 266: ...pection use the following command Specify an interface as trusted so that ARPs are not validated against the binding table INTERFACE mode arp inspection trust Dell Networking OS Behavior Introduced in Dell Networking OS version 8 2 1 0 DAI was available for Layer 3 only However Dell Networking OS version 8 2 1 1 extends DAI to Layer 2 Source Address Validation Using the DHCP binding table Dell Net...

Page 267: ...o enable IP source address validation use the following command NOTE If you enable IP source guard using the ip dhcp source address validation command and if there are more entries in the current DHCP snooping binding table than the available CAM space SAV may not be applied to all entries To ensure that SAV is applied correctly to all entries enable the ip dhcp source address validation command b...

Page 268: ...interface for the entire system use the show ip dhcp snooping source address validation interface command in EXEC Privilege mode Viewing the Number of SAV Dropped Packets The following output of the show ip dhcp snooping source address validation discard counters command displays the number of SAV dropped packets Dell show ip dhcp snooping source address validation discard counters deny access lis...

Page 269: ...d counters command Dell clear ip dhcp snooping source address validation discard counters To clear the number of SAV dropped packets on a particular interface use the clear ip dhcp snooping source address validation discard counters interface interface command Dell clear ip dhcp snooping source address validation discard counters interface TenGigabitEthernet 1 1 Dynamic Host Configuration Protocol...

Page 270: ...ault hash algorithm is 24 Enabling Deterministic ECMP Next Hop Deterministic ECMP next hop arranges all ECMPs in order before writing them into the content addressable memory CAM For example suppose the RTM learns eight ECMPs in the order that the protocols and interfaces came up In this case the forwarding information base FIB and CAM sort them so that the ECMPs are always arranged This implement...

Page 271: ...hm seed value stack unit number port set number The range is from 0 to 4095 Link Bundle Monitoring Monitoring linked ECMP bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time A default threshold of 60 is defined as an acceptable amount of traffic on a member link Links are monitored in 15 second intervals for three consecutive instances An...

Page 272: ...utes the CAM can hold a maximum ECMP per route To configure the maximum number of paths use the following command NOTE Save the new ECMP settings to the startup config write mem then reload the system for the new settings to take effect Configure the maximum number of paths per ECMP group CONFIGURATION mode ip ecmp group maximum paths 2 64 Enable ECMP group path management CONFIGURATION mode ip ec...

Page 273: ...ls for an ECMP group bundle EXEC mode show link bundle distribution ecmp group ecmp group id The range is from 1 to 64 Viewing an ECMP Group NOTE An ecmp group index is generated automatically for each unique ecmp group when you configure multipath routes to the same network The system can generate a maximum of 512 unique ecmp groups The ecmp group indices are generated in even numbers 0 2 4 6 102...

Page 274: ...ce section G 5 guidelines NOTE Only the following features use the embedded FIPS 140 2 validated cryptography module SSH Client SSH Server RSA Host Key Generation SCP File Transfers Currently other features using cryptography do not use the embedded FIPS 140 2 validated cryptography module Configuration Tasks Preparing the System Enabling FIPS Mode Generating Host Keys Monitoring FIPS Mode Status ...

Page 275: ...e closed successfully in a reasonable amount of time In general this failure can occur if a user at a remote host is in the process of establishing an SSH session to the local system and has been prompted to accept a new host key or to enter a password but is not responding to the request Assuming this failure is a transient condition attempting to enable FIPS mode again should be successful To en...

Page 276: ...ent Unit Status online Next Boot online Required Type S4810 52 port GE TE FG SE Current Type S4810 52 port GE TE FG SE Master priority 0 Hardware Rev 3 0 Num Ports 64 Up Time 7 hr 3 min Dell Networking OS Version 4810 8 3 7 1061 Jumbo Capable yes POE Capable no FIPS Mode enabled Burned In MAC 00 01 e8 8a ff 0c No Of MACs 3 Disabling FIPS Mode The following describes disabling FIPS mode When you di...

Page 277: ...command To disable FIPS mode from a console port CONFIGURATION mode no fips mode enable The following Warning message displays WARNING Disabling FIPS mode will close all SSH Telnet connections restart those servers and destroy all configured host keys Proceed y n Enabling FIPS Cryptography 277 ...

Page 278: ...tus of the Ring by sending ring health frames RHF around the Ring from its Primary port and returning on its Secondary port If the Master node misses three consecutive RHFs the Master node determines the ring to be in a failed state The Master then sends a Topology Change RHF to the Transit Nodes informing them that the ring has changed This causes the Transit Nodes to flush their forwarding table...

Page 279: ...ault state and unblocks its Secondary port The Master node clears its routing table and sends a control frame to all other ring nodes instructing them to clear their routing tables as well Immediately after clearing its routing table each node begins learning the new topology Ring Restoration The Master node continues sending ring health frames out its primary port even when operating in the Ring ...

Page 280: ... that can generally range between 150ms and 1500ms for Layer 2 networks The Master node originates a high speed frame that circulates around the ring This frame appropriately sets up or breaks down the ring The Master node transmits ring status check frames at specified intervals You can run multiple physical rings on the same switch One Master node per ring all other nodes are Transit Each node h...

Page 281: ...hrough this state when a port comes up Disabled State When the port is disabled or down or is not on the VLAN Ring Protocol Timers Hello Interval The interval when ring frames are generated from the Master node s Primary interface default 500 ms The Hello interval is configurable in 50 ms increments from 50 ms to 2000 ms Dead Interval The interval when data traffic is blocked on a port The default...

Page 282: ...trol VLAN cannot have members that are not ring ports If multiple rings share one or more member VLANs they cannot share any links between them Member VLANs across multiple rings are not supported in Master nodes Each ring has only one Master node all others are transit nodes FRRP Configuration These are the tasks to configure FRRP Creating the FRRP Group Configuring the Control VLAN Configure Pri...

Page 283: ...node 1 Create a VLAN with this ID number CONFIGURATION mode interface vlan vlan id VLAN ID from 1 to 4094 2 Tag the specified interface or range of interfaces to this VLAN CONFIG INT VLAN mode tagged interface slot port range Interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port information For a 40 Gigabit Ethernet interface enter the keyword fortyG...

Page 284: ...ndary interface can be tagged or untagged The control VLAN must be the same for all nodes on the ring To create the Members VLANs for this FRRP group use the following commands on all of the Transit switches in the ring 1 Create a VLAN with this ID number CONFIGURATION mode interface vlan vlan id VLAN ID the range is from 1 to 4094 2 Tag the specified interface or range of interfaces to this VLAN ...

Page 285: ...he ring s Member VLANs 6 Enable this FRRP group on this switch CONFIG FRRP mode no disable Setting the FRRP Timers To set the FRRP timers use the following command NOTE Set the Dead Interval time 3 times the Hello Interval Enter the desired intervals for Hello Interval or Dead Interval times CONFIG FRRP mode timer hello interval dead interval milliseconds Hello Interval the range is from 50 to 200...

Page 286: ...eshoot FRRP use the following information Configuration Checks Each Control Ring must use a unique VLAN ID Only two interfaces on a switch can be Members of the same control VLAN There can be only one Master node for any FRRP group You can configure FRRP on Layer 2 interfaces only Spanning Tree if you enable it globally must be disabled on both Primary and Secondary interfaces when you enable FRRP...

Page 287: ... TenGigabitEthernet 2 14 no ip address switchport no shutdown interface TenGigabitEthernet 2 31 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 2 14 31 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 2 14 31 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 2 14 secondary TenGigabitEthernet 2 31 control vlan 10...

Page 288: ...o shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 3 14 21 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 3 21 secondary TenGigabitEthernet 3 14 control vlan 101 member vlan 201 mode transit no disable 288 Force10 Resilient Ring Protocol FRRP ...

Page 289: ...As such the edge ports must still be statically configured with VLAN membership information and they do not run GVRP It is this information that is propagated to create dynamic VLAN membership in the core of the network Important Points to Remember GVRP propagates VLAN membership throughout a network GVRP allows end stations and switches to issue and revoke declarations relating to VLAN membership...

Page 290: ...mation exchanged In the following example that type of port is referred to as a VLAN trunk port but it is not necessary to specifically identify to the Dell Networking OS that the port is a trunk port Figure 30 Global GVRP Configuration Example Basic GVRP configuration is a two step process 1 Enabling GVRP Globally 2 Enabling GVRP on a Layer 2 Interface Related Configuration Tasks Configure GVRP R...

Page 291: ...f if te 1 21 switchport Dell conf if te 1 21 gvrp enable Dell conf if te 1 21 no shutdown Dell conf if te 1 21 show config interface TenGigabitEthernet 1 21 no ip address switchport gvrp enable no shutdown To inspect the interface configuration use the show config command from INTERFACE mode or use the show gvrp interface command in EXEC or EXEC Privilege mode Configure GVRP Registration Configure...

Page 292: ...s to the same values on all devices that are exchanging information using GVRP There are three GARP timer settings Join A GARP device reliably transmits Join messages to other devices by sending each Join message two times To define the interval between the two sending operations of each Join message use this parameter The Dell Networking OS default is 200ms Leave When a GARP device expects to de ...

Page 293: ... Dell conf Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer Dell conf garp timers join 300 Error Leave timer should be 3 Join timer GARP VLAN Registration Protocol GVRP 293 ...

Page 294: ...otocol IGMP Protocol Overview IGMP has three versions Version 3 obsoletes and is backwards compatible with version 2 version 2 obsoletes version 1 IGMP Version 2 IGMP version 2 improves on version 1 by specifying IGMP Leave messages which allows hosts to notify routers that they no longer care about traffic for a particular group Leave messages reduce the amount of time that the router takes to st...

Page 295: ...dds the group to the list of multicast groups associated with its outgoing port to the subnet Multicast traffic for the group is then forwarded to that subnet Sending an Unsolicited IGMP Report A host does not have to wait for a general query to join a group It may send an unsolicited IGMP Membership Report also called an IGMP Join message to the querier Leaving a Multicast Group The following des...

Page 296: ...p Specific and General queries still refresh the existing state Reporting is more efficient and robust hosts do not suppress query responses non suppression helps track state and enables the immediate leave and IGMP snooping features state change reports are retransmitted to insure delivery and a single membership report bundles multiple statements from a single host rather than sending an individ...

Page 297: ...uery to verify that there are no hosts interested in any other sources The multicast router must satisfy all hosts if they have conflicting requests For example if another host on the subnet is interested in traffic from 10 11 1 3 the router cannot record the include request There are no other interested hosts so the request is recorded At this point the multicast routing protocol prunes the tree ...

Page 298: ...essary 2 The querier before making any state changes sends a group and source query to see if any other host is interested in these two sources queries for state changes are retransmitted multiple times If any are they respond with their current state information and the querier refreshes the relevant state information 3 Separately in the following illustration the querier sends a general query to...

Page 299: ...st routing command 2 Enable a multicast routing protocol Related Configuration Tasks Viewing IGMP Enabled Interfaces Selecting an IGMP Version Viewing IGMP Groups Adjusting Timers Preventing a Host from Joining a Group Enabling IGMP Immediate Leave IGMP Snooping Fast Convergence after MSTP Topology Changes Internet Group Management Protocol IGMP 299 ...

Page 300: ...ting an IGMP Version Dell Networking OS enables IGMP version 2 by default which supports version 1 and 2 hosts but is not compatible with version 3 on the same subnet If hosts require IGMP version 3 you can switch to IGMP version 3 To switch to version 3 use the following command Switch to a different IGMP version INTERFACE mode ip igmp version Example of the ip igmp version Command Dell conf if t...

Page 301: ... active When a host receives a query it does not respond immediately but rather starts a delay timer The delay time is set to a random value between 0 and the maximum response time The host sends a response when the timer expires in version 2 if another host responds before the timer expires the timer is nullified and no response is sent The maximum response time is the amount of time that the que...

Page 302: ...with the lowest IP address on the subnet is elected querier and continues to send queries 3 If a specified amount of time elapses during which other routers on the subnet do not receive a query those routers assume that the querier is down and a new querier is elected The amount of time that elapses before routers on a subnet assume that the querier is down is the other querier present interval Ad...

Page 303: ...vice Switches forward multicast frames out of all ports in a virtual local area network VLAN by default even though there may be only some interested hosts which is a waste of bandwidth If you enable IGMP snooping on a VLT unit IGMP snooping dynamically learned groups and multicast router ports are made to learn on the peer by explicitly tunneling the received IGMP control packets IGMP Snooping Im...

Page 304: ... after receiving an IGMP Leave message INTERFACE VLAN mode ip igmp fast leave View the configuration INTERFACE VLAN mode show config Example of Configuration Output After Removing a Group Port Association Dell conf if vl 100 show config interface Vlan 100 no ip address ip igmp snooping fast leave shutdown Dell conf if vl 100 Disabling Multicast Flooding If the switch receives a multicast packet th...

Page 305: ... to be the querier for a VLAN by first assigning an IP address to the VLAN interface INTERFACE VLAN mode ip igmp snooping querier IGMP snooping querier does not start if there is a statically configured multicast router interface in the VLAN The switch may lose the querier election if it does not have the lowest IP address of all potential queriers on the subnet When enabled IGMP snooping querier ...

Page 306: ...tatically or returned dynamically by the DHCP client A static route points to the management interface or a forwarding router Transit traffic destination IP not configured in the switch that is received on the front end port with destination on the management port is dropped and received in the management port with destination on the front end port is dropped Switch destined traffic destination IP...

Page 307: ...upported TFTP 69 Supported Radius 1812 1813 Supported Tacacs 49 Supported HTTP 80 for httpd 443 for secure httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application Supported If you configure a source interface is for any EIS management application EIS might not coexist with that interface and the behavior is undefined in such a case You can configure the...

Page 308: ... is installed to both the EIS routing table and default routing table For management applications route lookup is preferentially done in the management EIS routing table for all traffic management port is the preferred egress port For example if SSH is a management application an SSH session to a front panel port IP on the peer box is initiated via management port only if the management port is UP...

Page 309: ...ting table Handling of Switch Initiated Traffic When the control processor CP initiates a control packet the following processing occurs TCP UDP port number is extracted from the sockaddr structure in the in_selectsrc call which is called as part of the connect system call or in the ip_output function If the destination TCP UDP port number belongs to a configured management application then sin_po...

Page 310: ... route lookup is done for the response traffic and hence is sent out of the management port In this case the source IP address is a management port IP address only if the traffic was originally destined to the management port IP ICMP based applications like ping and traceroute are exceptions to the preceding logic since we do not have TCP UDP port number So if source IP address of the packet match...

Page 311: ... Switch destined traffic Transit Traffic EIS Management Application Management is the preferred egress port selected based on route lookup in EIS table If the management port is down or the route lookup fails packets are dropped If source TCP UDP port matches a management application and source IP address is management port IP address management port is the preferred egress port selected based on ...

Page 312: ...a port then the management application traffic is sent out through the front end data port This fallback mechanism is required 2 Non Management Applications Applications that are not configured as management applications as defined by this feature Non management application traffic exits out of either front end data port or management port based on routing table If there is a default route on both...

Page 313: ...or the TCP session and also for ICMP based applications like ping and traceroute FTP SSH and Telnet are the applications that can function as servers for the TCP session EIS Behavior If source TCP or UDP port matches an EIS management or a non EIS management application and source IP address is management port IP address management port is the preferred egress port selected based on route lookup i...

Page 314: ... both master and standby units VLT VLT feature is for the front end port only Because this feature is specific to the management port this feature can coexist with VLT and nothing specific needs to be done in this feature to handle VLT scenario DHCP If DHCP Client is enabled on the management port a management default route is installed to the switch If management EIS is enabled this default route...

Page 315: ...ng IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non zero IP source address All IGMP control packets and IP multicast data traffic originating from receivers is forwarded to multicast router interfaces Designate an interface as a multicast router interface ip igmp snooping mrouter interface Internet Group Management Protocol IGMP 315 ...

Page 316: ...tion Enabling a Physical Interface Physical Interfaces Management Interfaces VLAN Interfaces Loopback Interfaces Null Interfaces Port Channel Interfaces Advanced Interface Configuration Bulk Configuration Defining Interface Range Macros Monitoring and Maintaining Interfaces Splitting QSFP Ports to SFP Ports Link Dampening Link Bundle Monitoring Ethernet Pause Frames Configure the MTU Size on an In...

Page 317: ...de show interfaces This command has options to display the interface status IP and MAC addresses and multiple counters for the amount and type of traffic passing through the interface If you configured a port channel interface this command lists the interfaces configured in the port channel NOTE To end output from the system such as the output from the show interfaces command enter CTRL C and Dell...

Page 318: ...e the show ip interfaces brief command in EXEC Privilege mode In the following example TenGigabitEthernet interface 1 6 is in Layer 3 mode because an IP address has been assigned to it and the interface s status is operationally up Dell show ip interface brief Interface IP Address OK Method Status Protocol TenGigabitEthernet 1 1 unassigned NO Manual administratively down down TenGigabitEthernet 1 ...

Page 319: ...e port range is 0 2 Enable the interface INTERFACE mode no shutdown To confirm that the interface is enabled use the show config command in INTERFACE mode To leave INTERFACE mode use the exit command or end command You cannot delete a physical interface Physical Interfaces The Management Ethernet interface is a single RJ 45 Fast Ethernet port on each unit of the Z9000 The interface provides dedica...

Page 320: ...ANs are in Layer 2 mode Type of Interface Possible Modes Requires Creation Default State 10 100 1000 Ethernet 10 Gigabit Ethernet Layer 2 Layer 3 No Shutdown disabled Management N A No Shutdown disabled Loopback Layer 3 Yes No shutdown enabled Null interface N A No Enabled Port Channel Layer 2 Layer 3 Yes Shutdown disabled VLAN Layer 2 Layer 3 Yes except for the default VLAN No shutdown disabled f...

Page 321: ...mmand prevents all traffic from passing through the interface In VLANs the shutdown command prevents Layer 3 traffic from passing through the interface Layer 2 traffic is unaffected by the shutdown command One of the interfaces in the system must be in Layer 3 mode before you configure or enter a Layer 3 protocol mode for example OSPF Enable Layer 3 on an individual interface INTERFACE mode ip add...

Page 322: ...iew all interfaces to see with an IP address assigned use the show ip interfaces brief command in EXEC mode as shown in View Basic Interface Information To view IP information on an interface in Layer 3 mode use the show ip interface command in EXEC Privilege mode Dell show ip int vlan 58 Vlan 58 is up line protocol is up Internet address is 1 1 49 1 24 Broadcast address is 1 1 49 255 Address dete...

Page 323: ... Enter EIS mode CONFIGURATION mode management egress interface selection 2 Configure which applications uses EIS EIS mode application all application type NOTE If you configure SNMP as the management application for EIS and you add a default management route when you perform an SNMP walk and check the debugging logs for the source and destination IPs the SNMP agent uses the destination address of ...

Page 324: ...ommand in EXEC Privilege mode as shown in the following example To display the routing table use the show ip route command in EXEC Privilege mode Dell show int TenGigabitEthernet 1 1 TenGigabitEthernet 1 1 is up line protocol is up Description This is the Managment Interface Hardware is Force10Eth address is 00 01 e8 cc cc ce Current address is 00 01 e8 cc cc ce Pluggable media not present Interfa...

Page 325: ...assign an IP address to the default VLAN which is VLAN 1 by default To assign another VLAN ID to the default VLAN use the default vlan id vlan id command To assign an IP address to an interface use the following command Configure an IP address and mask on the interface INTERFACE mode ip address ip address mask secondary ip address mask enter an address in dotted decimal format A B C D The mask mus...

Page 326: ...mmand Enter INTERFACE mode of the Null interface CONFIGURATION mode interface null 0 The only configurable command in INTERFACE mode of the Null interface is the ip unreachable command Port Channel Interfaces Port channel interfaces support link aggregation as described in IEEE Standard 802 3ad This section covers the following topics Port Channel Definition and Standards Port Channel Benefits Por...

Page 327: ...on as you configure a port channel Dell Networking OS treats it like a physical interface For example IEEE 802 1Q tagging is maintained while the physical interface is in the port channel Member ports of a LAG are added and programmed into the hardware in a predictable order based on the port ID instead of in the order in which the ports come up With this implementation load balancing yields predi...

Page 328: ...rking OS disables those interfaces configured with speed 10000 Mb s or whose speed is 10000 Mb s as a result of auto negotiation In this example you can change the common speed of the port channel by changing its configuration so the first enabled interface referenced in the configuration is a 1000 Mb s speed interface You can also change the common speed of the port channel here by setting the sp...

Page 329: ...ration is minimal You can configure only the following commands on an interface if it is a member of a port channel description shutdown no shutdown mtu ip mtu if the interface is on a Jumbo enabled by default NOTE A logical port channel interface cannot have flow control Flow control can only be present on the physical interfaces if they are part of a port channel NOTE The Z9000 supports jumbo fr...

Page 330: ...r 127 byte pkts 69164 over 255 byte pkts 143346 over 511 byte pkts 942523 over 1023 byte pkts Received 0 input symbol errors 0 runts 0 giants 0 throttles 42 CRC 0 IP Checksum 0 overrun 0 discarded 2456590833 packets output 203958235255 bytes 0 underruns Output 1640 Multicasts 56612 Broadcasts 2456532581 Unicasts 2456590654 IP Packets 0 Vlans 0 MPLS 0 throttles 0 discarded Rate info interval 5 minu...

Page 331: ...hm for the port channel To reassign an interface to a new port channel use the following commands 1 Remove the interface from the first port channel INTERFACE PORT CHANNEL mode no channel member interface 2 Change to the second port channel INTERFACE mode INTERFACE PORT CHANNEL mode interface port channel id number 3 Add the interface to the second port channel INTERFACE PORT CHANNEL mode channel ...

Page 332: ...idual members of a port channel perform the following 1 Configure VLAN membership on individual ports INTERFACE mode Dell conf if vlan tagged 2 3 4 2 Use the switchport command in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell conf if switchport 3 Verify the manually configured VLAN membership show interfaces switchport interface command EXE...

Page 333: ...ithm distributes traffic among Equal Cost Multi path ECMP paths and LAG members The distribution is based on a flow except for packet based hashing A flow is identified by the hash and is assigned to one link In packet based hashing a single flow can be distributed on the LAG and uses one link Packet based hashing is used to load balance traffic across a port channel based on the IP Identifier fie...

Page 334: ...AG hashing ipv6 selection Set the IPV6 key fields to use in hash computation tunnel Set the tunnel key fields to use in hash computation Changing the Hash Algorithm The load balance command selects the hash criteria applied to port channels If you do not obtain even distribution with the load balance command you can use the hash algorithm command to select the hash scheme for LAG ECMP and NH ECMP ...

Page 335: ...32 bits of the hash key to compute the egress port dest ip uses destination IP address as part of the hash key lsb uses always return the LSB of the key as the hash xor1 uses Upper 8 bits of CRC16 BISYNC and lower 8 bits of xor1 xor2 Upper 8 bits of CRC16 BISYNC and lower 8 bits of xor2 xor4 Upper 8 bits of CRC16 BISYNC and lower 8 bits of xor4 xor8 Upper 8 bits of CRC16 BISYNC and lower 8 bits of...

Page 336: ...mmand for bulk configuration Create a Single Range Create a Multiple Range Exclude Duplicate Entries Exclude a Smaller Port Range Overlap Port Ranges Commas Add Ranges Create a Single Range The following is an example of a single range Example of the interface range Command Single Range Dell config interface range tengigabitethernet 1 1 23 Dell config if range te 1 1 23 no shutdown Dell config if ...

Page 337: ...e range 5 1 to 5 23 and both Ten Gigabit Ethernet interfaces 1 1 and 1 2 Example of Adding Interface Ranges Dell config if interface range tengigabitethernet 5 1 23 tengigabitethernet 1 1 2 Dell config if range te 5 1 23 no shutdown Dell config if range te 5 1 23 Add Ranges The following example shows how to use commas to add VLAN and port channel interfaces to the range Example of Adding VLAN and...

Page 338: ...st Dell config if Monitoring and Maintaining Interfaces Monitor interface statistics with the monitor interface command This command displays an ongoing list of the interface status up down number of packets traffic statistics and so on To view the interface s statistics use the following command View the interface s statistics EXEC Privilege mode Enter the type of interface and slot port informat...

Page 339: ...ime domain reflectometer TDR is supported on all Dell Networking switch routers TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs TDR sends a signal onto the physical cable and examines the reflection of the signal that returns By examining the reflection TDR is able to indicate whether there is a cable fault whe...

Page 340: ...after you configure the four individual 10G ports to be stacked as a single 40G port To split a single 40G port into four 10G ports use the following command Split a single 40G port into four 10G ports CONFIGURATION mode stack unit stack unit port number portmode quad stack unit enter the stack member unit identifier of the stack member to reset The range is from 0 to 11 number enter the port numb...

Page 341: ...y other related configurations NOTE Trident2 chip sets do not work at 1G speeds with auto negotiation enabled As a result when you peer any device using SFP the link does not come up if auto negotiation is enabled Therefore you must disable auto negotiation on platforms that currently use Trident2 chip sets S6000 and Z9000 This limitation applies only when you convert QSFP to SFP using the QSA Thi...

Page 342: ...ceiver SFP 0 Serial ID Base Fields SFP 0 Id 0x0d SFP 0 Ext Id 0x00 SFP 0 Connector 0x23 SFP 0 Transceiver Code 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00 SFP 0 Encoding 0x00 SFP 0 Diagnostic Information SFP 0 Rx Power measurement type OMA SFP 0 Temp High Alarm threshold 0 000C SFP 0 Voltage High Alarm threshold 0 000V SFP 0 Bias High Alarm threshold 0 000mA NOTE In the following show interfaces tengi...

Page 343: ...put shows that pluggable media optical cables is inserted into these ports This is a software limitation for this release Dell show interfaces tengigabitethernet 0 5 transceiver SFP 0 Serial ID Base Fields SFP 0 Id 0x0d SFP 0 Ext Id 0x00 SFP 0 Connector 0x23 SFP 0 Transceiver Code 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00 SFP 0 Encoding 0x00 Dell show interfaces tengigabitethernet 0 6 transceiver SF...

Page 344: ...Hardware is DellEth address is 90 b1 1c f4 9a fa Current address is 90 b1 1c f4 9a fa Pluggable media present SFP type is 10GBASE SX Interface index is 35012865 Internet address is not set Mode of IPv4 Address Assignment NONE DHCP Client ID 90b11cf49afa MTU 1554 bytes IP MTU 1500 bytes LineSpeed 10000 Mbit Dell show interfaces tengigabitethernet 0 1 tengigabitethernet 0 1 is up line protocol is do...

Page 345: ...s 90 b1 1c f4 9a fa Current address is 90 b1 1c f4 9a fa Pluggable media present SFP type is 1GBASE LineSpeed 1000 Mbit Dell show interfaces tengigabitethernet 0 8 TenGigabitEthernet 0 0 is up line protocol is up Hardware is DellEth address is 90 b1 1c f4 9a fa Current address is 90 b1 1c f4 9a fa Pluggable media present QSFP type is 4x10GBASE CR1 3M LineSpeed 10000 Mbit The show inventory command...

Page 346: ...nd the penalty decays below a certain threshold the interface comes up again and the routing protocols re converge Link dampening reduces processing on the CPUs by reducing excessive interface flapping improves network stability by penalizing misbehaving interfaces and redirecting traffic improves convergence times and stability throughout the network by isolating failures so that disturbances are...

Page 347: ... interface Te 1 1 Dell show interfaces dampening TenGigabitEthernet1 1 InterfaceStateFlapsPenaltyHalf LifeReuseSuppressMax Sup Te 1 1Up00205001500300 Link Dampening Support for XML View the output of the following show commands in XML by adding display xml to the end of the command show interfaces dampening show interfaces dampening summary show interfaces interface x y Configure MTU Size on an In...

Page 348: ... Frames allow for a temporary stop in data transmission A situation may arise where a sending device may transmit data faster than a destination device can accept it The destination sends a PAUSE frame back to the source stopping the sender s transmission for a period of time An Ethernet interface starts to send pause frames to a sending device when the transmission rate of ingress traffic exceeds...

Page 349: ...rking recommends rebooting the system The flow control sender and receiver must be on the same port pipe Flow control is not supported across different port pipes To enable pause frames use the following command Control how the system responds to and generates 802 3x pause frames on 1 and 10 Gig ports INTERFACE mode flowcontrol rx off on tx off on rx on enter the keywords rx on to process the rece...

Page 350: ... the port channel s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU VLANs All members of a VLAN must have the same IP MTU value Members can have different Link MTU values Tagged members must have a link MTU 4 bytes higher than untagged members to account for the packet tag The VLAN link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configur...

Page 351: ...hat attach to devices not capable of supporting negotiation or where connectivity issues arise from interoperability issues For 10 100 1000 Ethernet interfaces the negotiation auto command is tied to the speed command Auto negotiation is always enabled when the speed command is set to 1000 or auto Setting the Speed and Duplex Mode of Ethernet Interfaces To discover whether the remote and local int...

Page 352: ...0 Mbit Auto 1 Te 1 2 Down Auto Auto 1 Te 1 3 Down Auto Auto Te 1 4 Force10Port Up 1000 Mbit Auto 30 130 Te 1 5 Down Auto Auto Te 1 6 Down Auto Auto Te 1 7 Up 1000 Mbit Auto 1502 1504 1506 1508 1602 Te 1 8 Down Auto Auto Te 1 9 Down Auto Auto Te 1 10 Down Auto Auto Te 1 11 Down Auto Auto Te 1 12 Down Auto Auto output omitted In the previous example several ports display Auto in the Speed field In t...

Page 353: ...ced slave Force port to slave mode Dell conf if te 1 1 Dell conf int gigabitethernet 1 1 Dell conf if gi 1 1 neg auto Dell conf if gi 1 1 end Exit from configuration mode exit Exit from autoneg configuration mode mode Specify autoneg mode no Negate a command or set its defaults show Show autoneg configuration information Dell conf if gi 1 1 mode forced master Force port to master mode forced slave...

Page 354: ...w running config interfaces configured Dell show running config interface tengigabitEthernet 1 configured In EXEC mode the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information The show interfaces switchport command displays the interface whether it supports IEEE 802 1Q tagging or not and the VLANs to which the interface belongs De...

Page 355: ...put 0 bytes 0 underruns Output 0 Multicasts 0 Broadcasts 0 Unicasts 0 IP Packets 0 Vlans 0 MPLS 0 throttles 0 discarded Rate info interval 299 seconds Input 00 00 Mbits sec 0 packets sec 0 00 of line rate Output 00 00 Mbits sec 0 packets sec 0 00 of line rate Time since last interface status change 1d23h40m Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 rate interval 100 Dell show ...

Page 356: ... Clear the counters used in the show interface commands for all VRRP groups VLANs and physical interfaces or selected ones Without an interface specified the command clears all interface counters EXEC Privilege mode clear counters interface vrrp vrid learning limit OPTIONAL Enter the following interface keywords and slot port or number information For a 10 Gigabit Ethernet interface enter the keyw...

Page 357: ...This functionality is supported on the Z9000 platform You can avoid specifying spaces between the range of interfaces separated by commas that you configure by using the interface range command For example if you enter a list of interface ranges such as interface range fo 2 0 1 te 10 0 gi 3 0 fa 0 0 this configuration is considered valid The comma separated list is not required to be separated by ...

