Dell S4048T Скачать руководство пользователя страница 930

Страница: 930 / 1277

Configuring Host-Based SSH Authentication

Authenticate a particular host. This method uses SSH version 2.
To configure host-based authentication, use the following commands.

Configure RSA Authentication. Refer to

Using RSA Authentication of SSH

2 Create

shosts

by copying the public RSA key to the file

shosts

in the directory

.ssh

, and write the IP

address of the host to the file.

cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts

Refer to the first example.

3 Create a list of IP addresses and usernames that are permitted to SSH in a file called

rhosts

Refer to the second example.

4 Copy the file

shosts

and

rhosts

to the Dell Networking system.

5 Disable password authentication and RSA authentication, if configured

CONFIGURATION mode or EXEC Privilege mode

no ip ssh password-authentication

no ip ssh rsa-authentication

6 Enable host-based authentication.

CONFIGURATION mode

ip ssh hostbased-authentication enable

Bind

shosts

and

rhosts

to host-based authentication.

CONFIGURATION mode

ip ssh pub-key-file flash:

//filename

ip ssh rhostsfile flash:

//filename

Examples of Creating

shosts

and

rhosts

The following example shows creating

shosts

admin@Unix_client# cd /etc/ssh

admin@Unix_client# ls

moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.pub

ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_key

ssh_host_rsa_key

admin@Unix_client# cat ssh_host_rsa_key.pub

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8K7jLZRVfjgHJzUOmXxuIbZx/

AyWhVgJDQh39k8v3e8eQvLnHBIsqIL8jVy1QHhUeb7GaDlJVEDAMz30myqQbJgXBBRTWgBpLWwL/

doyUXFufjiL9YmoVTkbKcFmxJEMkE3JyHanEi7hg34LChjk9hL1by8cYZP2kYS2lnSyQWk=

admin@Unix_client# ls

id_rsa id_rsa.pub shosts

admin@Unix_client# cat shosts

10.16.127.201, ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8K7jLZRVfjgHJzUOmXxuIbZx/AyW

hVgJDQh39k8v3e8eQvLnHBIsqIL8jVy1QHhUeb7GaDlJVEDAMz30myqQbJgXBBRTWgBpLWwL/

doyUXFufjiL9YmoVTkbKcFmxJEMkE3JyHanEi7hg34LChjk9hL1by8cYZP2kYS2lnSyQWk=

Security

930

Содержание S4048T

Страница 1: ...Dell Configuration Guide for the S4048T ON System 9 10 0 1 ...

Страница 2: ... the problem WARNING A WARNING indicates a potential for property damage personal injury or death 2016 Dell Inc All rights reserved This product is protected by U S and international copyright and intellectual property laws Dell and the Dell logo are trademarks of Dell Inc in the United States and or other jurisdictions All other marks and names mentioned herein may be trademarks of their respecti...

Страница 3: ... Accessing the CLI Interface and Running Scripts Using SSH 52 Entering CLI commands Using an SSH Connection 52 Executing Local CLI Scripts Using an SSH Connection 53 Default Configuration 53 Configuring a Host Name 53 Accessing the System Remotely 54 Accessing the System Remotely 54 Configure the Management Port IP Address 54 Configure a Management Route 55 Configuring a Username and Password 55 C...

Страница 4: ...Buffer and the Logging Configuration 76 Setting Up a Secure Connection to a Syslog Server 77 Sending System Messages to a Syslog Server 78 Track Login Activity 78 Restrictions for Tracking Login Activity 79 Configuring Login Activity Tracking 79 Display Login Statistics 79 Limit Concurrent Login Sessions 81 Restrictions for Limiting the Number of Concurrent Sessions 81 Configuring Concurrent Sessi...

Страница 5: ...96 5 802 1ag 99 Ethernet CFM 99 Maintenance Domains 100 Maintenance Points 101 Maintenance End Points 101 Implementation Information 102 Configuring the CFM 102 Related Configuration Tasks 103 Enable Ethernet CFM 103 Creating a Maintenance Domain 103 Creating a Maintenance Association 104 Create Maintenance Points 104 Creating a Maintenance End Point 104 Creating a Maintenance Intermediate Point 1...

Страница 6: ...ring ACL VLAN Groups 131 Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters 132 Configuring ACL VLAN Groups 132 Configuring FP Blocks for VLAN Parameters 133 Viewing CAM Usage 134 Allocating FP Blocks for VLAN Processes 135 8 Access Control Lists ACLs 137 IP Access Control Lists ACLs 138 CAM Usage 139 Implementing ACLs on Dell Networking OS 140 Important Points to Remember 1...

Страница 7: ...nfiguring ACL Logging 168 Configuring ACL Logging 168 Flow Based Monitoring Support for ACLs 169 Behavior of Flow Based Monitoring 169 Enabling Flow Based Monitoring 171 Configuring UDF ACL 172 9 Bidirectional Forwarding Detection BFD 176 How BFD Works 176 BFD Packet Format 178 BFD Sessions 180 BFD Three Way Handshake 180 Session State Changes 182 Important Points to Remember 182 Configure BFD 183...

Страница 8: ... MIB 224 Important Points to Remember 224 Configuration Information 225 BGP Configuration 226 Enabling BGP 227 Configuring AS4 Number Representations 230 Configuring Peer Groups 232 Configuring BGP Fast Fall Over 235 Configuring Passive Peering 236 Maintaining Existing AS Numbers During an AS Migration 237 Allowing an AS Number to Appear in its Own AS Path 238 Enabling Graceful Restart 239 Enablin...

Страница 9: ...Continue 262 Enabling MBGP Configurations 263 BGP Regular Expression Optimization 263 Debugging BGP 264 Storing Last and Bad PDUs 265 Capturing PDUs 266 PDU Counters 267 Sample Configurations 267 11 Content Addressable Memory CAM 274 CAM Allocation 274 Test CAM Usage 276 View CAM ACL Settings 277 View CAM Usage 279 CAM Optimization 279 Troubleshoot CAM Profiling 279 QoS CAM Region Limitation 279 1...

Страница 10: ...d Packets 309 Configuration Example for DSCP and PFC Priorities 310 Using PFC to Manage Converged Ethernet Traffic 311 Configure Enhanced Transmission Selection 311 ETS Prerequisites and Restrictions 311 Creating an ETS Priority Group 312 ETS Operation with DCBx 313 Configuring Bandwidth Allocation for DCBx CIN 314 Configuring ETS in a DCB Map 315 Hierarchical Scheduling in ETS Output Policies 316...

Страница 11: ...351 Configure the System to be a DHCP Client 353 Configuring the DHCP Client System 354 DHCP Client on a Management Interface 355 DHCP Client Operation with Other Features 356 Configure the System for User Port Stacking Option 230 357 Configure Secure DHCP 357 Option 82 357 DHCP Snooping 358 Drop DHCP Packets on Snooped VLANs Only 362 Dynamic ARP Inspection 362 Configuring Dynamic ARP Inspection 3...

Страница 12: ...Value 384 Configure a Port for a Bridge to Bridge Link 385 Configure a Port for a Bridge to FCF Link 385 Impact on Other Software Features 385 FIP Snooping Restrictions 386 Configuring FIP Snooping 386 Displaying FIP Snooping Information 387 FCoE Transit Configuration Example 393 17 FIPS Cryptography 395 Configuration Tasks 395 Preparing the System 396 Enabling FIPS Mode 396 Generating Host Keys 3...

Страница 13: ...416 RPM Redundancy 417 20 High Availability HA 418 Component Redundancy 418 Automatic and Manual Stack Unit Failover 419 Synchronization between Management and Standby Units 420 Forcing an Stack Unit Failover 420 Specifying an Auto Failover Limit 420 Disabling Auto Reboot 421 Manually Synchronizing Management and Standby Units 421 Pre Configuring a Stack Unit Slot 421 Removing a Provisioned Logica...

Страница 14: ...and Disabling Management Egress Interface Selection 442 Handling of Management Route Configuration 444 Handling of Switch Initiated Traffic 444 Handling of Switch Destined Traffic 445 Handling of Transit Traffic Traffic Separation 446 Mapping of Management Applications and Traffic Type 446 Behavior of Various Applications for Switch Initiated Traffic 447 Behavior of Various Applications for Switch...

Страница 15: ...Interface to a Port Channel 467 Reassigning an Interface to a New Port Channel 469 Configuring the Minimum Oper Up Links in a Port Channel 470 Adding or Removing a Port Channel from a VLAN 470 Assigning an IP Address to a Port Channel 472 Deleting or Disabling a Port Channel 472 Load Balancing Through Port Channels 472 Changing the Hash Algorithm 473 Bulk Configuration 473 Interface Range 473 Bulk...

Страница 16: ... Addresses 498 Assigning IP Addresses to an Interface 499 Configuring Static Routes 500 Configure Static Routes for the Management Interface 501 IPv4 Path MTU Discovery Overview 501 Using the Configured Source IP Address in ICMP Messages 502 Configuring the ICMP Source Interface 502 Configuring the Duration to Establish a TCP Connection 503 Enabling Directed Broadcast 503 Resolution of Host Names ...

Страница 17: ...n 519 IPv6 Headers 520 IPv6 Header Fields 520 Extension Header Fields 522 Addressing 523 Implementing IPv6 with Dell Networking OS 524 ICMPv6 527 Path MTU Discovery 527 IPv6 Neighbor Discovery 528 IPv6 Neighbor Discovery of MTU Packets 529 Configuration Task List for IPv6 RDNSS 529 Configuring the IPv6 Recursive DNS Server 530 Debugging IPv6 RDNSS Information Sent to the Host 530 Displaying IPv6 R...

Страница 18: ...SI Optimization 548 Default iSCSI Optimization Values 549 iSCSI Optimization Prerequisites 549 Configuring iSCSI Optimization 549 Displaying iSCSI Optimization Information 552 27 Intermediate System to Intermediate System 554 IS IS Protocol Overview 554 IS IS Addressing 555 Multi Topology IS IS 555 Transition Mode 556 Interface Support 556 Adjacencies 556 Graceful Restart 556 Timers 557 Implementa...

Страница 19: ...8 Configure a LAG on ALPHA 588 29 Layer 2 597 Manage the MAC Address Table 597 Clearing the MAC Address Table 597 Setting the Aging Time for Dynamic Entries 597 Configuring a Static MAC Address 598 Displaying the MAC Address Table 598 MAC Learning Limit 598 Setting the MAC Learning Limit 599 mac learning limit Dynamic 599 mac learning limit mac address sticky 600 mac learning limit station move 60...

Страница 20: ...ewing the LLDP Configuration 626 Viewing Information Advertised by Adjacent LLDP Agents 626 Configuring LLDPDU Intervals 627 Configuring Transmit and Receive Mode 628 Configuring the Time to Live Value 629 Debugging LLDP 630 Relevant Management Objects 631 31 Microsoft Network Load Balancing 637 NLB Unicast Mode Scenario 637 NLB Multicast Mode Scenario 638 Limitations of the NLB Feature 638 Micros...

Страница 21: ...looding 663 Specifying the RP Address Used in SA Messages 663 MSDP Sample Configurations 666 33 Multiple Spanning Tree Protocol MSTP 669 Protocol Overview 669 Spanning Tree Variations 671 Implementation Information 671 Configure Multiple Spanning Tree Protocol 671 Related Configuration Tasks 671 Enable Multiple Spanning Tree Globally 672 Adding and Removing Interfaces 672 Creating Multiple Spannin...

Страница 22: ...v3 708 Protocol Overview 708 Autonomous System AS Areas 709 Area Types 710 Networks and Neighbors 710 Router Types 710 Designated and Backup Designated Routers 712 Link State Advertisements LSAs 713 Router Priority and Cost 714 OSPF with Dell Networking OS 715 Graceful Restart 716 Fast Convergence OSPFv2 IPv4 Only 717 Multi Process OSPFv2 with VRF 717 OSPF ACK Packing 718 Setting OSPF Adjacency wi...