Page 358: ...the routing information of the IP header Typically used when creating virtual private networks VPNs NOTE Due to performance limitations on the control processor You cannot enable IPSec on all packets in a communication session IPSec uses the following protocols Authentication Headers AH Disconnected integrity and origin authentication for IP packets Encapsulating Security ESP Confidentiality authe...

Page 359: ...myXform set session key inbound esp 256 auth key encrypt key session key outbound esp 257 auth key encrypt key match 0 tcp a 1 128 0 a 2 128 23 match 1 tcp a 1 128 23 a 2 128 0 match 2 tcp a 1 128 0 a 2 128 21 match 3 tcp a 1 128 21 a 2 128 0 match 4 tcp 1 1 1 1 32 0 1 1 1 2 32 23 match 5 tcp 1 1 1 1 32 23 1 1 1 2 32 0 match 6 tcp 1 1 1 1 32 0 1 1 1 2 32 21 match 7 tcp 1 1 1 1 32 21 1 1 1 2 32 0 3...

Page 360: ...et you add a mask to the IP address to separate the network and host portions of the IP address At its most basic level an IP address is 32 bits composed of network and host portions and represented in dotted decimal format For example 00001010110101100101011110000011 is represented as 10 214 87 131 For more information about IP addressing refer to RFC 791 Internet Protocol Implementation Informat...

Page 361: ...then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For the Management interface on the stack unit enter the keyword ManagementEthernet then the slot port information The slot range is from 0 to 1 The port range is 0 For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan the...

Page 362: ...m 1 to 255 optional permanent keep the static route in the routing table if you use the interface option even if you disable the interface with the route optional tag tag value the range is from 1 to 4294967295 optional Example of the show ip route static Command To view the configured routes use the show ip route static command Dell show ip route static Destination Gateway Dist Metric Last Change...

Page 363: ...2 0 24 via 6 1 20 2 Te 5 1 1 1 0 00 02 30 S 6 1 2 2 32 via 6 1 20 2 Te 5 1 1 1 0 00 02 30 S 6 1 2 3 32 via 6 1 20 2 Te 5 1 1 1 0 00 02 30 S 6 1 2 4 32 via 6 1 20 2 Te 5 1 1 1 0 00 02 30 S 6 1 2 5 32 via 6 1 20 2 Te 5 1 1 1 0 00 02 30 S 6 1 2 6 32 via 6 1 20 2 Te 5 1 1 1 0 00 02 30 S 6 1 2 7 32 via 6 1 20 2 Te 5 1 1 1 0 00 02 30 S 6 1 2 8 32 via 6 1 20 2 Te 5 1 1 1 0 00 02 30 S 6 1 2 9 32 via 6 1 2...

Page 364: ...lege mode Dell show ip route static Destination Gateway Dist Metric Last Change S 2 1 2 0 24 Direct Nu 0 0 0 00 02 30 S 6 1 2 0 24 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 2 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 3 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 4 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 5 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 2 6 32 via 6 1 20 2 Te 5 1 1 0 00 02 30 S 6 1 ...

Page 365: ...achables command on a VLAN interface to enable the generation of ICMP unreachable messages PMTD is supported on all the layer 3 VLAN interfaces Because all of the Layer 3 interfaces are mapped to the VLAN ID of 4095 when VLAN sub interfaces are configured on it it is not possible to configure unique layer 3 MTU values for each of the layer 3 interfaces If a VLAN interface contains both IPv4 and IP...

Page 366: ... moving into an out of service condition or becoming unresponsive during a SYN flood attack that occurs on the device You can set the wait time to be 10 seconds or lower If the device does not contain any BGP connections with the BGP neighbors across WAN links you must set this interval to a higher value depending on the complexity of your network and the configuration attributes To configure the ...

Page 367: ...y default dynamic resolution of host names DNS is disabled To enable DNS use the following commands Enable dynamic resolution of host names CONFIGURATION mode ip domain lookup Specify up to six name servers CONFIGURATION mode ip name server ip address ip address2 ip address6 The order you entered the servers determines the order of their use Example of the show hosts Command To view current bindin...

Page 368: ...ode ip domain list name Configure this command up to six times to specify a list of possible domain names Dell Networking OS searches the domain names in the order they were configured until a match is found or the list is exhausted Configuring DNS with Traceroute To configure your switch to perform DNS with traceroute use the following commands Enable dynamic resolution of host names CONFIGURATIO...

Page 369: ...esses to their corresponding IP address This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time For more information about ARP refer to RFC 826 An Ethernet Address Resolution Protocol In Dell Networking OS Proxy ARP enables hosts with knowledge of the network to accept and forward packets from hosts that contain no knowledge of the network Pr...

Page 370: ...y use the no arp ip address command To view the static entries in the ARP cache use the show arp static command in EXEC privilege mode Dell show arp Protocol Address Age min Hardware Address Interface VLAN CPU Internet 10 1 2 4 17 08 00 20 b7 bd 32 Ma 1 1 CP Dell Enabling Proxy ARP By default Proxy ARP is enabled To disable Proxy ARP use the no proxy arp command in the interface mode To re enable ...

Page 371: ... Networking OS the gratuitous ARP is a request A gratuitous ARP request is an ARP request that is not needed according to the ARP specification but one that hosts may send to detect IP address conflicts inform switches of their presence on a port so that packets can be forwarded update the ARP table of other nodes on the network in case of an address change In the request the host uses its own IP ...

Page 372: ...tous ARP the system installs a new ARP entry or updates an existing entry for all received ARP requests Figure 37 ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable ARP learning via gratuitous ARP the system does not look up the target IP It only updates the ARP entry for the Layer 3 interface with the source IP of the request Configuring ARP Re...

Page 373: ...eachable ICMP Echo or Echo Reply ICMP error messages inform the router of problems in a particular packet These messages are sent only on unicast traffic Configuration Tasks for ICMP The following lists the configuration tasks for ICMP Enabling ICMP Unreachable Messages For a complete listing of all commands related to ICMP refer to the Dell Networking OS Command Line Reference Guide Enabling ICMP...

Page 374: ...dcast Address Important Points to Remember The existing ip directed broadcast command is rendered meaningless if you enable UDP helper on the same interface The broadcast traffic rate should not exceed 200 packets per second when you enable UDP helper You may specify a maximum of 16 UDP ports UDP helper is compatible with IP helper ip helper address UDP broadcast traffic with port number 67 or 68 ...

Page 375: ... 100 is up line protocol is down Address is 00 01 e8 0d b9 7a Current address is 00 01 e8 0d b9 7a Interface index is 1107787876 Internet address is 1 1 0 1 24 IP UDP Broadcast address is 1 1 255 255 MTU 1554 bytes IP MTU 1500 bytes LineSpeed auto ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 07 44 Queueing strategy fifo Input Statistics 0 packets 0 bytes Time sinc...

Page 376: ...this case 1 It is flooded on VLAN 101 without changing the destination address because the forwarding process is Layer 2 2 If you enabled UDP helper the system changes the destination IP address to the configured broadcast address 1 1 255 255 and forwards the packet to VLAN 100 3 Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broa...

Page 377: ...wing illustration Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101 If you enabled UDP helper and the UDP port number matches the packet is flooded on both VLANs with an unchanged destination address Packet 2 is sent from a host on VLAN 101 It has broadcast MAC address and a destination IP address that matches the configured broadcast address o...

Page 378: ... Te 5 3 Vlan 3 01 44 54 Pkt rcvd on Te 7 1 is handed over for DHCP processing When using the IP helper and UDP helper on the same interface use the debug ip dhcp command Example Output from the debug ip dhcp Command Packet 0 0 0 0 68 255 255 255 255 67 TTL 128 2005 11 05 11 59 35 RELAY I PACKET BOOTP REQUEST Unicast received at interface 172 21 50 193 BOOTP Request XID 0x9265f901 secs 0 hwaddr 00 ...

Page 379: ...toconfiguration Header format simplification Improved support for options and extensions Extended Address Space The address format is extended from 32 bits to 128 bits This not only provides room for all anticipated needs it allows for the use of a hierarchical address space structure to optimize global addressing Stateless Autoconfiguration When a booting device comes up in IPv6 and asks for its ...

Page 380: ...Reachable time Retrans timer MTU options Preferred and valid lifetime values for the same prefix Only management ports support stateless auto configuration as a host The router redirect functionality in the neighbor discovery protocol NDP is similar to IPv4 router redirect messages NDP uses ICMPv6 redirect messages Type 137 to inform nodes that a better router exists on the link IPv6 Headers The I...

Page 381: ...can process packets within the same flow without needing to reprocess each packet s header separately NOTE All packets in the flow must have the same source and destination addresses Payload Length 16 bits The Payload Length field specifies the packet payload This is the length of the data following the IPv6 header IPv6 Payload Length only includes the data following the header not the header itse...

Page 382: ...ds the packet and sends an ICMPv6 message back to the sending router indicating that the Hop Limit was exceeded in transit Source Address 128 bits The Source Address field contains the IPv6 address for the packet originator Destination Address 128 bits The Destination Address field contains the intended recipient s IPv6 address This can be either the ultimate destination or the address of the next...

Page 383: ...dentifies the length of the Hop by Hop Options header in 8 byte units but does not include the first 8 bytes Consequently if the header is less than 8 bytes the value is 0 zero Options size varies This field can contain one or more options The first byte if the field identifies the Option type and directs the router how to handle the option 00 Skip and continue processing 01 Discard the packet 10 ...

Page 384: ...ffff ffff ffff Link local Addresses Link local addresses starting with fe80 are assigned only in the local link area The addresses are generated usually automatically by the operating system s IP layer for each network interface This provides instant automatic network connectivity for any IPv6 host and means that if several hosts connect to a common hub or switch they have an instant communication...

Page 385: ...6 Basic Addressing IPv6 address types Unicast 8 3 11 Extended Address Space IPv6 neighbor discovery 8 3 11 IPv6 Neighbor Discovery IPv6 stateless autoconfiguration 8 3 11 Stateless Autoconfiguration IPv6 MTU path discovery 8 3 11 Path MTU Discovery IPv6 ICMPv6 8 3 11 ICMPv6 IPv6 ping 8 3 11 ICMPv6 IPv6 traceroute 8 3 11 ICMPv6 IPv6 SNMP 8 3 11 IPv6 Routing Static routing 8 3 11 Assigning a Static ...

Page 386: ...ntermediate System to Intermediate System IPv6 IS IS in the Dell Networking OS Command Line Reference Guide OSPF for IPv6 OSPFv3 8 3 11 OSPFv3 in the Dell Networking OS Command Line Reference Guide Equal Cost Multipath for IPv6 8 3 11 IPv6 Services and Management Telnet client over IPv6 outbound Telnet 8 3 11 Configuring Telnet with IPv6 Control and Monitoring in the Dell Networking OS Command Lin...

Page 387: ...ket failed at the destination or intermediate node These messages include Destination Unreachable Packet Too Big Time Exceeded and Parameter Problem messages Informational messages provide diagnostic functions and additional host functions such as Neighbor Discovery and Multicast Listener Discovery These messages also include Echo Request and Echo Reply messages The Dell Networking OS ping and tra...

Page 388: ...st be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node NOTE To avoid problems with network discovery Dell Networking recommends configuring the static route last or assigning an IPv6 address to the interface and assigning an address to the peer the forwarding router s address less than 10 seconds apart With ARP each node broadcasts ARP requests on the ...

Page 389: ...ecursive DNS Server Debugging IPv6 RDNSS Information Sent to the Host Displaying IPv6 RDNSS Information Configuring the IPv6 Recursive DNS Server You can configure up to four Recursive DNS Server RDNSS addresses to be distributed via IPv6 router advertisements to an IPv6 device using the ipv6 nd dns server ipv6 RDNSS address lifetime infinite command in INTERFACE CONFIG mode The lifetime parameter...

Page 390: ...igured correctly use the debug ipv6 nd command in EXEC Privilege mode Example of Debugging IPv6 RDNSS Information Sent to the Host The following example debugs IPv6 RDNSS information sent to the host Dell conf if te 1 1 do debug ipv6 nd tengigabitethernet 1 1 ICMPv6 Neighbor Discovery packet debugging is on for tengigabitethernet 1 1 Dell conf if te 1 1 00 13 02 cp ICMPV6 ND Sending RA on Te 1 1 c...

Page 391: ...time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 198 to 600 seconds ND router advertisements live for 1800 seconds ND advertised hop limit is 64 IPv6 hop limit for originated packets is 64 ND dns server address is 1000 1 with lifetime of 1 seconds ND dns server address is 3000 1 with lifetime of 1 seconds ND dns server address is 20...

Page 392: ... System Flow requires three blocks that cannot be reallocated You must enter the ipv6acl allocation as a factor of 2 2 4 6 8 10 All other profile allocations can use either even or odd numbered ranges The default option sets the CAM Profile as follows L3 ACL ipv4acl 6 L2 ACL l2acl 5 IPv6 L3 ACL ipv6acl 0 L3 QoS ipv4qos 1 L2 QoS l2qos 1 To have the changes take effect save the new CAM settings to t...

Page 393: ... command the same link local fe80 address is displayed for each IPv6 interface Enter the IPv6 Address for the device CONFIG INTERFACE mode ipv6 address ipv6 address mask ipv6 address x x x x x mask The prefix length is from 0 to 128 NOTE IPv6 addresses are normally written as eight groups of four hexadecimal digits Separate each group by a colon Omitting zeros is accepted as described in Addressin...

Page 394: ... x mask prefix length is from 0 to 128 NOTE IPv6 addresses are normally written as eight groups of four hexadecimal digits where each group is separated by a colon Omitting zeros is accepted as described in Addressing SNMP over IPv6 You can configure SNMP over IPv6 transport so that an IPv6 host can perform SNMP queries and receive SNMP notifications from a device running Dell Networking OS IPv6 T...

Page 395: ...fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Example of the show ipv6 interface Command Dell show ipv6 int ManagementEthernet 1 1 ManagementEthernet 1 1 is up line protocol i...

Page 396: ...en Shortest Path First OSPF routes enter ospf To display information about Routing Information Protocol RIP enter rip To display information about static IPv6 routes enter static To display information about an IPv6 Prefix lists enter list and the prefix list name Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command Dell show ipv6 route summary R...

Page 397: ...terface then the type of interface and slot port information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For the Management interface on the stack unit enter the keyword ManagementEthernet then the slot port information The slot range is from 0 ...

Page 398: ...de ipv6 nd ra guard policy policy name 4 Define the role of the device attached to the port POLICY LIST CONFIGURATION mode device role host router Use the keyword host to set the device role as host Use the keyword router to set the device role as router 5 Set the hop count limit POLICY LIST CONFIGURATION mode hop limit maximum minimum limit The hop limit range is from 0 to 254 6 Set the managed a...

Page 399: ...11 982 bytes 13 Set the advertised reachability time POLICY LIST CONFIGURATION mode reachable time value The reachability time range is from 0 to 3 600 000 milliseconds 14 Set the advertised retransmission time POLICY LIST CONFIGURATION mode retrans timer value The retransmission time range is from 100 to 4 294 967 295 milliseconds 15 Display the configurations applied on the RA guard policy mode ...

Page 400: ...ng can be up to 140 characters Example of the show ipv6 nd ra guard policy Command Dell show ipv6 nd ra guard policy test ipv6 nd ra guard policy test device role router hop limit maximum 1 match ra ipv6 access list access other config flag on router preference maximum medium trusted port Interfaces Te 1 1 Dell Monitoring IPv6 RA Guard To debug IPv6 RA guard use the following command EXEC Privileg...

Page 401: ... system Level 2 systems manage destination paths for external routers Only Level 2 routers can exchange data packets or routing information directly with external routers located outside of the routing domains Level 1 2 systems manage both inter area and intra area traffic by maintaining two separate link databases one for Level 1 routes and one for Level 2 routes A Level 1 2 router does not adver...

Page 402: ...ferent routing and security policies All routers on a LAN or point to point must have at least one common supported topology when operating in Multi Topology IS IS mode If IPv4 is the common supported topology between those two routers adjacency can be formed All topologies must share the same set of L1 L2 boundaries You must implement a wide metric style globally on the autonomous system AS to ru...

Page 403: ...ighbor within its LSPs The local router does not form an adjacency if both routers do not have at least one common MT over the interface Graceful Restart Both Helper and Restart modes of Graceful restart are supported on the device Graceful restart is a protocol based mechanism that preserves the forwarding table of the restarting router and its neighbors for a specified period to minimize the los...

Page 404: ...4 implementation has been expanded to include two new type length values TLVs in the PDU that carry information required for IPv6 routing The new TLVs are IPv6 Reachability and IPv6 Interface Address Also a new IPv6 protocol identifier has also been included in the supported TLVs The new TLVs use the extended metrics and up down bit semantics Multi topology IS IS adds TLVs MT TLV contains one or m...

Page 405: ... IS features on that interface only Commands in the ADDRESS FAMILY mode are specific to IPv6 NOTE When using the IS IS routing protocol to exchange IPv6 routing information and to determine destination reachability you can route IPv6 along with IPv4 while using a single intra domain routing protocol The configuration commands allow you to enable and disable IPv6 routing and to configure or remove ...

Page 406: ... an IS IS network entity title NET for a routing process ROUTER ISIS mode net network entity title Specify the area address and system ID for an IS IS routing process The last byte must be 00 For more information about configuring a NET refer to IS IS Addressing 3 Enter the interface configuration mode CONFIGURATION mode interface interface Enter the keyword interface then the type of interface an...

Page 407: ... is type command in ROUTER ISIS mode To view the IS IS configuration enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode Dell show isis protocol IS IS Router Null Tag System Id EEEE EEEE EEEE IS Type level 1 2 Manual area address es 47 0004 004d 0001 Routing for area address es 21 2223 2425 2627 2829 3031 3233 47 0004 004d 0001 Interfaces supp...

Page 408: ...S MT IS IS To configure multi topology IS IS MT IS IS use the following commands 1 Enable multi topology IS IS for IPv6 ROUTER ISIS AF IPV6 mode multi topology transition Enter the keyword transition to allow an IS IS IPv6 user to continue to use single topology mode while upgrading to multi topology mode After every router has been configured with the transition keyword and all the routers are in...

Page 409: ...tarting router The range is from 1 to 120 minutes The default is 30 seconds Configure the time that the graceful restart timer T1 defines for a restarting router to use for each interface as an interval before regenerating Restart Request an IIH with RR bit set in Restart TLV after waiting for an acknowledgement ROUTER ISIS mode graceful restart t1 interval seconds retry times value interval wait ...

Page 410: ...rivilege mode Dell show isis graceful restart detail Configured Timer Value Graceful Restart Enabled Interval Blackout time 1 min T3 Timer Manual T3 Timeout Value 30 T2 Timeout Value 30 level 1 30 level 2 T1 Timeout Value 5 retry count 1 Adjacency wait time 30 Operational Timer Value Current Mode State Normal RUNNING T3 Time left 0 T2 Time left 0 level 1 0 level 2 Restart ACK rcv count 0 level 1 0...

Page 411: ... state PDUs LSPs to exchange routing information LSP attributes include the generation interval maximum transmission unit MTU or size and the refresh interval You can modify the LSP attribute defaults but it is not necessary To change the defaults use any or all of the following commands Set interval between LSP generation ROUTER ISIS mode lsp gen interval level 1 level 2 seconds seconds the range...

Page 412: ...erates and receives narrow metric values Matrixes or costs higher than 63 are not supported To accept or generate routes with a higher metric you must change the metric style of the IS IS process For example if you configure the metric as narrow and a link state PDU LSP with wide metrics is received the route is not installed Dell Networking OS supports the following IS IS metric styles Table 18 M...

Page 413: ...etric value could be affected For each interface with IS IS enabled you can assign a cost or metric that is used in the link state calculation To change the metric or cost of the interface use the following commands Assign an IS IS metric INTERFACE mode isis metric default metric level 1 level 2 default metric the range is from 0 to 63 if the metric style is narrow narrow transition or transition ...

Page 414: ... 1 level 1 2 level 2 only Default is level 1 2 Change the IS type for the IS IS process ROUTER ISIS mode is type level 1 level 1 2 level 2 Example of the show isis database Command to View Level 1 2 Link State Databases To view which IS type is configured use the show isis protocol command in EXEC Privilege mode The show config command in ROUTER ISIS mode displays only non default information If y...

Page 415: ... Another method of controlling routing information is to filter the information through a prefix list Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table The prefix lists are globally applied on all interfaces running IS IS Configure the prefix list in PREFIX LIST mode ...

Page 416: ...es use ROUTER ISIS mode previously shown Apply a configured prefix list to all incoming IPv6 IS IS routes ROUTER ISIS AF IPV6 mode distribute list prefix list name in interface Enter the type of interface and slot port information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE t...

Page 417: ...ute bgp as number connected rip static level 1 level 1 2 level 2 metric metric value metric type external internal route map map name Configure the following parameters level 1 level 1 2 or level 2 assign all redistributed routes to a level The default is level 2 metric value the range is from 0 to 16777215 The default is 0 metric type choose either external or internal The default is internal map...

Page 418: ...5535 level 1 level 1 2 or level 2 assign all redistributed routes to a level The default is level 2 metric value the range is from 0 to 16777215 The default is 0 metric value the range is from 0 to 16777215 The default is 0 match external the range is 1 or 2 match internal metric type external or internal map name name of a configured route map To view the IS IS configuration globally including bo...

Page 419: ... Networking OS sets the overload bit and IS IS traffic continues to transit the system To set or remove the overload bit manually use the following commands Set the overload bit in LSPs ROUTER ISIS mode set overload bit This setting prevents other routers from using it as an intermediate hop in their shortest path first SPF calculations Remove the overload bit ROUTER ISIS mode no set overload bit ...

Page 420: ...mation about IS IS local update packets EXEC Privilege mode debug isis local updates interface To view specific information enter the following optional parameter interface Enter the type of interface and slot port information to view IS IS information on that interface only View IS IS SNP packets include CSNPs and PSNPs EXEC Privilege mode debug isis snp packets interface To view specific informa...

Page 421: ...Metric Style Configure Metric Values Dell Networking OS supports the following IS IS metric styles narrow supports only type length and value TLV up to 63 wide supports TLV up to 16777215 transition supports both narrow and wide and uses a TLV up to 63 narrow transition accepts both narrow and wide and sends only narrow or old style TLV wide transition accepts both narrow and wide and sends only w...

Page 422: ...ginal value is greater than 63 A message is sent to the console wide transition truncated value the truncated value appears in the LSP only The original isis metric value is displayed in the show config and show running config commands and is used if you change back to transition metric style NOTE A truncated value is a value that is higher than 63 but set back to 63 because the higher value is no...

Page 423: ...her metric style produces different results Table 20 Metric Value when the Metric Style Changes Multiple Times Beginning Metric Style Next Metric Style Resulting Metric Value Next Metric Style Final Metric Value wide transition truncated value wide original value is recovered wide transition transition truncated value wide transition original value is recovered wide transition truncated value narr...

Page 424: ...ng IPv6 IS IS These examples are not comprehensive directions They are intended to give you some guidance with typical configurations NOTE Only one IS IS process can run on the router even if both IPv4 and IPv6 routing is being used You can copy and paste from these examples to your CLI To support your own IP addresses interfaces names and so on be sure that you make the necessary changes NOTE Whe...

Page 425: ...command In router isis configuration mode enable multi topology transition under address family ipv6 unicast Figure 45 IPv6 IS IS Sample Topography IS IS Sample Configuration Congruent Topology IS IS Sample Configuration Multi topology IS IS Sample Configuration Multi topology Transition The following is a sample configuration for enabling IPv6 IS IS Dell conf if te 3 17 show config interface TenG...

Page 426: ...y ipv6 unicast multi topology exit address family Dell conf router_isis Dell conf if te 3 17 show config interface TenGigabitEthernet 3 17 ipv6 address 24 3 1 76 ipv6 router isis no shutdown Dell conf if te 3 17 Dell conf router_isis show config router isis net 34 0000 0000 AAAA 00 address family ipv6 unicast multi topology transition exit address family Dell conf router_isis 426 Intermediate Syst...

Page 427: ...ion and reception functions in an orderly manner The Dell Networking OS implementation of LACP is based on the standards specified in the IEEE 802 3 Carrier sense multiple access with collision detection CSMA CD access method and physical layer specifications LACP functions by constantly exchanging custom MAC protocol data units PDUs across local area network LAN Ethernet links The protocol packet...

Page 428: ...ate LACP runs on any link that is configured to be in this state A port in Active state also automatically initiates negotiations with other ports by initiating LACP packets Passive In this state the interface is not in an active negotiating state but LACP runs on the link A port in Passive state also responds to negotiation requests from ports in Active state Ports in Passive state respond to LAC...

Page 429: ...and Debugging LACP Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel LAG use the following command First you define the LAG and then the LAG interfaces Create a dynamic port channel LAG CONFIGURATION mode interface port channel Create a dynamic port channel LAG CONFIGURATION mode switchport Example of Configuring a LAG Interface Dell conf interface port channel ...

Page 430: ...t channel 32 mode active command shown here may be successfully issued as long as there is no existing static channel member configuration in LAG 32 Setting the LACP Long Timeout PDUs are exchanged between port channel LAG interfaces to maintain LACP sessions PDUs are transmitted at either a slow or fast transmission rate depending upon the LACP timeout value The timeout value is the amount of tim...

Page 431: ...w the PDU exchanges and the timeout value use the debug lacp command For more information refer to Monitoring and Debugging LACP Monitoring and Debugging LACP The system log syslog records faulty LACP actions To debug LACP use the following command Debug LACP including configuration and events EXEC mode no debug lacp config events pdu in out interface in out Shared LAG State Tracking Shared LAG st...

Page 432: ...p created for shared LAG state tracking 1 Enter port channel failover group mode CONFIGURATION mode port channel failover group 2 Create a failover group and specify the two port channels that will be members of the group CONFIG PO FAILOVER GRP mode group number port channel number port channel number Example of LAGs in the Same Failover Group In the following example LAGs 1 and 2 have been placed...

Page 433: ... Minimum number of links to bring Port channel up is 1 Port channel is part of failover group 1 Internet address is not set MTU 1554 bytes IP MTU 1500 bytes LineSpeed 10000 Mbit Members in this channel Te 1 17 U ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 01 28 Queueing strategy fifo NOTE The set of console messages shown above appear only if you configure shared...

Page 434: ... po 10 no ip address Alpha conf if po 10 switchport Alpha conf if po 10 no shutdown Alpha conf if po 10 show config interface Port channel 10 no ip address switchport no shutdown Alpha conf if po 10 Example of Viewing a LAG Port Configuration The following example inspects a LAG port configuration on ALPHA Alpha sh int TenGigabitEthernet 2 31 TenGigabitEthernet 2 31 is up line protocol is up Port ...

Page 435: ...discarded Output Statistics 136 packets 16718 bytes 0 underruns 0 64 byte pkts 15 over 64 byte pkts 121 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 136 Multicasts 0 Broadcasts 0 Unicasts 0 Vlans 0 throttles 0 discarded 0 collisions 0 wreddrops Rate info interval 299 seconds Input 00 00 Mbits sec 0 packets sec 0 00 of line rate Output 00 00 Mbits sec 0 packets...

Page 436: ...Figure 50 Inspecting Configuration of LAG 10 on ALPHA 436 Link Aggregation Control Protocol LACP ...

Page 437: ...f gi 2 31 shutdown Alpha conf if gi 2 31 port channel protocol lacp Alpha conf if gi 2 31 lacp port channel 10 mode active Alpha conf if gi 2 31 lacp no shut Alpha conf if gi 2 31 show config interface GigabitEthernet 2 31 no ip address port channel protocol LACP port channel 10 mode active no shutdown Alpha conf if gi 2 31 interface Port channel 10 no ip address switchport no shutdown Link Aggreg...

Page 438: ...Bravo conf int gig 3 21 Bravo conf no ip address Bravo conf no switchport Bravo conf shutdown Bravo conf if gi 3 21 port channel protocol lacp Bravo conf if gi 3 21 lacp port channel 10 mode active Bravo conf if gi 3 21 lacp no shut Bravo conf if gi 3 21 end interface GigabitEthernet 3 21 no ip address port channel protocol LACP port channel 10 mode active no shutdown Bravo conf if gi 3 21 end int...

Page 439: ...Figure 52 Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol LACP 439 ...

Page 440: ...Figure 53 Inspecting LAG 10 Using the show interfaces port channel Command 440 Link Aggregation Control Protocol LACP ...

Page 441: ...oint connections between exactly two devices and assumes that frames are sent and received in the same order Setting Up a Threshold for Utilization of High Gigabit Port Channels This functionality is supported on the Z9000 platform You can monitor a backplane high Gigabit Ethernet port channel and generate a system logging message or an SNMP trap when the traffic distribution and the handled data ...

Page 442: ...onfigured rate interval monitor and examine the working efficiency and traffic handling capacity of the LAG bundles on high Gigabit Ethernet trunk interfaces that are created statically To adjust and modify the switch for effective utilization of backplane links examine the working efficiency of the LAG bundle interfaces Alarms are generated if the port channel threshold is greater than the config...

Page 443: ...all links This calculation is performed only on those links that are up on their operational status The rate interval for polling the traffic statistics for member links of the high Gigabit port channel must be configured The default hiGig stats polling interval is 15 seconds This interval cannot be configured per high Gigabit port channel and is applicable for all of the high Gigabit port channel...

Page 444: ...link bundle distribution command to display the traffic handling and utilization of the member interfaces of the port channel The following table describes the output fields of this show command EXEC EXEC Privilege modes Dell show hg link bundle distribution 0 npuUnit 5 hg port channel 0 Viewing Buffer Utilization and Queue Statistics on High Gigabit Ethernet Backplane Ports This functionality is ...

Page 445: ...on of the complete output that is shown when you run this command the following information is displayed The shared buffer space that is available to be allotted to the specific port for the corresponding stack unit The shared buffer space that is in use by the packets Whether dynamic packet buffering allocation is activated are displayed show hardware stack unit 0 buffer unit 0 5 port all buffer ...

Page 446: ...s deletes the specified entry all deletes all dynamic entries interface deletes all entries for the specified interface vlan deletes all entries for the specified VLAN Setting the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries which means that they are subject to aging For any dynamic entry if no packet arrives on the switch with the MAC address as...

Page 447: ...mic entries interface displays only entries for the specified interface static displays only static entries vlan displays only entries for the specified VLAN MAC Learning Limit MAC address learning limit is a method of port security on Layer 2 port channel and physical interfaces and VLANs It allows you to set an upper limit on the number of MAC addresses that learned on an interface VLAN After th...

Page 448: ...c no station move station move NOTE An SNMP trap is available for mac learning limit station move No other SNMP traps are available for MAC Learning Limit including limit violations mac learning limit Dynamic The MAC address table is stored on the Layer 2 forwarding information base FIB region of the CAM The Layer 2 FIB region allocates space for static MAC address entries and dynamic MAC address ...

Page 449: ...dress already in the table to be learned off of another interface For example if you disconnect a network device from one interface and reconnect it to another interface the MAC address is learned on the new interface When the system detects this station move the system clears the entry learned on the original interface and installs a new entry on the new interface mac learning limit no station mo...

Page 450: ...tions with the mac learning limit command To display a list of interfaces configured with MAC learning limit or station move violation actions use the following commands Generate a system log message indicating a station move INTERFACE mode station move violation log Shut down the first port to learn the MAC address INTERFACE mode station move violation shutdown original Shut down the second port ...

Page 451: ...learning limit reset learn limit violation interface all Reset interfaces in the ERR_Disabled state caused by a station move violation EXEC Privilege mode mac learning limit reset station move violation interface all NIC Teaming Network interface controller NIC teaming is available on the Z Series platform NIC teaming is a feature that allows multiple network interface cards in a server to be repr...

Page 452: ...NIC until the ARP entry on the switch times out Figure 56 Configuring the mac address table station move refresh arp Command Configure Redundant Pairs Networks that employ switches that do not support the spanning tree protocol STP for example networks with digital subscriber line access multiplexers DSLAM cannot have redundant links between switches because they create switching loops as shown in...

Page 453: ...working OS supports only Gigabit 10 Gigabit and 40 Gigabit ports and port channels as primary backup interfaces in redundant pairs A port channel is also referred to as a link aggregation group LAG For more information refer to Interfaces If the interface is a member link of a LAG the following primary backup interfaces are also supported primary interface is a physical interface the backup interf...

Page 454: ...3 41 fails 3 42 transitions to the Up state which makes the backup link active A message similar to the following message appears whenever you configure a backup port 02 28 04 RPM0 P CP IFMGR 5 L2BKUP_WARN Do not run any Layer2 protocols on Te 3 41 and Te 3 42 02 28 04 RPM0 P CP IFMGR 5 OSTATE_DN Changed interface state to down Te 3 42 02 28 04 RPM0 P CP IFMGR 5 STATE_ACT_STBY Changed interface st...

Page 455: ... IFMGR 5 L2BKUP_WARN Do not run any Layer2 protocols on Po 1 and Po 2 Apr 9 00 15 13 STKUNIT0 M CP IFMGR 5 OSTATE_DN Changed interface state to down Po 2 Apr 9 00 15 13 STKUNIT0 M CP IFMGR 5 STATE_ACT_STBY Changed interface state to standby Po 2 Dell conf if po 1 Dell Dell show interfaces switchport backup Interface Status Paired Interface Status Port channel 1 Active Port chato mannel 2 Standby P...

Page 456: ...nd failure is detected no intervention is required to reset the interface to bring it back to an FEFD operational state When you enable Aggressive mode on an interface in the same state manual intervention is required to reset the interface FEFD enabled systems comprised of one or more interfaces automatically switchs between four different states Idle Unknown Bi directional and Err disabled 1 An ...

Page 457: ...utdown Err disabled Up Down Up Down FEFD enable Normal Bi directional Bi directional Up Up Up Up FEFD enable Aggressive Bi directional Bi directional Up Up Up Up FEFD FEFD disable Normal Locally disabled Unknown Up Down Up Down FEFD FEFD disable Aggressive Locally disabled Err disabled Up Down Up Down Link Failure Normal Unknown Unknown Up Down Up Down Link Failure Aggressive Err disabled Err disa...

Page 458: ... is Normal INTERFACE MODE INTERVAL STATE second Te 1 1 Normal 3 Bi directional Te 1 2 Normal 3 Admin Shutdown Te 1 3 Normal 3 Admin Shutdown Te 1 4 Normal 3 Admin Shutdown Dell show run fefd fefd global mode normal fefd global interval 3 Enabling FEFD on an Interface To enable change or disable FEFD on an interface use the following commands Enable FEFD on a per interface basis INTERFACE mode fefd...

Page 459: ... output whenever events occur that initiate or disrupt an FEFD enabled connection EXEC Privilege mode debug fefd events Provide output for each packet transmission over the FEFD enabled connection EXEC Privilege mode debug fefd packets Examples of the debug fefd Commands Dell debug fefd events Dell config Dell conf int te 1 1 Dell conf if te 1 1 shutdown 2w1d22h RPM0 P CP IFMGR 5 ASTATE_DN Changed...

Page 460: ...t that an RPM failover occurs FEFD becomes operationally down on all enabled ports for approximately 8 10 seconds before automatically becoming operational again 02 05 2009 12 40 38 Local7 Debug 10 16 151 12 Feb 5 07 06 09 RPM1 S CP RAM 6 FAILOVER_REQ RPM failover request from active peer User request 02 05 2009 12 40 38 Local7 Debug 10 16 151 12 Feb 5 07 06 19 RPM1 P CP IFMGR 5 OSTATE_UP Changed ...

Page 461: ... kind of information included in the TLV Length The value in octets of the TLV after the Length field Value The configuration information that the agent is advertising The chassis ID TLV is shown in the following illustration Figure 59 Type Length Value TLV Segment TLVs are encapsulated in a frame called an LLDP data unit LLDPDU shown in the following table which is transmitted from one LLDP enabl...

Page 462: ... sub types are Management TLVs IEEE 802 1 IEEE 802 3 and TIA 1057 Organizationally Specific TLVs Figure 60 LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs management TLVs IEEE 802 1 and 802 3 organizationally specific TLVs and TIA 1057 organizationally specific TLVs Management TLVs A management TLV is an optional TLVs sub type This kind of TLV contains essential mana...

Page 463: ...tem 6 System description A user defined alphanumeric string that identifies the system 7 System capabilities Identifies the chassis as one or more of the following repeater bridge WLAN Access Point Router Telephone DOCSIS cable device end station only or other 8 Management address Indicates the network address of the management interface Dell Networking OS does not currently support this TLV IEEE ...

Page 464: ...ated whether it is currently in a LAG and the port identification of the LAG Dell Networking OS does not currently support this TLV 127 Maximum Frame Size Indicates the maximum frame size capability of the MAC and PHY TIA 1057 LLDP MED Overview Link layer discovery protocol media endpoint discovery LLDP MED as defined by ANSI TIA 1057 provides additional organizationally specific TLVs so that endp...

Page 465: ...e five types of TIA 1057 Organizationally Specific TLVs Table 25 TIA 1057 LLDP MED Organizationally Specific TLVs Type SubType TLV Description 127 1 LLDP MED Capabilities Indicates whether the transmitting device supports LLDP MED what LLDP MED TLVs it supports LLDP device class 127 2 Network Policy Indicates the application type VLAN ID Layer 2 Priority and DSCP value 127 3 Location Identificatio...

Page 466: ... LLDP MED device 127 11 Inventory Asset ID Indicates a user specified device number to manage inventory 127 12 255 Reserved LLDP MED Capabilities TLV The LLDP MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support LLDP MED network connectivity devices must transmit the Network Policies TLV The value of the LLDP MED capabilities fiel...

Page 467: ...onnectivity 5 255 Reserved LLDP MED Network Policies TLV A network policy in the context of LLDP MED is a device s VLAN configuration and associated Layer 2 and Layer 3 configurations LLDP MED network policies TLV include VLAN ID VLAN tagged or untagged status Layer 2 priority DSCP value An integer represents the application type the Type integer shown in the following table which indicates a devi...

Page 468: ...on type for a separate limited voice service for guest users with their own IP telephony handsets and other appliances supporting interactive voice services 4 Guest Voice Signaling Specify this application type only if guest voice control packets use a separate network policy than voice data 5 Softphone Voice Specify this application type only if guest voice control packets use a separate network ...

Page 469: ...You can configure a different power priority through the CLI Dell Networking also honors the power priority value the powered device sends however the CLI configuration takes precedence Power Value Dell Networking advertises the maximum amount of power that can be supplied on the port By default the power is 15 4W which corresponds to a power value of 130 based on the TIA 1057 specification You ca...

Page 470: ... system Configurations made at the INTERFACE level affect only the specific interface they override CONFIGURATION level configurations Example of the protocol lldp Command CONFIGURATION Level R1 conf protocol lldp R1 conf lldp advertise Advertise TLVs disable Disable LLDP protocol globally end Exit from configuration mode exit Exit from LLDP configuration mode hello LLDP hello configuration mode L...

Page 471: ...isable To undo an LLDP configuration precede the relevant command with the keyword no Enabling LLDP on Management Ports LLDP on management ports is enabled by default To enable LLDP on management ports use the following command 1 Enter Protocol LLDP mode CONFIGURATION mode protocol lldp 2 Enable LLDP PROTOCOL LLDP mode no disable Disabling and Undoing LLDP on Management Ports To disable or undo LL...

Page 472: ...rtise TLVs use the following commands 1 Enter LLDP mode CONFIGURATION or INTERFACE mode protocol lldp 2 Advertise one or more TLVs PROTOCOL LLDP mode advertise dcbx appln tlv dcbx tlv dot3 tlv interface port desc management tlv med Include the keyword for each TLV you want to advertise For management TLVs system capabilities system description For 802 1 TLVs port protocol vlan id port vlan id For ...

Page 473: ...tise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description hello 10 no disable Dell conf lldp Dell conf lldp exit Dell conf interface tengigabitethernet 1 31 Dell conf if te 1 31 show config interface TenGigabitEthernet 1 31 no ip address switchport no shutdown Dell conf if te 1 31 protocol lldp Dell conf if te...

Page 474: ... 4136 Total Neighbor information Age outs 0 Total Frames Discarded 0 Total In Error Frames 0 Total Unrecognized TLVs 0 Total TLVs Discarded 0 Next packet will be sent after 7 seconds The neighbors are given below Remote Chassis ID Subtype Mac address 4 Remote Chassis ID 00 01 e8 06 95 3e Remote Port Subtype Interface name 5 Remote Port ID TeGigabitEthernet 2 11 Local Port ID TeGigabitEthernet 1 21...

Page 475: ... lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description mode tx no disable R1 conf lldp no mode R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable ...

Page 476: ... conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Configuring a Time to Live The information received from a neighbor expires after a specific amount of time measured in seconds called a time to live TTL The TTL is the product of the LLD...

Page 477: ...ities system description multiplier 5 no disable R1 conf lldp no multiplier R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Debugging LLDP You can view the TLVs that your system is sending and receiving To view the TLVs use the follo...

Page 478: ...DP configuration on the local agent IEEE 802 1AB Organizationally Specific TLVs received and transmitted LLDP MED TLVs Table 29 LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit receive or both msgTxHold lldpMessageTxHoldMultiplie r Multiplier val...

Page 479: ...of times that a neighbor s information is deleted on the local system due to an rxInfoTTL timer expiration statsFramesDiscardedTotal lldpStatsRxPortFramesDisca rdedTotal Total number of LLDP frames received then discarded statsFramesInErrorsTotal lldpStatsRxPortFramesErrors Total number of LLDP frames received on a port with errors statsFramesInTotal lldpStatsRxPortFramesTotal Total number of LLDP...

Page 480: ...e lldpRemPortDesc 5 System Name system name Local lldpLocSysName Remote lldpRemSysName 6 System Description system description Local lldpLocSysDesc Remote lldpRemSysDesc 7 System Capabilities system capabilities Local lldpLocSysCapSupp orted Remote lldpRemSysCapSupp orted 8 Management Address enabled capabilities Local lldpLocSysCapEnabl ed Remote lldpRemSysCapEnab led management address length Lo...

Page 481: ...dpXdot1LocPortVla nId Remote lldpXdot1RemPortVl anId 127 Port and Protocol VLAN ID port and protocol VLAN supported Local lldpXdot1LocProtoVl anSupported Remote lldpXdot1RemProtoV lanSupported port and protocol VLAN enabled Local lldpXdot1LocProtoVl anEnabled Remote lldpXdot1RemProtoV lanEnabled PPVID Local lldpXdot1LocProtoVl anId Remote lldpXdot1RemProtoV lanId 127 VLAN Name VID Local lldpXdot1L...

Page 482: ...olicy Application Type Local lldpXMedLocMediaP olicyAppType Remote lldpXMedRemMedia PolicyAppType Unknown Policy Flag Local lldpXMedLocMediaP olicyUnknown Remote lldpXMedLocMediaP olicyUnknown Tagged Flag Local lldpXMedLocMediaP olicyTagged Remote lldpXMedLocMediaP olicyTagged VLAN ID Local lldpXMedLocMediaP olicyVlanID Remote lldpXMedRemMedia PolicyVlanID L2 Priority Local lldpXMedLocMediaP olicy...

Page 483: ...iceType Remote lldpXMedRemXPoED eviceType Power Source Local lldpXMedLocXPoEPS EPowerSource lldpXMedLocXPoEP DPowerSource Remote lldpXMedRemXPoEP SEPowerSource lldpXMedRemXPoEP DPowerSource Power Priority Local lldpXMedLocXPoEP DPowerPriority lldpXMedLocXPoEPS EPortPDPriority Remote lldpXMedRemXPoEP SEPowerPriority lldpXMedRemXPoEP DPowerPriority Power Value Local lldpXMedLocXPoEPS EPortPowerAv ll...

Page 484: ...rom the server is of an NLB type The switch then maps the IP address cluster IP with the MAC address cluster MAC address In multicast mode the cluster IP address is mapped to a cluster multicast MAC address that is configured using a static ARP CLI configuration command After the NLB entry is learned the traffic is forwarded to all the servers in the VLAN corresponding to the cluster virtual IP ad...

Page 485: ...applicable and the ARP replies contain a discrepancy in the Ethernet SHA and ARP header SHA frames a flooding of packets over the relevant VLAN occurs The maximum number of concurrent clusters that is supported is eight Benefits and Working of Microsoft Clustering Microsoft clustering allows multiple servers using Microsoft Windows to be represented by one MAC address and IP address in order to pr...

Page 486: ... To enable a switch for unicast NLB mode of functioning perform the following steps Enter the ip vlan flooding command to specify that all Layer 3 unicast routed data traffic going through a VLAN member port needs to be flooded across all the member ports of that VLAN There might be some ARP table entries that are resolved through ARP packets which had the Ethernet MAC SA different from the MAC in...

Page 487: ...e transmission control protocol TCP Through this connection peers advertise the sources in their domain 1 When an RP in a PIM SM domain receives a PIM register message from a source it sends a source active SA message to MSDP peers as shown in the following illustration 2 Each MSDP peer receives and forwards the message to its peers away from the originating RP 3 When an MSDP peer receives an SA m...

Page 488: ...in in type length value TLV format The total number of TLVs contained in the SA is indicated in the Entry Count field SA messages are transmitted every 60 seconds and immediately when a new source is detected Figure 68 MSDP SA Message Format 488 Multicast Source Discovery Protocol MSDP ...

Page 489: ...the other RPs informing them that there is an active source for a particular multicast group The result is that each RP is aware of the active sources in the area of the other RPs If any of the RPs fail IP routing converges and one of the RPs becomes the active RP in more than one area New sources register with the backup RP Receivers join toward the new RP and connectivity is maintained Implement...

Page 490: ...nting MSDP from Caching a Local Source Preventing MSDP from Caching a Remote Source Preventing MSDP from Advertising a Local Source Terminating a Peership Clearing Peer Statistics Debugging MSDP MSDP with Anycast RP MSDP Sample Configurations Figure 69 Configuring Interfaces for MSDP 490 Multicast Source Discovery Protocol MSDP ...

Page 491: ...Figure 70 Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol MSDP 491 ...

Page 492: ...Figure 71 Configuring PIM in Multiple Routing Domains 492 Multicast Source Discovery Protocol MSDP ...

Page 493: ...P by peering RPs in different administrative domains 1 Enable MSDP CONFIGURATION mode ip multicast msdp 2 Peer PIM systems in different administrative domains CONFIGURATION mode ip msdp peer connect source Multicast Source Discovery Protocol MSDP 493 ...

Page 494: ...n out 8 0 SAs learned from this peer 1 SA Filtering Input S G filter none Output S G filter none Manage the Source Active Cache Each SA originating RP caches the sources inside its domain domain local and the sources which it has learned from its peers domain remote By caching sources domain local receivers experience a lower join latency RPs can transmit SA messages periodically to prevent SA sto...

Page 495: ...ted sa Enabling the Rejected Source Active Cache To cache rejected sources use the following command Active sources can be rejected because the RPF check failed the SA limit is reached the peer RP is unreachable or the SA message has a format error Cache rejected sources CONFIGURATION mode ip msdp cache rejected sa Accept Source Active Messages that Fail the RFP Check A default peer is a peer from...

Page 496: ...Figure 73 MSDP Default Peer Scenario 1 496 Multicast Source Discovery Protocol MSDP ...

Page 497: ...Figure 74 MSDP Default Peer Scenario 2 Multicast Source Discovery Protocol MSDP 497 ...

Page 498: ...Figure 75 MSDP Default Peer Scenario 3 498 Multicast Source Discovery Protocol MSDP ...

Page 499: ...CONFIGURATION mode ip msdp default peer ip address list If you do not specify an access list the peer accepts all sources that peer advertises All sources from RPs that the ACL denies are subject to the normal RPF check Example of the ip msdp default peer Command and Viewing Denied Sources Dell conf ip msdp peer 10 0 50 2 connect source Vlan 50 Dell conf ip msdp default peer 10 0 50 2 list fifty M...

Page 500: ...AL Store sources that are received after the limit is reached in the rejected SA cache CONFIGURATION mode ip msdp cache rejected sa 2 Set the upper limit for the number of sources allowed from an MSDP peer CONFIGURATION mode ip msdp peer peer address sa limit The default limit is 100K If the total number of sources received from the peer is already larger than the limit when this configuration is ...

Page 501: ...ing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source use the following commands 1 OPTIONAL Cache sources that the SA filter denies in the rejected SA cache CONFIGURATION mode ip msdp cache rejected sa 2 Prevent the system from caching remote sources learned from a specific peer based on source and group CONFIGURATION mode ip msdp sa filter list out peer list ext acl E...

Page 502: ...it is already in the SA cache of R3 the entry remains there until it expires Router 1 R1_E600 conf do show run msdp ip multicast msdp ip msdp peer 192 168 0 3 connect source Loopback 0 ip msdp sa filter out 192 168 0 3 list mylocalfilter R1_E600 conf do show run acl ip access list extended mylocalfilter seq 5 deny ip host 239 0 0 1 host 10 11 4 2 seq 10 deny ip any any R1_E600 conf do show ip msdp...

Page 503: ...3 R3_E600 conf ip msdp shutdown 192 168 0 1 R3_E600 conf do show ip msdp peer Peer Addr 192 168 0 1 Local Addr 0 0 0 0 0 Connect Source Lo 0 State Shutdown Up Down Time 00 00 18 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 0 0 SAs learned from this peer 0 SA Filtering Input S G filter myremotefilter Output S G filter none Router 1 R1_E600 conf do show ip msdp peer Peer...

Page 504: ... the debug ip msdp Command R1_E600 conf do debug ip msdp All MSDP debugging has been turned on R1_E600 conf 03 16 08 MSDP 0 Peer 192 168 0 3 sent Keepalive msg 03 16 09 MSDP 0 Peer 192 168 0 3 rcvd Keepalive msg 03 16 27 MSDP 0 Peer 192 168 0 3 sent Source Active msg 03 16 38 MSDP 0 Peer 192 168 0 3 sent Keepalive msg 03 16 39 MSDP 0 Peer 192 168 0 3 rcvd Keepalive msg 03 17 09 MSDP 0 Peer 192 168...

Page 505: ...n an active RP fails When you configure multiple RPs there can be considerable convergence delay involved in switching to the backup RP Anycast RP relieves these limitations by allowing multiple RPs per group which can be distributed in a topologically significant manner according to the locations of the sources and receivers 1 All the RPs serving a given group are configured with an identical any...

Page 506: ...rce active messages to all of their peers away from the RP When multiple RPs exist within a domain the RPs forward received active source information back to the originating RP which violates the RFP rule You can prevent this unnecessary flooding by creating a mesh group A mesh in this context is a topology in which each RP in a set of RPs has a peership with all other RPs in the set When an RP is...

Page 507: ...utdown router ospf 1 network 10 11 2 0 24 area 0 network 10 11 1 0 24 area 0 network 10 11 3 0 24 area 0 network 192 168 0 11 32 area 0 ip multicast msdp ip msdp peer 192 168 0 3 connect source Loopback 1 ip msdp peer 192 168 0 22 connect source Loopback 1 ip msdp mesh group AS100 192 168 0 22 ip msdp originator id Loopback 1 ip pim rp address 192 168 0 1 group address 224 0 0 0 4 The following ex...

Page 508: ...onnect source Loopback 1 ip msdp mesh group AS100 192 168 0 11 ip msdp originator id Loopback 1 ip route 192 168 0 3 32 10 11 0 32 ip pim rp address 192 168 0 1 group address 224 0 0 0 4 The following example shows an R3 configuration for MSDP with Anycast RP ip multicast routing interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 0 32 24 no shutdown interface TenGigabitEthernet ...

Page 509: ...ss 192 168 0 3 32 no shutdown router ospf 1 network 10 11 6 0 24 area 0 network 192 168 0 3 32 area 0 redistribute static redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192 168 0 22 remote as 100 neighbor 192 168 0 22 ebgp multihop 255 neighbor 192 168 0 22 update source Loopback 0 neighbor 192 168 0 22 no shutdown ip multicast msdp ip msdp peer 192 168 0 1...

Page 510: ...own router ospf 1 network 10 11 2 0 24 area 0 network 10 11 1 0 24 area 0 network 192 168 0 1 32 area 0 network 10 11 3 0 24 area 0 ip multicast msdp ip msdp peer 192 168 0 3 connect source Loopback 0 ip pim rp address 192 168 0 1 group address 224 0 0 0 4 ip multicast routing interface TenGigabitEthernet 2 1 ip pim sparse mode ip address 10 11 4 1 24 no shutdown interface TenGigabitEthernet 2 11 ...

Page 511: ...11 6 34 24 no shutdown interface ManagementEthernet 1 1 ip address 10 11 80 3 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 3 32 no shutdown router ospf 1 network 10 11 6 0 24 area 0 network 192 168 0 3 32 area 0 redistribute static redistribute connected redistribute bgp 200 router bgp 200 redistribute ospf 1 neighbor 192 168 0 2 remote as 100 neighbor 192 168 0 2 eb...

Page 512: ...im sparse mode ip address 10 11 6 43 24 no shutdown interface Loopback 0 ip address 192 168 0 4 32 no shutdown router ospf 1 network 10 11 5 0 24 area 0 network 10 11 6 0 24 area 0 network 192 168 0 4 32 area 0 ip pim rp address 192 168 0 3 group address 224 0 0 0 4 512 Multicast Source Discovery Protocol MSDP ...

Page 513: ... reduce the total number of required instances In contrast PVST allows a spanning tree instance for each VLAN This 1 1 approach is not suitable if you have many VLANs because each spanning tree instance costs bandwidth and processing resources In the following illustration three VLANs are mapped to two multiple spanning tree instances MSTI VLAN 100 traffic takes a different path than VLAN 200 and ...

Page 514: ...on When you enable MSTP all ports in Layer 2 mode participate in MSTP Configure Multiple Spanning Tree Protocol Configuring multiple spanning tree is a four step process 1 Configure interfaces for Layer 2 2 Place the interfaces in VLANs 3 Enable the multiple spanning tree protocol 4 Create multiple spanning tree instances and map VLANs to them Related Configuration Tasks The following are the rela...

Page 515: ...is enabled use the show config command in PROTOCOL MSTP mode Dell conf protocol spanning tree mstp Dell config mstp show config protocol spanning tree mstp no disable Dell Adding and Removing Interfaces To add and remove interfaces use the following commands To add an interface to the MSTP topology configure it for Layer 2 and add it to a VLAN If you previously disabled MSTP on the interface using...

Page 516: ...53e Root Bridge hello time 2 max age 20 forward delay 15 max hops 19 Bridge Identifier has priority 32768 Address 0001 e80d b6d6 Configured hello time 2 max age 20 forward delay 15 max hops 20 Current root has priority 32768 Address 0001 e806 953e Number of topology changes 2 last change occured 1d2h ago on Te 1 21 Port 374 TenGigabitEthernet 1 21 is root Forwarding Port path cost 20000 Port prior...

Page 517: ...sti 2 bridge priority 0 1d2h51m RPM0 P RP2 SPANMGR 5 STP_ROOT_CHANGE MSTP root changed for instance 2 My Bridge ID 0 0001 e809 c24a Old Root 32768 0001 e806 953e New Root 0 0001 e809 c24a R3 conf mstp show config protocol spanning tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 MSTI 2 bridge priority 0 Interoperate with Non Dell Networking OS Bridges Dell Networking OS supports only one M...

Page 518: ... delay hello time max age and max hops and overwrites the values set on other MSTP bridges Forward delay the amount of time an interface waits in the Listening state and the Learning state before it transitions to the Forwarding state Hello time the time interval in which the bridge sends MSTP bridge protocol data units BPDUs Max age the length of time the bridge maintains configuration informatio...

Page 519: ...delay Parameter To view the current values for MSTP parameters use the show running config spanning tree mstp command from EXEC privilege mode Dell conf mstp forward delay 16 Dell conf mstp exit Dell conf do show running config spanning tree mstp protocol spanning tree mstp no disable name my mstp region MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 forward delay 16 MSTI 2 bridge priority 4096 Dell conf Mod...

Page 520: ...ts of 16 The default is 128 To view the current values for these interface parameters use the show config command from INTERFACE mode Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise it does not go th...

Page 521: ...interface using the no spanning tree command in INTERFACE mode Disabling global spanning tree using the no spanning tree command in CONFIGURATION mode Example of Enabling an EdgePort on an Interface To verify that EdgePort is enabled use the show config command from INTERFACE mode Dell conf if te 3 11 spanning tree mstp edge port Dell conf if te 3 11 show config interface TenGigabitEthernet 3 11 n...

Page 522: ...ped to MSTP instances tag interfaces to the VLANs Step 1 protocol spanning tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 Step 2 interface TenGigabitEthernet 1 21 no ip address switchport no shutdown interface TenGigabitEthernet 1 31 no ip address switchport no shutdown Step 3 interface Vlan 100 no ip address tagged TenGigabitEthernet 1 21 31 no shutdown interfac...

Page 523: ... no ip address switchport no shutdown interface TenGigabitEthernet 2 31 no ip address switchport no shutdown Step 3 interface Vlan 100 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 2 11 31 no shutdown Router 3 Running Configuration This example use...

Page 524: ...es the following steps 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs 2 Assign Layer 2 interfaces to the MSTP topology 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs Step 1 spanning tree spanning tree configuration name Tahiti spanning tree configuration revision 123 spanning tree MSTi instance 1 spanning tree MSTi vlan 1 100 spanni...

Page 525: ... the show running configuration spanning tree mstp in EXEC Privilege mode To monitor and verify that the MSTP configuration is connected and communicating as desired use the debug spanning tree mstp bpdu command Key items to look for in the debug report include MSTP flags indicate communication received from the same region As shown in the following the MSTP routers are located in the same region ...

Page 526: ... Indicates MSTP routers are in the single region CIST Root Bridge Id 32768 0001 e806 953e Ext Path Cost 0 Regional Bridge Id 32768 0001 e806 953e CIST Port Id 128 470 Msg Age 0 Max Age 20 Hello 2 Fwd Delay 15 Ver1 Len 0 Ver3 Len 96 Name Tahiti Rev 123 MSTP region name and revision Int Root Path Cost 0 Rem Hops 19 Bridge Id 32768 0001 e8d5 cbbd 4w0d4h INST 1 MSTP Instance Flags 0x78 Reg Root 32768 ...

Page 527: ...INST 2 Flags 0x70 Reg Root 32768 0001 e8d5 cbbd Int Root Cost Brg Port Prio 32768 128 Rem Hops 20 Multiple Spanning Tree Protocol MSTP 527 ...

Page 528: ... ECMP routing to load balance multiple streams across equal cost links When creating the shared tree protocol independent multicast PIM uses routes from all configured routing protocols to select the best route to the rendezvous point RP If there are multiple equal cost paths the PIM selects the route with the least number of currently running multicast streams If multiple routes have the same num...

Page 529: ...n IP address for open shortest path first OSPF that maps to the multicast MAC address 01 00 5e 00 00 05 However 225 0 0 5 226 0 0 5 and so on map to the same multicast MAC address The Layer 2 forwarding information base FIB alone cannot differentiate multicast control traffic multicast data traffic with the same address so if you use IP address 225 0 0 5 for data traffic both the multicast data an...

Page 530: ...ticast packet loss NOTE When a source begins sending traffic the Source DR forwards the initial packets to the RP as encapsulated registered packets These packets are forwarded via the soft path at a maximum rate of 70 packets second Incoming packets beyond this rate are dropped Multicast Policies Dell Networking OS offers parallel multicast features for IPv4 IPv4 Multicast Policies IPv4 Multicast...

Page 531: ...cular group by blocking specific IGMP reports Create an extended access list containing the permissible source group pairs NOTE For rules in IGMP access lists source is the multicast source not the source of the IGMP packet For IGMPv2 use the keyword any for source as shown in the following example because IGMPv2 hosts do not know in advance who the source is for the group in which they are intere...

Page 532: ...ponding entries are created in the routing table Figure 81 Preventing a Host from Joining a Group Table 35 Preventing a Host from Joining a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 532 Multicast Features ...

Page 533: ... mode ip address 10 11 23 1 24 no shutdown 3 1 Interface TenGigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode ip address 10 11 3 1 24 un...

Page 534: ...pating in protocol independent multicast PIM INTERFACE mode ip pim neighbor filter Preventing a Source from Registering with the RP To prevent the PIM source DR from sending register packets to RP for the specified multicast source and group use the following command If the source DR never sends register packets to the RP no hosts can ever discover the source and create a shortest path tree SPT to...

Page 535: ...ting a Source from Transmitting to a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 no shutdown 1 31 Interface TenGigabitEthernet 1 31 ip pim sparse mode ip address 10 11 13 1 24 Multicast Features 535 ...

Page 536: ...ce TenGigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode ip address 10 11 3 1 24 untagged TenGigabitEthernet 1 1 no shutdown Receiver 2 I...

Page 537: ... source Excessive traffic is generated when the join process from the RP back to the source is blocked due to a new source group being permitted in the join filter This results in the new source becoming stuck in registering on the DR and the continuous generation of UDP encapsulated registration messages between the DR and RP routers which are being sent to the CPU Prevent the PIM SM router from ...

Page 538: ...uch VRRP to receive a notification when the state of a tracked object changes The following example shows how object tracking is performed Router A and Router B are both connected to the Internet via interfaces running OSPF Both routers belong to a VRRP group with a virtual router at 10 0 0 1 on the local area network LAN side Neither Router A nor Router B is the owner of the group Although Router...

Page 539: ...e link level status goes down the tracked resource status is considered to be DOWN if the link level status goes up the tracked resource status is considered to be UP For logical interfaces such as port channels or virtual local area networks VLANs the link protocol status is considered to be UP if any physical interface under the logical interface is UP Track Layer 3 Interfaces You can create an ...

Page 540: ...the ARP cache entry to see if the next hop address appears before considering the route DOWN Track a Metric Threshold If you configure a metric threshold to track a route the UP DOWN state of the tracked route is determined by the current metric for the route entered in the routing table To provide a common tracking interface for different clients route metrics are scaled in the range from 0 to 25...

Page 541: ...ot configure a delay a notification is sent immediately as soon as a change in the state of a tracked object is detected The time delay in communicating a state change is specified in seconds VRRP Object Tracking As a client VRRP can track up to 20 objects including route entries and Layer 2 and Layer 3 interfaces in addition to the 12 tracked interfaces supported for each VRRP group You can assig...

Page 542: ...g on the line protocol state of a Layer 2 interface CONFIGURATION mode track object id interface interface line protocol Valid object IDs are from 1 to 65535 2 Optional Configure the time delay used before communicating a change in the status of a tracked interface OBJECT TRACKING mode delay up seconds down seconds Valid delay times are from 0 to 180 seconds The default is 0 3 Optional Identify th...