Страница 23: ... 770 Apply a Redirect list to an Interface using a Redirect group 772 Sample Configuration 774 Create the Redirect List GOLDAssign Redirect List GOLD to Interface 2 11View Redirect List GOLD 775 38 PIM Sparse Mode PIM SM 779 Implementation Information 779 Protocol Overview 779 Requesting Multicast Traffic 779 Refuse Multicast Traffic 780 Send Multicast Traffic 780 Configuring PIM SM 781 Related Co...

Страница 24: ... a typical Dell Networking OS 806 Decapsulation of ERPM packets at the Destination IP Analyzer 807 41 Private VLANs PVLAN 809 Private VLAN Concepts 809 Using the Private VLAN Commands 810 Configuration Task List 811 Creating PVLAN ports 812 Creating a Primary VLAN 813 Creating a Community VLAN 814 Creating an Isolated VLAN 814 Private VLAN Configuration Example 816 Inspecting the Private VLAN Conf...

Страница 25: ...ofiles 853 Applying a WRED Profile to Traffic 854 Displaying Default and Configured WRED Profiles 854 Displaying WRED Drop Statistics 854 Displaying egress queue Statistics 855 Pre Calculating Available QoS CAM Space 855 Configuring Weights and ECN for WRED 856 Global Service Pools With WRED and ECN Settings 857 Configuring WRED and ECN Attributes 858 Guidelines for Configuring ECN for Classifying...

Страница 26: ...iguring RMON Collection Statistics 890 Configuring the RMON Collection History 890 46 Rapid Spanning Tree Protocol RSTP 892 Protocol Overview 892 Configuring Rapid Spanning Tree 892 Related Configuration Tasks 892 Important Points to Remember 893 RSTP and VLT 893 Configuring Interfaces for Layer 2 Mode 893 Enabling Rapid Spanning Tree Protocol Globally 894 Adding and Removing Interfaces 896 Modify...

Страница 27: ...a Software Image 924 Removing the RSA Host Keys and Zeroizing Storage 926 Configuring When to Re generate an SSH Key 926 Configuring the SSH Server Key Exchange Algorithm 926 Configuring the HMAC Algorithm for the SSH Server 927 Configuring the SSH Server Cipher List 928 Secure Shell Authentication 928 Troubleshooting SSH 931 Telnet 931 VTY Line and Access Class Configuration 932 VTY Line Local Au...

Страница 28: ...ol Tunneling 966 Specifying a Destination MAC Address for BPDUs 966 Setting Rate Limit BPDUs 966 Debugging Layer 2 Protocol Tunneling 967 Provider Backbone Bridging 967 50 sFlow 969 Overview 969 Implementation Information 970 Important Points to Remember 970 Enabling Extended sFlow 971 Enabling and Disabling sFlow on an Interface 972 Enabling sFlow Max Header Size Extended 972 sFlow Show Commands ...

Страница 29: ...Startup Config Files to the Server via TFTP 995 Copy a Binary File to the Startup Configuration 996 Additional MIB Objects to View Copy Statistics 996 Obtaining a Value for MIB Objects 997 MIB Support to Display the Available Memory Size on Flash 998 Viewing the Available Flash Memory Size 998 MIB Support to Display the Software Core Files Generated by the System 999 Viewing the Software Core File...

Страница 30: ... Stack 1033 Managing Redundancy on a Stack 1034 Resetting a Unit on a Stack 1034 Enabling Mixed mode Stacking 1035 Verify a Stack Configuration 1035 Displaying the Status of Stacking Ports 1035 Remove Units or Front End Ports from a Stack 1037 Removing a Unit from a Stack 1037 Removing Front End Port Stacking 1038 Troubleshoot a Stack 1039 Recover from Stack Link Flaps 1039 Recover from a Card Pro...

Страница 31: ... 1063 Configuring SupportAssist Manually 1063 Configuring SupportAssist Activity 1065 Configuring SupportAssist Company 1067 Configuring SupportAssist Person 1068 Configuring SupportAssist Server 1069 Viewing SupportAssist Configuration 1069 56 System Time and Date 1072 Network Time Protocol 1072 Protocol Overview 1073 Configure the Network Time Protocol 1074 Enabling NTP 1074 Configuring NTP Broa...

Страница 32: ...re Detection 1096 59 Upgrade Procedures 1098 Get Help with Upgrades 1098 60 Virtual LANs VLANs 1099 Default VLAN 1100 Port Based VLANs 1100 VLANs and Port Tagging 1101 Configuration Task List 1101 Creating a Port Based VLAN 1102 Assigning Interfaces to a VLAN 1102 Moving Untagged Interfaces 1104 Assigning an IP Address to a VLAN 1105 Configuring Native VLANs 1105 Enabling Null VLAN as the Default ...

Страница 33: ...nfiguration Example 1143 eVLT Configuration Step Examples 1144 PIM Sparse Mode Configuration Example 1146 Verifying a VLT Configuration 1147 Additional VLT Sample Configurations 1150 Troubleshooting VLT 1152 Reconfiguring Stacked Switches as VLT 1154 Specifying VLT Nodes in a PVLAN 1154 Association of VLTi as a Member of a PVLAN 1155 MAC Synchronization for VLT Nodes in a PVLAN 1156 PVLAN Operatio...

Страница 34: ...nfiguring and Controlling VXLAN from the NVP Controller GUI 1178 Configuring VxLAN Gateway 1181 Connecting to an NVP Controller 1181 Advertising VXLAN Access Ports to Controller 1182 Displaying VXLAN Configurations 1184 VXLAN Service nodes for BFD 1185 Examples of the show bfd neighbors command 1185 64 Virtual Routing and Forwarding VRF 1186 VRF Overview 1186 VRF Configuration Notes 1187 DHCP 1190...

Страница 35: ...tics 1237 Trace Logs 1241 Auto Save on Crash or Rollover 1241 Last Restart Reason 1241 Hardware Watchdog Timer 1241 Using the Show Hardware Commands 1242 Enabling Environmental Monitoring 1243 Recognize an Overtemperature Condition 1244 Troubleshoot an Over temperature Condition 1245 Recognize an Under Voltage Condition 1245 Troubleshoot an Under Voltage Condition 1246 Buffer Tuning 1247 Deciding ...

Страница 36: ...rotocols 1264 General IPv4 Protocols 1265 General IPv6 Protocols 1267 Border Gateway Protocol BGP 1269 Open Shortest Path First OSPF 1270 Intermediate System to Intermediate System IS IS 1270 Routing Information Protocol RIP 1271 Multicast 1271 Network Management 1272 MIB Location 1277 9 10 0 1 36 ...

Страница 37: ...instructions in this guide cite relevant RFCs The Standards Compliance chapter contains a complete list of the supported RFCs and management information base files MIBs Topics Audience Conventions Related Documents Audience This document is intended for system administrators who are responsible for configuring and maintaining networks and assumes knowledge in Layer 2 L2 and Layer 3 L3 networking t...

Страница 38: ... about the Dell Networking switches see the following documents Dell Networking OS Command Line Reference Guide Dell Networking OS Installation Guide Dell Networking OS Quick Start Guide Dell Networking OS Release Notes About this Guide 38 ...

Страница 39: ...ion NOTE Due to differences in hardware architecture and continued system development features may occasionally differ between the platforms Differences are noted in each CLI description and related documentation Topics Accessing the Command Line CLI Modes The do Command Undoing Commands Obtaining Help Entering and Editing Commands Command History Filtering show Command Outputs Multiple Users in C...

Страница 40: ...ure security features time settings set logging and SNMP functions configure static ARP and MAC addresses and set line cards on the system Beneath CONFIGURATION mode are submodes that apply to interfaces protocols and features The following example shows the submode command structure Two sub CONFIGURATION modes are important when configuring the chassis for the first time INTERFACE submode is the ...

Страница 41: ... ADDRESS FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE SUPPORTASSIST TRACE LIST VLT DOMAIN VRRP UPLINK STATE GROUP uBoot Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode The following table lists the CLI mode its prompt and information about how to access and exit the CLI mode Move linearly through the command modes except for the end command which ta...

Страница 42: ...group interface INTERFACE modes Interface Range Dell conf if range interface INTERFACE modes Loopback Interface Dell conf if lo 0 interface INTERFACE modes Management Ethernet Interface Dell conf if ma 1 1 interface INTERFACE modes Null Interface Dell conf if nu 0 interface INTERFACE modes Port channel Interface Dell conf if po 1 interface INTERFACE modes Tunnel Interface Dell conf if tu 1 interfa...

Страница 43: ...uter_bgp_af for IPv4 Dell conf routerZ_bgpv6_af for IPv6 address family ipv4 multicast ipv6 unicast ROUTER BGP Mode ROUTER ISIS Dell conf router_isis router isis ISIS ADDRESS FAMILY Dell conf router_isis af_ipv6 address family ipv6 unicast ROUTER ISIS Mode ROUTER OSPF Dell conf router_ospf router ospf ROUTER OSPFV3 Dell conf ipv6router_ospf ipv6 router ospf ROUTER RIP Dell conf router_rip router r...

Страница 44: ... group PRIORITY GROUP Dell conf pg priority group PROTOCOL GVRP Dell config gvrp protocol gvrp QOS POLICY Dell conf qos policy out ets qos policy output SUPPORTASSIST Dell support assist support assist VLT DOMAIN Dell conf vlt domain vlt domain VRRP Dell conf if interface type slot port vrid vrrp group id vrrp group u Boot Dell Press any key when the following line appears on the console during a ...

Страница 45: ...sent Power Supplies Unit Bay Status Type FanStatus FanSpeed rpm 1 1 up AC absent 0 1 2 absent absent 0 Fan Status Unit Bay TrayStatus Fan0 Speed Fan1 Speed 1 1 up up 0 up 0 1 2 up up 0 up 0 1 3 up up 0 up 0 Speed in RPM Undoing Commands When you enter a command the command line is added to the running configuration file running config To disable a command and remove it from the running config ente...

Страница 46: ...anage the system clock Enter after a partial keyword lists all of the keywords that begin with the specified letters Dell conf cl class map clock Dell conf cl Enter space after a keyword lists all of the keywords that can follow the specified keyword Dell conf clock summer time Configure summer daylight savings time timezone Configure time zone Dell conf clock Entering and Editing Commands Notes f...

Страница 47: ...commands in the history buffer after recalling commands with CTRL P or the UP arrow key CNTL P Recalls commands beginning with the last command CNTL R Re enters the previous command CNTL U Deletes the line CNTL W Deletes the previous word CNTL X Deletes the line CNTL Z Ends continuous scrolling of command outputs Esc B Moves the cursor back one word Esc F Moves the cursor forward one word Esc D De...

Страница 48: ...combination with the show system brief command Example of the grep Keyword Dell conf do show system brief grep 0 0 not present NOTE Dell Networking OS accepts a space or no space before and after the pipe To filter a phrase with spaces underscores or ranges enclose the phrase with double quotation marks The except keyword displays text that does not match the specified text The following example s...

Страница 49: ...name type of connection console or VTY and in the case of a VTY connection the IP address of the terminal on which the connection was established For example On the system that telnets into the switch this message appears Warning The following users are currently configuring the system User username on line console0 On the system that is connected over the console this message appears Warning User...

Страница 50: ...e console monitor displays the EXEC mode prompt For details about using the command line interface CLI refer to the Accessing the Command Line section in the Configuration Fundamentals chapter Topics Console Access Accessing the CLI Interface and Running Scripts Using SSH Default Configuration Configuring a Host Name Accessing the System Remotely Configuring the Enable Password Configuration File ...

Страница 51: ...ng the Console Port To access the console port follow these steps For the console port pinout refer to Accessing the RJ 45 Console Port with a DB 9 Adapter 1 Install an RJ 45 copper cable into the console port Use a rollover crossover cable to connect the S4810 console port to a terminal server 2 Connect the other end of the cable to the DTE terminal server 3 Terminal settings on the console port ...

Страница 52: ... 6 3 3 TxD NC 7 2 4 DTR CTS 8 1 7 RTS Accessing the CLI Interface and Running Scripts Using SSH In addition to the capability to access a device using a console connection or a Telnet session you can also use SSH for secure protected communication with the device You can open an SSH session and run commands or script files This method of connectivity is supported with S4810 S4048 ON S3048 ON S4820...