Page 543: ...he track interface ipv6 routing command The status of an IPv6 interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IPv6 address The Layer 3 status of an IPv6 interface goes DOWN when its Layer 2 status goes down for a Layer 3 VLAN all VLAN ports must be down or the IPv6 address is removed from the routing table To remove object tracking on a Layer 3 IPv4 ...

Page 544: ...g table A tracked route is considered to match an entry in the routing table only if the exact IPv4 or IPv6 address and prefix length match an entry in the table For example when configured as a tracked route 10 0 0 0 24 does not match the routing table entry 10 0 0 0 8 Similarly for an IPv6 address 3333 100 200 300 400 80 does not match routing table entry 3333 100 200 300 64 If no route table en...

Page 545: ... resolution in the range from 1 to 1000 where the default is 10 For OSPF you can set the resolution in the range from 1 to 1592 where the default is 1 The resolution value used to map static routes is not configurable By default Dell Networking OS assigns a metric of 0 to static routes The resolution value used to map RIP routes is not configurable The RIP hop count is automatically multiplied by ...

Page 546: ...rack 4 ip route 3 1 1 0 24 reachability vrf vrf1 Dell conf track 105 ipv6 route 1234 64 reachability Dell conf track 105 delay down 5 Dell conf track 105 description Headquarters Dell conf track 105 end Dell show track 105 Track 105 IPv6 route 1234 64 reachability Description Headquarters Reachability is Down route not in route table 2 changes last change 00 03 03 Tracking a Metric Threshold Use t...

Page 547: ... Identify the tracked object with a text description OBJECT TRACKING mode description text The text string can be up to 80 characters 5 Optional Configure the metric threshold for the UP and or DOWN routing status to be tracked for the specified route OBJECT TRACKING mode threshold metric up number down number The default UP threshold is 254 The routing state is UP if the scaled route metric is le...

Page 548: ...e brief vrf vrf name ip route brief vrf vrf name resolution vrf vrf name brief brief Use the show running config track command to display the tracking configuration of a specified object or all objects that are currently configured on the router show running config track object id Example of Viewing the Configuration and Status of Tracked Layer 2 Layer 3 Interfaces Example of the show track brief ...

Page 549: ...how track vrf red Track 5 IP route 192 168 0 0 24 reachability Vrf red Reachability is Up CONNECTED 3 changes last change 00 02 39 First hop interface is GigabitEthernet 13 4 Dell show running config track track 1 ip route 23 0 0 0 8 reachability track 2 ipv6 route 2040 64 metric threshold delay down 3 delay up 5 threshold metric up 200 track 3 ipv6 route 2050 64 reachability track 4 interface Gig...

Page 550: ... routers initially exchange HELLO messages to set up adjacencies with neighbor routers The HELLO process is used to establish adjacencies between routers of the AS It is not required that every router within the AS areas establish adjacencies If two routers on the same subnet agree to become neighbors through the HELLO process they begin to exchange network topology information in the form of LSAs...

Page 551: ...d Area 0 0 0 0 and is the core of any AS All other areas must connect to Area 0 Areas can be defined in such a way that the backbone is not contiguous In this case backbone connectivity must be restored through virtual links Virtual links are configured between any backbone routers that share a link to a non backbone area and function as if they were direct links An OSPF backbone is responsible fo...

Page 552: ... link state protocol OSPF sends routing information to other OSPF routers concerning the state of the links between them The state up or down of those links is important Routers that share a link become neighbors on that segment OSPF uses the Hello protocol as a neighbor discovery and keep alive mechanism After two routers are neighbors they may proceed to exchange and synchronize their databases ...

Page 553: ... in the previous example Area Border Router ABR Within an AS an area border router ABR connects one or more areas to the backbone The ABR keeps a copy of the link state database for every area it connects to so it may keep multiple copies of the link state database An ABR takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is c...

Page 554: ... on These router designations are not the same ad the router IDs described earlier The DRs and BDRs are configurable in Dell Networking OS If you do not define DR or BDR in Dell Networking OS the system assigns them OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR The router with the highest priority is elected the DR If there is a tie the rout...

Page 555: ...D has different meanings 1 point to point connection to another router neighboring router 2 connection to a transit network IP address of the DR 3 connection to a stub network IP network subnet number 4 virtual link neighboring router ID LSA Throttling LSA throttling provides configurable interval timers to improve OSPF convergence times The default OSPF static timers 5 seconds for transmission 1 ...

Page 556: ...a router fails and the cost is assessed a new priority number results Figure 86 Priority and Cost Examples OSPF with Dell Networking OS Dell Networking OS supports up to 10 000 OSPF routes for OSPFv2 Within that 10 000 routes you can designate up to 8 000 routes as external and up to 2 000 as inter intra area routes Dell Networking OS version 9 4 0 0 and later support only one OSPFv2 process per V...

Page 557: ...nt For packets that have existing FIB CAM entries forwarding between ingress and egress ports VLANs and so on can continue uninterrupted while the control plane OSPF process comes back to full functionality and rebuilds its routing tables To notify its helper neighbors that the restart process is beginning when a router is attempting to restart gracefully it originates the following link local Gra...

Page 558: ...anned event causes the active RPM to switch to the backup RPM such as when an active process crashes the active RPM is removed or a power failure happens During an unplanned restart OSPF sends out a Grace LSA when the backup RPM comes online To display the configuration values for OSPF graceful restart enter the show run ospf command for OSPFv2 and the show run ospf and show ipv6 ospf database dat...

Page 559: ...ng on a subset of the interfaces between two routers Enabling RFC 2328 Compliant OSPF Flooding To enable OSPF flooding use the following command When you enable this command it configures Dell Networking OS to flood LSAs on all interfaces Enable RFC 2328 flooding ROUTER OSPF mode flood 2328 Example of Viewing the Debug Log for Flooding Behavior To confirm RFC 2328 flooding behavior use the debug i...

Page 560: ...onfiguring a hello interval does not change the dead interval in Dell Networking OS In contrast the OSPF dead interval on a Cisco router is by default four times as long as the hello interval Changing the hello interval on the Cisco router automatically changes the dead interval To ensure equal intervals between the routers use the following command Manually set the dead interval of the Dell Netwo...

Page 561: ...ional tasks Enabling OSPFv2 mandatory Assigning a Router ID Enabling Multi Process OSPF Assigning an OSPFv2 Area mandatory Enable OSPFv2 on Interfaces Configuring Stub Areas Enabling Passive Interfaces Enabling Fast Convergence Changing OSPFv2 Parameters on Interfaces Enabling OSPFv2 Authentication Creating Filter Routes Applying Prefix Lists Redistributing Routes Troubleshooting OSPFv2 1 Configur...

Page 562: ...ntifying number assigned to the OSPF process The router ID is the IP address associated with the OSPF process After the OSPF process and the VRF are tied together the OSPF process ID cannot be used again in the system If you try to enter an OSPF process ID or if you try to enable more OSPF processes than available Layer 3 interfaces prior to assigning an IP address to an interface and setting the ...

Page 563: ...s OSPF OSPFv2 IPv4 Only When configuring a single OSPF process follow the same steps previously described Repeat them as often as necessary for the desired number of processes After the process is created all other configurations apply as usual 1 Assign an IP address to an interface CONFIG INTERFACE mode ip address ip address mask Format A B C D M If you are using a Loopback interface refer to Loo...

Page 564: ... by a number or with an IP interface address Enable OSPFv2 on an interface and assign a network address range to a specific OSPF area CONFIG ROUTER OSPF id mode network ip address mask area area id The IP Address Format is A B C D M The area ID range is from 0 to 65535 or A B C D M Enable OSPFv2 on Interfaces Enable and configure OSPFv2 on each interface configure for Layer 3 protocol and not shut...

Page 565: ...GigabitEthernet 1 21 is up line protocol is up Internet Address 10 2 3 1 24 Area 0 0 0 0 Process ID 1 Router ID 11 1 2 1 Network Type BROADCAST Cost 1 Transmit Delay is 1 sec State BDR Priority 1 Designated Router ID 13 1 1 1 Interface address 10 2 3 2 Backup Designated Router ID 11 1 2 1 Interface address 10 2 3 1 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00...

Page 566: ...pf process id vrf database database summary 2 Enter CONFIGURATION mode EXEC Privilege mode configure 3 Enter ROUTER OSPF mode CONFIGURATION mode router ospf process id vrf Process ID is the ID assigned when configuring OSPFv2 globally 4 Configure the area as a stub area CONFIG ROUTER OSPF id mode area area id stub no summary Use the keywords no summary to prevent transmission into the area of summ...

Page 567: ...aces on this OSPF process as passive To remove the passive interface from select interfaces use the no passive interface interface command while passive interface default is configured To enable both receiving and sending routing updates use the no passive interface interface command Example of Viewing Passive Interfaces When you configure a passive interface the show ip ospf process id interface ...

Page 568: ... CONFIG ROUTEROSPF id mode fast convergence number The parameter range is from 1 to 4 The higher the number the faster the convergence When disabled the parameter is set at 0 NOTE A higher convergence level can result in occasional loss of OSPF adjacency Generally convergence level 1 meets most convergence requirements Only select higher convergence levels following consultation with Dell Technica...

Page 569: ...e router waits before declaring a neighbor dead CONFIG INTERFACE mode ip ospf dead interval seconds seconds the range is from 1 to 65535 the default is 40 seconds The dead interval must be four times the hello interval The dead interval must be the same on all routers in the OSPF network Change the time interval between hello packet transmission CONFIG INTERFACE mode ip ospf hello interval seconds...

Page 570: ...ew interface configurations use the show config command in CONFIGURATION INTERFACE mode To view interface status in the OSPF process use the show ip ospf interface command in EXEC mode The bold lines in the example show the change on the interface The change is reflected in the OSPF configuration Dell conf if ip ospf cost 45 Dell conf if show config interface TenGigabitEthernet 1 1 ip address 10 1...

Page 571: ...l as new authentication schemes for a time period that is equal to two times the configured authentication change wait timer After this time period OSPF accepts only the new authentication scheme This transmission stops when the period ends The default is 0 seconds Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process For more information refer to Graceful Restar...

Page 572: ...elper only restart only Dell Networking OS supports the following options Helper only the OSPFv2 router supports graceful restart only as a helper router Restart only the OSPFv2 router supports graceful restart only during unplanned restarts By default OSPFv2 supports both restarting and helper roles Selecting one or the other role restricts OSPFv2 to the single selected role To disable OSPFv2 gra...

Page 573: ... the maximum prefix length to match from 0 to 32 For configuration information about prefix lists refer to Access Control Lists ACLs Applying Prefix Lists To apply prefix lists to incoming or outgoing OSPF routes use the following commands Apply a configured prefix list to incoming OSPF routes CONFIG ROUTEROSPF id mode distribute list prefix list name in interface Assign a configured prefix list t...

Page 574: ...0 0 0 255 area 3 3 3 3 distribute list dilling in Dell conf router_ospf Troubleshooting OSPFv2 Dell Networking OS has several tools to make troubleshooting easier Be sure to check the following as these questions represent typical issues that interrupt an OSPFv2 process NOTE The following is not a comprehensive list just some examples of typical troubleshooting checks Have you enabled OSPF globall...

Page 575: ...nt packet spf database timers rate limit To view debug messages for a specific OSPF process ID use the debug ip ospf process id command If you do not enter a process ID the command applies to the first OSPF process To view debug messages for a specific operation enter one of the optional keywords event view OSPF event messages packet view OSPF packet information spf view SPF information database t...

Page 576: ... can copy and paste from these examples to your CLI To support your own IP addresses interfaces names and so on be sure that you make the necessary changes Basic OSPFv2 Router Topology The following illustration is a sample basic OSPFv2 topology Figure 87 Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 Te 1 1 and 1 2 router ospf 11111 network 10 0 11 0 24 area 0 network 10 0 12 0 24 area 0 ...

Page 577: ...utdown interface TenGigabitEthernet 2 2 ip address 10 2 22 2 24 no shutdown Configuration Task List for OSPFv3 OSPF for IPv6 The configuration options of OSPFv3 are the same as those options for OSPFv2 but you may configure OSPFv3 with differently labeled commands Specify process IDs and areas and include interfaces and addresses in the process Define areas as stub or totally stubby The interfaces...

Page 578: ...ssigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface use the following commands 1 Assign an IPv6 address to the interface CONF INT type slot port mode ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits separate each group by a colon The format is A B C F 128 2 Bring up the interface CONF INT type slot port mode no sh...

Page 579: ...outer as an IPv4 IP address Disable OSPF CONFIGURATION mode no ipv6 router ospf process id Reset the OSPFv3 process EXEC Privilege mode clear ipv6 ospf process Configuring Stub Areas To configure IPv6 stub areas use the following command Configure the area as a stub area CONF IPV6 ROUTER OSPF mode area area id stub no summary no summary use these keywords to prevent transmission in to the area of ...

Page 580: ...e OSPF process Route redistribution is also supported between OSPF Routing process IDs To add redistributing routes use the following command Specify which routes are redistributed into the OSPF process CONF IPV6 ROUTER OSPF mode redistribute bgp connected static metric metric value metric type type value route map map name tag tag value Configure the following required and optional parameters bgp...

Page 581: ...PFv3 does not participate in the graceful restart of a neighbor NOTE Enter the ipv6 ospf graceful restart helper reject command in Interface configuration mode Enable OSPFv3 graceful restart globally by setting the grace period in seconds CONF IPV6 ROUTER OSPF mode graceful restart grace period seconds The valid values are from 40 to 1800 seconds Configure an OSPFv3 interface to not act on the Gra...

Page 582: ...e show ipv6 ospf database database summary Examples of the Graceful Restart show Commands The following example shows the show run ospf command Dell show run ospf router ospf 1 router id 200 1 1 1 log adjacency changes graceful restart grace period 180 network 20 1 1 0 24 area 0 network 30 1 1 0 24 area 0 ipv6 router ospf 1 log adjacency changes graceful restart grace period 180 The following exam...

Page 583: ...transport and tunnel Transport mode encrypts only the data portion payload of each packet but leaves the header untouched Tunnel mode is more secure and encrypts both the header and payload On the receiving side an IPsec compliant device decrypts each packet NOTE Dell Networking OS supports only Transport Encryption mode in OSPFv3 authentication with IPsec With IPsec based authentication Crypto im...

Page 584: ... specifications in RFC 4552 To use IPsec configure an authentication using AH or encryption using ESP security policy on an interface or in an OSPFv3 area Each security policy consists of a security policy index SPI and the key used to validate OSPFv3 packets After IPsec is configured for OSPFv3 IPsec operation is invisible to the user You can only enable one security protocol AH or ESP at a time ...

Page 585: ...tion Task List for OSPFv3 OSPF for IPv6 The SPI value must be unique to one IPsec security policy authentication or encryption on the router Configure the same authentication policy the same SPI and key on each OSPFv3 interface in a link Enable IPsec authentication for OSPFv3 packets on an IPv6 based interface INTERFACE mode ipv6 ospf authentication null ipsec spi number MD5 SHA1 key encryption ty...

Page 586: ...cifies the encryption algorithm used with ESP The valid values are 3DES DES AES CBC and NULL For AES CBC only the AES 128 and AES 192 ciphers are supported key specifies the text string used in the encryption All neighboring OSPFv3 routers must share the same key to decrypt information Required lengths of a non encrypted or encrypted key are 3DES 48 or 96 hex digits DES 16 or 32 hex digits AES CBC...

Page 587: ...type optional specifies if the key is encrypted The valid values are 0 key is not encrypted or 7 key is encrypted key specifies the text string used in authentication All neighboring OSPFv3 routers must share key to exchange information For MD5 authentication the key must be 32 hex digits non encrypted or 64 hex digits encrypted For SHA 1 authentication the key must be 40 hex digits non encrypted ...

Page 588: ... is encrypted Valid values 0 key is not encrypted or 7 key is encrypted authentication algorithm specifies the authentication algorithm to use for encryption The valid values are MD5 or SHA1 key specifies the text string used in authentication All neighboring OSPFv3 routers must share key to exchange information For MD5 authentication the key must be 32 hex digits non encrypted or 64 hex digits en...

Page 589: ...bound ESP Cipher Key 123456789a123456789b123456789c123456789d12345678 Outbound ESP Cipher Key 123456789a123456789b123456789c123456789d12345678 Transform set esp 3des esp md5 hmac Crypto IPSec client security policy data Policy name OSPFv3 1 500 Policy refcount 2 Inbound AH SPI 500 0x1F4 Outbound AH SPI 500 0x1F4 Inbound AH Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e Outbou...

Page 590: ...sas spi 600 0x258 transform esp des esp sha1 hmac in use settings Transport replay detection support N STATUS ACTIVE Troubleshooting OSPFv3 Dell Networking OS has several tools to make troubleshooting easier Consider the following information as these are typical issues that interrupt the OSPFv3 process NOTE The following troubleshooting section is not meant to be a comprehensive list only example...

Page 591: ...e mode show ipv6 ospf database View the configuration of OSPFv3 neighbors EXEC Privilege mode show ipv6 ospf neighbor View debug messages for all OSPFv3 interfaces EXEC Privilege mode debug ipv6 ospf event packet type slot port For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then...

Page 592: ... there may be a need to forward the packet based on other criteria size source protocol type destination etc For example a network administrator might want to forward a packet that uses TCP across a different next hop than packets using ICMP In these situations you can configure a switch route packets according to a policy applied to interfaces Rules for PBR can also be a combination of things Whe...

Page 593: ...edirect list The traffic is forwarded based on the following Next hop addresses are verified If the specified next hop is reachable then the traffic is forwarded to the specified next hop If the specified next hops are not reachable then the normal routing table is used to forward the traffic Dell Networking OS supports multiple next hop entries in the redirect lists Redirect Lists are applied at ...

Page 594: ...s bitmasks for PBR Hot Lock PBR Non contiguous bitmasks for PBR Non contiguous bitmasks for PBR allows more granular and flexible control over routing policies Network addresses that are in the middle of a subnet can be included or excluded Specific bitmasks can be entered using the dotted decimal format Non contiguous bitmask example Dell show ip redirect list IP redirect list rcl0 Defined as seq...

Page 595: ...f the command to organize your rules Command Syntax Command Mode Purpose seq number redirect ip address tunnel tunnel id track obj id ip protocol number protocol type bit source mask any host ip address destination mask any host ip address CONF REDIRECT LIST Configure a rule for the redirect list number is the number in sequence to initiate this rule ip address is the Forwarding router s address t...

Page 596: ...irect 3 3 3 3 ip A B C D Source address any Any source host host A single source host Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 Mask A B C D or nn Mask in dotted decimal or in slash format Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 32 A B C D Destination address any Any destination host host A single destination host Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 32 7...

Page 597: ...outes for dynamic failover If the primary path goes down and the recursive route is removed from the routing table the seq redirect statement is ignored and the next statement in the list with a different route is used PBR Exceptions Permit Use the command permit to create an exception to a redirect list Exceptions are used when a forwarding decision should be based on the routing table rather tha...

Page 598: ... group command In this example the list xyz is applied to the tenGigabitEthernet 2 1 interface Applying a Redirect list to an Interface Example Dell conf if te 2 1 ip redirect group xyz Dell conf if te 2 1 Applying a Redirect list to an Interface Example Dell conf if te 1 1 ip redirect group test Dell conf if te 1 1 ip redirect group xyz Dell conf if te 1 1 show config interface TenGigabitEthernet...

Page 599: ...achable via Te 1 32 seq 35 redirect 155 1 1 2 track 5 ip 7 7 7 0 24 8 8 8 0 24 Track 5 up Next hop reachable via Po 5 seq 30 redirect 155 1 1 2 track 6 icmp host 8 8 8 8 any Track 5 up Next hop reachable via Po 5 seq 35 redirect 42 1 1 2 icmp host 8 8 8 8 any Next hop reachable via Vl 20 seq 40 redirect 43 1 1 2 tcp 155 55 2 0 24 222 22 2 0 24 Next hop reachable via Vl 30 seq 45 redirect 31 1 1 2 ...

Page 600: ...guration is an example for setting up a PBR These are not comprehensive directions They are intended to give you a some guidance with typical configurations You can copy and paste from these examples to your CLI Be sure you make the necessary changes to support your own IP Addresses Interfaces Names etc Graphic illustration of the configuration shown below The Redirect List GOLD defined in this ex...

Page 601: ...st show config ip redirect list GOLD description Route GOLD traffic to ISP_GOLD seq 5 redirect 10 99 99 254 ip 192 168 1 0 24 any seq 10 redirect 10 99 99 254 ip 192 168 2 0 24 any seq 15 permit ip any any Assign Redirect List GOLD to Interface 2 11 EDGE_ROUTER conf int Te 2 11 EDGE_ROUTER conf if Te 2 11 ip add 192 168 3 2 24 EDGE_ROUTER conf if Te 2 11 no shut EDGE_ROUTER conf if Te 2 11 EDGE_RO...

Page 602: ...nf ip redirect list redirect_list_with_track Dell conf redirect list redirect 42 1 1 2 track 3 tcp 155 55 2 0 24 222 22 2 0 24 Dell conf redirect list redirect 42 1 1 2 track 3 tcp any any Dell conf redirect list redirect 42 1 1 2 track 3 udp 155 55 0 0 16 host 144 144 144 144 Dell conf redirect list redirect 42 1 1 2 track 3 udp any host 144 144 144 144 Dell conf redirect list redirect 43 1 1 2 t...

Page 603: ... conf if tu 1 tunnel destination 40 1 1 2 Dell conf if tu 1 tunnel source 40 1 1 1 Dell conf if tu 1 tunnel mode ipip Dell conf if tu 1 tunnel keepalive 60 1 1 2 Dell conf if tu 1 ip address 60 1 1 1 24 Dell conf if tu 1 ipv6 address 600 10 1 64 Dell conf if tu 1 no shutdown Dell conf if tu 1 end Dell Dell configure terminal Dell conf interface tunnel 2 Dell conf if tu 2 tunnel destination 441 10 ...

Page 604: ...ll conf interface TenGigabitEthernet 2 28 Dell conf if te 2 28 ip redirect group explicit_tunnel Dell conf if te 2 28 exit Dell conf end Verify the Applied Redirect Rules Dell show ip redirect list explicit_tunnel IP redirect list explicit_tunnel Defined as seq 5 redirect tunnel 1 track 1 tcp 155 55 2 0 24 222 22 2 0 24 Track 1 up Next hop reachable via Te 1 32 seq 10 redirect tunnel 1 track 1 tcp...

Page 605: ...M SM initially uses unidirectional shared trees to forward multicast traffic that is all multicast traffic must flow only from the rendezvous point RP to the receivers After a receiver receives traffic from the RP PM SM switches to SPT to forward multicast traffic Every multicast group has an RP and a unidirectional shared tree group specific shared tree Requesting Multicast Traffic A host request...

Page 606: ...n PIM Register packets and unicasts them to the RP 2 The RP decapsulates the PIM Register packets and forwards them if there are any receivers for that group The RP sends a PIM Join message towards the source All routers between the RP and the source including the RP create an S G entry and list the interface on which the message was received as an outgoing interface thus recreating a SPT to the s...

Page 607: ... interface 1 Enable multicast routing on the system CONFIGURATION mode ip multicast routing 2 Enable PIM Sparse mode INTERFACE mode ip pim sparse mode Examples of Viewing PIM SM Information To display which interfaces are enabled with PIM SM use the show ip pim interface command from EXEC Privilege mode Dell show ip pim interface Address Interface Ver Nbr Query DR DR Mode Count Intvl Prio 165 87 3...

Page 608: ...net 2 13 10 87 31 5 192 1 2 1 uptime 00 01 24 expires 00 02 26 flags FT Incoming interface TenGigabitEthernet 2 11 RPF neighbor 0 0 0 0 Outgoing interface list TenGigabitEthernet 1 11 TenGigabitEthernet 1 12 TenGigabitEthernet 2 13 More Configuring S G Expiry Timers By default S G entries expire in 210 seconds You can configure a global expiry time for all S G entries or configure an expiry time f...

Page 609: ...seq 15 permit ip 100 1 0 0 16 any Dell config ext nacl exit Dell conf ip pim sparse mode sg expiry timer 1800 sg list SGtimer To display the expiry time configuration use the show running configuration acl pim command from EXEC Privilege mode Configuring a Static Rendezvous Point The rendezvous point RP is a PIM enabled interface on a router that acts as the root a group specific tree every group ...

Page 610: ...lected to act on behalf of directly connected hosts This router is the designated router DR The DR is elected using hello messages Each PIM router learns about its neighbors by periodically sending a hello message out of each PIM enabled interface Hello messages contain the IP address of the interface out of which it is sent and a DR priority value The router with the greatest priority value is th...

Page 611: ...CONFIGURATION mode ip pim graceful restart nsf option restart time the time the Dell Networking system requires to restart The default value is 180 seconds option stale entry time the maximum amount of time that the Dell Networking system preserves entries from a restarting neighbor The default value is 60 seconds option helper only this mode takes precedence over any graceful restart configuratio...

Page 612: ...SM also solves the multicast address allocation problem Applications must use unique multicast addresses because if multiple applications use the same address receivers receive unwanted traffic However global multicast address space is limited Currently GLOP EGLOP is used to statically assign Internet routable multicast addresses but each autonomous system number yields only 255 multicast addresse...

Page 613: ...address 224 0 0 0 4 ip pim ssm range ssm R1 conf do show run acl ip access list standard ssm seq 5 permit host 239 0 0 2 R1 conf do show ip pim ssm range Group Address MaskLen 239 0 0 2 32 Use PIM SSM with IGMP Version 2 Hosts PIM SSM requires receivers that support IGMP version 3 You can employ PIM SSM even when receivers support only IGMP version 1 or version 2 by translating G entries to S G en...

Page 614: ...ing To display the list of sources mapped to a group currently in the IGMP group table use the show ip igmp groups group detail command Configuring PIM SSM with IGMPv2 R1 conf do show run pim ip pim rp address 10 11 12 2 group address 224 0 0 0 4 ip pim ssm range ssm R1 conf do show run acl ip access list standard map seq 5 permit host 239 0 0 2 ip access list standard ssm seq 5 permit host 239 0 ...

Page 615: ...f do show ip igmp ssm map IGMP Connected Group Membership Group Address Interface Mode Uptime Expires Last Reporter 239 0 0 2 Vlan 300 IGMPv2 Compat 00 00 36 Never 10 11 3 2 Member Ports Te 1 1 1 R1 conf do show ip igmp ssm map 239 0 0 2 SSM Map Information Group 239 0 0 2 Source s 10 11 5 2 R1 conf do show ip igmp groups detail Interface Vlan 300 Group 239 0 0 2 Uptime 00 00 01 Expires Never Rout...

Page 616: ...ork Important Points to Remember Port Monitoring is supported on both physical and logical interfaces like virtual area network VLAN and port channel The monitored the source MD and monitoring ports the destination MG must be on the same switch In general a monitoring port should have no ip address and no shutdown as the only configuration Dell Networking OS permits a limited set of commands for m...

Page 617: ... sess 5 Dell conf mon ses 300 Dell conf mon sess 300 source tengig 1 17 destination tengig 1 4 direction tx Error Exceeding max MG ports for this MD port pipe Dell conf mon sess 300 Dell conf mon sess 300 source tengig 1 17 destination tengig 1 1 direction tx Dell conf mon sess 300 do show mon session SessionID Source Destination Direction Mode Type 0 Te 1 13 Te 2 1 rx interface Port based 10 Te 1...

Page 618: ...D port is a Layer 2 port the frames are tagged with the VLAN ID of the VLAN to which the MD belongs If the MD port is a Layer 3 port the frames are tagged with VLAN ID 4095 If the MD port is in a Layer 3 VLAN the frames are tagged with the respective Layer 3 VLAN ID For example in the configuration source TeGig 6 1 destination TeGig 6 2 direction tx if the MD port TenGig 6 1 is an untagged member ...

Page 619: ...ce Destination Dir Mode Source IP Dest IP 0 Te 1 1 Te 1 2 rx Port N A N A Dell conf monitor session 0 Dell conf mon sess 0 source po 10 dest ten 1 2 dir rx Dell conf mon sess 0 do show monitor session SessID Source Destination Dir Mode Source IP Dest IP 0 Te 1 1 Te 1 2 rx Port N A N A 0 Po 10 Te 1 2 rx Port N A N A Dell conf monitor session 1 Dell conf mon sess 1 source vl 40 dest ten 1 3 dir rx D...

Page 620: ... Layer 2 and Layer 3 ingress and egress traffic You can specify traffic using standard or extended access lists 1 Enable flow based monitoring for a monitoring session MONITOR SESSION mode flow based enable 2 Define in access list rules that include the keyword monitor For port monitoring Dell Networking OS only considers traffic matching rules with the keyword monitor CONFIGURATION mode ip access...

Page 621: ...rection Mode Type 0 Te 1 1 Te 1 2 rx interface Flow based Remote Port Mirroring While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port on the same switch router remote port mirroring allows you to monitor Layer 2 and Layer 3 ingress and or egress traffic on multiple source ports on different switches and forward the mirrored tr...

Page 622: ...N for transporting mirrored traffic configured on source intermediate and destination switches and a destination session destination ports connected to analyzers on destination switches Configuration Notes When you configure remote port mirroring the following conditions apply You can configure any switch in the network with source ports and destination ports and allow it to function in an interme...

Page 623: ... switch that receives the traffic if the switch has a L3 VLAN configured In a source session used for remote port mirroring Maximum number of source sessions supported on a switch 4 Maximum number of source ports supported in a source session 128 You can configure physical ports and port channels as sources in remote port mirroring and use them in the same source session You can use both Layer 2 c...

Page 624: ...mode Dell conf mon sess 2 show config monitor session 2 type rpm source fortyGigE 1 52 destination remote vlan 300 direction rx source Port channel 10 destination remote vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch enter the show monitor session command in EXEC Privilege mode Dell conf do show monitor ses...

Page 625: ...der for a rpm session to be active Configuring the sample Source Remote Port Mirroring Dell conf interface vlan 10 Dell conf if vl 10 mode remote port mirroring Dell conf if vl 10 tagged te 1 4 Dell conf if vl 10 exit Dell conf monitor session 1 type rpm Dell conf mon sess 1 source te 1 5 destination remote vlan 10 dir rx Dell conf mon sess 1 no disable Dell conf mon sess 1 exit Dell conf inte vla...

Page 626: ...x Port N A N A 2 Vl 100 remote vlan 20 rx Flow N A N A 3 Po 10 remote vlan 30 both Port N A N A Dell Configuring the sample Source Remote Port Mirroring Dell conf inte te 1 1 Dell conf if te 1 1 switchport Dell conf if te 1 1 no shutdown Dell conf if te 1 1 exit Dell conf interface te 1 2 Dell conf if te 1 2 switchport Dell conf if te 1 2 no shutdown Dell conf if te 1 2 exit Dell conf interface te...

Page 627: ...to avoid BPDU issues 1 Enable control plane egress acl using the following command mac control plane egress acl 2 Create an extended MAC access list and add a deny rule of 0x0180c2xxxxxx packets using the following commands mac access list extended mac2 seq 5 deny any 01 80 c2 00 00 00 00 00 00 ff ff ff count 3 Apply ACL on that RPM VLAN In this example RPM vlan is 10 Dell show running config inte...

Page 628: ...d in case of source as vlan or where monitoring on a per flow basis is desired The keyword monitor should have been specified in the access list rules for which we need to mirror The maximum number of source ports that can be defined in a session is 128 The system allows to configure upto 4 ERPM sessions ERPM sessions do not copy locally sourced Remote VLAN traffic from source trunk ports that car...

Page 629: ... 2 Dell conf mon sess 0 no disable Dell conf monitor session 1 type erpm Dell conf mon sess 1 source vlan 11 direction rx Dell conf mon sess 1 erpm source ip 5 1 1 1 dest ip 3 1 1 2 Dell conf mon sess 1 flow based enable Dell conf mon sess 1 no disable Dell show monitor session SessID Source Destination Dir Mode Source IP Dest IP 0 Te 1 9 remote ip rx Port 1 1 1 1 7 1 1 2 0 Po 1 remote ip tx Port ...

Page 630: ...es not support IP interface a destination switch will be needed to receive the encapsulated ERPM packet and locally mirror the whole packet to the Sniffer or a Linux Server Decapsulation of ERPM packets at the Destination IP Analyzer In order to achieve the decapsulation of the original payload from the ERPM header The below two methods are suggested a Using Network Analyzer Install any well known...

Page 631: ...n ERPM packet starting from the bit where GRE header ends Basically all the bits after 0x88BE need to be removed from the packet and sent out through another interface This script erpm zip is available for download at the following location http en community dell com techcenter networking m force10_networking_scripts 20438882 aspx Unzip the erpm zip and copy the erpm py file to the Linux server Ru...

Page 632: ...the same primary VLAN In more detail community VLANs are especially useful in the service provider environment because multiple customers are likely to maintain servers that must be strictly separated in customer specific groups A set of servers owned by a customer could comprise a community VLAN so that those servers could communicate with each other and would be isolated from other customers Ano...

Page 633: ...ous port can be part of more than one primary VLAN A promiscuous port cannot be added to a regular VLAN Trunk port carries traffic between switches A trunk port in a PVLAN is always tagged In tagged mode the trunk port carries the primary or secondary VLAN traffic The tag on the packet helps identify the VLAN to which the packet belongs A trunk port can also belong to a regular VLAN non private VL...

Page 634: ...NOTE Secondary VLANs are Layer 2 VLANs so even if they are operationally down while primary VLANs are operationally up Layer 3 traffic is still transmitted across secondary VLANs NOTE The outputs of the show arp and show vlan commands provide PVLAN data For more information refer to the Dell Networking OS Command Line Reference Guide Configuration Task List The following sections contain the proce...

Page 635: ...gabitEthernet 2 2 Dell conf if te 2 2 switchport mode private vlan host Dell conf interface TenGigabitEthernet 2 3 Dell conf if te 2 3 switchport mode private vlan trunk Dell conf interface TenGigabitEthernet 2 2 Dell conf if te 2 2 switchport mode private vlan host Dell conf interface port channel 10 Dell conf if po 10 switchport mode private vlan promiscuous Creating a Primary VLAN A primary VLA...

Page 636: ...ous ports or PVLAN trunk ports to the PVLAN no host or regular ports 6 OPTIONAL Assign an IP address to the VLAN INTERFACE VLAN mode ip address ip address 7 OPTIONAL Enable disable Layer 3 communication between secondary VLANs INTERFACE VLAN mode ip local proxy arp NOTE If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the same VLAN the packet is NOT dropped Cr...

Page 637: ...rivate vlan mode isolated 4 Add one or more host ports to the VLAN INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format either comma delimited slot port port port or hyphenated slot port port You can only add ports defined as host to the VLAN Example of Configuring Private VLAN Members The following example shows the use of the PVLAN com...

Page 638: ... configured as a PVLAN trunk port also assigned to the primary VLAN 4000 Te 1 24 and Te 1 47 are configured as host ports and assigned to the isolated VLAN VLAN 4003 Te 4 1 and Te 23 are configured as host ports and assigned to the community VLAN VLAN 4001 Te 4 24 and Te 4 47 are configured as host ports and assigned to community VLAN 4002 The result is that The ports in community VLAN 4001 can co...

Page 639: ...n one secondary VLAN and destined for host PVLAN ports in the other switch travel through the promiscuous ports in the local VLAN 4000 and then through the trunk ports 1 25 in each switch Inspecting the Private VLAN Configuration The standard methods of inspecting configurations also apply in PVLANs To inspect your PVLAN configurations use the following commands Display the specific interface conf...

Page 640: ...e shows using the show vlan private vlan mapping command S50 1 show vlan private vlan mapping Private Vlan Primary 4000 Isolated 4003 Community 4001 NOTE In the following example notice the addition of the PVLAN codes P I and C in the left column The following example shows viewing the VLAN status S50V show vlan Codes Default VLAN G GVRP VLANs P Primary C Community I Isolated Q U Untagged T Tagged...

Page 641: ...hport mode private vlan host no shutdown interface TenGigabitEthernet 1 25 no ip address switchport switchport mode private vlan trunk no shutdown interface Vlan 4000 private vlan mode primary private vlan mapping secondary vlan 4001 4003 no ip address tagged TenGigabitEthernet 1 3 25 no shutdown interface Vlan 4001 private vlan mode community Private VLANs PVLAN 641 ...

Page 642: ...hird party that allows you to configure a separate spanning tree instance for each virtual local area network VLAN For more information about spanning tree refer to the Spanning Tree Protocol STP chapter Figure 91 Per VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree as shown in the following table 642 Per VLAN Spanning Tree Plus PVST ...

Page 643: ... you intended Configure Per VLAN Spanning Tree Plus Configuring PVST is a four step process 1 Configure interfaces for Layer 2 2 Place the interfaces in VLANs 3 Enable PVST 4 Optionally for load balancing select a nondefault bridge priority for a VLAN Related Configuration Tasks Modifying Global PVST Parameters Modifying Interface PVST Parameters Configuring an EdgePort Flush MAC Addresses after a...

Page 644: ...Dell_E600 conf pvst show config verbose protocol spanning tree pvst no disable vlan 100 bridge priority 4096 Influencing PVST Root Selection As shown in the previous per VLAN spanning tree illustration all VLANs use the same forwarding topology because R2 is elected the root and all TenGigabitEthernet ports have the same cost The following per VLAN spanning tree illustration changes the bridge pri...

Page 645: ...assign bridges a low non default value for bridge priority To assign a bridge priority use the following command Assign a bridge priority PROTOCOL PVST mode vlan bridge priority The range is from 0 to 61440 The default is 32768 Example of the show spanning tree pvst vlan Command To display the PVST forwarding topology use the show spanning tree pvst vlan vlan id command from EXEC Privilege mode De...

Page 646: ... d6 Designated bridge has priority 4096 address 0001 e80d b6 d6 Designated port id is 128 385 designated path cost 0 Modifying Global PVST Parameters The root bridge sets the values for forward delay and hello time and overwrites the values set on other PVST bridges Forward delay the amount of time an interface waits in the Listening state and the Learning state before it transitions to the Forwar...

Page 647: ... for Port Cost Port Cost Default Value 100 Mb s Ethernet interfaces 200000 1 Gigabit Ethernet interfaces 20000 10 Gigabit Ethernet interfaces 2000 Port Channel with 100 Mb s Ethernet interfaces 180000 Port Channel with 1 Gigabit Ethernet interfaces 18000 Port Channel with 10 Gigabit Ethernet interfaces 1800 NOTE The Dell Networking OS implementation of PVST uses IEEE 802 1s costs as the default co...

Page 648: ...command Enable EdgePort on an interface INTERFACE mode spanning tree pvst edge port bpduguard shutdown on violation The EdgePort status of each interface is given in the output of the show spanning tree pvst command as previously shown Dell Networking OS Behavior Regarding the bpduguard shutdown on violation command behavior If the interface to be shut down is a port channel all the member ports a...

Page 649: ...lowing example ports P1 and P2 are untagged members of different VLANs These ports are untagged because the hub is VLAN unaware There is no data loop in this scenario however you can employ PVST to avoid potential misconfigurations If you enable PVST on the Dell Networking switch in this network P1 and P2 receive BPDUs from each other Ordinarily the Bridge ID in the frame matches the Root ID a loo...

Page 650: ... of PVST Configuration R1 interface TenGigabitEthernet 1 22 no ip address switchport no shutdown interface TenGigabitEthernet 1 32 no ip address switchport no shutdown protocol spanning tree pvst no disable vlan 100 bridge priority 4096 interface Vlan 100 no ip address tagged TenGigabitEthernet 1 22 32 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 1 22 32 no shutdown inter...

Page 651: ...T Configuration R3 interface TenGigabitEthernet 3 12 no ip address switchport no shutdown interface TenGigabitEthernet 3 22 no ip address switchport no shutdown interface Vlan 100 no ip address tagged TenGigabitEthernet 3 12 22 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3 12 22 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 3 12 22 no shutdown pr...

Page 652: ...fic Ingress Configure Port based Rate Policing Ingress Configure Port based Rate Shaping Egress Policy Based QoS Configurations Ingress Egress Classify Traffic Ingress Create a Layer 3 Class Map Ingress Set DSCP Values for Egress Packets Based on Flow Ingress Create a Layer 2 Class Map Ingress Create a QoS Policy Ingress Egress Create an Input QoS Policy Ingress Configure Policy Based Rate Policin...

Page 653: ...ss Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict Priority Queueing Weighted Random Early Detection Egress Create WRED Profiles Egress Quality of Service QoS 653 ...

Page 654: ... 2474 Definition of the Differentiated Services Field DS Field in the IPv4 Headers RFC 2475 An Architecture for Differentiated Services RFC 2597 Assured Forwarding PHB Group RFC 2598 An Expedited Forwarding PHB You cannot configure port based and policy based QoS on the same interface Port Based QoS Configurations You can configure the following QoS features on an interface Setting dot1p Prioritie...

Page 655: ... tengigabitethernet 1 1 Dell conf if te 1 1 switchport Dell conf if te 1 1 dot1p priority 1 Dell conf if te 1 1 end Honoring dot1p Priorities on Ingress Traffic By default Dell Networking OS does not honor dot1p priorities on ingress traffic You can configure this feature on physical interfaces and port channels but you cannot configure it on individual interfaces in a port channel You can configu...

Page 656: ...gged Internally the ASIC adds a 4 bytes tag to received untagged frames Though these 4 bytes are not part of the untagged frame received on the wire they are included in the rate metering calculation resulting in metering inaccuracy Configuring Port Based Rate Policing If the interface is a member of a VLAN you may specify the VLAN for which ingress packets are policed Rate policing ingress traffi...

Page 657: ...terface tengigabitethernet 1 1 Dell conf if te 1 1 rate shape 500 50 Dell conf if te 1 1 end Policy Based QoS Configurations Policy based QoS configurations consist of the components shown in the following example Figure 95 Constructing Policy Based QoS Configurations Quality of Service QoS 657 ...

Page 658: ...eating a Layer 3 class map 1 Create a match any class map CONFIGURATION mode class map match any 2 Create a match all class map CONFIGURATION mode class map match all 3 Specify your match criteria CLASS MAP mode match ip ipv6 ip any After you create a class map Dell Networking OS places you in CLASS MAP mode Match any class maps allow up to five ACLs Match all class maps allow only one ACL 4 Link ...

Page 659: ...rentiates traffic according to 802 1p value and or VLAN and or characteristics defined in a MAC ACL Use Step 1 or Step 2 to start creating a Layer 2 class map 1 Create a match any class map CONFIGURATION mode class map match any 2 Create a match all class map CONFIGURATION mode class map match all 3 Specify your match criteria CLASS MAP mode match mac After you create a class map Dell Networking O...

Page 660: ... any rule in a Layer 3 ACL used in a match any or match all class map creates a default to Queue 0 entry in the CAM which causes unintended traffic classification In the following example traffic is classified in two Queues 1 and 2 Class map ClassAF1 is match any and ClassAF2 is match all Display all class maps or a specific class map EXEC Privilege mode show qos class map Examples of Traffic Clas...

Page 661: ...p Src Dst SrcIp DstIp DSCP Queue Index Flag Port Port Marking 20416 1 18 IP 0x0 0 0 23 64 0 5 32 0 0 0 0 0 20 2 20417 1 0 IP 0x0 0 0 23 64 0 2 32 0 0 0 0 0 10 1 20418 1 0 IP 0x0 0 0 23 64 0 3 32 0 0 0 0 0 12 1 20419 1 10 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 14 1 24511 1 0 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 0 Create a QoS Policy There are two types of QoS policies input and output Input QoS policies regulate L...

Page 662: ...figuring Policy Based Rate Policing To configure policy based rate policing use the following command Configure rate police ingress traffic QOS POLICY IN mode rate police Setting a dot1p Value for Egress Packets To set a dot1p value for egress packets use the following command Set a dscp or dot1p value for egress packets QOS POLICY IN mode set mac dot1p Creating an Output QoS Policy To create an o...

Page 663: ...ent Percentage 0 1 6 67 1 2 13 33 2 4 26 67 3 8 53 33 Allocate bandwidth to queues bandwidth percentage Specifying WRED Drop Precedence Specify a WRED profile to yellow and or green traffic QOS POLICY OUT mode wred For more information refer to Applying a WRED Profile to Traffic Create Policy Maps There are two types of policy maps input and output Creating Input Policy Maps There are two types of...

Page 664: ...orking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP values When you configure trust DSCP the matched packets and matched bytes counters are not incremented in the show qos statistics Table 42 Default DSCP to Queue Mapping DSCP CP hex range X...

Page 665: ...y in Honoring dot1p Values on Ingress Packets You may apply this queuing strategy globally by entering the following command from CONFIGURATION mode All dot1p traffic is mapped to Queue 0 unless you enable service class dynamic dot1p on an interface or globally Layer 2 or Layer 3 service policies supersede dot1p service classes Create service classes INTERFACE mode service class dynamic dot1p Guar...

Page 666: ...opriate color mapping green yellow red for the input traffic The system uses this information to classify input traffic on an interface based on the DSCP value of each packet and assigns it an initial drop precedence of green yellow or red The default setting for each DSCP value 0 63 is green low drop precedence The DSCP color map allows you to set the number of specific DSCP values to yellow or r...

Page 667: ... values to 9 10 11 13 15 16 Dell conf qos dscp color map bat enclave map Dell conf dscp color map dscp yellow 9 10 11 13 15 16 Dell conf dscp color map exit Assign the color map bat enclave map to interface te 1 11 Dell conf interface tengigabitethernet 1 11 Dell conf if te 1 11 qos dscp color policy bat enclave map Displaying DSCP Color Maps To display DSCP color maps use the show qos dscp color ...

Page 668: ... a color policy for a specific interface Dell show qos dscp color policy summary tengigabitethernet 1 10 Interface dscp color map TE 1 10 mapONE Display detailed information about a color policy for a specific interface Dell show qos dscp color policy detail tengigabitethernet 1 10 Interface TenGigabitEthernet 1 10 Dscp color map mapONE yellow 4 7 red 20 30 Creating Output Policy Maps 1 Create an ...

Page 669: ...tination address to the CRC are used for forwarding and are included in these rate metering calculations The Ethernet packet format consists of Preamble 7 bytes Preamble Start frame delimiter SFD 1 byte Destination MAC address 6 bytes Source MAC address 6 bytes Ethernet Type Length 2 bytes Payload variable Cyclic redundancy check CRC 4 bytes Inter frame gap IFG variable You can optionally include ...

Page 670: ...s In this case the space on the buffer and traffic manager BTM ingress or egress can be consumed by only one or a few types of traffic leaving no space for other types You can apply a WRED profile to a policy map so that specified traffic can be prevented from consuming too much of the BTM resources WRED uses a profile to specify minimum and maximum threshold values The minimum threshold is the al...

Page 671: ...ng OS should apply the profile Dell Networking OS assigns a color also called drop precedence red yellow or green to each packet based on it DSCP value before queuing it DSCP is a 6 bit field Dell Networking uses the first three bits LSB of this field DP to determine the drop precedence DP values of 110 and 100 101 map to yellow all other values map to green If you do not configure Dell Networking...

Page 672: ...onfiguration might cause unintentional system behavior EX2YD 12 DIFFSERV 2 DSA_QOS_CAM_INSTALL_FAILED Not enough space in L3 Cam PolicyQos for class 2 TeGi 12 20 entries on portpipe 1 The test cam usage command allows you to verify that there are enough available CAM entries before applying a policy map to an interface so that you avoid exceeding the QoS CAM space and partial configurations This c...

Page 673: ...he Z9000 platform The WRED congestion avoidance functionality drops packets to prevent buffering resources from being consumed Traffic is a mixture of various kinds of packets The rate at which some types of packets arrive might be greater than others In this case the space on the buffer and traffic manager BTM ingress or egress can be consumed by only one or few types of traffic leaving no space ...

Page 674: ... the Z9000 platform Support for global service pools is now available You can configure global service pools that are shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed Z9000 platform support four global service pools in the egress direction Two service pools are used one for loss based queues and the other for lossless priority based flo...

Page 675: ...ctionality to configure a weight factor for the WRED and ECN functionality for backplane ports is supported on the Z9000 platform The functionality to configure a weight for WRED and ECN functionality for front end ports is supported on the Z9000 platform A global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed can...

Page 676: ...hresh 1 Dell conf service class wred weight backplane queue0 11 queue6 4 queue7 9 5 Create a global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed The Z9000 platform supports only pool 0 mode Dell conf service pool wred green pool0 thresh 1 pool1 thresh 2 Dell conf service pool wred yellow pool0 thresh 3 pool1 thr...

Page 677: ...essing on the default queue0 Dell Networking OS can be configured as below to mark the non ecn packets as yellow packets ip access list standard ecn_0 seq 5 permit any ecn 0 class map match any ecn_0_cmap match ip access group ecn_0 set color yellow policy map input ecn_0_pmap service queue 0 class map ecn_0_cmap Applying this policy map ecn_0_pmap will mark all the packets with ecn 0 as yellow pa...

Page 678: ...DSCP field of the IPv4 packet As a part of this feature the 2 bit ECN field of the IPv4 packet will also be available to be configured as one of the match qualifier This way the entire 8 bit ToS field of the IPv4 header shall be used to classify traffic The Dell Networking OS Release 9 3 0 0 supports the following QOS actions in the ingress policy based QOS 1 Rate Policing 2 Queuing 3 Marking For ...

Page 679: ...command to mark the color of the traffic as yellow would be added in the match ip sequence of the class map configuration By default all packets are considered as green without the rate policer and trust diffserve configuration and hence support would be provided to mark the packets as yellow alone will be provided By default Dell Networking OS drops all the RED or violate packets The following co...

Page 680: ...any dscp 40 ecn 0 class map match any class_dscp_40 match ip access group dscp_40_non_ecn set color yellow match ip access group dscp_40 class map match any class_dscp_50 match ip access group dscp_50_non_ecn set color yellow match ip access group dscp_50 policy map input pmap_dscp_40_50 service queue 2 class map class_dscp_40 service queue 3 class map class_dscp_50 Approach with explicit ECN matc...

Page 681: ...dress or a VLAN sub interface CONFIGURATION mode Dell conf interface fo 1 4 INTERFACE mode Dell conf if fo 1 4 ip address 90 1 1 1 16 2 Configure a Layer 2 QoS policy with Layer 2 Dot1p or source MAC based match criteria CONFIGURATION mode Dell conf policy map input l2p layer2 3 Apply the Layer 2 policy on a Layer 3 interface INTERFACE mode Dell conf if fo 1 4 service policy input l2p layer2 Apply...

Page 682: ..._classmap 2 Configure a DSCP value as a match criterion CLASS MAP mode Dell conf class map match ipdscp 5 3 Configure an IP VLAN ID as a match criterion CLASS MAP mode Dell conf class map match ip vlan 5 4 Create a QoS input policy CONFIGURATION mode Dell conf qos policy input pp_qospolicy 5 Configure the DSCP value to be set on matched packets QOS POLICY IN mode Dell conf qos policy in set ip dsc...

Page 683: ... message In RIPv1 automatic updates to the routing table are performed as either one time requests or periodic responses every 30 seconds RIP transports its responses or requests by means of user datagram protocol UDP over port 520 RIP must receive regular routing updates to maintain a correct routing table Response messages containing a router s full routing table are transmitted every 30 seconds...

Page 684: ...OUTER RIP and INTERFACE Commands executed in the ROUTER RIP mode configure RIP globally while commands executed in the INTERFACE mode configure RIP features on that interface only RIP is best suited for small homogeneous networks You must configure all devices within the RIP network to support RIP if they are to participate in the RIP Configuration Task List The following is the configuration task...

Page 685: ...how running config command in EXEC mode or the show config command in ROUTER RIP mode Dell conf router_rip show config router rip network 10 0 0 0 Dell conf router_rip When the RIP process has learned the RIP routes use the show ip rip database command in EXEC mode to view those routes Dell show ip rip database Total number of routes in RIP database 978 160 160 0 0 16 120 1 via 29 10 10 12 00 00 2...

Page 686: ...8 auto summary 29 10 10 0 24 directly connected Fa 1 49 29 0 0 0 8 auto summary 31 0 0 0 8 120 1 via 29 10 10 12 00 00 26 Fa 1 49 31 0 0 0 8 auto summary 192 162 2 0 24 120 1 via 29 10 10 12 00 01 21 Fa 1 49 192 162 2 0 24 auto summary 192 161 1 0 24 120 1 via 29 10 10 12 00 00 27 Fa 1 49 192 161 1 0 24 auto summary 192 162 3 0 24 120 1 via 29 10 10 12 00 01 22 Fa 1 49 192 162 3 0 24 auto summary ...

Page 687: ... Those routes must meet the conditions of the prefix list if not Dell Networking OS drops the route Prefix lists are globally applied on all interfaces running RIP Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process For configuration information about prefix lists refer to Access Control Lists ACLs To apply prefix lists to incoming or outgoing RIP routes use the ...

Page 688: ... ip rip receive version commands in INTERFACE mode You can set one RIP version globally on the system using system This command sets the RIP version for RIP traffic on the interfaces participating in RIP unless the interface was specifically configured for a specific RIP version Set the RIP version sent and received on the system ROUTER RIP mode version 1 2 Set the RIP versions received on that in...

Page 689: ... that both versions are sent out that interface This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally shown in bold Dell show ip protocols Routing Protocols is RIP Sending updates every 30 seconds next due in 11 Invalid after 180 seconds hold down 180 flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in ...

Page 690: ... requires no other configuration commands To disable automatic route summarization enter no autosummary in ROUTER RIP mode NOTE If you enable the ip split horizon command on an interface the system does not advertise the summarized address Controlling Route Metrics As a distance vector protocol RIP uses hop counts to determine the best route but sometimes the shortest hop count is a route over the...

Page 691: ...en you enable debugging you can view information on RIP protocol changes or RIP routes To enable RIP debugging use the following command debug ip rip interface database events trigger EXEC privilege mode Enable debugging of RIP Example of the debug ip rip Command The following example shows the confirmation when you enable the debug function Dell debug ip rip RIP protocol debug is ON Dell To disab...

Page 692: ... show ip rip database command To display Core 2 RIP setup use the show ip route command To display Core 2 RIP activity use the show ip protocols command The following example shows the show ip rip database command to view the learned RIP routes on Core 2 Core2 conf router_rip end 00 12 24 RPM0 P CP SYS 5 CONFIG_I Configured from console by console Core2 show ip rip database Total number of routes ...

Page 693: ... 20 1 Te 2 3 120 1 00 01 20 R 192 168 2 0 24 via 10 11 20 1 Te 2 3 120 1 00 01 20 Core2 R 192 168 1 0 24 via 10 11 20 1 Te 2 3 120 1 00 05 22 R 192 168 2 0 24 via 10 11 20 1 Te 2 3 120 1 00 05 22 Core2 The following example shows the show ip protocols command to show the RIP configuration activity on Core 2 Core2 show ip protocols Routing Protocol is RIP Sending updates every 30 seconds next due i...

Page 694: ...ew the learned RIP routes on Core 3 Core3 show ip rip database Total number of routes in RIP database 7 10 11 10 0 24 120 1 via 10 11 20 2 00 00 13 TenGigabitEthernet 3 21 10 200 10 0 24 120 1 via 10 11 20 2 00 00 13 TenGigabitEthernet 3 21 10 300 10 0 24 120 1 via 10 11 20 2 00 00 13 TenGigabitEthernet 3 21 10 11 20 0 24 directly connected TenGigabitEthernet 3 21 10 11 30 0 24 directly connected ...

Page 695: ...n packets Automatic network summarization is in effect Outgoing filter for all interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control receive version 2 send version 2 Interface Recv Send TenGigabitEthernet 3 21 2 2 TenGigabitEthernet 3 11 2 2 TenGigabitEthernet 3 24 2 2 TenGigabitEthernet 3 23 2 2 Routing for Networks 10 11 20 0 10 11 30 0 19...

Page 696: ... interface TenGigabitEthernet 3 1 ip address 10 11 30 1 24 no shutdown interface TenGigabitEthernet 3 2 ip address 10 11 20 1 24 no shutdown interface TenGigabitEthernet 3 4 ip address 192 168 1 1 24 no shutdown interface TenGigabitEthernet 3 5 ip address 192 168 2 1 24 no shutdown router rip version 2 network 10 11 20 0 network 10 11 30 0 network 192 168 1 0 network 192 168 2 0 696 Routing Inform...

Page 697: ...entation description refer to Simple Network Management Protocol SNMP Configuring RMON requires using the RMON CLI and includes the following tasks Setting the rmon Alarm Configuring an RMON Event Configuring RMON Collection Statistics Configuring the RMON Collection History RMON implements the following standard request for comments RFCs for more information refer to the Standards Compliance chap...

Page 698: ...m 1 to 65 535 the value must be unique in the RMON Alarm Table variable the MIB object to monitor the variable must be in SNMP OID format for example 1 3 6 1 2 1 1 3 The object type must be a 32 bit integer for the rmon alarm command and 64 bits for the rmon hc alarm command interval time in seconds the alarm monitors the MIB variable the value must be between 1 to 3 600 delta tests the change bet...

Page 699: ...n an event number in integer format from 1 to 65535 The number value must be unique in the RMON event table log Optional enter the keyword log to generate an RMON event log it sets the eventType to either log or log and snmptrap in the RMON event table The default is None trap community Optional enter the keyword trap and SNMP community string to generate SNMP traps for an RMON event entry it sets...

Page 700: ...tion history command in INTERFACE CONFIGURATION mode Configure the RMON MIB history group of statistics collection CONFIGURATION INTERFACE config if mode no rmon collection history controlEntry integer owner ownername buckets bucket number interval seconds controlEntry specifies the RMON group of statistics using a value integer a value from 1 to 65 535 that identifies the RMON group of statistics...

Page 701: ...ction history group of statistics with an ID number of 20 and an owner of john both the sampling interval and the number of buckets use their respective defaults Dell conf if mgmt rmon collection history controlEntry 20 owner john Remote Monitoring RMON 701 ...

Page 702: ...ation Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Configuring Rapid Spanning Tree Configuring RSTP is a two step process 1 Configure interfaces for Layer 2 2 Enable the rapid spanning tree protocol Related Configuration Tasks Adding and Removing Interfaces Modifying Global Parame...

Page 703: ...ions help you avoid these issues and the associated traffic loss caused by using RSTP when you enable VLT on both VLT peers Configure any ports at the edge of the spanning tree s operating domain as edge ports which are directly connected to end stations or server racks Ports connected directly to Layer 3 only routers not running STP should have RSTP disabled or be configured as edge ports Ensure ...

Page 704: ...om any bridge to any other bridge is enabled Bridges block a redundant path by disabling one of the link ports To enable RSTP globally for all Layer 2 interfaces use the following commands 1 Enter PROTOCOL SPANNING TREE RSTP mode CONFIGURATION mode protocol spanning tree rstp 2 Enable RSTP PROTOCOL SPANNING TREE RSTP mode no disable Examples of the RSTP show Commands To disable RSTP globally for a...

Page 705: ... changes 4 last change occurred 00 02 17 ago on Te 1 26 Port 377 TenGigabitEthernet 2 1 is designated Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 377 Designated root has priority 32768 address 0001 e801 cbb4 Designated bridge has priority 32768 address 0001 e801 cbb4 Designated port id is 128 377 designated path cost 0 Number of transitions to forwarding state 1 BPDU sent...

Page 706: ...g Tree Protocol Root ID Priority 32768 Address 0001 e801 cbb4 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 32768 Address 0001 e80f 1dad Configured hello time 2 max age 20 forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID Te 3 1 128 681 128 20000 BLK 20000 32768 0001 e80b 88bd 128 469 Te 3 2 128 682 128 20000 BLK 20000 32768 0001 e80b 8...

Page 707: ...ers Poorly planned modification of the RSTP parameters can negatively affect network performance The following table displays the default values for RSTP Table 47 RSTP Default Values RSTP Parameter Default Value Forward Delay 15 seconds Hello Time 2 seconds Max Age 20 seconds Port Cost 100 Mb s Ethernet interfaces 1 Gigabit Ethernet interfaces 10 Gigabit Ethernet interfaces Port Channel with 100 M...

Page 708: ...face Parameters On interfaces in Layer 2 mode you can set the port cost and port priority values Port cost a value that is based on the interface type The previous table lists the default values The greater the port cost the less likely the port is selected to be a forwarding port Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports hav...

Page 709: ... used to make R2 the root bridge shown in bold Dell conf rstp bridge priority 4096 04 27 59 RPM0 P RP2 SPANMGR 5 STP_ROOT_CHANGE RSTP root changed My Bridge ID 4096 0001 e80b 88bd Old Root 32768 0001 e801 cbb4 New Root 4096 0001 e80b 88bd Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner In this mode an interface forwards fr...

Page 710: ...nable EdgePort on an interface INTERFACE mode spanning tree rstp edge port bpduguard shutdown on violation Example of Verifying an EdgePort is Enabled on an Interface To verify that EdgePort is enabled on a port use the show spanning tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode NOTE Dell Networking recommends using the show config command from INTERFACE...

Page 711: ...We are the root Configured hello time 50 ms max age 20 forward delay 15 NOTE The hello time is encoded in BPDUs in increments of 1 256ths of a second The standard minimum hello time in seconds is 1 second which is encoded as 256 Millisecond hello times are encoded using values less than 256 the millisecond hello time equals x 1000 256 When you configure millisecond hellos the default hello interva...

Page 712: ...42 Software Defined Networking SDN Dell Networking operating software supports Software Defined Networking SDN For more information refer to the SDN Deployment Guide 712 Software Defined Networking SDN ...

Page 713: ...ibute value AV pairs and is stored on the access control server As with authentication and authorization you must configure AAA accounting by defining a named list of accounting methods and then applying that list to various virtual terminal line VTY lines Configuration Task List for AAA Accounting The following sections present the AAA accounting configuration tasks Enabling AAA Accounting mandat...

Page 714: ...line where the AAA authentication login method list none command is applied To prevent accounting records from being generated for sessions that do not have usernames associated with them use the following command Prevent accounting records from being generated for users whose username string is NULL CONFIGURATION mode aaa accounting suppress null username Configuring Accounting of EXEC and Privil...

Page 715: ...ication Dell Networking OS supports a distributed client server system implemented through authentication authorization and accounting AAA to help secure networks against unauthorized access In the Dell Networking implementation the Dell Networking system acts as a RADIUS or TACACS client and sends authentication requests to a central remote authentication dial in service RADIUS or Terminal access...