Страница 53: ...ctive command in the SSH session the behavior may not really be interactive In some cases when you use an SSH session when certain show commands such as show tech support produce large volumes of output sometimes few characters from the output display are truncated and not displayed This may cause one of the commands to fail for syntax error In such cases if you add few newline characters before t...

Страница 54: ...motely Configuring the system for remote access is a three step process as described in the following topics 1 Configure an IP address for the management port Configure the Management Port IP Address 2 Configure a management route with a default gateway Configure a Management Route 3 Configure a username and password Configure a Username and Password Configure the Management Port IP Address To acc...

Страница 55: ...llowing command Configure a username and password to access the system remotely CONFIGURATION mode username username password encryption type password encryption type specifies how you are inputting the password is 0 by default and is not required 0 is for inputting the password in clear text 7 is for inputting a password that is already encrypted using a Type 7 hash Obtaining the encrypted passwo...

Страница 56: ...tax for copying files is similar to UNIX The copy command uses the format copy source file url destination file url NOTE For a detailed description of the copy command refer to the Dell Networking OS Command Reference To copy a local file to a remote system combine the file origin syntax for a local file location with the file destination syntax for a remote file location To copy a remote file to ...

Страница 57: ...le system This file system is visible on the device and you can execute all file commands that are available on conventional file systems such as a Flash file system Before executing any CLI command to perform file operations you must first mount the NFS file system to a mount point on the device Since multiple mount points exist on a device it is mandatory to specify the mount point to which you ...

Страница 58: ...e name test c User name to login remote host username Example of Logging in to Copy from NFS Mount Dell copy nfsmount test flash Destination file name test test2 5592 bytes successfully copied Dell Dell copy nfsmount test txt ftp 10 16 127 35 Destination file name test txt User name to login remote host username Password to login remote host Example of Copying to NFS Mount Dell copy flash test txt...

Страница 59: ...onfig ftp username password hostip hostname filepath filename Save the running configuration to a TFTP server EXEC Privilege mode copy running config tftp hostip hostname filepath filename Save the running configuration to an SCP server EXEC Privilege mode copy running config scp hostip hostname filepath filename NOTE When copying to a server a host name can only be used if a DNS server is configu...

Страница 60: ...iag 12 rw 7276 Jul 20 2007 01 52 40 startup config bak 13 rw 7341 Jul 20 2007 15 34 46 startup config 14 rw 27674906 Jul 06 2007 19 52 22 boot image 15 rw 27674906 Jul 06 2007 02 23 22 boot flash More View Configuration Files Configuration files have three commented lines at the beginning of the file as shown in the following example to help you track the last time any user made a change to the fi...

Страница 61: ...ssed and write memory compressed The compressed configuration will group all the similar looking configuration thereby reducing the size of the configuration For this release the compression will be done only for interface related configuration VLAN physical interfaces The following table describes how the standard and the compressed configuration differ Table 6 Standard and Compressed Configurati...

Страница 62: ...1 1 16 shutdown interface Vlan 2 no ip address no shutdown interface Vlan 3 tagged te 1 1 no ip address shutdown Interface group TenGigabitEthernet 1 2 4 TenGigabitEthernet 1 10 no ip address shutdown interface TenGigabitEthernet 1 34 ip address 2 1 1 1 16 shutdown interface group Vlan 2 Vlan 100 no ip address no shutdown interface group Vlan 3 5 tagged te 1 1 no ip address shutdown interface Vlan...

Страница 63: ...the startup config file in the compressed mode In stacking scenario it will also take care of syncing it to all the standby and member units The following is the sample output Dell write memory compressed Jul 30 08 50 26 STKUNIT0 M CP FILEMGR 5 FILESAVED Copied running config to startup config in flash by default copy compressed config Copy one file after optimizing and reducing the size of the co...

Страница 64: ... or memory To change the default directory use the following command Change the default directory EXEC Privilege mode cd directory Enabling Software Features on Devices Using a Command Option The capability to activate software applications or components on a device using a command is supported on this platform Starting with Release 9 4 0 0 you can enable or disable specific software features or a...

Страница 65: ...r to the following Feature State VRF Enabled View Command History The command history trace feature captures all commands entered by all users of the system with a time stamp and writes these messages to a dedicated trace log buffer The system generates a trace message for each executed command No password information is saved to the file To view the command history trace use the show command hist...

Страница 66: ...ou can include the published hash in the verify md5 sha256 command which displays whether it matches the calculated hash of the indicated file To validate a software image 1 Download Dell Networking OS software image file from the iSupport page to the local FTP or TFTP server The published hash for that file displays next to the software image file on the iSupport page 2 Go on to the Dell Networki...

Страница 67: ...ter the keyword startup config To copy a file on the USB device enter usbflash followed by the filename In the Dell Networking OS release 9 8 0 0 HTTP services support the VRF aware functionality If you want the HTTP server to use a VRF table that is attached to an interface configure that HTTP server to use a specific routing table You can use the ip http vrf command to inform the HTTP server to ...

Страница 68: ...le an HTTP client to look up the VRF table corresponding to either management VRF or any nondefault VRF use the ip http vrf command in CONFIGURATION mode Configure an HTTP client with a VRF that is used to connect to the HTTP server CONFIGURATION MODE Dell conf ip http vrf management vrf name Getting Started 68 ...

Страница 69: ...meout for EXEC Privilege Mode Using Telnet to get to Another Network Device Lock CONFIGURATION Mode Restoring the Factory Default Settings Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line There are 16 privilege levels of which three are pre defined The default privilege level is 1 Level Description Level 0 Access to the system begins at EXEC ...

Страница 70: ...EC Privilege Mode to EXEC Mode To move a command from EXEC Privilege to EXEC mode for a privilege level use the privilege exec command from CONFIGURATION mode In the command specify the privilege level of the user or terminal line and specify all keywords in the command to which you want to allow access Allowing Access to CONFIGURATION Mode Commands To allow access to CONFIGURATION mode use the pr...

Страница 71: ...imum of privilege level 4 moves the capture bgp pdu max buffer size command from EXEC Privilege to EXEC mode by requiring a minimum privilege level 3 which is the configured level for VTY 0 allows access to CONFIGURATION mode with the banner command allows access to INTERFACE tengigabitethernet and LINE modes are allowed with no commands Remove a command from the list of available commands in EXEC...

Страница 72: ...erface to configure line Configure a terminal line linecard Set line card type Dell conf interface fastethernet Fast Ethernet interface gigabitethernet Gigabit Ethernet interface loopback Loopback interface managementethernet Management Ethernet interface null Null interface port channel Port channel interface range Configure interface range sonet SONET interface tengigabitethernet TenGigabit Ethe...

Страница 73: ...nd 15 access to the system begins at EXEC mode but the prompt is hostname rather than hostname Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages By default Dell Networking OS logs these messages on the internal buffer console and terminal lines any configured syslog servers To disable logging use the following commands Disable all logging except...

Страница 74: ...following User logins to the switch System events for network issues or system issues Users making configuration changes The switch logs who made the configuration changes and the date and time of the change However each specific change on the configuration is not logged Only that the configuration was modified is logged with the user ID date and time of the change Uncontrolled shutdown Security L...

Страница 75: ...e show logging auditlog Command For information about the logging extended command see Enabling Audit and Security Logs Dell show logging auditlog May 12 12 20 25 Dell CLI 6 logging extended by admin from vty0 10 14 1 98 May 12 12 20 42 Dell CLI 6 configure terminal by admin from vty0 10 14 1 98 May 12 12 20 42 Dell CLI 6 service timestamps log datetime by admin from vty0 10 14 1 98 Example of the...

Страница 76: ...e card 0 present CHMGR 5 CARDDETECTED Line card 2 present CHMGR 5 CARDDETECTED Line card 4 present CHMGR 5 CARDDETECTED Line card 5 present CHMGR 5 CARDDETECTED Line card 8 present CHMGR 5 CARDDETECTED Line card 10 present CHMGR 5 CARDDETECTED Line card 12 present TSM 6 SFM_DISCOVERY Found SFM 0 TSM 6 SFM_DISCOVERY Found SFM 1 TSM 6 SFM_DISCOVERY Found SFM 2 TSM 6 SFM_DISCOVERY Found SFM 3 TSM 6 S...

Страница 77: ... the port forwarding to securely connect to a syslog server Figure 2 Setting Up a Secure Connection to a Syslog Server Pre requisites To configure a secure connection from the switch to the syslog server 1 On the switch enable the SSH server Dell conf ip ssh server enable Management 77 ...

Страница 78: ...erhards and Adiscon GmbH March 2009 obsoletes RFC 3164 and RFC 5426 Transmission of Syslog Messages over UDP Specify the server to which you want to send system messages You can configure up to eight syslog servers CONFIGURATION mode logging ip address ipv6 address hostname udp port tcp port You can export system logs to an external server that is connected through a different VRF Track Login Acti...

Страница 79: ...tional Configure the number of days for which the system stores the user login statistics The range is from 1 to 30 CONFIGURATION mode login statistics time period days Example of Configuring Login Activity Tracking The following example enables login activity tracking The system stores the login activity details for the last 30 days Dell config login statistics enable The following example enable...

Страница 80: ...ogin 0 Unsuccessful login attempt s in last 30 day s 3 Successful login attempt s in last 30 day s 2 User admin2 Last login time 12 49 27 UTC Tue Mar 22 2016 Last login location Line vty0 10 16 127 145 Unsuccessful login attempt s since the last successful login 0 Unsuccessful login attempt s in last 30 day s 3 Successful login attempt s in last 30 day s 2 User admin3 Last login time 13 18 42 UTC ...

Страница 81: ...were 4 successful login attempt s for user admin in last 30 day s Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY auxiliary and console lines You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions By default you can use all 10 VTY lines one console line and o...

Страница 82: ...ons The following example enables you to clear your existing login sessions Dell config login concurrent session clear line enable Example of Clearing Existing Sessions When you try to log in the following message appears with all your existing concurrent sessions providing an option to close any one of the existing sessions telnet 10 11 178 14 Trying 10 11 178 14 Connected to 10 11 178 14 Escape ...

Страница 83: ...Configuration Task List for System Log Management There are two configuration tasks for system log management Disable System Logging Send System Messages to a Syslog Server Disabling System Logging By default logging is enabled and log messages are sent to the logging buffer all terminal lines the console and the syslog servers To disable system logging use the following commands Disable all loggi...

Страница 84: ...adding the following lines to etc syslog conf on the UNIX system and assigning write permissions to the file Add line on a 4 1 BSD UNIX system local7 debugging var log ftos log Add line on a 5 7 SunOS UNIX system local7 debugging var adm ftos log In the previous lines local7 is the logging facility level and debugging is the severity level Changing System Logging Settings You can change the defaul...

Страница 85: ...tion use the show running config logging command in privilege mode as shown in the example for Configure a UNIX Logging Facility Level Display the Logging Buffer and the Logging Configuration To display the current contents of the logging buffer and the logging settings for the system use the show logging command in EXEC privilege mode When RBAC is enabled the security logs are filtered based on t...

Страница 86: ... portpipe 0 OK portpipe 1 N A CHMGR 5 LINECARDUP Line card 12 is up IFMGR 5 CSTATE_UP changed interface Physical state to up So 12 8 IFMGR 5 CSTATE_DN changed interface Physical state to down So 12 8 To view any changes made use the show running config logging command in EXEC privilege mode Configuring a UNIX Logging Facility Level You can save system log messages with a UNIX system logging facili...

Страница 87: ...zing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output Only the messages with a severity at or below the set level appear This feature works on the terminal and console connections available on the system 1 Enter LINE mode CONFIGURATION mode line console 0 vty number end number aux 0 Configure the...

Страница 88: ...in EXEC privilege mode To disable time stamping on syslog messages use the no service timestamps log debug command File Transfer Services With Dell Networking OS you can configure the system to transfer files over the network using the file transfer protocol FTP One FTP application is copying the system image files over an interface on to the system however FTP is not supported on virtual local ar...