Page 716: ...h RADIUS or TACACS is the last authentication method and the server is not reachable Dell Networking OS allows access even though the username and password credentials cannot be verified Only the console port behaves this way and does so to ensure that users are not locked out of the system if network wide issue prevents access to these servers 1 Define an authentication method list method list na...

Page 717: ... do not set the default list only the local enable is checked This setting has the same effect as issuing an aaa authentication enable default enable command Enabling AAA Authentication RADIUS To enable authentication from the RADIUS server and use TACACS as a backup use the following commands 1 Enable RADIUS and set up TACACS as backup CONFIGURATION mode aaa authentication enable default radius t...

Page 718: ...ds and keys including RADIUS TACACS keys router authentication strings VRRP authentication by obscuring this information Passwords and keys are stored encrypted in the configuration file and by default are displayed in the encrypted form when the configuration is displayed Enabling the service obscure passwords command displays asterisks instead of the encrypted passwords and keys This command pre...

Page 719: ...and is the highest level In this level you can access any command in Dell Networking OS Privilege levels 2 through 14 are not configured and you can customize them for different users and access After you configure other privilege levels enter those levels by adding the level parameter after the enable command or by configuring a user name or password that corresponds to the privilege level For mo...

Page 720: ...d in EXEC Privilege mode Configuring the Enable Password Command To configure Dell Networking OS use the enable command to enter EXEC Privilege level 15 After entering the command Dell Networking OS requests that you enter a password Privilege levels are not assigned to passwords rather passwords are assigned to a privilege level You can always change a password for any privilege level To change t...

Page 721: ...Assign a user name and password CONFIGURATION mode username name access class access list name privilege level nopassword password encryption type password Secret Configure the optional and required parameters name Enter a text string up to 63 characters maximum long access class access list name Restrict access by access class privilege level The range is from 0 to 15 nopassword No password is re...

Page 722: ...s assigned to privilege level 8 because it needs to reach CONFIGURATION mode where the snmp server commands are located Line 4 The snmp server commands in CONFIGURATION mode are assigned to privilege level 8 Dell conf username john privilege 8 password john Dell conf enable password level 8 notjohn Dell conf privilege exec level 8 configure Dell conf privilege config level 8 snmp server Dell conf ...

Page 723: ...is from 0 to 15 Levels 0 1 and 15 are pre configured Levels 2 to 14 are available for custom configuration Specify either a plain text or encrypted password LINE mode password encryption type password Configure the following optional and required parameters encryption type Enter 0 for plain text or 7 for encrypted text password Enter a text string up to 32 characters long To view the password conf...

Page 724: ...ompt displays when the system boots 8 Copy the startup config into the running config 9 To display the content of the startup config remove the previous authentication configuration and set the new authentication parameters The rest of the previous configuration is preserved Example 1 Example 2 Version 2 00 1201 Copyright C 2009 American Megatrends Inc EVALUATION COPY Press DEL or F2 to enter setu...

Page 725: ...assword at login and can be specified as one of the login authentication methods in the aaa authentication login command Idle Time Every session line has its own idle time If the idle time value is not changed the default value of 30 minutes is used RADIUS specifies idle time allow for a user during a session before timeout When a user logs in the lower of the two idle time values configured or de...

Page 726: ...r all RADIUS Server Hosts optional Monitoring RADIUS optional For a complete listing of all Dell Networking OS commands related to RADIUS refer to the Security chapter in the Dell Networking OS Command Reference Guide NOTE RADIUS authentication and authorization are done in a single step Hence authorization cannot be used independent of authentication However if you have configured RADIUS authoriz...

Page 727: ... Server Host When configuring a RADIUS server host you can set different communication parameters such as the UDP port the key password the number of retries and the timeout To specify a RADIUS server host and configure its communication parameters use the following command Enter the host name or IP address of the RADIUS server host CONFIGURATION mode radius server host hostname ip address auth po...

Page 728: ...the same system However if you configure both global and specific host parameters the specific host parameters override the global parameters for that RADIUS server host To set global communication parameters for all RADIUS server hosts use the following commands Set a time interval after which a RADIUS host server is declared dead CONFIGURATION mode radius server deadtime seconds seconds the rang...

Page 729: ...ication methods available is TACACS and the user s name and password are sent for authentication to the TACACS hosts specified To use TACACS to authenticate users specify at least one TACACS server for the system to communicate with and configure TACACS as one of your authentication methods To select TACACS as the login authentication method use the following commands 1 Configure a TACACS server h...

Page 730: ...AL local tacacs aaa authorization exec default tacacs none aaa authorization commands 1 default tacacs none aaa authorization commands 15 default tacacs none aaa accounting exec default start stop tacacs aaa accounting commands 1 default start stop tacacs aaa accounting commands 15 default start stop tacacs Dell conf Dell conf do show run tacacs tacacs server key 7 d05206c308f4d35b tacacs server h...

Page 731: ...rom 0 to 65535 Enter a TCP port number The default is 49 timeout seconds the range is from 0 to 1000 Default is 10 seconds key key enter a string for the key The key can be up to 42 characters long This key must match a key configured on the TACACS server host This parameter must be the last parameter you configure If you do not configure these optional parameters the default global values are app...

Page 732: ...ed by default Enabling SCP and SSH Secure shell SSH is a protocol for secure remote login and other secure network services over an insecure network Dell Networking OS is compatible with SSH versions 1 5 and 2 in both the client and server modes SSH sessions are encrypted and use authentication SSH is enabled by default For details about the command syntax refer to the Security chapter in the Dell...

Page 733: ... one switch to another use the following commands On the chassis invoke SCP CONFIGURATION mode copy scp flash Example of Using SCP to Copy from an SSH Server on Another Switch The following example shows the use of SCP and SSH to copy a software image from one switch running SSH server on UDP port 99 to the local switch Dell copy scp flash Address or name of remote host 10 10 10 1 Port number of t...

Page 734: ...ures the time based rekey threshold for an SSH session to 30 minutes Dell conf ip ssh rekey time 30 The following example configures the volume based rekey threshold for an SSH session to 4096 megabytes Dell conf ip ssh rekey volume 4096 Configuring the SSH Server Key Exchange Algorithm To configure the key exchange algorithm for the SSH server use the ip ssh server kex key exchange algorithm comm...

Page 735: ...5 hmac md5 96 hmac sha1 hmac sha1 96 hmac sha2 256 hmac sha2 256 96 The default HMAC algorithms are the following hmac md5 hmac md5 96 hmac sha1 hmac sha1 96 hmac sha2 256 hmac sha2 256 96 When FIPS is enabled the default HMAC algorithm is hmac sha1 96 Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm list Dell conf ip ssh server mac hmac sha...

Page 736: ...ssword authentication use the following command Enable SSH password authentication CONFIGURATION mode ip ssh password authentication enable Example of Enabling SSH Password Authentication To view your SSH configuration use the show ip ssh command from EXEC Privilege mode Dell conf ip ssh server enable Dell conf ip ssh password authentication enable Dell show ip ssh SSH server enabled SSH server ve...

Page 737: ...n y Enter passphrase empty for no passphrase Enter same passphrase again Your identification has been saved in home admin ssh id_rsa Your public key has been saved in home admin ssh id_rsa pub Configuring Host Based SSH Authentication Authenticate a particular host This method uses SSH version 2 To configure host based authentication use the following commands 1 Configure RSA Authentication Refer ...

Page 738: ...rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8K7jLZRVfjgHJzUOmXxuIbZx AyW hVgJDQh39k8v3e8eQvLnHBIsqIL8jVy1QHhUeb7GaDlJVEDAMz30myqQbJgXBBRTWgBpLWwL doyUXFufjiL9YmoVTkbKcFmxJEMkE3JyHanEi7hg34LChjk9hL1by8cYZP2kYS2lnSyQWk The following example shows creating rhosts admin Unix_client ls id_rsa id_rsa pub rhosts shosts admin Unix_client cat rhosts 10 16 127 201 admin Using Client Based SSH Authentication To SSH from...

Page 739: ...H first enable SSH as previously described By default the Telnet daemon is enabled If you want to disable the Telnet daemon use the following command or disable Telnet in the startup config To enable or disable the Telnet daemon use the no ip telnet server enable command Example of Using Telnet for Remote Login Dell conf ip telnet server enable Dell conf no ip telnet server enable VTY Line and Acc...

Page 740: ...tion to a user Users see a login prompt even if they cannot log in No access class is configured for the VTY line It defaults from the local database Example of Configuring VTY Authorization Based on Access Class Retrieved from a Local Database Per User Dell conf user gooduser password abc privilege 10 access class permitall Dell conf user baduser password abc privilege 10 access class denyall Del...

Page 741: ...lowing example shows how to deny incoming connections from subnet 10 0 0 0 without displaying a login prompt Example of Configuring VTY Authorization Based on MAC ACL for the Line Per MAC Address Dell conf mac access list standard sourcemac Dell config std mac permit 00 00 5e 00 01 01 Dell config std mac deny any Dell conf Dell conf line vty 0 9 Dell config line vty access class sourcemac Dell con...

Page 742: ...n of duty and as a result provides greater security than the hierarchical RBAC model Essentially a constrained model puts some limitations around each role s permissions to allow you to partition of tasks However some inheritance is possible Default command permissions are based on CLI mode such as configure interface router any specific command settings and the permissions allowed by the privileg...

Page 743: ...sistency the best practice is to define the same authentication method list across all lines in the same order of comparison for example VTY and console port You could also use the default authentication method to apply to all the LINES console port VTY NOTE The authentication method list should be in the same order as the authorization method list For example if you configure the authentication m...

Page 744: ... system security administrator for cryptography operations AAA or the commands reserved solely for the system administrator Security Administrator secadmin This user role can control the security policy across the systems that are within a domain or network topology The security administrator commands include FIPS mode enablement password policies inactivity timeouts banner establishment and crypt...

Page 745: ...or can only modify permissions for commands they already have access to Make sure you select the correct role you want to inherit If you inherit a user role you cannot modify or delete the inheritance If you want to change or remove the inheritance delete the user role and create it again If the user role is in use you cannot delete the user role 1 Create a new user role CONFIGURATION mode userrol...

Page 746: ...ddrole keyword followed by the command you are controlling access For information about how to create new roles see also Creating a New User Role The following output displays the modes available for the role command Dell conf role configure Global configuration mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route map Route map configuration mode router Rou...

Page 747: ...trator Can Access Interface Mode The following example shows that the secadmin role can now access Interface mode highlighted in bold Role Inheritance Modes netoperator netadmin Exec Config Interface Router IP RouteMap Protocol MAC secadmin Exec Config Interface Line sysadmin Exec Config Interface Line Router IP RouteMap Protocol MAC Example Remove Security Administrator Access to Line Mode The fo...

Page 748: ... Example The following example creates a user name that is authenticated based on a user role Dell conf username john password 0 password role secadmin The following example deletes a user role NOTE If you already have a user ID that exists with a privilege level you can add the user role to username that has a privilege Dell conf no username john The following example adds a user to the secadmin ...

Page 749: ...s provided their role is permitted to use those commands Role inheritance is also used to determine authorization Users with roles and privileges are authorized with the same mechanism There are six methods available for authorization radius tacacs local enable line and none When role based only AAA authorization is enabled the enable line and none methods are not available Each of these three met...

Page 750: ...raaa accounting commands role netadmin ucraaa line vty 5 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 6 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 7 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa line vty 8 login authentication ucra...

Page 751: ... following example you create an AV pair for a system defined role sysadmin Force10 avpair shell role sysadmin In the following example you create an AV pair for a user defined role You must also define a role using the userrole myrole inherit command on the switch to associate it with this AV pair Force10 avpair shell role myrole The string myrole is associated with a TACACS user group The user I...

Page 752: ...riv 1 Role netoperator Task ID 1 EXEC Accounting record 00 00 30 Elapsed service shell Active accounted actions on tty3 User admin Priv 15 Role sysadmin Task ID 2 EXEC Accounting record 00 00 26 Elapsed service shell Display Information About User Roles This section describes how to display information about user roles This sections consists of the following topics Displaying User Roles Displaying...

Page 753: ...ributes Role access secadmin sysadmin Dell show role mode configure interface Role access netadmin sysadmin Dell show role mode configure line Role access netadmin sysadmin Displaying Information About Users Logged into the Switch To display information on all users logged into the switch using the show users command in EXEC Privilege mode The output displays privilege level and or user role The m...

Page 754: ...share the 4094 available VLANs Instead 802 1ad allows service providers to add their own VLAN tag to frames traversing the provider network The provider can then differentiate customers even if they use the same VLAN ID and providers can map multiple customers to a single VLAN to overcome the 4094 VLAN limitation Forwarding decisions in the provider network are based on the provider VLAN tag only ...

Page 755: ... do not switch untagged traffic To switch traffic add these interfaces to a non default VLAN Stack enabled VLAN Dell Networking cautions against using the same MAC address on different customer VLANs on the same VLAN Stack VLAN This limitation becomes relevant if you enable the port as a multi purpose port carrying single tagged and double tagged traffic Service Provider Bridging 755 ...

Page 756: ...ects to another service provider bridge and is a member of multiple service provider VLANs Physical ports and port channels can be access or trunk ports 1 Assign the role of access port to a Layer 2 port on a provider bridge that is connected to a customer INTERFACE mode vlan stack access 2 Assign the role of trunk port to a Layer 2 port on a provider bridge that is connected to another provider b...

Page 757: ... M Po1 Te 3 14 15 M Te 3 13 Dell Configuring the Protocol Type Value for the Outer VLAN Tag The tag protocol identifier TPID field of the S Tag is user configurable To set the S Tag TPID use the following command Select a value for the S Tag TPID CONFIGURATION mode vlan stack protocol type The default is 9100 To display the S Tag TPID for a VLAN use the show running config command from EXEC privil...

Page 758: ...nfig interface TenGigabitEthernet 1 1 no ip address portmode hybrid switchport vlan stack trunk shutdown Dell conf if te 1 1 interface vlan 100 Dell conf if vl 100 untagged tengigabitethernet 1 1 Dell conf if vl 100 interface vlan 101 Dell conf if vl 101 tagged tengigabitethernet 1 1 Dell conf if vl 101 interface vlan 103 Dell conf if vl 103 vlan stack compatible Dell conf if vl 103 stack member t...

Page 759: ...ork edges at which frames are either double tagged on ingress R4 or the outer tag is removed on egress R3 VLAN Stacking The default TPID for the outer VLAN tag is 0x9100 The system allows you to configure both bytes of the 2 byte TPID Previous versions allowed you to configure the first byte only and thus the systems did not differentiate between TPIDs with a common first byte For example 0x8100 a...

Page 760: ...Figure 100 Single and Double Tag TPID Match 760 Service Provider Bridging ...

Page 761: ...Figure 101 Single and Double Tag First byte TPID Match Service Provider Bridging 761 ...

Page 762: ...ovider bridge which packets it should prefer to drop when congested Enabling Drop Eligibility Enable drop eligibility globally before you can honor or mark the DEI value When you enable drop eligibility DEI mapping or marking takes place according to the defaults In this case the CFI is affected according to the following table 762 Service Provider Bridging ...

Page 763: ...nce Precedence can have one of three colors Precedence Description Green High priority packets that are the least preferred to be dropped Yellow Lower priority packets that are treated as best effort Red Lowest priority packets that are always dropped regardless of congestion status Honor the incoming DEI value by mapping it to an Dell Networking OS drop precedence INTERFACE mode dei honor 0 1 gre...

Page 764: ...ode Dell show interface dei mark Default CFI DEI Marking 0 Interface Drop precedence CFI DEI Te 1 1 Green 0 Te 1 1 Yellow 1 Te 2 9 Yellow 0 Te 2 10 Yellow 0 Dynamic Mode CoS for VLAN Stacking One of the ways to ensure quality of service for customer VLAN tagged frames is to use the 802 1p priority bits in the tag to indicate the level of QoS desired When an S Tag is added to incoming customer fram...

Page 765: ...ned by QoS configuration For example the following access port configuration maps all traffic to Queue 0 vlan stack dot1p mapping c tag dot1p 0 7 sp tag dot1p 1 However if the following QoS configuration also exists on the interface traffic is queued to Queue 0 but is policed at 40Mbps qos policy input for queue 3 because class map a of Queue 3 also matches the traffic This is an expected behavior...

Page 766: ...fect only after a save and reload EXEC Privilege mode copy running config startup config reload 3 Map C Tag dot1p values to a S Tag dot1p value INTERFACE mode vlan stack dot1p mapping c tag dot1p values sp tag dot1p value Separate C Tag values by commas Dashed ranges are permitted Dynamic Mode CoS overrides any Layer 2 QoS configuration in case of conflicts NOTE Because dot1p mapping marks and que...

Page 767: ...frames by the switches in the intermediate network core On egress edge of the intermediate network the MAC address rewritten to the original MAC address and forwarded to the opposing network region shown in the following illustration Dell Networking OS Behavior In Dell Networking OS versions prior to 8 2 1 0 the MAC address that Dell Networking systems use to overwrite the Bridge Group Address on ...

Page 768: ... and later the L2PT MAC address is user configurable so you can specify an address that non Dell Networking systems can recognize and rewrite the address at egress edge Figure 105 VLAN Stacking with L2PT Implementation Information L2PT is available for STP RSTP MSTP and PVST BPDUs No protocol packets are tunneled when you enable VLAN stacking L2PT requires the default CAM profile 768 Service Provi...

Page 769: ... command Overwrite the BPDU with a user specified destination MAC address when BPDUs are tunneled across the provider network CONFIGURATION mode protocol tunnel destination mac The default is 01 01 e8 00 00 00 Setting Rate Limit BPDUs CAM space is allocated in sections called field processor FP blocks There are a total of 13 user configurable FP blocks The default number of blocks for L2PT is 0 yo...

Page 770: ...80 C2 00 00 00 originally specified in 802 1Q Only bridges in the service provider network use this destination MAC address so these bridges treat BPDUs originating from the customer network as normal data frames rather than consuming them The same is true for GARP VLAN registration protocol GVRP 802 1ad specifies that provider bridges participating in GVRP use a reserved destination MAC address c...

Page 771: ...rom different devices and produces a network wide view of traffic flows Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port pipe and is decided based on all the ports in that port pipe If you do not enable sFlow on any port specifically the global sampling rate is downloaded to that port and is to calculate the port pipe s lowest sa...

Page 772: ...ch element is not packed in case of routed packet The destination VLAN field in the extended switch element is not packed in a Multicast packet Enabling Extended sFlow The S Series platforms support extended switch information processing only Extended sFlow packs additional information in the sFlow datagram depending on the type of sampled packet You can enable the following options extended switc...

Page 773: ...ink aggregation group LAG ports To enable sFlow on a specific interface use the following command Enable sFlow on an interface INTERFACE mode no sflow ingress enable To disable sFlow on an interface use the no version of this command Enabling sFlow Max Header Size Extended To configure the maximum header size of a packet to 256 bytes use the following commands Set the maximum header size of a pack...

Page 774: ...e tengigabitethernet 1 1 Te 1 1 sFlow type Ingress Configured sampling rate 16384 Actual sampling rate 16384 Counter polling interval 20 Extended max header size 256 Samples rcvd from h w 0 Example of the show running config sflow Command Dell show running config sflow sflow collector 100 1 1 12 agent addr 100 1 1 1 sflow enable sflow max header size extended Dell show run int tengigabitEthernet 1...

Page 775: ...16384 actual rate 16384 sub sampling rate 2 Displaying Show sFlow on an Interface To view sFlow information on a specific interface use the following command Display sFlow configuration information and statistics on a specific interface EXEC mode show sflow interface interface name Examples of the sFlow show Commands The following example shows the show sflow interface command Dell show sflow inte...

Page 776: ...y sFlow collectors to which sFlow datagrams are forwarded CONFIGURATION mode sflow collector ip address agent addr ip address number max datagram size number max datagram size number The default UDP port is 6343 The default max datagram size is 1400 Changing the Polling Intervals The sflow polling interval command configures the polling interval for an interface in the maximum number of seconds be...

Page 777: ...ion in the sFlow datagram depending on the type of sampled packet You can enable the following options extended switch 802 1Q VLAN ID and 802 1p priority information extended router Next hop and source and destination mask length extended gateway Source and destination AS number and the BGP next hop NOTE The entire AS path is not included BGP community list and local preference information are not...

Page 778: ...he IP source address is learned via IGP srcAS and srcPeerAS are zero The srcAS and srcPeerAS might be zero even though the IP source address is learned via BGP The c system packs the srcAS and srcPeerAS information only if the route is learned via BGP and it is reachable via the ingress interface of the packet The sFlow sampling functionality is supported only for egress traffic and not for ingres...

Page 779: ...ned via BGP Version 7 8 1 0 allows extended gateway information in cases where the source and destination IP addresses are learned by different routing protocols and for cases where is source is reachable over ECMP BGP BGP Exported Exported Extended gateway data is packed sFlow 779 ...

Page 780: ...FC 1155 1157 and 1212 SNMP version 2c as defined by RFC 1901 and SNMP version 3 as defined by RFC 2571 Dell Networking OS supports up to 16 trap receivers Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via SNMP sets SNMP traps for the spanning tree protocol STP and multiple spanning tree protocol MSTP state changes are based on BRIDGE MIB RFC 1483 for STP and IEEE ...

Page 781: ...tents are configured SHA authentication needs to be used with the AES CFB128 privacy algorithm only when FIPS is enabled because SHA is then the only available authentication level If FIPS is disabled you can use MD5 authentication in addition to SHA authentication with the AES CFB128 privacy algorithm You cannot modify the FIPS mode if SNMPv3 users are already configured and present in the system...

Page 782: ...s to Remember Typically 5 second timeout and 3 second retry values on an SNMP server are sufficient for both LAN and WAN applications If you experience a timeout with these values increase the timeout value to greater than 3 seconds and increase the retry value to greater than 2 seconds on your SNMP server User ACLs override group ACLs Set up SNMP As previously stated Dell Networking OS supports S...

Page 783: ...r SNMP configuration use the show running config snmp command from EXEC Privilege mode Dell conf snmp server community my snmp community ro 22 31 23 STKUNIT0 P CP SNMP 6 SNMP_WARM_START Agent Initialized SNMP WARM_START Dell show running config snmp snmp server community mycommunity ro Setting Up User Based Security SNMPv3 When setting up SNMPv3 you can set users up with one of the following three...

Page 784: ...nfigure the user with a secure authorization password and privacy password CONFIGURATION mode snmp server user name group name oid tree auth md5 auth password priv des56 priv password Configure an SNMPv3 view CONFIGURATION mode snmp server view view name oid tree included excluded Select a User based Security Type Dell conf snmp server host 1 1 1 1 traps oid tree version 3 auth Use the SNMPv3 auth...

Page 785: ...ommunity 10 11 131 161 sysContact 0 The following example shows reading the value of the many managed objects at one time snmpwalk v 2c c mycommunity 10 11 131 161 1 3 6 1 2 1 1 SNMPv2 MIB sysDescr 0 STRING Dell Real Time Operating System Software Dell Operating System Version 1 0 Dell Application Software Version E_MAIN4 9 4 0 0 Copyright c 1999 2014 by Dell Build Time Mon May 12 14 02 22 PDT 200...

Page 786: ...ng system Identify the physical location of the system for example San Jose 350 Holger Way 1st floor lab rack A1 1 CONFIGURATION mode snmp server location text You may use up to 55 characters The default is None From a management station Identify the system manager along with this person s contact information for example an email address or phone number CONFIGURATION mode snmpset v version c commu...

Page 787: ...rd traps To send informational messages enter the keyword informs To send the SNMP version to use for notification messages enter the keyword version To identify the SNMPv1 community string enter the name of the community string 2 Specify which traps the Dell Networking system sends to the trap receiver CONFIGURATION mode snmp server enable traps Enable all Dell Networking enterprise specific and ...

Page 788: ...JOR_SFM_CLR Major alarm cleared Switch fabric up MINOR_SFM MInor alarm No working standby SFM MINOR_SFM_CLR Minor alarm cleared Working standby SFM present TASK SUSPENDED SUSPENDED svce d inst d task s RPM0 P CP CHMGR 2 CARD_PARITY_ERR ABNORMAL_TASK_TERMINATION CRASH task s s CPU_THRESHOLD Cpu s usage above threshold Cpu5SecUsage d CPU_THRESHOLD_CLR Cpu s usage drops below threshold Cpu5SecUsage d...

Page 789: ...AC_STATUS_ALARM MAC Status Defect detected by MEP 1 in Domain provider at Level 4 VLAN 3000 ECFM 5 ECFM_REMOTE_ALARM Remote CCM Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 ECFM 5 ECFM_RDI_ALARM RDI Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 entity Enable entity change traps Trap SNMPv2 MIB sysUpTime 0 Timeticks 1487406 4 07 54 06 SNMPv2 MIB snmpTrapOID ...

Page 790: ...ription copySrcFileType 1 3 6 1 4 1 6027 3 5 1 1 1 1 2 1 Dell Networking OS file 2 running config 3 startup config Specifies the type of file to copy from The range is If copySrcFileType is running config or startup config the default copySrcFileLocation is flash If copySrcFileType is a binary file you must also specify copySrcFileLocation and copySrcFileName copySrcFileLocation 1 3 6 1 4 1 6027 3...

Page 791: ... SCP you must specify copyServerAddress copyUserName and copyUserPassword copyDestFileName 1 3 6 1 4 1 6027 3 5 1 1 1 1 7 Path if the file is not in the default directory and filename Specifies the name of destination file copyServerAddress 1 3 6 1 4 1 6027 3 5 1 1 1 1 8 IP Address of the server The IP address of the server If you specify copyServerAddress you must also specify copyUserName and co...

Page 792: ... message like the following appears In this case increment the index value and enter the command again Error in packet Reason notWritable that object does not support modification Failed object FTOS COPY CONFIG MIB copySrcFileType 101 To complete the command use as many MIB objects in the command as required by the MIB object descriptions shown in the previous table NOTE You can use the entire OID...

Page 793: ...he following command Copy the startup config to the running config from a UNIX machine snmpset c private v 2c force10system ip address copySrcFileType index i 3 copyDestFileType index i 2 Examples of Copying Configuration Files from a UNIX Machine The following example shows how to copy configuration files from a UNIX machine using the object name snmpset c public v 2c m f10 copy config mib 10 11 ...

Page 794: ...e UNIX machine snmpset v 2c c public m f10 copy config mib force10system ip address copySrcFileType index i 3 copyDestFileType index i 1 copyDestFileName index s filepath filename copyDestFileLocation index i 3 copyServerAddress index a server ip address Example of Copying Configuration Files via TFTP From a UNIX Machine snmpset v 2c c private m f10 copy config mib 10 10 10 10 copySrcFileType 4 i ...

Page 795: ...TimeCompleted 1 3 6 1 4 1 6027 3 5 1 1 1 1 13 Time value Specifies the point in the up time clock that the copy operation completed copyFailCause 1 3 6 1 4 1 6027 3 5 1 1 1 1 14 1 bad filename 2 copy in progress 3 disk full 4 file exists 5 file not found 6 timeout 7 unknown Specifies the reason the copy request failed copyEntryRowStatus 1 3 6 1 4 1 6027 3 5 1 1 1 1 15 Row status Specifies the stat...

Page 796: ... CONFIG MIB copyTimeCompleted 110 Timeticks 1179831 3 16 38 31 The following command shows how to get a MIB object value using OID snmpget v 2c c private 10 11 131 140 1 3 6 1 4 1 6027 3 5 1 1 1 1 13 110 SNMPv2 SMI enterprises 6027 3 5 1 1 1 1 13 110 Timeticks 1179831 3 16 38 31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the avail...

Page 797: ... 3 6 1 4 1 6027 3 10 1 2 10 1 2 Contains the core file names and the file paths chSysCoresTimeCreated 1 3 6 1 4 1 6027 3 10 1 2 10 1 3 Contains the time at which core files are created chSysCoresStackUnitNumber 1 3 6 1 4 1 6027 3 10 1 2 10 1 4 Contains information that includes which stack unit or processor the core file was originated from chSysCoresProcess 1 3 6 1 4 1 6027 3 10 1 2 10 1 5 Contai...

Page 798: ... BRIDGE MIB defined in RFC 2674 allows you to use SNMP to manage VLANs Creating a VLAN To create a VLAN use the dot1qVlanStaticRowStatus object The snmpset operation shown in the following example creates VLAN 10 by specifying a value of 4 for instance 10 of the dot1qVlanStaticRowStatus object Example of Creating a VLAN using SNMP snmpset v2c c mycommunity 123 45 6 78 1 3 6 1 2 1 17 7 1 4 3 1 5 10...

Page 799: ...00 1 3 6 1 2 1 17 7 1 4 3 1 4 1107787786 x 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 SNMPv2 SMI mib 2 17 7 1 4 3 1 2 1107787786 Hex STRING 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...

Page 800: ...OloadSetOverload F10 ISIS MIB f10IsisSysOloadSetOloadOnStartupUntil F10 ISIS MIB f10IsisSysOloadWaitForBgp F10 ISIS MIB f10IsisSysOloadV6SetOverload F10 ISIS MIB f10IsisSysOloadV6SetOloadOnStartupUntil F10 ISIS MIB f10IsisSysOloadV6WaitForBgp To enable overload bit for IPv4 set 1 3 6 1 4 1 6027 3 18 1 1 and IPv6 set 1 3 6 1 4 1 6027 3 18 1 4 To set time to wait set 1 3 6 1 4 1 6027 3 18 1 2 and 1 ...

Page 801: ...55 MIB Objects for Fetching Dynamic MAC Entries in the Forwarding Database MIB Object OID MIB Description dot1dTpFdbTable 1 3 6 1 2 1 17 4 3 Q BRIDGE MIB List the learned unicast MAC addresses on the default VLAN dot1qTpFdbTable 1 3 6 1 2 1 17 7 1 2 2 Q BRIDGE MIB List the learned unicast MAC addresses on non default VLANs dot3aCurAggFdb Table 1 3 6 1 4 1 6027 3 2 1 1 5 F10 LINK AGGREGATION MIB Li...

Page 802: ...c techpubs 10 11 131 162 1 3 6 1 4 1 6027 3 2 1 1 5 SNMPv2 SMI enterprises 6027 3 2 1 1 5 1 1 1000 0 1 232 6 149 172 1 INTEGER 1000 SNMPv2 SMI enterprises 6027 3 2 1 1 5 1 2 1000 0 1 232 6 149 172 1 Hex STRING 00 01 E8 06 95 AC SNMPv2 SMI enterprises 6027 3 2 1 1 5 1 3 1000 0 1 232 6 149 172 1 INTEGER 1 SNMPv2 SMI enterprises 6027 3 2 1 1 5 1 4 1000 0 1 232 6 149 172 1 INTEGER 1 Deriving Interface...

Page 803: ...itethernet 1 21 TenGigabitEthernet 1 21 is up line protocol is up Monitor Port Channels To check the status of a Layer 2 port channel use f10LinkAggMib 1 3 6 1 4 1 6027 3 2 In the following example Po 1 is a switchport and Po 2 is in Layer 3 mode Example of SNMP Trap for Monitored Port Channels senthilnathan lithium snmpwalk v 2c c public 10 11 1 1 1 3 6 1 4 1 6027 3 2 1 1 SNMPv2 SMI enterprises 6...

Page 804: ...ses 6027 3 1 1 4 1 2 STRING OSTATE_DN Changed interface state to down Te 1 1 2010 02 10 14 22 39 10 16 130 4 10 16 130 4 SNMPv2 MIB sysUpTime 0 Timeticks 8500842 23 36 48 42 SNMPv2 MIB snmpTrapOID 0 OID IF MIB linkDown IF MIB ifIndex 1107755009 INTEGER 1107755009 SNMPv2 SMI enterprises 6027 3 1 1 4 1 2 STRING OSTATE_DN Changed interface state to down Po 1 2010 02 10 14 22 40 10 16 130 4 10 16 130 ...

Page 805: ...orrectly display this information under IP and ICMP statistics use the show ip traffic command When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command the echo response output may not be displayed To correctly display ICMP statistics such as echo response use the show ip traffic command Simple Network Management Protocol SNMP 805 ...

Page 806: ... control for ingress traffic If you configure storm control from both INTERFACE and CONFIGURATION mode the INTERFACE mode configurations override the CONFIGURATION mode configurations The percentage of storm control is calculated based on the advertised rate of the line card not by the speed setting Configure storm control INTERFACE mode storm control Configuring Storm Control from CONFIGURATION M...

Page 807: ...upports three other variations of spanning tree as shown in the following table Table 57 Dell Networking OS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Configure Spanning Tree Configuring spanning tree is a...

Page 808: ...utomatically added to the spanning tree topology at the time you enable the protocol To add interfaces to the spanning tree topology after you enable STP enable the port and configure it for Layer 2 using the switchport command The IEEE Standard 802 1D allows 8 bits for port ID and 8 bits for priority The 8 bits for port ID provide port IDs for 256 ports Configuring Interfaces for Layer 2 Mode All...

Page 809: ...mand from INTERFACE mode Dell conf if te 1 1 show config interface TenGigabitEthernet 1 1 no ip address switchport no shutdown Dell conf if te 1 1 Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally it is not enabled by default When you enable STP all physical VLAN and port channel interfaces that are enabled and in Layer 2 mode are automatically part of the Spannin...

Page 810: ... TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces use the disable command from PROTOCOL SPANNING TREE mode To verify that STP is enabled use the show config command from PROTOCOL SPANNING TREE mode Dell conf protocol spanning tree 0 Dell config span show config protocol spanning tree 0 no disable Dell 810 Spanning Tree Protocol...

Page 811: ...forward delay 0 hold 0 Number of transitions to forwarding state 1 BPDU sent 21 received 486 The port is not in the portfast mode Port 290 TenGigabitEthernet 2 2 is Blocking Port path cost 4 Port priority 8 Port Identifier 8 290 More Timers message age 1 forward delay 0 hold 0 Number of transitions to forwarding state 1 BPDU sent 21 received 486 The port is not in the portfast mode To confirm that...

Page 812: ...Ethernet interfaces 10 Gigabit Ethernet interfaces Port Channel with 100 Mb s Ethernet interfaces Port Channel with 1 Gigabit Ethernet interfaces Port Channel with 10 Gigabit Ethernet interfaces 19 4 2 18 3 1 Port Priority 8 Change the forward delay parameter the wait time before the interface enters the Forwarding state PROTOCOL SPANNING TREE mode forward delay seconds The range is from 4 to 30 T...

Page 813: ...o 65535 The default values are listed in Modifying Global Parameters Change the port priority of an interface INTERFACE mode spanning tree 0 priority priority value The range is from 0 to 15 The default is 8 To view the current values for interface parameters use the show spanning tree 0 command from EXEC privilege mode Refer to the second example in Enabling Spanning Tree Protocol Globally Enabli...

Page 814: ...t after receiving a BPDU to prevent network disruptions and Dell Networking OS displays the following message 3w3d0h RPM0 P RP2 SPANMGR 5 BPDU_GUARD_RX_ERROR Received Spanning Tree BPDU on BPDU guard port Disable TenGigabitEthernet 3 4 Enable BPDU Guard using the bpduguard option when enabling PortFast or EdgePort The bpduguard shutdown on violation option causes the interface hardware to be shut ...

Page 815: ...ate with any of the following methods Perform a shutdown command on the interface Disable the shutdown on violation command on the interface the no spanning tree stp id portfast bpduguard shutdown on violation command Disable spanning tree on the interface the no spanning tree command in INTERFACE mode Disabling global spanning tree the no spanning tree in CONFIGURATION mode Figure 108 Enabling BP...

Page 816: ...tocol TenGigabitEthernet 1 7 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge You can also specify that a bridge is the root or the secondary root To change the bridge priority or specify that a bridge is the root or secondary root use the following command Ass...

Page 817: ... functions as an access switch connected to an external device The link between Switch C and Switch B is in a Blocking state The flow of STP BPDUs is shown in the illustration In STP topology 2 shown in the upper right STP is enabled on device D on which a software bridge application is started to connect to the network Because the priority of the bridge in device D is lower than the root bridge i...

Page 818: ...panning Tree Protocol MSTP Per VLAN Spanning Tree Plus PVST When enabled on a port root guard applies to all VLANs configured on the port You cannot enable root guard and loop guard at the same time on an STP port For example if you configure root guard on a port on which loop guard is already configured the following error message displays Error LoopGuard is configured Cannot configure RootGuard ...

Page 819: ...dually or collectively use the following commands Enable SNMP traps for spanning tree state changes snmp server enable traps stp Enable SNMP traps for RSTP MSTP and PVST collectively snmp server enable traps xstp Configuring Spanning Trees as Hitless You can configure STP RSTP MSTP and PVST to be hitless configure all or none as hitless When configured as hitless critical protocol state informatio...

Page 820: ...g state A loop is created as both Switch A and Switch C transmit traffic to Switch B As shown in the following illustration STP topology 2 upper right a loop can also be created if the forwarding port on Switch B becomes busy and does not forward BPDUs within the configured forward delay time As a result the blocking port on Switch C transitions to a forwarding state and both Switch A and Switch C...

Page 821: ...ollowing conditions apply to a port enabled with loop guard Loop guard is supported on any STP enabled port or port channel interface Loop guard is supported on a port or port channel in any spanning tree mode Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Per VLAN Spanning Tree Plus PVST Spanning Tree Protocol STP 821 ...

Page 822: ... or port channel interface INTERFACE mode or INTERFACE PORT CHANNEL mode spanning tree 0 mstp rstp pvst loopguard 0 enables loop guard on an STP enabled port assigned to instance 0 mstp enables loop guard on an MSTP enabled port rstp enables loop guard on an RSTP enabled port pvst enables loop guard on a PVST enabled port To disable STP loop guard on a port or port channel interface use the no spa...

Page 823: ... software clock NTP is designed to produce three products clock offset roundtrip delay and dispersion all of which are relative to a selected reference clock Clock offset represents the amount to adjust the local clock to bring it into correspondence with the reference clock Roundtrip delay provides the capability to launch a message to arrive at the reference clock at a specified time Dispersion ...

Page 824: ...rrent time From those time serving hosts the system chooses one NTP host with which to synchronize and serve as a client to the NTP host As soon as a host client relationship is established the networking device propagates the time information throughout its local network Protocol Overview The NTP messages to one or more servers and processes the replies as received The server interchanges address...

Page 825: ...68 1 1 frequency is 369 623 ppm stability is 53 319 ppm precision is 4294967279 reference time is CD63BCC2 0CBBD000 16 54 26 049 UTC Thu Mar 12 2009 clock offset is 997 529984 msec root delay is 0 00098 sec root dispersion is 10 04271 sec peer dispersion is 10032 715 msec peer mode is client To display the calculated NTP synchronization variables received from the server that the system uses to sy...

Page 826: ...nGigabitEthernet then the slot port information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 To view the configuration u...

Page 827: ... be the same as the number used in the ntp authentication key command 4 Configure an NTP server CONFIGURATION mode ntp server vrf vrf name hostname ipv4 address ipv6 address key keyid prefer version number Configure the IP address of a server and the following optional parameters vrf name Enter the name of the VRF through which the NTP server is reachable hostname Enter the keyword hostname to see...

Page 828: ... Thu Apr 2 2009 xmt CD7F5368 D0535000 15 8 24 813 UTC Thu Apr 2 2009 1w6d23h NTP rcv packet from 192 168 1 1 leap 0 mode 4 version 3 stratum 1 ppoll 1024 rtdel 0000 0 000000 rtdsp AF587 10959 090820 refid 4C4F434C 76 79 67 76 ref CD7E14FD 43F7CED9 16 29 49 265 UTC Wed Apr 1 2009 org CD7F5368 D0535000 15 8 24 813 UTC Thu Apr 2 2009 rec CD7F5368 D0000000 15 8 24 812 UTC Thu Apr 2 2009 xmt CD7F5368 D...

Page 829: ...spersion a signed fixed point number indicating the maximum error relative to the primary reference source at the root of the synchronization subnet in seconds Only positive values greater than zero are possible Reference Clock Identifier sys refid peer refid pkt refid This is a 32 bit code identifying the particular reference clock In the case of stratum 0 unspecified or stratum 1 primary referen...

Page 830: ...he time in hours minutes seconds For the hour variable use the 24 hour format for example 17 15 00 is 5 15 pm month enter the name of one of the 12 months in English You can enter the name of a day to change the order of the display to time day month year day enter the number of the day The range is from 1 to 31 You can enter the name of a month to change the order of the display to time day month...

Page 831: ...ou can enter the name of a day to change the order of the display to time day month year start day enter the number of the day The range is from 1 to 31 You can enter the name of a month to change the order of the display to time day month year start year enter a four digit number as the year The range is from 1993 to 2035 start time enter the time in hours minutes For the hour variable use the 24...

Page 832: ...me of a day to change the order of the display to time day month year start day Enter the number of the day The range is from 1 to 31 You can enter the name of a month to change the order of the display to time day month year start year Enter a four digit number as the year The range is from 1993 to 2035 start time Enter the time in hours minutes For the hour variable use the 24 hour format exampl...

Page 833: ... have already set a one time daylight saving time date the system uses that time and date as the recurring setting The following example shows the clock summer time recurring parameters Dell conf clock summer time pacific recurring 1 4 Week number to start first Week number to start last Week number to start cr Dell conf clock summer time pacific recurring Dell conf 02 10 57 RPM0 P CP CLOCK 6 TIME...

Page 834: ...e tunnel but in IPv6IP mode the logical address must be an IPv6 address The following sample configuration shows a tunnel configured in IPv6 mode carries IPv6 and IPv4 traffic Dell conf interface tunnel 1 Dell conf if tu 1 tunnel source 30 1 1 1 Dell conf if tu 1 tunnel destination 50 1 1 1 Dell conf if tu 1 tunnel mode ipip Dell conf if tu 1 ip address 1 1 1 1 24 Dell conf if tu 1 ipv6 address 1 ...

Page 835: ...an configure a tunnel keepalive target keepalive interval and attempts NOTE By default the tunnel keepalive is disabled The following sample configuration shows how to use tunnel keepalive command Dell conf if te 1 12 show config interface TenGigabitEthernet 1 12 ip address 40 1 1 1 24 ipv6 address 500 10 1 64 no shutdown Dell conf if te 1 12 Dell conf interface tunnel 1 Dell conf if tu 1 ipv6 add...

Page 836: ...unnumbered TenGigabitEthernet 1 1 tunnel source 40 1 1 1 tunnel mode ipip decapsulate any no shutdown Dell conf if tu 1 Configuring Tunnel allow remote Decapsulation You can configure an IPv4 or IPV6 address or prefix whose tunneled packet will be accepted for decapsulation If no allow remote entries are configured then tunneled packets from any remote peer address will be accepted Upto eight allo...

Page 837: ... can be configured for a single multipoint receive only tunnel is eight Maximum number of allowed remote end points that can be configured for all multipoint receive only tunnels depends on the hardware table size to setup termination it is 512 entries in S4810 and S4820T platforms and the count is tracked across all of the tunnel remote end points configured in the system With multipoint receive ...

Page 838: ...now supported Tunnel interface s operational status will always remain UP once tunnel is configured to work in multipoint receive only mode Allowed remote addresses configured for multipoint receive only type tunnel are setup only for decapsulation and hence they are not marked for neighbor resolution like the regular tunnel s destination address Connected route for the tunnel interface s IP subne...

Page 839: ...r system type follow the procedures in the Dell Networking OS Release Notes Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center You can reach Technical Support On the web http www dell com support By email Dell Force10_Technical_Support Dell com By phone US and Canada 866 965 5800 International 408 965 5800 Up...

Page 840: ...onfiguration in the Interfaces chapter VLAN Stacking in the Service Provider Bridging chapter For a complete listing of all commands related to Dell Networking OS VLANs refer to these Dell Networking OS Command Reference Guide chapters Interfaces 802 1X GARP VLAN Registration Protocol GVRP Service Provider Bridging Per VLAN Spanning Tree Plus PVST The following table lists the defaults for VLANs i...

Page 841: ...o switchport command to remove the interface from Layer 2 mode For more information refer to VLANs and Port Tagging Example of Configuring an Interface for Layer 2 Belonging to the Default VLAN Dell conf interface tengigabitethernet 1 2 Dell conf if no shut Dell conf if switchport Dell conf if show config interface TenGigabitEthernet 1 2 no ip address switchport no shutdown Dell conf if end Dell s...

Page 842: ...e frame to more than the 1 518 bytes as specified in the IEEE 802 3 standard Some devices that are not compliant with IEEE 802 3 may not support the larger frame size Information contained in the tag header allows the system to prioritize traffic and to forward information to ports associated with a specific VLAN ID Tagged interfaces can belong to multiple VLANs while untagged interfaces can belon...

Page 843: ...gning Interfaces to a VLAN You can only assign interfaces in Layer 2 mode to a VLAN using the tagged and untagged commands To place an interface in Layer 2 mode use the switchport command You can further designate these Layer 2 interfaces as tagged or untagged For more information refer to the Interfaces chapter and Configuring Layer 2 Data Link Mode When you place an interface in Layer 2 mode by ...

Page 844: ...iple VLANs You can assign hybrid ports to two VLANs if the port is untagged in one VLAN and tagged in all others Dell show vlan Codes Default VLAN G GVRP VLANs NUM Status Q Ports 1 Inactive 2 Active T Po1 So 0 0 1 T Te 1 1 3 Active T Po1 So 0 0 1 T Te 1 2 Dell config Dell conf interface vlan 4 Dell conf if vlan tagged po 1 Dell conf if vlan show conf interface Vlan 4 no ip address tagged Port chan...

Page 845: ...ult VLAN to another VLAN To determine interface status use the show vlan command Interface gi 3 2 is untagged and in the Default VLAN vlan 1 In a port based VLAN vlan 4 use the untagged command to add the interface to that VLAN The show vlan command output displays the interface s changed status gi 3 2 Because the Default VLAN no longer contains any interfaces it is listed as inactive Dell show vl...

Page 846: ... s backup IP address You can configure up to eight secondary IP addresses Configuring Native VLANs Traditionally ports can be either untagged for membership to one VLAN or tagged for membership to multiple VLANs You must connect an untagged port to a VLAN unaware station one that does not understand VLAN tags and you must connect a tagged port to a VLAN aware station one that generates and underst...

Page 847: ...e interfaces each connected to a different customer before the interfaces are fully configured This presents a vulnerability because both interfaces are initially placed in the native VLAN VLAN 1 and for that period customers are able to access each other s networks Dell Networking OS has a Null VLAN to eliminate this vulnerability When you enable the Null VLAN all ports are placed into it by defa...

Page 848: ...ee topology Uses all available uplink bandwidth Provides fast convergence if either the link or a device fails Optimized forwarding with virtual router redundancy protocol VRRP Provides link level resiliency Assures high availability CAUTION Dell Networking does not recommend enabling Stacking and VLT simultaneously If you enable both features at the same time unexpected behavior occurs As shown i...

Page 849: ... L2 L3 switching routing layer For better resiliency in the aggregation Dell Networking recommends running the internal gateway protocol IGP on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system Enhanced VLT An enhanced VLT eVLT configuration creates a port channel between two VLT domains by allowing two different VLT domains using different VLT domain ID number...

Page 850: ...ociated to the configuration mode that you must use to assign VLT global parameters VLT peer device One of a pair of devices that are connected with the special port channel known as the VLT interconnect VLTi VLT peer switches have independent management planes A VLT interconnect between the VLT chassis maintains synchronization of L2 L3 control planes across the two VLT peer switches A separate b...

Page 851: ...t command if the system connects to nodes using bare metal provisioning BMP to upgrade or boot from the network Ensure that you configure all port channels where LACP ungroup is applicable as hybrid ports and as untagged members of a VLAN BMP uses untagged dynamic host configuration protocol DHCP packets to communicate with the DHCP server If the DHCP server is located on the ToR and the VLTi ICL ...

Page 852: ...CL is set as 8100 Layer 2 Protocol Tunneling is not supported in VLT Configuration Notes When you configure VLT the following conditions apply VLT domain A VLT domain supports two chassis members which appear as a single logical device to network access devices connected to VLT ports through a port channel A VLT domain consists of the two core chassis the interconnect trunk backup link and the LAG...

Page 853: ...discovery protocol LLDP flow control port monitoring jumbo frames and data center bridging DCB When you enable the VLTi link the link between the VLT peer switches is established if the following configured information is true on both peer switches the VLT system MAC address matches the VLT unit id is not identical NOTE If you configure the VLT system MAC address or VLT unit id on only one of the ...

Page 854: ... ports on the Secondary peer are orphaned and are shut down In one possible topology a switch uses the BMP feature to receive its IP address configuration files and boot image from a DHCP server that connects to the switch through the VLT domain In the port channel used by the switch to connect to the VLT domain configure the port interfaces on each VLT peer as hybrid ports before adding them to t...

Page 855: ...te in L3 forwarding as the VRRP master or backup router the show vrrp command output displays one peer as master and the other peer as backup Failure scenarios On a link failover when a VLT port channel fails the traffic destined for that VLT port channel is redirected to the VLTi to avoid flooding When a VLT switch determines that a VLT port channel has failed and that no other local port channel...

Page 856: ... flush of learned MAC and ARP addresses requiring these addresses to be re learned However enabling RSTP can detect potential loops caused by non system issues such as cabling errors or incorrect configurations To minimize possible topology changes after link or node failure RSTP is useful for potential loop detection Configure RSTP using the following specifications The following recommendations ...

Page 857: ...s simultaneously VLT Port Delayed Restoration When a VLT node boots up if the VLT ports have been previously saved in the start up configuration they are not immediately enabled To ensure MAC and ARP entries from the VLT per node are downloaded to the newly enabled VLT node the system allows time for the VLT ports on the new node to be enabled and begin receiving traffic The delay restore feature ...

Page 858: ... the designated router DR if they are incorrectly hashed In addition to being first hop or last hop routers the peer node can also act as an intermediate router On a VLT enabled PIM router if any PIM neighbor is reachable through a Spanned Layer 3 L3 VLAN interface this must be the only PIM enabled interface to reach that neighbor A Spanned L3 VLAN is any L3 VLAN configured on both peers in a VLT ...

Page 859: ...ectly on VLT ports You must add the VLT ports as a member of one or more VLANs and assign IP addresses to these VLANs VLT Unicast and VLT Multicast routing protocols require VLAN IP interfaces for operation Protocols such as BGP ISIS OSPF and PIM are compatible with VLT Unicast Routing and VLT Multicast Routing Spanned VLANs Any VLAN configured on both VLT peer nodes is referred to as a Spanned VL...

Page 860: ...otocol behavior Unlike VLT Unicast Routing a normal multicast routing protocol does not exchange multicast routes between VLT peers When you enable VLT Multicast Routing the multicast routing table is synced between the VLT peers Only multicast routes configured with a Spanned VLAN IP as their IIF are synced between VLT peers For multicast routes with a Spanned VLAN IIF only OIFs configured with a...

Page 861: ...FIGURATION mode vlt domain domain id 2 Enable peer routing VLT DOMAIN mode peer routing 3 Configure the multicast peer routing timeout VLT DOMAIN mode multicast peer routing timeout value value Specify a value in seconds from 1 to 1200 4 Configure a PIM SM compatible VLT node as a designated router DR For more information refer to Configuring a Designated Router 5 Configure a PIM enabled external ...

Page 862: ...g a Forwarding state and creating a traffic loop in a VLT domain take the following steps 1 Configure RSTP in the core network and on each peer switch as described in Rapid Spanning Tree Protocol RSTP Disabling RSTP on one VLT peer may result in a VLT domain failure 2 Enable RSTP on each peer switch PROTOCOL SPANNING TREE RSTP mode no disable 3 Configure each peer switch with a unique bridge prior...

Page 863: ...se a third party ToR unit to avoid potential problems if you reboot the VLT peers Dell recommends using static LAGs on the VLTi between VLT peers 2 Enable VLT and create a VLT domain ID VLT automatically selects a system MAC address 3 Configure a backup link for the VLT domain 4 Optional Manually reconfigure the default VLT settings such as the MAC address and VLT primary secondary roles 5 Connect...

Page 864: ...e system mac address of the primary will be the VLT MAC address for the domain To disable VLT use the no vlt domain command NOTE Do not use MAC addresses such as reserved or multicast 2 Configure the IP address of the management interface on the remote VLT peer to be used as the endpoint of the VLT backup link for sending out of band hello messages VLT DOMAIN CONFIGURATION mode back up destination...

Page 865: ...t the interface is active MANAGEMENT INTERFACE mode no shutdown 4 Repeat Steps 1 to 3 on the VLT peer switch To set an amount of time in seconds to delay the system from restoring the VLT port use the delay restore command at any time For more information refer to VLT Port Delayed Restoration Configuring a VLT Port Delay Period To configure a VLT port delay period use the following commands 1 Ente...

Page 866: ...ame MAC address on the VLT peer switch Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots 4 Optional When you create a VLT domain on a switch Dell Networking OS automatically assigns a unique unit ID 0 or 1 to each peer switch VLT DOMAIN CONFIGURATION mode unit id 0 1 To expli...

Page 867: ... switch to configure the same port channel as part of the VLT domain 8 On an attached switch or server To connect to the VLT domain and add port channels to it configure a port channel For an example of how to verify the port channel configuration refer to VLT Sample Configuration To configure the VLAN where a VLT peer forwards received packets over the VLTi from an adjacent VLT peer that is down ...

Page 868: ...number configured with the peer link port channel command in the Enabling VLT and Creating a VLT Domain 2 Add one or more port interfaces to the port channel INTERFACE PORT CHANNEL mode channel member interface interface specify one of the following interface types For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port information For a 40 Gigabit Ethernet inte...

Page 869: ...or 1 to each peer switch VLT DOMAIN CONFIGURATION mode unit id 0 1 The unit IDs are used for internal system operations To explicitly configure the default values on each peer switch use the unit id command Configure a different unit ID 0 or 1 on each peer switch Use this command to minimize the time required for the VLT system to determine the unit ID assigned to each peer switch when one peer sw...

Page 870: ...d in Verifying a VLT Configuration VLT Sample Configuration To review a sample VLT configuration setup study these steps 1 Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2 VLT DOMAIN mode vlt domain domain id 2 Configure the VLTi between VLT peer 1 and VLT peer 2 3 You can configure LACP static LAG between the peer units not shown CONFIGURATION mode interface port channel por...

Page 871: ...hysical ports EXEC Privilege mode show running config entity 12 Verify that VLT is running EXEC mode show vlt brief or show vlt detail 13 Verify that the VLT LAG is running in both VLT peer units EXEC mode or EXEC Privilege mode show interfaces interface Example of Configuring VLT In the following sample VLT configuration steps VLT peer 1 is VLT peer 2 is and the ToR is S60 1 NOTE If you use a thi...

Page 872: ...ntethernet 0 0 ip address 10 11 206 58 16 no shutdown Configure the VLT links between VLT peer 1 and VLT peer 2 to the Top of Rack unit In the following example port Te 1 4 in VLT peer 1 is connected to Te 1 8 of TOR and port Te 1 18 in VLT peer 2 is connected to Te 1 30 of TOR 1 Configure the static LAG LACP between the ports connected from VLT peer 1 and VLT peer 2 to the Top of Rack unit 2 Conf...

Page 873: ...no shutdown s60 1 show running config interface port channel 100 interface Port channel 100 no ip address switchport no shutdown s60 1 show interfaces port channel 100 brief Codes L LACP Port channel LAG Mode Status Uptime Ports L 100 L2 up 03 33 48 Te 1 8 Up Te 1 30 Up Verify VLT is up Verify that the VLTi ICL link backup link connectivity heartbeat status and VLT peer link peer chassis are all u...

Page 874: ...f VLT LAGs for all VLANs to the Secondary peer Secondary peer will use this information to program the hardware PVST instance running in Secondary peer will not control the VLT LAGs Dell Networking recommends configuring the primary VLT peer as the primary root device for all the configured PVST Instances and configuring the secondary VLT peer as the secondary root device for all the configured PV...

Page 875: ...9b79 128 233 Interface Name Role PortID Prio Cost Sts Cost Link type Edge Po 1 Desg 128 2 128 188 FWD 0 vltI P2P No Po 2 Desg 128 3 128 2000 FWD 0 vlt P2P No Te 1 10 Desg 128 230 128 2000 FWD 0 P2P Yes Te 1 13 Desg 128 233 128 2000 FWD 0 P2P No Dell eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT eVLT in a network In this example you are configurin...

Page 876: ...nf interface port channel 100 Domain_1_Peer1 conf if po 100 switchport Domain_1_Peer1 conf if po 100 vlt peer lag port channel 100 Domain_1_Peer1 conf if po 100 no shutdown Add links to the eVLT port channel on Peer 1 Domain_1_Peer1 conf interface range tengigabitethernet 1 16 17 Domain_1_Peer1 conf if range te 1 16 17 port channel protocol LACP Domain_1_Peer1 conf if range te 1 16 17 port channel...

Page 877: ... Domain_2_Peer3 conf vlt domain back up destination 10 18 130 11 Domain_2_Peer3 conf vlt domain system mac mac address 00 0b 00 0b 00 0b Domain_2_Peer3 conf vlt domain unit id 0 Configure eVLT on Peer 3 Domain_2_Peer3 conf interface port channel 100 Domain_2_Peer3 conf if po 100 switchport Domain_2_Peer3 conf if po 100 vlt peer lag port channel 100 Domain_2_Peer3 conf if po 100 no shutdown Add lin...

Page 878: ...following example shows how to enable PIM on the VLT port VLANs VLT_Peer1 conf interface vlan 4001 VLT_Peer1 conf if vl 4001 ip address 140 0 0 1 24 VLT_Peer1 conf if vl 4001 ip pim sparse mode VLT_Peer1 conf if vl 4001 tagged port channel 101 VLT_Peer1 conf if vl 4001 tagged port channel 102 VLT_Peer1 conf if vl 4001 no shutdown VLT_Peer1 conf if vl 4001 exit The following example shows how to co...

Page 879: ... locally attached VLT device EXEC mode show vlt role Display the current configuration of all VLT domains or a specified group on the switch EXEC mode show running config vlt Display statistics on VLT operation EXEC mode show vlt statistics Display the RSTP configuration on a VLT peer switch including the status of port channels used in the VLT interconnect trunk and to connect to access devices E...

Page 880: ...the show vlt brief command Dell_VLTpeer1 show vlt brief VLT Domain Brief Domain ID 1000 Role Secondary Role Priority 32768 ICL Link Status Up HeartBeat Status Up VLT Peer Status Up Local Unit Id 0 Version 5 1 Local System MAC address 00 01 e8 8a e9 70 Remote System MAC address 00 01 e8 8a e7 e7 Configured System MAC address 00 0a 0a 01 01 0a Remote system version 5 1 Delay Restore timer 90 seconds...

Page 881: ...tem Role Priority 32768 Dell_VLTpeer2 show vlt role VLT Role VLT Role Secondary System MAC address 00 01 e8 8a df bc System Role Priority 32768 Local System MAC address 00 01 e8 8a df e6 Local System Role Priority 32768 The following example shows the show running config vlt command Dell_VLTpeer1 show running config vlt vlt domain 30 peer link port channel 60 back up destination 10 11 200 18 Dell_...

Page 882: ...FWD vlt 800 4096 0001 e88a d656 128 111 Po 111 128 112 128 200000 DIS vlt 800 4096 0001 e88a d656 128 112 Po 120 128 121 128 2000 FWD vlt 800 4096 0001 e88a d656 128 121 Dell_VLTpeer2 show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0 Address 0001 e88a dff8 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 0 Address 0001 e88a dff...

Page 883: ...ed device Dell_VLTpeer1 conf interface port channel 110 Dell_VLTpeer1 conf if po 110 no ip address Dell_VLTpeer1 conf if po 110 switchport Dell_VLTpeer1 conf if po 110 channel member fortyGigE 1 56 Dell_VLTpeer1 conf if po 110 no shutdown Dell_VLTpeer1 conf if po 110 vlt peer lag port channel 110 Dell_VLTpeer1 conf if po 110 end Verify that the port channels used in the VLT domain are assigned to ...

Page 884: ...po 110 channel member fortyGigE 1 48 Dell_VLTpeer2 conf if po 110 no shutdown Dell_VLTpeer2 conf if po 110 vlt peer lag port channel 110 Dell_VLTpeer2 conf if po 110 end Verify that the port channels used in the VLT domain are assigned to the same VLAN Dell_VLTpeer2 show vlan id 10 Codes Default VLAN G GVRP VLANs P Primary C Community I Isolated Q U Untagged T Tagged x Dot1x untagged X Dot1x tagge...

Page 885: ...erify the domain ID matches on both VLT peers Dell Networking OS Version mismatch A syslog error message is generated A syslog error message is generated Follow the correct upgrade procedure for the unit with the mismatched Dell Networking OS version Remote VLT port channel status N A N A Use the show vlt detail and show vlt brief commands to view the VLT port channel status information Spanning t...

Page 886: ...ted The peer with the VLT configured remains active Verify the VLT LAG ID is configured correctly on both VLT peers VLT LAG ID mismatch The VLT port channel is brought down A syslog error message is generated The VLT port channel is brought down A syslog error message is generated Perform a mismatch check after the VLT peer is established Reconfiguring Stacked Switches as VLT To convert switches t...

Page 887: ... a PVLAN by using the interface interface and switchport mode private vlan commands When a VLTi port in trunk mode is a member of symmetric VLT PVLANs the PVLAN packets are forwarded only if the PVLAN settings of both the VLT nodes are identical You can configure the VLTi in trunk mode to be a member of non VLT PVLANs if the VLTi is configured on both the peers MAC address synchronization is perfo...

Page 888: ...ddresses that are learned on VLT ports the VLT LAG mode of operation and the primary to secondary association of the VLT nodes is determined on both the VLT peers MAC synchronization is performed for the VLT LAGs only if the VLT LAG and primary secondary VLT peer mapping are symmetrical The PVLAN mode of VLT LAGs on one peer is validated against the PVLAN mode of VLT LAGs on the other peer MAC add...

Page 889: ...ived is a secondary VLAN community or isolated VLAN Layer 3 communication between secondary VLANs in a private VLAN is enabled by using the ip local proxy arp command in INTERFACE VLAN configuration mode The ARP request is not received on the ICL Under such conditions the IP stack performs the following operations The ARP reply is sent with the MAC address of the primary VLAN The ARP request packe...

Page 890: ...y Secondary Isolated No No Primary X Primary X Yes Yes Promiscuo us Promiscuo us Primary Primary Yes Yes Secondary Community Secondary Community Yes Yes Secondary Isolated Secondary Isolated Yes Yes Promiscuo us Trunk Primary Normal No No Promiscuo us Trunk Primary Primary Yes No Access Access Secondary Community Secondary Community Yes Yes Primary VLAN X Primary VLAN X Yes Yes Access Access Secon...