Страница 89: ... enable Example of Viewing FTP Configuration Dell show running ftp ftp server enable ftp server username nairobi password 0 zanzibar Dell Configuring FTP Server Parameters After you enable the FTP server on the system you can configure different parameters To specify the system logging settings use the following commands Specify the directory for users using FTP to reach the system CONFIGURATION m...

Страница 90: ...3 For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 CONFIGURATION mode ip ftp source interface interface Configure a password CONFIGURATION mode ip ftp password password Enter a username to use on the FTP client CONFIGURATION mode ip ftp username name To view the FTP configuration use the show running...

Страница 91: ... types of access classes with each class processing either IPv4 or IPv6 rules separately To apply an IP ACL to a line Use the following command Apply an ACL to a VTY line LINE mode access class access list name ipv4 ipv6 NOTE If you already have configured generic IP ACL on a terminal line then you cannot further apply IPv4 or IPv6 specific filtering on top of this configuration Similarly if you h...

Страница 92: ...rminal line Configure a password for the terminal line to which you assign a method list that contains the line authentication method Configure a password using the password command from LINE mode local Prompt for the system username and password none Do not authenticate the user radius Prompt for a username and password and use a RADIUS server to authenticate tacacs Prompt for a username and pass...

Страница 93: ... EXEC timeout is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines To set timeout use the following commands Set the number of minutes and seconds The default is 10 minutes on the console and 30 minutes on VTY Disable EXEC time out by setting the timeout period to 0 LINE mode exec timeout minutes seconds Return to the default t...

Страница 94: ...he telnet Command for Device Access Dell telnet 10 11 80 203 Trying 10 11 80 203 Connected to 10 11 80 203 Exit character is Login Login admin Password Dell exit Dell telnet 2200 2200 2200 2200 2200 2201 Trying 2200 2200 2200 2200 2200 2201 Connected to 2200 2200 2200 2200 2200 2201 Exit character is FreeBSD i386 freebsd2 force10networks com ttyp1 login admin Dell Lock CONFIGURATION Mode Dell Netw...

Страница 95: ...le a lock is in place the following appears on their terminal message 1 Error User on line console0 is in exclusive configuration mode If any user is already in CONFIGURATION mode when while a lock is in place the following appears on their terminal message 2 Error Can t lock configuration mode exclusively since the following users are currently configuring the system User admin on line vty1 10 1 ...

Страница 96: ...oot up the chassis after restoring factory default settings Ideally these locations contain valid images using which the chassis boots up When you restore factory default settings you can either use a flash boot procedure or a network boot procedure to boot the switch When you use the flash boot procedure to boot the device the boot loader checks if the primary or the secondary partition contains ...

Страница 97: ...d and reinsert it 2 Hit any key to abort the boot process You enter uBoot immediately the prompt indicates success during bootup press any key 3 Assign the new location to the Dell Networking OS image it uses when the system reloads uBoot mode setenv primary_boot f10boot Boot variable f10boot can take the following values flash0 to boot from flash partition A flash1 to boot from flash partition B ...

Страница 98: ... saveenv 7 Reload the system uBoot mode reset Management 98 ...

Страница 99: ... Messages and Responses Enabling CFM SNMP Traps Displaying Ethernet CFM Statistics Ethernet CFM Ethernet CFM is an end to end per service instance Ethernet OAM scheme which enables proactive connectivity monitoring fault verification and fault isolation The service instance with regard to OAM for Metro Carrier Ethernet is a virtual local area network VLAN This service is sold to an end customer by...

Страница 100: ... not clearly defined using IP troubleshooting tools There is a need for Layer 2 equivalents to manage and troubleshoot native Layer 2 Ethernet networks With these tools you can identify isolate and repair faults quickly and easily which reduces operational cost of running the network OAM also increases availability and reduces mean time to recovery which allows for tighter service level agreements...

Страница 101: ...y linktrace and loopback messages You can configure MIPs to snoop continuity check Messages CCMs to build a MIP CCM database These roles define the relationships between all devices so that each device can monitor the layers under its responsibility Maintenance points drop all lower level frames and forward all higher level frames Figure 4 Maintenance Points Maintenance End Points A maintenance en...

Страница 102: ...address for all physical LAG interfaces and hence only one MEP is allowed per MA per VLAN or per MD level Configuring the CFM To configure the CFM follow these steps 1 Configure the ecfmacl CAM region using the cam acl command 2 Enable Ethernet CFM 3 Create a Maintenance Domain 4 Create a Maintenance Association 5 Create Maintenance Points 6 Use CFM tools a Continuity Check Messages b Loopback Mes...

Страница 103: ...ance Domain Connectivity fault management CFM divides a network into hierarchical maintenance domains as shown in Maintenance Domains 1 Create maintenance domain ETHERNET CFM mode domain name md level number The range is from 0 to 7 2 Display maintenance domain information EXEC Privilege mode show ethernet cfm domain name brief Example of Viewing Configured Maintenance Domains Dell show ethernet c...

Страница 104: ...te points of an Maintenance Entity ME An ME is a point to point relationship between two MEPs within a single domain These roles define the relationships between all devices so that each device can monitor the layers under its responsibility Creating a Maintenance End Point A maintenance endpoint MEP is a logical entity that marks the endpoint of a domain There are two types of MEPs defined in 802...

Страница 105: ... a single domain A MIP is not associated with any MA or service instance and it belongs to the entire MD 1 Create a MIP INTERFACE mode ethernet cfm mip domain name level ma name name 2 Display configured MEPs and MIPs EXEC Privilege mode show ethernet cfm maintenance points local mep mip Example of Viewing Configured MIPs Dell show ethernet cfm maintenance points local mip MPID Domain Name Level T...

Страница 106: ...sistence To set the database persistence use the following command Set the amount of time that data from a missing MEP is kept in the continuity check database ECFM DOMAIN database hold time minutes The default is 100 minutes The range is from 100 to 65535 minutes Continuity Check Messages Continuity check messages CCM are periodic hellos Continuity check messages discover MEPs and MIPs within a m...

Страница 107: ...ree consecutive CCMs from any of the remote MEP which indicates a network failure Reception of a CCM with an incorrect CCM transmission interval which indicates a configuration error Reception of a CCM with an incorrect MEP ID or MAID which indicates a configuration or cross connect error This error could happen when different VLANs are cross connected due to a configuration error Reception of a C...

Страница 108: ...a remote MEP to come up before the cross check operation is started ETHERNET CFM mode mep cross check start delay number Sending Loopback Messages and Responses Loopback message and response LBM LBR also called Layer 2 Ping is an administrative echo transmitted by MEPs to verify reachability to another MEP or MIP within the maintenance domain LBM and LBR are unicast frames Send a Loopback message ...

Страница 109: ...get MEP Figure 6 MPLS Core Link trace messages carry a unicast target address the MAC address of an MIP or MEP inside a multicast frame The destination group address is based on the MD level of the transmitting MEP 01 80 C2 00 00 3 8 to F The MPs on the path to the target MAC address reply to the LTM with an LTR and relays the LTM towards the target MAC until the target MAC is reached or TTL equal...

Страница 110: ...f the Link Trace Cache ETHERNET CFM mode traceroute cache size entries The default is 100 The range is from 1 to 4095 entries Display the Link Trace Cache EXEC Privilege mode show ethernet cfm traceroute cache Delete all Link Trace Cache entries EXEC Privilege mode clear ethernet cfm traceroute cache Example of Viewing the Link Trace Cache Dell show ethernet cfm traceroute cache Traceroute to 00 0...

Страница 111: ... at Level 7 VLAN 1000 RDI defect ECFM 5 ECFM_RDI_ALARM RDI Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 Three values are given within the trap messages MD Index MA Index and MPID You can reference these values against the output of the show ethernet cfm domain and show ethernet cfm maintenance points local mep commands To enable CFM SNMP traps use the following command Enable ...

Страница 112: ... Privilege mode show ethernet cfm port statistics interface Example of Viewing CFM Statistics Dell show ethernet cfm statistics Domain Name Customer Domain Level 7 MA Name My_MA MPID 300 CCMs Transmitted 1503 RcvdSeqErrors 0 LTRs Unexpected Rcvd 0 LBRs Received 0 Rcvd Out Of Order 0 Received Bad MSDU 0 Transmitted 0 Example of viewing CFM statistics by port Dell show ethernet cfm port statistics i...

Страница 113: ...Total CFM Pkts 10303 CCM Pkts 0 LBM Pkts 0 LTM Pkts 3 LBR Pkts 0 LTR Pkts 0 802 1ag 113 ...

Страница 114: ...fer a device s credentials to an authentication server typically RADIUS using a mandatory intermediary network access device in this case a Dell Networking switch The network access device mediates all communication between the end user device and the authentication server so that the network remains secure The network access device uses EAP over Ethernet EAPOL to communicate with the end user dev...

Страница 115: ... The device attempting to access the network is the supplicant The supplicant is not allowed to communicate on the network until the authenticator authorizes the port It can only communicate with the authenticator in response to 802 1X requests The device with which the supplicant communicates is the authenticator The authenticator is the gate keeper of the network It translates and forwards reque...

Страница 116: ...s begins when the authenticator senses that a link status has changed from down to up 1 When the authenticator senses a link state change it requests that the supplicant identify itself using an EAP Identity Request frame 2 The supplicant responds with its identity in an EAP Response Identity frame 3 The authenticator decapsulates the EAP response from the EAPOL frame encapsulates it in a RADIUS A...

Страница 117: ...Access Reject frame If the port state remains unauthorized the authenticator forwards an EAP Failure frame Figure 9 EAP Port Authentication 802 1X 117 ...

Страница 118: ...2 1X triggered Access Request messages Attribute 31 Calling station id relays the supplicant MAC address to the authentication server Attribute 41 NAS Port Type NAS port physical port type 15 indicates Ethernet Attribute 61 NAS Port the physical port number by which the authenticator is connected to the supplicant Attribute 81 Tunnel Private Group ID associate a tunneled session with a particular ...

Страница 119: ...Remember Dell Networking OS supports 802 1X with EAP MD5 EAP OTP EAP TLS EAP TTLS PEAPv0 PEAPv1 and MS CHAPv2 with PEAP All platforms support only RADIUS as the authentication server If the primary RADIUS server becomes unresponsive the authenticator begins using a secondary RADIUS server if configured 802 1X is not supported on port channels or port channel members 802 1X 119 ...

Страница 120: ...gure 11 802 1X Enabled 1 Enable 802 1X globally CONFIGURATION mode dot1x authentication 2 Enter INTERFACE mode on an interface or a range of interfaces INTERFACE mode interface range 3 Enable 802 1X on the supplicant interface only 802 1X 120 ...

Страница 121: ...the show dot1x interface command In the following example the bold lines show that 802 1X is enabled on all ports unauthorized by default Dell show dot1x interface TenGigabitEthernet 2 1 802 1x information on Te 2 1 Dot1x Status Enable Port Control AUTO Port Auth Status UNAUTHORIZED Re Authentication Disable Untagged VLAN id None Guest VLAN Disable Guest VLAN id NONE Auth Fail VLAN Disable Auth Fa...

Страница 122: ...30 Configure the maximum number of times the authenticator re transmits a Request Identity frame INTERFACE mode dot1x max eap req number The range is from 1 to 10 The default is 2 The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for which the authenticator re transmits an EAP Request Identity frame after 90 seconds and re transmits ...

Страница 123: ...30 seconds Server Timeout 30 seconds Re Auth Interval 3600 seconds Max EAP Req 10 Auth Type SINGLE_HOST Auth PAE State Initialize Backend State Initialize Forcibly Authorizing or Unauthorizing a Port The 802 1X ports can be placed into any of the three states ForceAuthorized an authorized state A device connected to this port in this state is never subjected to the authentication process but is al...

Страница 124: ...th Max 2 Supplicant Timeout 30 seconds Server Timeout 30 seconds Re Auth Interval 3600 seconds Max EAP Req 10 Auth Type SINGLE_HOST Auth PAE State Initialize Backend State Initialize Auth PAE State Initialize Backend State Initialize Re Authenticating a Port You can configure the authenticator for periodic re authentication After the supplicant has been authenticated and the port has been authoriz...

Страница 125: ...riod 90 seconds Quiet Period 120 seconds ReAuth Max 10 Supplicant Timeout 30 seconds Server Timeout 30 seconds Re Auth Interval 7200 seconds Max EAP Req 10 Auth Type SINGLE_HOST Auth PAE State Initialize Backend State Initialize Auth PAE State Initialize Backend State Initialize Configuring Timeouts If the supplicant or the authentication server is unresponsive the authenticator terminates the aut...

Страница 126: ...id NONE Auth Fail Max Attempts NONE Tx Period 90 seconds Quiet Period 120 seconds ReAuth Max 10 Supplicant Timeout 15 seconds Server Timeout 15 seconds Re Auth Interval 7200 seconds Max EAP Req 10 Auth Type SINGLE_HOST Auth PAE State Initialize Backend State Initialize Enter the tasks the user should do after finishing this task optional Configuring Dynamic VLAN Assignment with Port Authentication...

Страница 127: ...VLAN Assignment with Port Authentication 2 Make the interface a switchport so that it can be assigned to a VLAN 3 Create the VLAN to which the interface will be assigned 4 Connect the supplicant to the port configured for 802 1X 5 Verify that the port has been authorized and placed in the desired VLAN refer to the illustration in Dynamic VLAN Assignment with Port Authentication Guest and Authentic...

Страница 128: ... VLAN and the authentication process begins Configuring a Guest VLAN If the supplicant does not respond within a determined amount of time reauth max 1 tx period the system assumes that the host does not have 802 1X capability and the port is placed in the Guest VLAN NOTE For more information about configuring timeouts refer to Configuring Timeouts Configure a port to be placed in the Guest VLAN a...

Страница 129: ...itchport dot1x authentication dot1x guest vlan 200 dot1x auth fail vlan 100 max attempts 5 no shutdown Dell conf if Te 2 1 Example of Viewing Configured Authentication View your configuration using the show config command from INTERFACE mode as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode 802 1x information on Te 2 1 Dot1x Stat...

Страница 130: ...CL separately on the VLAN interface each ACL has a mapping with the VLAN and you use more CAM space To maximize CAM space create an ACL VLAN group and attach the ACL with the VLAN members The ACL manager application on the router processor RP1 contains all the state information about all the ACL VLAN groups that are present The ACL handler on the control processor CP and the ACL agent on the line ...

Страница 131: ...nly one ACL to an interface at a time When you attach an ACL VLAN group to the same interface validation performs to determine whether the ACL is applied directly to an interface If you previously applied an ACL separately to the interface an error occurs when you attempt to attach an ACL VLAN group to the same interface The maximum number of members in an ACL VLAN group is determined by the type ...

Страница 132: ...guring FP Blocks for VLAN Parameters This section describes how to optimize CAM blocks by configuring ACL VLAN groups that you can attach to VLAN interfaces It also describes how to configure FP blocks for different VLAN operations Configuring ACL VLAN Groups You can create an ACL VLAN group and attach the ACL with the VLAN members The optimization is applicable only when you create an ACL VLAN gr...

Страница 133: ...ated for the ACL in VLAN contentaware processor VCAP ACL VLAN groups or CAM optimization is not enabled by default You also must allocate the slices for CAM optimization 1 Allocate the number of FP blocks for VLAN operations CONFIGURATION mode cam acl vlan vlanopenflow 0 2 2 Allocate the number of FP blocks for VLAN iSCSI counters CONFIGURATION mode cam acl vlan vlaniscsi 0 2 3 Allocate the number...

Страница 134: ...97 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 2 0 IN L2 ACL 1536 0 1536 IN L3 ACL 1024 1 1023 IN L3 FIB 49152 3 49149 IN V6 ACL 0 0 0 IN NLB ACL 0 0 0 IPMAC ACL 0 0 0 OUT L2 ACL 206 9 197 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 3 0 IN L2 ACL 1536 0 1536 IN L3 ACL 1024 1 1023 IN L3 FIB 49152 3 49149 IN V6 ACL 0 0 0 IN NLB ACL 0 0 0 IPMAC ACL 0 0 0 OUT L2 ACL 206 9 197 OUT L3 ACL 178 9 169 OUT V6 A...

Страница 135: ...tion Total CAM Used CAM Available CAM 1 0 IN L3 FIB 49152 3 49149 IN L3 ACL 1024 1 1023 IN V6 ACL 0 0 0 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 2 0 IN L3 FIB 49152 3 49149 IN L3 ACL 1024 1 1023 IN V6 ACL 0 0 0 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 3 0 IN L3 FIB 49152 3 49149 IN L3 ACL 1024 1 1023 IN V6 ACL 0 0 0 OUT L3 ACL 178 9 169 OUT V6 ACL 178 4 174 Codes cam usage is above 90 Allocating...

Страница 136: ... default use the no version of these commands By default zero groups are allocated for the ACL in VCAP ACL VLAN groups or CAM optimization is not enabled by default You must also allocate the slices for CAM optimization To display the number of FP blocks that is allocated for the different VLAN services use the show cam acl vlan command After you configure the ACL VLAN groups reboot the system to ...

Страница 137: ...er to User Configurable CAM Allocation and CAM Optimization For complete CAM profiling information refer to Content Addressable Memory CAM You can configure ACLs on VRF instances In addition to the existing qualifying parameters Layer 3 ACLs also incorporate VRF ID as one of the parameters Using this new capability you can also configure VRF based ACLs on interfaces NOTE You can apply Layer 3 VRF ...

Страница 138: ...s to Remember IP Fragment Handling Configure a Standard IP ACL Configure an Extended IP ACL Configure Layer 2 and Layer 3 ACLs Assign an IP ACL to an Interface Applying an IP ACL Configure Ingress ACLs Configure Egress ACLs IP Prefix Lists ACL Resequencing Route Maps Logging of ACL Processes Flow Based Monitoring Support for ACLs Configuring UDF ACL IP Access Control Lists ACLs In Dell Networking ...

Страница 139: ...bes CAM allocation and CAM optimization User Configurable CAM Allocation CAM Optimization User Configurable CAM Allocation Allocate space for IPV6 ACLs by using the cam acl command in CONFIGURATION mode The CAM space is allotted in filter processor FP blocks The total space allocated must equal 13 FP blocks There are 16 FP blocks but System Flow requires three blocks that cannot be reallocated Ent...

Страница 140: ...nfigured those counters are reset when a new rule which is inserted or prepended or appended requires a hardware shift in the flow table Resetting the counters to 0 is transient as the proginal counter values are retained after a few seconds If there is no need to shift the flow in the hardware the counters are not affected This is applicable to the following features L2 Ingress Access list L2 Egr...

Страница 141: ... to apply ACL rules The order can range from 0 to 254 Dell Networking OS writes to the CAM ACL rules with lower order numbers order numbers closer to 0 before rules with higher order numbers so that packets are matched as you intended By default all ACL rules have an order of 255 Example of the order Keyword to Determine ACL Sequence Dell conf ip access list standard acl1 Dell config std nacl perm...

Страница 142: ...n because all three contain filters but route map filters do not contain the permit and deny actions found in ACLs and prefix lists Route map filters match certain routes and set or specific values To create a route map use the following command Create a route map and assign it a unique name The optional permit and deny keywords are the actions of the route map CONFIGURATION mode route map map nam...

Страница 143: ...rent route map instance To view all instances of a specific route map use the show route map command Dell show route map dilling route map dilling permit sequence 10 Match clauses Set clauses route map dilling permit sequence 15 Match clauses interface Loopback 23 Set clauses tag 3444 Dell To delete a route map use the no route map map name command in CONFIGURATION mode Configure Route Map Filters...

Страница 144: ...ce 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000 In this scenario Dell Networking OS scans all the instances of the route map for any permit statement If there is a match anywhere the route is permitted However other instances of the route map deny it Example of the match Command to Permit and Deny Routes Dell conf route map force...

Страница 145: ...p next hop access list name prefix list prefix list name Match next hop routes specified in a prefix list IPv6 CONFIG ROUTE MAP mode match ipv6 next hop access list name prefix list prefix list name Match source routes specified in a prefix list IPv4 CONFIG ROUTE MAP mode match ip route source access list name prefix list prefix list name Match source routes specified in a prefix list IPv6 CONFIG ...

Страница 146: ...buted routes CONFIG ROUTE MAP mode set level backbone level 1 level 1 2 level 2 stub area Specify a value for the BGP route s LOCAL_PREF attribute CONFIG ROUTE MAP mode set local preference value Specify a value for redistributed routes CONFIG ROUTE MAP mode set metric metric value Specify an OSPF or ISIS type for redistributed routes CONFIG ROUTE MAP mode set metric type external internal type 1 ...

Страница 147: ... to match specific routes and set or change more attributes when redistributing those routes In the following example the redistribute command calls the route map static ospf to redistribute only certain static routes into OSPF According to the route map static ospf only routes that have a next hop of Tengigabitethernet interface 1 1 and that have a metric of 255 are redistributed into the OSPF ba...

Страница 148: ... commu comm list1 set community 1 1 1 2 1 3 set as path prepend 1 2 3 4 5 continue 30 IP Fragment Handling Dell Networking OS supports a configurable option to explicitly deny IP fragmented packets particularly second and subsequent packets It extends the existing ACL command syntax with the fragments keyword for all Layer 3 rules applicable to all Layer protocols permit deny ip tcp udp icmp Both ...

Страница 149: ...nted packets with destination IP 10 1 1 1 Dell conf ip access list extended ABC Dell conf ext nacl deny ip any 10 1 1 1 32 fragments Dell conf ext nacl permit ip any 10 1 1 1 32 Dell conf ext nacl Layer 4 ACL Rules Examples The following examples show the ACL commands for Layer 4 packet filtering Permit an ACL line with L3 information only and the fragments keyword is present If a packet s L3 info...

Страница 150: ...CL filters packets it looks at the fragment offset FO to determine whether it is a fragment FO 0 means it is either the first fragment or the packet is a non fragment FO 0 means it is dealing with the fragments of the original packet Configure a Standard IP ACL To configure an ACL use commands in IP ACCESS LIST mode and INTERFACE mode For a complete list of all the commands related to IP ACLs refe...

Страница 151: ... number command in IP ACCESS LIST mode If you are creating a standard ACL with only one or two filters you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured The software assigns filters in multiples of 5 Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters you can let Dell Networking OS assign ...

Страница 152: ...dp host 10 21 126 226 10 4 5 0 28 seq 45 permit udp 10 8 0 0 16 10 50 188 118 31 range 1812 1813 seq 50 permit tcp 10 8 0 0 16 10 50 188 118 31 eq 49 seq 55 permit udp 10 15 1 0 24 10 50 188 118 31 range 1812 1813 To delete a filter enter the show config command in IP ACCESS LIST mode and locate the sequence number of the filter you want to delete Then use the no seq sequence number command in IP ...

Страница 153: ...e an extended IP ACL and assign it a unique name CONFIGURATION mode ip access list extended access list name 2 Configure an extended IP ACL filter for UDP packets CONFIG EXT NACL mode seq sequence number deny permit tcp source mask any host ip address count byte order fragments Example of the seq Command When you create the filters with a specific sequence number you can create the filters in any ...

Страница 154: ...gs details about the packets that match Depending on how many packets match the log entry and at what rate the CP may become busy as it has to log these packets details The following example shows an extended IP ACL in which the sequence numbers were assigned by the software The filters were assigned sequence numbers based on the order in which they were configured for example the first filter was...

Страница 155: ...Deny Permit L3 ACL permits Permit Deny L3 ACL denies Permit Permit L3 ACL permits NOTE If you configure an interface as a vlan stack access port only the L2 ACL filters the packets The L3 ACL applied to such a port does not affect traffic That is existing rules for other features such as trace list policy based routing PBR and QoS are applied to the permitted traffic For information about MAC ACLs...

Страница 156: ...ss list name in implicit permit vlan vlan range vrf vrf range NOTE The number of entries allowed per ACL is hardware dependent For detailed specification about entries allowed per ACL refer to your line card documentation 4 Apply rules to the new ACL INTERFACE mode ip access list standard extended name To view which IP ACL is applied to an interface use the show config command in INTERFACE mode or...

Страница 157: ...applying the ACL rules to the newly created access group and viewing the access list Example of Applying ACL Rules to Ingress Traffic and Viewing ACL Configuration To specify ingress use the in keyword Begin applying rules to the ACL with the ip access list extended abcd command To view the access list use the show command Dell conf interface tengigabitethernet 1 1 Dell conf if te1 1 ip access gro...

Страница 158: ...s traffic Example of Applying ACL Rules to Egress Traffic and Viewing ACL Configuration To specify ingress use the out keyword Begin applying rules to the ACL with the ip access list extended abcd command To view the access list use the show command Dell conf interface TenGigabitEthernet 1 1 Dell conf if te 1 1 ip access group abcd out Dell conf if te 1 1 show config TenGigabitEthernet 1 1 no ip a...

Страница 159: ...ment protocol IGMP packets are not affected when you enable egress ACL filtering for CPU traffic Packets sent by the CPU with the source address as the VRRP virtual IP address have the interface MAC address instead of VRRP virtual MAC address IP Prefix Lists IP prefix lists control routing policy An IP prefix list is a series of sequential filters that contain a matching criterion examine IP route...

Страница 160: ...st OSPF and border gateway protocol BGP NOTE It is important to know which protocol your system supports prior to implementing prefix lists Configuration Task List for Prefix Lists To configure a prefix list use commands in PREFIX LIST ROUTER RIP ROUTER OSPF and ROUTER BGP modes Create the prefix list in PREFIX LIST mode and assign that list to commands in ROUTER RIP ROUTER OSPF and ROUTER BGP mod...

Страница 161: ...x list Juba contains a permit all statement By including this line in a prefix list you specify that all routes not matching any criteria in the prefix list are forwarded To delete a filter use the no seq sequence number command in PREFIX LIST mode If you are creating a standard prefix list with only one or two filters you can let Dell Networking OS assign a sequence number based on the order in w...

Страница 162: ...fix lists EXEC Privilege mode show ip prefix list summary prefix name Examples of the show ip prefix list Command The following example shows the show ip prefix list detail command Dell show ip prefix detail Prefix list with the last deletion insertion filter_ospf ip prefix list filter_in count 3 range entries 3 sequences 5 10 seq 5 deny 1 102 0 0 16 le 32 hit count 0 seq 6 deny 2 1 0 0 16 ge 23 h...

Страница 163: ...ed CONFIG ROUTER RIP mode distribute list prefix list name out interface connected static ospf Example of Viewing Configured Prefix Lists ROUTER RIP mode To view the configuration use the show config command in ROUTER RIP mode or the show running config rip command in EXEC mode Dell conf router_rip show config router rip distribute list prefix juba out network 10 0 0 0 Dell conf router_rip router ...

Страница 164: ...bered in increments of 1 You cannot place new rules between these packets so apply resequencing to create numbering space as shown in the second table In the same example apply resequencing if more than two rules must be placed between rules 7 and 10 You can resequence IPv4 and IPv6 ACLs prefixes and MAC ACLs No CAM writes happen as a result of resequencing so there is no packet loss the behavior ...

Страница 165: ...mark corresponds to permit any host 1 1 1 1 seq 5 permit ip any host 1 1 1 1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1 1 1 2 seq 10 permit ip any host 1 1 1 2 seq 15 permit ip any host 1 1 1 3 seq 20 permit ip any host 1 1 1 4 Dell end Dell resequence access list ipv4 test 2 2 Dell show running config acl ip access list extended test remark 2 XYZ remark 4 this remark c...

Страница 166: ... or forward the packet or traffic Route maps process routes for route redistribution For example a route map can be called to filter only specific routes and to add a metric Route maps also have an implicit deny Unlike ACLs and prefix lists however where the packet or traffic is dropped in route maps if a route does not match any of the route map conditions the route is not redistributed The imple...

Страница 167: ...log generation stops When the interval at which ACL logs are configured to be recorded expires a fresh interval timer starts and the packet count for that new interval commences from zero If ACL logging was stopped previously because the configured threshold has exceeded it is reenabled for this new interval The ACL application sends the ACL logging configuration information and other details such...

Страница 168: ...ivated in a specific interval owing to the threshold having exceeded the count of packets that exceeded the logging threshold value during that interval is logged when the subsequent log record in the next interval is generated for that ACL entry When you delete an ACL entry the logging settings associated with it are also removed ACL logging is supported for standard and extended IPv4 ACLs IPv6 A...

Страница 169: ...oming packets that matches the ACL rules applied on the ingress port and forwards mirrors them to another port The source port is the monitored port MD and the destination port is the monitoring port MG The port mirroring application maintains and performs all the monitoring operations on the chassis ACL information is sent to the ACL manager which in turn notifies the ACL agent to add entries in ...

Страница 170: ... packets that match the specified criterion The ACL agent maintains data on the source port the destination port and the endpoint to which the packet must be forwarded when a match occurs with the ACL entry If you configure the flow based enable command and do not apply an ACL on the source port or the monitored port both flow based monitoring and port mirroring do not function Flow based monitori...

Страница 171: ...yer 3 ingress and egress traffic You can specify traffic using standard or extended access lists 1 Enable flow based monitoring for a monitoring session MONITOR SESSION mode flow based enable 2 Define access list rules that include the keyword monitor Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor CONFIGURATION mode ip access list For more inf...

Страница 172: ...do show monitor session 0 SessID Source Destination Dir Mode Source IP Dest IP 0 Te 1 1 Te 1 2 rx Flow N A N A Configuring UDF ACL To configure a User Defined Field UDF ACL 1 Enable UDF ACL feature on a switch CONFIGURATION mode feature udf acl Dell conf feature udf acl 2 Change the default CAM allocation settings or reconfigure new CAM allocation settings and enable IPV4 UDF CONFIGURATION mode ca...

Страница 173: ...Qos 2 0 L2Qos 1 2 L2PT 0 0 IpMacAcl 0 0 VmanQos 0 0 EcfmAcl 2 0 FcoeAcl 4 0 iscsiOptAcl 0 0 ipv4pbr 0 0 vrfv4Acl 0 0 Openflow 0 0 fedgovacl 0 0 nlbclusteracl 0 0 Dell 4 Create a UDF packet format in the UDF TCAM table CONFIGURATION mode udf tcam name seq number Dell conf udf tcam ipnip seq 1 5 Configure a UDF ID to parse packet headers using the specified number of offset and required bytes CONFIG...

Страница 174: ... assign values to UDF IDs CONFIGURATION UDF TCAM mode udf qualifier value name Dell conf udf tcam udf qualifier value ipnip_val1 10 Assign a value to a UDF ID CONFIGURATION UDF Qualifier Value Profile mode udf id 1 12 value mask Dell conf udf tcam qual val udf id 1 aa ff 11 Associate the UDF qualifier value with a UDF packet profile in an IP access list CONFIGURATION STANDARD ACCESS LIST mode CONF...

Страница 175: ...seq 5 permit ip any any udf pkt format ipnip udf qualifier value ipnip_val1 Dell config ext nacl Access Control Lists ACLs 175 ...

Страница 176: ...es the use of multiple protocol dependent timers and methods BFD also carries less overhead than routing protocol hello mechanisms Control packets can be encapsulated in any form that is convenient and on Dell Networking routers BFD agents maintain sessions that reside on the line card which frees resources on the route processor Only session state changes are reported to the BFD Manager on the ro...

Страница 177: ...ol packet to the neighbor that indicates the state change though it might not be received if the link or receiving interface is faulty The BFD manager notifies the routing protocols that are registered with it clients that the forwarding path is down and a link state change is triggered in all protocols NOTE A session state change from Up to Down is the only state change that triggers a link state...

Страница 178: ...cket Figure 13 BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed State The current local session state Refer to BFD Sessions Flag A bit that indicates packet function If the poll bit is set the receiving system must respond as soon as possible without regard to its transmit interval The responding Bidirectional Forwarding Detection BFD 178 ...

Страница 179: ...ired Min Echo RX The minimum rate at which the local system would like to receive echo packets NOTE Dell Networking OS does not currently support the echo function Authentication Type Authentication Length Authentication Data An optional method for authenticating control packets NOTE Dell Networking OS does not currently support the BFD authentication function Two important parameters are calculat...

Страница 180: ...Networking OS supports Asynchronous mode only A session can have four states Administratively Down Down Init and Up State Description Administratively Down The local system does not participate in a particular session Down The remote system is not sending control packets or at least not within the detection time for a particular session Init The local system is communicating Up Both systems are ex...

Страница 181: ...receives the response from the passive system and changes its session state to Up It then sends a control packet indicating this state change This is the third and final part of the handshake Now the discriminator values have been exchanged and the transmit intervals have been negotiated 4 The passive system receives the control packet and changes its state to Up Both systems agree that a session ...

Страница 182: ...nit Figure 15 Session State Changes Important Points to Remember Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3 and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4 Enable BFD on both ends of a link Demand mode authentication and the Echo function are not supported BFD is not supported on ...

Страница 183: ... the remote system fails the local system does not remove the connected route until the first failed attempt to send a packet When you enable BFD the local system removes the route as soon as it stops receiving periodic control packets from the remote system Configuring BFD for a physical port is a two step process 1 Enable BFD globally 2 Establish a session with a next hop neighbor Related Config...

Страница 184: ...on both ends of the link as shown in the following illustration The configuration parameters do not need to match Figure 16 Establishing a BFD Session on Physical Ports 1 Enter interface mode CONFIGURATION mode interface 2 Assign an IP address to the interface if one is not already assigned INTERFACE mode ip address ip address 3 Identify the neighbor that the interface participates with the BFD se...

Страница 185: ... packets received from neighbor 1775 Number of packets sent to neighbor 1775 Number of state changes 1 Number of messages from IFA about port state change 0 Number of messages communicated b w Manager and Agent 4 Log messages display when you configure both interfaces for BFD R1 conf if te 4 24 00 36 01 RPM0 P RP2 BFDMGR 1 BFD_STATE_CHANGE Changed session state to Down for neighbor 2 2 2 2 on inte...

Страница 186: ...t message example and the remote systems are notified of the session state change the second message example To disable and re enable BFD on an interface use the following commands Disable BFD on an interface INTERFACE mode no bfd enable Enable BFD on an interface INTERFACE mode bfd enable If you disable BFD on a local interface this message displays R1 conf if te 4 24 01 00 52 RPM0 P RP2 BFDMGR 1...

Страница 187: ...ghbors that are the next hop of a static route Figure 17 Establishing Sessions for Static Routes To establish a BFD session use the following command Establish BFD sessions for all neighbors that are the next hop of a static route CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes use the sho...

Страница 188: ... To view session parameters use the show bfd neighbors detail command as shown in the examples in Displaying BFD for BGP Information Disabling BFD for Static Routes If you disable BFD all static route BFD sessions are torn down A final Admin Down packet is sent to all neighbors on the remote systems and those neighbors change to the Down state To disable BFD for static routes use the following com...

Страница 189: ...ic interface Sessions are only established when the OSPF adjacency is in the Full state Figure 18 Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface use the following commands Establish sessions with all OSPF neighbors ROUTER OSPF mode bfd all neighbors Bidirectional Forwarding Detection BFD 189 ...

Страница 190: ...ighbors sessions If you change a parameter at the interface level the change affects all OSPFv3 sessions on that interface To change parameters for all OSPFv3 sessions or for OSPFv3 sessions on a single interface use the following commands To view session parameters use the show bfd neighbors detail command as shown in the example in Displaying BFD for BGP Information Change parameters for all OSP...

Страница 191: ...Sessions are only established when the OSPFv3 adjacency is in the Full state To establish BFD with all OSPFv3 neighbors or with OSPFv3 neighbors on a single interface use the following commands Establish sessions with all OSPFv3 neighbors ROUTER OSPFv3 mode bfd all neighbors Establish sessions with OSPFv3 neighbors on a single interface INTERFACE mode ipv6 ospf bfd all neighbors To view the establ...

Страница 192: ...sions on the interface are torn down and sessions on the remote system are placed in a Down state Disabling BFD does not trigger a change in BFD clients a final Admin Down packet is sent before the session is terminated To disable BFD sessions use the following commands Disable BFD sessions with all OSPF neighbors ROUTER OSPF mode no bfd all neighbors Disable BFD sessions with all OSPF neighbors o...

Страница 193: ...hbors at once or sessions can be established for all neighbors out of a specific interface Figure 19 Establishing Sessions with IS IS Neighbors To establish BFD with all IS IS neighbors or with IS IS neighbors on a single interface use the following commands Establish sessions with all IS IS neighbors ROUTER ISIS mode bfd all neighbors Bidirectional Forwarding Detection BFD 193 ...

Страница 194: ...er at the interface level the change affects all IS IS sessions on that interface To change parameters for all IS IS sessions or for IS IS sessions on a single interface use the following commands To view session parameters use the show bfd neighbors detail command as shown in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors Command in Displaying BFD for BGP Information Chang...

Страница 195: ...E 40GE port channel and VLAN interfaces BFD for BGP does not support IPv6 and the BGP multihop feature Prerequisites Before configuring BFD for BGP you must first configure the following settings 1 Configure BGP on the routers that you want to interconnect as described in Border Gateway Protocol IPv4 BGPv4 2 Enable fast fall over for BGP neighbors to reduce convergence time the neighbor fall over ...

Страница 196: ...uter are assigned to the highest priority egress queue to minimize transmission delays Incoming BFD control packets received from the BGP neighbor are assigned to the highest priority queue within the control plane policing COPP framework to avoid BFD packets drops due to queue congestion BFD notifies BGP of any failure conditions that it detects on the link Recovery actions are initiated by BGP B...

Страница 197: ... passive OR neighbor ip address peer group name bfd NOTES When you establish a BFD session with a specified BGP neighbor or peer group using the neighbor bfd command the default BFD session parameters are used interval 100 milliseconds min_rx 100 milliseconds multiplier 3 packets and role active When you explicitly enable or disable a BGP neighbor for a BFD session with the neighbor bfd or neighbo...

Страница 198: ...d for the peer group to which the neighbor belongs The neighbor inherits only the global timer values that are configured with the bfd all neighbors command interval min_rx and multiplier If you explicitly enable or disable a peer group for BFD that has no BFD parameters configured for example advertisement interval using the neighbor peer group name bfd command the peer group inherits any BFD set...

Страница 199: ...ts 1 1 1 3 1 1 1 2 Te 6 1 Up 100 100 3 B 2 2 2 3 2 2 2 2 Te 6 2 Up 100 100 3 B 3 3 3 3 3 3 3 2 Te 6 3 Up 100 100 3 B The following example shows viewing BFD neighbors with full detail The bold lines show the BFD session parameters TX packet transmission RX packet reception and multiplier maximum number of missed packets R2 show bfd neighbors detail Session Discriminator 9 Neighbor Discriminator 10...

Страница 200: ...ms Multiplier 3 Role Active Delete session on Down True Client Registered BGP Uptime 00 02 22 Statistics Number of packets received from neighbor 1428 Number of packets sent to neighbor 1428 Number of state changes 1 Number of messages from IFA about port state change 0 Number of messages communicated b w Manager and Agent 4 The following example shows viewing configured BFD counters R2 show bfd c...

Страница 201: ...session with a BGP neighbor using the neighbor ip address bfd command Message displays when you enable a BGP neighbor in a peer group for which you enabled a BFD session using the neighbor peer group name bfd command R2 show ip bgp neighbors 2 2 2 2 BGP neighbor is 2 2 2 2 remote AS 1 external link BGP version 4 remote router ID 12 0 0 4 BGP state ESTABLISHED in this state for 00 05 33 Last read 0...

Страница 202: ... 0 0 4 BGP state ESTABLISHED in this state for 00 05 33 Neighbor is using BGP peer group mode BFD configuration Peer active in peer group outbound optimization Configure BFD for VRRP When using BFD with VRRP the VRRP protocol registers with the BFD manager on the route processor module RPM BFD sessions are established with all neighboring interfaces participating in VRRP If a neighboring interface...

Страница 203: ... bfd all neighbors Establishing VRRP Sessions on VRRP Neighbors The master router does not care about the state of the backup router so it does not participate in any VRRP BFD sessions VRRP BFD sessions on the backup router cannot change to the UP state Configure the master router to establish an individual VRRP session the backup router To establish a session with a particular VRRP neighbor use t...

Страница 204: ...v sent 933 Gratuitous ARP sent 3 Virtual MAC address 00 00 5e 00 01 01 Virtual IP address 2 2 5 4 Authentication none BFD Neighbors RemoteAddr State 2 2 5 2 Up Changing VRRP Session Parameters BFD sessions are configured with default intervals and a default role The parameters that you can configure are Desired TX Interval Required Min RX Interval Detection Multiplier and system role You can chang...

Страница 205: ...P group VRRP mode bfd disable Disable a particular VRRP session on an interface INTERFACE mode no vrrp bfd neighbor ip address Configuring Protocol Liveness Protocol liveness is a feature that notifies the BFD manager when a client protocol is disabled When you disable a client all BFD sessions for that protocol are torn down Neighbors on the remote system receive an Admin Down control packet and ...

Страница 206: ...hbor 2 2 2 2 on interface Te 4 24 diag 0 The following example shows hexadecimal output from the debug bfd packet command RX packet dump 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00 34 13 Sent packet for session with neighbor 2 2 2 2 on Te 4 24 TX packet dump 20 c0 03 18 00 00 00 04 00 00 00 05 00 01 86 a0 00 01 86 a0 00 00 00 00 00 34 14 Received packet for session w...

Страница 207: ...ultiple paths from one router to another Topics Autonomous Systems AS Sessions and Peers Route Reflectors BGP Attributes Multiprotocol BGP Implement BGP with Dell Networking OS Configuration Information BGP Configuration Enabling MBGP Configurations BGP Regular Expression Optimization Debugging BGP Sample Configurations Autonomous Systems AS BGP autonomous systems ASs are a collection of nodes und...

Страница 208: ...al Border Gateway Protocol When BGP operates between ASs AS1 and AS2 it is called External BGP EBGP External Border Gateway Protocol IBGP provides routers inside the AS with the knowledge to reach routers external to the AS EBGP routers exchange information with other EBGP routers as well as IBGP routers to maintain connectivity and accessibility Figure 22 Internal BGP BGP version 4 BGPv4 supports...

Страница 209: ... peers each six routers have five peers each and eight routers in full mesh have seven peers each Figure 23 BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially Network management quickly becomes impossible Border Gateway Protocol IPv4 BGPv4 209 ...

Страница 210: ...ctive state when the timer expires Active The router resets the ConnectRetry timer to zero and returns to the Connect state OpenSent After successful OpenSent transition the router sends an Open message and waits for one in return OpenConfirm After the Open message parameters are agreed between peers the neighbor relation is established and is in the OpenConfirm state This is when the router recei...

Страница 211: ...w these rules affect routing refer to the following illustration and the following steps Routers B C D E and G are members of the same AS AS100 These routers are also in the same Route Reflection Cluster where Router D is the Route Reflector Router E and H are client peers of Router D Routers B and C and nonclient peers of Router D Figure 24 BGP Router Rules 1 Router B receives an advertisement fr...

Страница 212: ...eighboring external AS number BGP best path selection is deterministic by default which means the bgp non deterministic med command is NOT applied The best path in each group is selected based on specific criteria Only one best path is selected at a time If any of the criteria results in more than one path BGP moves on to the next option in the list For example two paths may have the same weights ...

Страница 213: ...e illustration details the path selection criteria Figure 25 BGP Best Path Selection Best Path Selection Details 1 Prefer the path with the largest WEIGHT attribute 2 Prefer the path with the largest LOCAL_PREF attribute 3 Prefer the path that was locally Originated via a network command redistribute command or aggregate address command a Routes originated with the Originated via a network or redi...

Страница 214: ...f the Router ID is the same for multiple paths because the routes were received from the same route skip this step b if the Router ID is NOT the same for multiple paths prefer the path that was first received as the Best Path The path selection algorithm returns without performing any of the checks detailed here 11 Prefer the external path originated from the BGP router with the lowest router ID I...

Страница 215: ... LOCAL_PREF is one of the criteria used to determine the best path so keep in mind that other criteria may impact selection as shown in the illustration in Best Path Selection Criteria For this example assume that thelocal preference LOCAL_PREF is the only attribute applied In the following illustration AS100 has two possible paths to AS 200 Although the path through Router A is shorter one hop in...

Страница 216: ... 100 and the MED for its OC3 exit point to 50 This sets up a path preference through the OC3 link The MEDs are advertised to AS100 routers so they know which is the preferred path MEDs are non transitive attributes If AS100 sends an MED to AS200 AS200 does not pass it on to AS300 or AS400 The MED is a locally relevant attribute to the two participating ASs AS100 and AS200 NOTE The MEDs are adverti...

Страница 217: ...icates an origin code of IGP shown in bold Example of Viewing Origin Codes Dell show ip bgp BGP table version is 0 local router ID is 10 101 15 13 Status codes s suppressed d damped h history valid best Path source I internal a aggregate c confed external r redistributed n network Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 7 0 0 0 29 10 114 8 33 0 0 18508 7 0 0 ...

Страница 218: ...not sent to the neighbor You can enable this feature using the neighbor sender side loopdetect command NOTE For EBGP neighbors the next hop address corresponding to a BGP route is not resolved if the next hop address is not the same as the neighbor IP address NOTE The connection between a router and its next hop BGP neighbor terminates immediately only if the router has received routes from the BG...

Страница 219: ...e defined metric as MED value Use the set metric type internal command in a route map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes The configured set metric value overwrites the default IGP cost By using the redistribute command with the route map command you can specify whether a peer advertises the standard MED or uses the IGP cost as the MED When config...

Страница 220: ...a new BGP capability 4 BYTE AS in the OPEN message If a 4 Byte BGP speaker has sent and received this capability from another speaker all the messages will be 4 octet The behavior of a 4 Byte BGP speaker is different with the peer depending on whether the peer is a 4 Byte or 2 Byte BGP speaker Where the 2 Byte format is 1 65535 the 4 Byte format is 1 4294967295 Enter AS numbers using the tradition...

Страница 221: ...s larger than 65535 is represented using ASDOT notation as higher 2 bytes in decimal lower 2 bytes in decimal For example AS 65546 is represented as 1 10 ASDOT representation combines the ASPLAIN and ASDOT representations AS numbers less than 65536 appear in integer format asplain AS numbers equal to or greater than 65536 appear in the decimal format asdot For example the AS number 65526 appears a...

Страница 222: ..._bgp sho conf router bgp 100 neighbor 172 30 1 250 local as 65057 Dell conf router_bgp do show ip bgp BGP table version is 28093 local router ID is 172 30 1 57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress When migrating one AS to another p...

Страница 223: ...tion the Local AS does not prepend to the updates received from the eBGP peer If you do not select no prepend the default the Local AS is added to the first AS segment in the AS PATH If an inbound route map is used to prepend the as path to the update from the peer the Local AS is added first For example consider the topology described in the previous illustration If Router B has an inbound route ...

Страница 224: ...d in the peer capability lookup Configure inbound BGP soft reconfiguration on a peer for f10BgpM2PrefixInPrefixesRejected to display the number of prefixes filtered due to a policy If you do enable BGP soft reconfig the denied prefixes are not accounted for F10BgpM2AdjRibsOutRoute stores the pointer to the NLRI in the peer s Adj Rib Out PA Index f10BgpM2PathAttrIndex field in various tables is use...

Страница 225: ... RIB are not supported and are set to zero in the SNMP query response The f10BgpM2NlriIndex and f10BgpM2AdjRibsOutIndex fields are not used Carrying MPLS labels in BGP is not supported The f10BgpM2NlriOpaqueType and f10BgpM2NlriOpaquePointer fields are set to zero 4 byte ASN is supported The f10BgpM2AsPath4byteEntry table contains 4 byte ASN related parameters based on the configuration If a recei...

Страница 226: ...or peer group enter the neighbor ip address peer group name no shutdown command The following table displays the default values for BGP on Dell Networking OS Table 12 BGP Default Values Item Default BGP Neighbor Adjacency changes All BGP neighbor changes are logged Fast External Fallover feature Disabled Graceful Restart feature Disabled Local preference 100 MED 0 Route Flap Damping Parameters hal...

Страница 227: ...reachable NOTE Sample Configurations for enabling BGP routers are found at the end of this chapter 1 Assign an AS number and enter ROUTER BGP mode CONFIGURATION mode router bgp as number as number from 0 to 65535 2 Byte or from 1 to 4294967295 4 Byte or 0 1 to 65535 65535 Dotted format Only one AS is supported per system NOTE If you enter a 4 Byte AS number 4 Byte AS support is enabled automatical...

Страница 228: ...ry with a 4 byte AS number using the show ip bgp summary command displays a 4 byte AS number in bold The following example shows the show ip bgp summary command output 2 byte AS number displays R2 show ip bgp summary BGP router identifier 192 168 10 2 local AS number 65123 BGP table version is 1 main routing table version 1 1 network entrie s using 132 bytes of memory 1 paths using 72 bytes of mem...

Страница 229: ...ple displays two neighbors one is an external internal BGP neighbor and the second one is an internal BGP neighbor The first line of the output for each neighbor displays the AS number and states whether the link is an external or internal shown in bold The third line of the show ip bgp neighbors output contains the BGP State If anything other than ESTABLISHED is listed the neighbor is not exchang...

Страница 230: ...work 10 10 32 0 24 network 100 10 92 0 24 network 192 168 10 0 24 bgp four octet as support neighbor 10 10 21 1 remote as 65123 neighbor 10 10 21 1 filter list ISP1in neighbor 10 10 21 1 no shutdown neighbor 10 10 32 3 remote as 65123 neighbor 10 10 32 3 no shutdown neighbor 100 10 92 9 remote as 65192 neighbor 100 10 92 9 no shutdown neighbor 192 168 10 1 remote as 65123 neighbor 192 168 10 1 upd...

Страница 231: ... AS Number representation CONFIG ROUTER BGP mode bgp asnotation asdot Enable ASDOT AS Number representation CONFIG ROUTER BGP mode bgp asnotation asdot Examples of the bgp asnotation Commands The following example shows the bgp asnotation asplain command output Dell conf router_bgp bgp asnotation asplain Dell conf router_bgp sho conf router bgp 100 bgp four octet as support neighbor 172 30 1 250 r...

Страница 232: ...iguration properties of the group and share same update policy A maximum of 256 peer groups are allowed on the system Create a peer group by assigning it a name then adding members to the peer group After you create a peer group you can configure route policies for it For information about configuring route policies for a peer group refer to Filtering BGP Routes NOTE Sample Configurations for enab...

Страница 233: ...r group if it has any of the following commands configured neighbor advertisement interval neighbor distribute list out neighbor filter list out neighbor next hop self neighbor route map out neighbor route reflector client neighbor send community A neighbor may keep its configuration after it was added to a peer group if the neighbor s configuration is more specific than the peer group s and if th...

Страница 234: ...oup is maintained but it is not applied to the peer group members When you disable a peer group all the peers within the peer group that are in the ESTABLISHED state move to the IDLE state To view the status of peer groups use the show ip bgp peer group command in EXEC Privilege mode as shown in the following example Dell show ip bgp peer group Peer group zanzibar remote AS 65535 BGP version 4 Min...

Страница 235: ...FIG ROUTER BGP mode neighbor ip address peer group name fall over Examples of Verifying that Fast fall Over is Enabled on a BGP Neighbor and a Peer Group To verify that you enabled fast fall over on a particular BGP neighbor use the show ip bgp neighbors command Because fast fall over is disabled by default it appears only if it has been enabled shown in bold Dell sh ip bgp neighbors BGP neighbor ...

Страница 236: ...umber of peers in this group 1 Peer group members outbound optimized 100 100 100 100 Dell router bgp 65517 neighbor test peer group neighbor test fall over neighbor test no shutdown neighbor 100 100 100 100 remote as 65517 neighbor 100 100 100 100 fall over neighbor 100 100 100 100 update source Loopback 0 neighbor 100 100 100 100 no shutdown Dell Configuring Passive Peering When you enable a peer...

Страница 237: ...sage sent on the subnet does its BGP state change to ESTABLISHED After the peer group is ESTABLISHED the peer group is the same as any other peer group For more information about peer groups refer to Configure Peer Groups Maintaining Existing AS Numbers During an AS Migration The local as feature smooths out the BGP network migration operation and allows you to maintain existing ASNs during a BGP ...

Страница 238: ...92 168 10 1 no shutdown neighbor 192 168 12 2 remote as 65123 neighbor 192 168 12 2 update source Loopback 0 neighbor 192 168 12 2 no shutdown R2 conf router_bgp Allowing an AS Number to Appear in its Own AS Path This command allows you to set the number of times a particular AS number can occur in the AS path The allow as feature permits a BGP speaker to allow the ASN to be present for a specifie...

Страница 239: ... and or by peer or peer group NOTE By default BGP graceful restart is disabled The default role for BGP is as a receiving or restarting peer If you enable BGP when a peer that supports graceful restart resumes operating Dell Networking OS performs the following tasks Continues saving routes received from the peer if the peer advertised it had graceful restart capability Continues forwarding traffi...

Страница 240: ...or Graceful Restart BGP graceful restart is active only when the neighbor becomes established Otherwise it is disabled Graceful restart applies to all neighbors with established adjacency With the graceful restart feature Dell Networking OS enables the receiving restarting mode by default In Receiver Only mode graceful restart saves the advertised routes of peers that support this capability when ...

Страница 241: ... on the number in its AS_PATH AS PATH ACLs use regular expressions to search AS_PATH values AS PATH ACLs have an implicit deny This means that routes that do not meet a deny or match filter are dropped To configure an AS PATH ACL to filter a specific AS_PATH value use these commands in the following sequence 1 Assign a name to a AS PATH ACL and enter AS PATH ACL mode CONFIGURATION mode ip as path ...

Страница 242: ...2ffe884 0 1 18508 701 3561 9116 21350 i 0x2ff7284 0 99 18508 701 1239 577 855 0x2ff7ec4 0 4 18508 209 3561 4755 17426 i 0x2ff8544 0 3 18508 701 5743 2648 i 0x736c144 0 1 18508 701 209 568 721 1494 i 0x3b8d224 0 10 18508 209 701 2019 i 0x5eb1e44 0 1 18508 701 8584 16158 i 0x5cd891c 0 9 18508 209 6453 4759 i More Regular Expressions as Filters Regular expressions are used to filter AS paths or commu...

Страница 243: ... list command in EXEC Privilege mode For more information about this command and route filtering refer to Filtering BGP Routes The following example applies access list Eagle to routes inbound from BGP peer 10 5 5 2 Access list Eagle uses a regular expression to deny routes originating in AS 32 The first lines shown in bold create the access list and filter The second lines shown in bold are the r...

Страница 244: ... specify the name of a configured route map Include specific ISIS routes in BGP ROUTER BGP or CONF ROUTER_BGPv6_ AF mode redistribute isis level 1 level 1 2 level 2 metric value route map map name Configure the following parameters level 1 level 1 2 or level 2 Assign all redistributed routes to a level The default is level 2 metric value The value is from 0 to 16777215 The default is 0 map name na...

Страница 245: ...In Dell Networking OS you can assign a COMMUNITY attribute to BGP routers by using an IP community list After you create an IP community list you can apply routing decisions to all routers meeting the criteria in the IP community list IETF RFC 1997 defines the COMMUNITY attribute and the predefined communities of INTERNET NO_EXPORT_SUBCONFED NO_ADVERTISE and NO_EXPORT All BGP routes belong to the ...

Страница 246: ...he list regexp then a regular expression Example of the show ip community lists Command To view the configuration use the show config command in CONFIGURATION COMMUNITY LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip community lists extcommunity list command in EXEC Privilege mode Dell show ip community lists ip community list standard 1 deny 701 20 deny 702 20 deny 703 20 deny 704 20 ...

Страница 247: ...show ip community lists extcommunity list command in EXEC Privilege mode Dell show ip community lists ip community list standard 1 deny 701 20 deny 702 20 deny 703 20 deny 704 20 deny 705 20 deny 14551 20 deny 701 112 deny 702 112 deny 703 112 deny 704 112 deny 705 112 deny 14551 112 deny 701 667 deny 702 667 deny 703 667 deny 704 666 deny 705 666 deny 14551 666 Dell Filtering Routes with Communit...

Страница 248: ...based on the values of the COMMUNITY attributes you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information By default Dell Networking OS does not send the COMMUNITY attribute To send the COMMUNITY attribute to BGP neighbors use the following command Enable the software to send the router s COMMUNITY attribute to the BGP neighbor or peer group speci...

Страница 249: ...mmand in CONFIGURATION ROUTER BGP mode To view a route map configuration use the show route map command in EXEC Privilege mode To view BGP routes matching a certain community number or a pre defined BGP community use the show ip bgp community command in EXEC Privilege mode Dell show ip bgp community BGP table version is 3762622 local router ID is 10 114 8 48 Status codes s suppressed d damped h hi...

Страница 250: ... learned from BGP confederations missing as best Treat a path missing an MED as the most preferred one To view the nondefault values use the show config command in CONFIGURATION ROUTER BGP mode Changing the LOCAL_PREFERENCE Attribute In Dell Networking OS you can change the value of the LOCAL_PREFERENCE attribute To change the default values of this attribute for all routes received by the router ...

Страница 251: ...ange how the NEXT_HOP attribute is used enter the first command To view the BGP configuration use the show config command in CONFIGURATION ROUTER BGP mode or the show running config bgp command in EXEC Privilege mode You can also use route maps to change this and other BGP attributes For example you can include the second command in a route map to specify the next hop address Disable next hop proc...

Страница 252: ...ware allows one path to a destination You can enable multipath to allow up to 64 parallel paths to a destination NOTE Dell Networking recommends not using multipath and add path simultaneously in a route reflector To allow more than one path use the following command The show ip bgp network command includes multipath information for that network Enable multiple parallel paths CONFIG ROUTER BGP mod...

Страница 253: ... to ensure the changes are made always reset the neighbor or peer group by using the clear ip bgp command in EXEC Privilege mode To filter routes using prefix lists use the following commands 1 Create a prefix list and assign it a name CONFIGURATION mode ip prefix list prefix name 2 Create multiple prefix list filters with a deny or permit action CONFIG PREFIX LIST mode seq sequence number deny pe...

Страница 254: ...ode To view a prefix list configuration use the show ip prefix list detail or show ip prefix list summary commands in EXEC Privilege mode Filtering BGP Routes Using Route Maps To filter routes using a route map use these commands 1 Create a route map and assign it a name CONFIGURATION mode route map map name permit deny sequence number 2 Create multiple route map filters with a match or set action...

Страница 255: ...nter ROUTER BGP mode CONFIGURATION mode router bgp as number 5 Filter routes based on the criteria in the configured route map CONFIG ROUTER BGP mode neighbor ip address peer group name filter list as path name in out Configure the following parameters ip address or peer group name enter the neighbor s IP address or the peer group s name as path name enter the name of a configured AS PATH ACL in a...

Страница 256: ...tor client When you enable a route reflector Dell Networking OS automatically enables route reflection to all clients To disable route reflection between all clients in this reflector use the no bgp client to client reflection command in CONFIGURATION ROUTER BGP mode All clients must be fully meshed before you disable route reflection To view a route reflector configuration use the show config com...