Page 891: ...ty functionalities to be achieved This section contains the following topics that describe how to configure a VLT VLAN or a VLT LAG VLTi link and assign that VLT interface to a PVLAN Creating a VLT LAG or a VLT VLAN 1 Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port channel id number Enter the same port cha...

Page 892: ...that is down VLT DOMAIN CONFIGURATION mode peer link port channel id number peer down vlan vlan interface number The range is from 1 to 4094 Associating the VLT LAG or VLT VLAN in a PVLAN 1 Access INTERFACE mode for the port that you want to assign to a PVLAN CONFIGURATION mode interface interface 2 Enable the port INTERFACE mode no shutdown 3 Set the port in Layer 2 mode INTERFACE mode switchport...

Page 893: ... in the show config command output ARP proxy operation is performed on the VLT peer node IP address when the peer VLT node is down The ARP proxy stops working either when the peer routing timer expires or when the peer VLT node goes up Layer 3 VLT provides a higher resiliency at the Layer 3 forwarding level VLT peer routing enables you to replace VRRP with routed VLT to route the traffic from Laye...

Page 894: ...node VLAN interface is synchronized with the VLT peer over ICL when the VLT peers are up Whenever an IP address is added or deleted this updated information is synchronized with the VLT peer IP address synchronization occurs regardless of the VLAN administrative state IP address addition and deletion serve as the trigger events for synchronization When a VLAN state is down the VLT peer might perfo...

Page 895: ...ot support the RP functionality If the same source or RP can be accessed over both a VLT and a non VLT VLAN configure better metrics for the VLT VLANs Otherwise it is possible that one VLT node chooses a non VLT VLAN if the path through the VLT VLAN was not available when the route was learned and another VLT node selects a VLT VLAN Such a scenario can cause duplication of packets ECMP is not supp...

Page 896: ...0 Dell conf vlt domain system mac mac address 00 00 00 11 11 11 Dell conf vlt domain unit id 0 Dell conf vlt domain Dell show running config vlt vlt domain 1 peer link port channel 1 back up destination 10 16 151 116 primary priority 100 system mac mac address 00 00 00 11 11 11 unit id 0 Dell Configure VLT LAG as VLAN Stack Access or Trunk Port Dell conf interface port channel 10 Dell conf if po 1...

Page 897: ...wn Dell Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN Stack VLAN Dell show vlan id 50 Codes Default VLAN G GVRP VLANs R Remote Port Mirroring VLANs P Primary C Community I Isolated O Openflow Q U Untagged T Tagged x Dot1x untagged X Dot1x tagged o OpenFlow untagged O OpenFlow tagged G GVRP tagged M Vlan stack i Internal untagged I Internal tagged v VLT untagged V VL...

Page 898: ...f if po 20 vlt peer lag port channel 20 Dell conf if po 20 vlan stack trunk Dell conf if po 20 no shutdown Dell show running config interface port channel 20 interface Port channel 20 no ip address switchport vlan stack trunk vlt peer lag port channel 20 no shutdown Dell Configure the VLAN as VLAN Stack VLAN and add the VLT LAG as members to the VLAN Dell conf interface vlan 50 Dell conf if vl 50 ...

Page 899: ... Q U Untagged T Tagged x Dot1x untagged X Dot1x tagged o OpenFlow untagged O OpenFlow tagged G GVRP tagged M Vlan stack i Internal untagged I Internal tagged v VLT untagged V VLT tagged NUM Status Description Q Ports 50 Active M Po10 Te 1 8 M Po20 Te 1 20 V Po1 Te 1 30 32 Dell Virtual Link Trunking VLT 899 ...

Page 900: ...from one host to another without a downtime Consider a square VLT connecting two data centers If a VM say VM1 on Server Rack 1 has C as its default gateway and VM1 performs a virtual movement to Server Rack 2 with no change in default gateway then L3 packets destined for C can be routed either by C1 or D1 locally This behavior is achieved by installing the local system mac address of C and D in bo...

Page 901: ...d L3 mode on another VLT domain You must always configure the same mode for the VLANs across the VLT domain 4 You must maintain VLAN symmetry within a VLT domain 5 The connection between DCs can only be a L3 VLT in eVLT format For more information refer to the eVLT Configuration Example 6 Trace route across DCs may show extra hops 7 You must maintain route symmetry across the VLT domains to ensure...

Page 902: ...he remote VLT domain and vice versa You can install the mac address in two methods the proxy gateway lldp method or the proxy gateway static configuration Proxy gateway LLDP is a dynamic method of installing the local mac addresses in the remote VLT domain which is achieved using a new organizational TLV in LLDP packets The VLT proxy gateway can be configured in a VLT domain context using the cli ...

Page 903: ...channel which connects to a remote VLT domain The new proxy gateway TLV is carried on the physical links under the port channel only There should be at least one link connection to each unit of the VLT domain Following are the prerequisites for Proxy Gateway LLDP configuration LLDP must be globally enabled No interface level LLDP disable CLIs on the interfaces configured for proxy gateway and you ...

Page 904: ...e following configurations in the Core L3 Routers C and D in local VLT domain and C1 and D1 in the remote VLT domain 1 Configure proxy gateway static in VLT Domain CONFIG mode 2 Configure remote mac address mac address in VLT Domain Proxy Gateway LLDP mode Configure the system mac addresses of both C and D in C1 and also in D1 in the remote VLT domain and vice versa Sample Scenario for VLT Proxy G...

Page 905: ...ethod Dell conf vlt domain proxy gateway ll Dell conf vlt domain pxy gw lldp peer domain link port channel 1 exclude vlan 10 Static Configuration Method Dell conf vlt domain proxy gateway static Dell conf vlt domain pxy gw static remote mac address xx xx xx xx xx xx exclude vlan 10 5 Packet duplication may happen with Exclude VLAN configuration Assume exclude vlan say VLAN 10 is configured in C an...

Page 906: ... GW LLDP mode Dell conf vlt domain proxy gw lldp peer domain link port channel interface exclude vlan vlan range 4 Display the VLT proxy gateway configuration EXEC mode Dell show vlt proxy gateway 906 VLT Proxy Gateway ...

Page 907: ...55 VRRP routers on a network The following example shows a typical network configuration using VRRP Instead of configuring the hosts on the network 10 10 10 0 with the IP address of either Router A or Router B as their default router their default router is the IP address configured on the virtual router When any host on the LAN segment wants to access the Internet it sends packets to the IP addre...

Page 908: ...elong to the primary or secondary IP address subnet configured on the interface You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet Z Series supports a total of 255 VRRP groups on a switch The total number of VRRP groups per system should be less than 512 The following recommendations shown may vary depending on various factors like addr...

Page 909: ...seconds 100 Between 1200 and 1500 8 seconds 120 VRRP Configuration By default VRRP is not configured Configuration Task List The following list specifies the configuration tasks for VRRP Creating a Virtual Router mandatory Configuring the VRRP Version for an IPv4 Group optional Assign Virtual IP Addresses mandatory Setting VRRP Group Virtual Router Priority optional Configuring VRRP Authentication...

Page 910: ... 10 10 1 24 vrrp group 111 no shutdown Configuring the VRRP Version for an IPv4 Group For IPv4 you can configure a VRRP group to use one of the following VRRP versions VRRPv2 as defined in RFC 3768 Virtual Router Redundancy Protocol VRRP VRRPv3 as defined in RFC 5798 Virtual Router Redundancy Protocol VRRP Version 3 for IPv4 and IPv6 You can also migrate a IPv4 group from VRRPv2 to VRRP3 To config...

Page 911: ... A VRRP group does not transmit VRRP packets until you assign the Virtual IP address to the VRRP group For more information refer to VRRP Implementation To activate a VRRP group on an interface so that VRRP group starts transmitting VRRP packets configure at least one virtual IP address in a VRRP group The virtual IP address is the IP address of the virtual router and does not require the IP addre...

Page 912: ...ss 10 10 10 1 Dell conf if te 1 1 vrid 111 virtual address 10 10 10 2 Dell conf if te 1 1 vrid 111 virtual address 10 10 10 3 The following example shows how to verify a virtual IP address configuration NOTE In the following example the primary IP address and the virtual IP addresses are on the same subnet Dell conf if te 1 1 show conf interface TenGigabitEthernet 1 1 ip address 10 10 10 1 24 vrrp...

Page 913: ...P group come up at the same time and have the same priority value the interface s physical IP addresses are used as tie breakers to decide which is MASTER The router with the higher IP address becomes MASTER To configure the VRRP group s priority use the following command Configure the priority for the VRRP group INTERFACE VRID mode priority priority The range is from 1 to 255 The default is 100 E...

Page 914: ... 1 1 vrid 111 authentication type Dell conf if te 1 1 vrid 111 authentication type simple 7 force10 The following example shows verifying the VRRP authentication configuration using the show conf command The bold section shows the encrypted password Dell conf if te 1 1 vrid 111 show conf vrrp group 111 authentication type simple 7 387a7f2df5969da4 priority 255 virtual address 10 10 10 1 virtual ad...

Page 915: ...vertisement packets Dell Networking OS recommends increasing the VRRP advertisement interval to a value higher than the default value of one second If you do change the time interval between VRRP advertisements on one router change it on all participating routers If are using VRRP version 2 you must configure the timer values in multiple of whole seconds For example a timer value of 3 seconds or 3...

Page 916: ... which may affect the priority of the VRRP group If the tracked interface goes down the VRRP group s priority decreases by a default value of 10 also known as cost If the tracked interface s state goes up the VRRP group s priority increases by 10 The lowered priority of the VRRP group may trigger an election As the Master Backup VRRP routers are selected based on the VRRP group s priority tracking...

Page 917: ...oup priority INTERFACE VRID mode track interface priority cost cost The cost range is from 1 to 254 The default is 10 Optional Display the configuration and the UP or DOWN state of tracked objects including the client VRRP group that is tracking an object s state EXEC mode or EXEC Privilege mode show track Optional Display the configuration and the UP or DOWN state of tracked interfaces and object...

Page 918: ...g the VRRP status Dell show vrrp TenGigabitEthernet 1 8 IPv6 VRID 1 Version 3 Net fe80 201 e8ff fe01 95cc VRF 0 default vrf State Master Priority 100 Master fe80 201 e8ff fe01 95cc local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 310 Virtual MAC address 00 00 5e 00 02 01 Virtual IP address 2007 1 fe80 1 Tra...

Page 919: ...avior occurs When the system reloads VRRP waits 600 seconds 10 minutes to bring up VRRP on all interfaces that are up and configured for VRRP When an interface comes up and becomes operational the system waits 300 seconds 5 minutes to bring up VRRP on that interface To set the delay time for VRRP initialization use the following commands Set the delay time for VRRP initialization on an individual ...

Page 920: ...e 118 VRRP for IPv4 Topology Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2 R2 conf interface tengigabitethernet 2 31 R2 conf if te 2 31 ip address 10 1 1 1 24 R2 conf if te 2 31 vrrp group 99 R2 conf if te 2 31 vrid 99 priority 200 R2 conf if te 2 31 vrid 99 virtual 10 1 1 3 R2 conf if te 2 31 vrid 99 no shut R2 conf if te 2 31 show c...

Page 921: ... tengigabitethernet 3 21 R3 conf if te 3 21 ip address 10 1 1 2 24 R3 conf if te 3 21 vrrp group 99 R3 conf if te 3 21 vrid 99 virtual 10 1 1 3 R3 conf if te 3 21 vrid 99 no shut R3 conf if te 3 21 show conf interface TenGigabitEthernet 3 21 ip address 10 1 1 1 24 vrrp group 99 virtual address 10 1 1 3 no shutdown R3 conf if te 3 21 end R3 show vrrp TenGigabitEthernet 3 21 VRID 99 Net 10 1 1 2 Sta...

Page 922: ...6 address The following example shows configuring VRRP for IPv6 Router 2 and Router 3 Configure a virtual link local fe80 address for each VRRPv3 group created for an interface The VRRPv3 group becomes active as soon as you configure the link local address Afterward you can configure the group s virtual IPv6 address The virtual IPv6 address you configure must be the same as the IPv6 subnet to whic...

Page 923: ...e6a c59f local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 135 Virtual MAC address 00 00 5e 00 02 0a Virtual IP address 1 10 fe80 10 Router 3 R3 conf interface tengigabitethernet 1 2 R3 conf if te 1 2 no ipv6 address R3 conf if te 1 2 ipv6 address 1 2 64 R3 conf if te 1 2 vrrp group 10 R2 conf if te 1 2 vrid...

Page 924: ... and Switch 2 have three VRF instances defined VRF 1 VRF 2 and VRF 3 Each VRF has a separate physical interface to a LAN switch and an upstream VPN interface to connect to the Internet Both Switch 1 and Switch 2 use VRRP groups on each VRF instance in order that there is one MASTER and one backup router for each VRF In VRF 1 and VRF 2 Switch 2 serves as owner master of the VRRP group and Switch 1 ...

Page 925: ...nfo The VRID used by the VRRP group 11 in VRF 1 will be 177 S1 conf if te 1 1 vrid 101 priority 100 S1 conf if te 1 1 vrid 101 virtual address 10 10 1 2 S1 conf if te 1 1 no shutdown S1 conf interface TenGigabitEthernet 1 2 S1 conf if te 1 2 ip vrf forwarding VRF 2 S1 conf if te 1 2 ip address 10 10 1 6 24 S1 conf if te 1 2 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 2 will be 178...

Page 926: ... 3 S2 conf interface TenGigabitEthernet 1 1 S2 conf if te 1 1 ip vrf forwarding VRF 1 S2 conf if te 1 1 ip address 10 10 1 2 24 S2 conf if te 1 1 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if te 1 1 vrid 101 priority 255 S2 conf if te 1 1 vrid 101 virtual address 10 10 1 2 S2 conf if te 1 1 no shutdown S2 conf interface TenGigabitEthernet 1 2 S2 conf if te 1...

Page 927: ...e 1 1 no shutdown S1 conf if te 1 1 interface vlan 100 S1 conf if vl 100 ip vrf forwarding VRF 1 S1 conf if vl 100 ip address 10 10 1 5 24 S1 conf if vl 100 tagged TenGigabitethernet 1 1 S1 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S1 conf if vl 100 vrid 101 priority 100 S1 conf if vl 100 vrid 101 virtual address 10 10 1 2 S1 conf if vl 100 no shutdo...

Page 928: ...00 S2 conf if vl 100 ip vrf forwarding VRF 1 S2 conf if vl 100 ip address 10 10 1 2 24 S2 conf if vl 100 tagged TenGigabitethernet 1 1 S2 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if vl 100 vrid 101 priority 255 S2 conf if vl 100 vrid 101 virtual address 10 10 1 2 S2 conf if vl 100 no shutdown S2 conf if te 1 1 interface vlan 200 S2 conf if v...

Page 929: ...iority 100 Master 10 1 1 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 419 Gratuitous ARP sent 1 Virtual MAC address 00 00 5e 00 01 01 Virtual IP address 10 1 1 100 Authentication none Displaying VRRP in a VRF Configuration To display information on a VRRP group that is configured on an interface that belongs to a VRF instance use the following commands Disp...

Page 930: ...ss 00 00 5e 00 01 41 Virtual IP address 192 168 0 254 Authentication none VRRP for IPv6 Configuration This section shows VRRP IPv6 topology with CLI configurations Consider an example VRRP for IPv6 configuration in which the IPv6 VRRP group consists of two routers NOTE This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration Y...

Page 931: ...lready has MASTER status the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address Router 2 R2 conf interface tengigabitethernet 1 1 R2 conf if te 1 1 no ip address R2 conf if te 1 1 ipv6 address 1 1 64 R2 conf if te 1 1 vrrp group 10 Virtual Router Redundancy Protocol VRRP 931 ...

Page 932: ...cept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 135 Virtual MAC address 00 00 5e 00 02 0a Virtual IP address 1 10 fe80 10 NOTE Although R2 and R3 have the same default priority 100 R2 is elected master in the VRRPv3 group because the Tengigabitethernet 1 1 interface has a higher IPv6 address than the Tengigabitethernet 1 2 interface on R3 Router 3 R3 conf interface t...

Page 933: ...r AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 120 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 10 1 1 255 fe80 255 Dell Dell show vrrp vrf vrf1 vlan 400 Vlan 400 IPv6 VRID 255 Version 3 Net fe80 201 e8ff fe8a e9ed VRF 1 vrf1 State Master Priority 200 Master fe80 201 e8ff fe8a e9ed local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 10...

Page 934: ...P address 10 1 1 255 fe80 255 Dell show vrrp vrf vrf2 port channel 1 Port channel 1 IPv6 VRID 255 Version 3 Net fe80 201 e8ff fe8a fd76 VRF 2 vrf2 State Backup Priority 90 Master fe80 201 e8ff fe8a e9ed Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 548 Bad pkts rcvd 0 Adv sent 0 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 1...

Page 935: ...r example SDRAM flash NVRAM or EEPROM wherever possible Level 2 The full set of diagnostic tests Level 2 diagnostics are used primarily for on board Loopback tests and more extensive component diagnostics Various components on the board are put into Loopback mode and test packets are transmitted through those components These diagnostics also perform snake tests using VLAN configurations Important...

Page 936: ...stack unit txt 4 View the results of the diagnostic tests EXEC Privilege mode show file flash 5 View offline diagnostics show diag information or show diag stack unit Examples of Running Offline Diagnostics The following example shows how to take a Z Series stack unit offline Dell offline stack unit 0 Warning offline of stack unit will bring down all the protocols and the unit will be operationall...

Page 937: ...yes no yes 00 03 35 S50N 1 DIAGAGT 6 DA_DIAG_STARTED Starting diags on stack unit 1 00 03 35 Approximate time to complete these Diags 6 Min S50N 00 09 32 Diagnostic test results are stored on file flash TestReport SU 0 txt 00 09 37 S50N 0 DIAGAGT 6 DA_DIAG_DONE Diags finished on stack unit 0 Diags completed Rebooting the system now reboot output omitted S50N 00 01 35 STKUNIT0 M CP SYS 5 CONFIG_I C...

Page 938: ...u temperature read test FAIL Test 3 Psu Temperature Test FAIL TEST 4 PSU 0 Fan Speed 17441 RPM Test 4 000 Psu Fan Speed Monitor Test PASS diagS3240GetPsuOnStatus 580 ERROR PSU 1 is not present diagS3240PsuFanSpeedMonitorTest 378 ERROR Getting PSU 1 power status failed Test 4 001 Psu Fan Speed Monitor Test FAIL Test 4 Psu Fan Speed Monitor Test FAIL TEST 5 PSU 0 Source Type AC Test 5 000 Psu Source...

Page 939: ...nt Stack unit Member 7 Not present The following example shows the show diag stack unit command Dell show diag stackunit 0 Diag status of Stackunit member 0 Stackunit is currently offline Stackunit level2 diag issued at Thu Apr 09 2009 02 40 13 PM Current diag status Unit diags are done Duration of execution Total 8 min 11 sec Diagonostic test results located f10 flash TestReport SU 0 txt CPU Vers...

Page 940: ...eboots an Dell Networking OS switch router when a unit is unresponsive This is a last resort mechanism intended to prevent a manual power cycle show hardware Commands These commands display information from a hardware subcomponent and from hardware based feature tables NOTE Use the show hardware commands only under the guidance of the Dell Networking Technical Assistance Center TAC View internal i...

Page 941: ...ut going into the bShell show hardware stack unit 0 11 unit 0 1 execute shell cmd command View the Multicast IPMC replication table from the bShell show hardware stack unit 0 11 unit 0 1 ipmc replication View the internal statistics for each port pipe unit on per port basis show hardware stack unit 0 11 unit 0 1 port stats detail View the stack unit internal registers for each port pipe show hardw...

Page 942: ...81 113 Internal Internal 19 18 50 82 114 Internal Internal 20 19 51 83 115 Internal Internal 21 20 52 84 116 Internal Internal 22 21 53 85 117 Internal Internal 23 22 54 86 118 Internal Internal 24 23 55 87 119 Internal Internal 25 24 56 88 120 Internal Internal 26 25 57 89 121 Internal Internal 27 26 58 90 122 Internal Internal 28 27 59 91 123 Internal Internal 29 28 60 92 124 Internal Internal 3...

Page 943: ...ys the environment status of the RPM Example of the show interfaces transceiver Command Dell show interfaces RPM Environment Status Slot Status Temp Voltage 0 active 33C ok 1 not present Recognize an Over Temperature Condition An overtemperature condition occurs for one of two reasons the card genuinely is too hot or a sensor has malfunctioned To discover the cause inspect cards near the one repor...

Page 944: ...ARD_SHUTDOWN Major alarm Line card 2 down auto shutdown due to under voltage This message indicates that the specified card is not receiving enough power In response the system first shuts down Power over Ethernet PoE If the under voltage condition persists line cards are shut down then route processor modules RPMs Troubleshoot an Under Voltage Condition To troubleshoot an under voltage condition ...

Page 945: ...forwarding tables for hardware based lookup and forwarding decisions The 1G and 10G interfaces use different FPs You can tune buffers at three locations 1 CSF Output queues going from the CSF 2 FP Uplink Output queues going from the FP to the CSF IDP links 3 Front End Link Output queues going from the FP to the front end PHY All ports support eight queues four for data traffic and four for control...

Page 946: ...hat an interface can occupy The available packet pointers 2k per interface Each packet is managed in the buffer using a unique packet pointer Thus each interface can manage up to 2k packets You can configure dynamic buffers per port on both 1G and 10G FPs and per queue on CSFs By default the FP dynamic buffer allocation is 10 times oversubscribed For the 48 port 1G card Dynamic Pool Total Availabl...

Page 947: ... use the following commands NOTE Buffer profile queue 1 is not supported Use default buffer profile queue 4 Define a buffer profile for the FP queues CONFIGURATION mode buffer profile fp fsqueue Define a buffer profile for the CSF queues CONFIGURATION mode buffer profile csf csqueue Change the dedicated buffers on a physical 1G interface BUFFER PROFILE mode buffer dedicated Change the maximum numb...

Page 948: ...ERV 2 DSA_DEVICE_BUFFER_UNAVAILABLE Unable to allocate dedicated buffers for stack unit 0 port pipe 0 egress port 25 due to unavailability of cells Dell Networking OS Behavior When you remove a buffer profile using the no buffer profile fp csf command from CONFIGURATION mode the buffer profile name still appears in the output of the show buffer profile detail summary command After a line card rese...

Page 949: ...eneral types of network environments are sustained data transfers and voice data Dell Networking recommends a single queue approach for data transfers as shown in the following example Single Queue Application with Default Packet Pointers S50N Output buffer profile fp fsqueue fp buffer dedicated queue0 3 queue1 3 queue2 3 queue3 3 queue4 3 queue5 3 queue6 3 queue7 3 buffer dynamic 1256 buffer prof...

Page 950: ...rdware stack unit 0 7 unit 0 5 counters clear hardware stack unit 0 7 cpu data plane statistics clear hardware stack unit 0 7 cpu party bus statistics Displaying Drop Counters To display drop counters use the following commands Identify which stack unit port pipe and port is experiencing internal drops show hardware stack unit 0 7 drops unit 0 5 port 0 41 Display drop counters show hardware stack ...

Page 951: ...providing detailed RX TX packet statistics on a per queue basis The objective is to see whether CPU bound traffic is internal so called party bus or IPC traffic or network control traffic which the CPU must process Display input and output statistics on the party bus which carries inter process communication traffic between CPUs show hardware stack unit cpu party bus statistics Displaying Dataplan...

Page 952: ...smit statistics based on the selected command option Displaying Stack Unit Counters RIPC4 ge0 1 202 1 202 RUC ge0 1 224 1 217 RDBGC0 ge0 34 24 RDBGC1 ge0 366 235 RDBGC5 ge0 16 12 RDBGC7 ge0 18 12 GR64 ge0 5 176 24 GR127 ge0 1 566 1 433 GR255 ge0 4 4 GRPKT ge0 1 602 1 461 GRBYT ge0 117 600 106 202 GRMCA ge0 366 235 GRBCA ge0 12 9 GT64 ge0 4 3 GT127 ge0 964 964 GT255 ge0 4 4 GT511 ge0 1 1 GTPKT ge0 ...

Page 953: ...topped A mini core dump contains critical information in the event of a crash Mini core dump files are located in flash CORE_DUMP_DIR directory The kernel mini core filename format is f10StkUnit stack_unit_no kcore mini txt The panic string contains key information regarding the crash Several panic string types exist and they are displayed in regular english text to enable easier understanding of ...

Page 954: ... you do not set a threshold the system uses a default of 5 minute capture duration and or a single 1k file as the stopping point for the dump You can use the capture duration timer and the packet count counter at the same time The TCP dump stops when the first of the thresholds are met That means that even if the duration timer is 9000 seconds if the maximum file count parameter is met first the d...

Page 955: ...Cs IEEE Compliance The following is a list of IEEE compliance 802 1AB LLDP 802 1D Bridging STP 802 1p L2 Prioritization 802 1Q VLAN Tagging Double VLAN Tagging GVRP 802 1s MSTP 802 1w RSTP 802 1X Network Access Control Port Authentication 802 3ab Gigabit Ethernet 1000BASE T 802 3ac Frame Extensions for VLAN Tagging 802 3ad Link Aggregation with LACP 802 3ae 10 Gigabit Ethernet 10GBASE W 10GBASE X ...

Page 956: ...7 6 1 793 Transmission Control Protocol 7 6 1 854 Telnet Protocol Specification 7 6 1 959 File Transfer Protocol FTP 7 6 1 1321 The MD5 Message Digest Algorithm 7 6 1 1350 The TFTP Protocol Revision 2 7 6 1 1661 The Point to Point Protocol PPP 1989 PPP Link Quality Monitoring 1990 The PPP Multilink Protocol MP 1994 PPP Challenge Handshake Authentication Protocol CHAP 2460 Internationalization of t...

Page 957: ...ks 7 6 1 1191 Path MTU Discovery 7 6 1 1305 Network Time Protocol Version 3 Specification Implementation and Analysis 7 6 1 1519 Classless Inter Domain Routing CIDR an Address Assignment and Aggregation Strategy 7 6 1 1542 Clarifications and Extensions for the Bootstrap Protocol 7 6 1 1812 Requirements for IP Version 4 Routers 7 6 1 2131 Dynamic Host Configuration Protocol 7 6 1 2338 Virtual Route...

Page 958: ...Pv6 Global Unicast Address Format 7 8 1 4007 IPv6 Scoped Address Architecture 8 3 12 0 4291 Internet Protocol Version 6 IPv6 Addressing Architecture 7 8 1 4443 Internet Control Message Protocol ICMPv6 for the IPv6 Specification 7 8 1 4861 Neighbor Discovery for IPv6 8 3 12 0 4862 IPv6 Stateless Address Autoconfiguration 8 3 12 0 5175 IPv6 Router Advertisement Flags Option 8 3 12 0 Border Gateway P...

Page 959: ...entation of Autonomous System AS Numbers 8 1 2 draft ietf idrbgp4 20 A Border Gateway Protocol 4 BGP 4 7 8 1 draft ietf idrrestart 06 Graceful Restart Mechanism for BGP 7 8 1 Open Shortest Path First OSPF The following table lists the Dell Networking OS support per platform for OSPF protocol Table 68 Open Shortest Path First OSPF RFC Full Name S Series Z Series 1587 The OSPF Not So Stubby Area NSS...

Page 960: ...3784 Intermediate System to Intermediate System IS IS Extensions in Support of Generalized Multi Protocol Label Switching GMPLS 5120 MT ISIS Multi Topology MT Routing in Intermediate System to Intermediate Systems IS ISs 5306 Restart Signaling for IS IS 5308 Routing IPv6 with IS IS 8 3 10 0 draft ietf isis igpp2p over lan 06 Point to point operation over LAN in link state routing protocols draft k...

Page 961: ...2 for IPv6 3973 Protocol Independent Multicast Dense Mode PIM DM Protocol Specification Revised 4541 Considerations for Internet Group Management Protocol IGMP and Multicast Listener Discovery MLD Snooping Switches 7 6 1 IGMPv1 v2 draft ietf pim sm v2 new 05 Protocol Independent Multicast Sparse Mode PIM SM Protocol Specification Revised 7 8 1 PIM SM for IPv4 Network Management The following table...

Page 962: ...ion 2 Management Information Base 7 6 1 1901 Introduction to Community based SNMPv2 7 6 1 2011 SNMPv2 Management Information Base for the Internet Protocol using SMIv2 7 6 1 2012 SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2 7 6 1 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2 7 6 1 2024 Definitions of Managed Objects for D...

Page 963: ...curity Model USM for version 3 of the Simple Network Management Protocol SNMPv3 7 6 1 2575 View based Access Control Model VACM for the Simple Network Management Protocol SNMP 7 6 1 2576 Coexistence Between Version 1 Version 2 and Version 3 of the Internet standard Network Management Framework 7 6 1 2578 Structure of Management Information Version 2 SMIv2 7 6 1 2579 Textual Conventions for SMIv2 7...

Page 964: ...tions of Managed Objects for the Virtual Router Redundancy Protocol 7 6 1 2819 Remote Network Monitoring Management Information Base Ethernet Statistics Table Ethernet History Control Table Ethernet History Table Alarm Table Event Table Log Table 7 6 1 2863 The Interfaces Group MIB 7 6 1 2865 Remote Authentication Dial In User Service RADIUS 7 6 1 3273 Remote Network Monitoring Management Informat...

Page 965: ...witching MPLS Label Distribution Protocol LDP 4001 Textual Conventions for Internet Network Addresses 8 3 12 4292 IP Forwarding Table MIB 9 5 0 0 9 5 0 0 9 5 0 0 4750 OSPF Version 2 Management Information Base 9 5 0 0 9 5 0 0 9 5 0 0 4502 RMON v2 MIB 9 5 0 0 9 5 0 0 9 5 0 0 5060 Protocol Independent Multicast MIB 7 8 1 ANSI TIA 1057 The LLDP Management Information Base extension module for TIA TR4...

Page 966: ... Interface RESTAPI feature 9 2 0 0 9 2 0 0 9 2 0 0 IEEE 802 1AB Management Information Base module for LLDP configuration statistics local system data and remote systems data components 7 7 1 IEEE 802 1AB The LLDP Management Information Base extension module for IEEE 802 1 organizationally defined discovery information LLDP DOT1 MIB and LLDP DOT3 MIB 7 7 1 IEEE 802 1AB The LLDP Management Informat...

Page 967: ...omous system of the next hop multiple next hop support and policy routing support FORCE10 CS CHASSIS MIB Force10 C Series Enterprise Chassis MIB FORCE10 IF EXTENSION MIB Force10 Enterprise IF Extension MIB extends the Interfaces portion of the MIB 2 RFC 1213 by providing proprietary SNMP OIDs for other counters displayed in the show interfaces output 7 6 1 FORCE10 LINKAGG MIB Force10 Enterprise Li...

Page 968: ...IB Location You can find Force10 MIBs under the Force10 MIBs subhead on the Documentation page of iSupport https www force10networks com CSPortal20 KnowledgeBase Documentation aspx You also can obtain a list of selected MIBs and their OIDs at the following URL https www force10networks com CSPortal20 Main Login aspx Some pages of iSupport require a login To request an iSupport account go to https ...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands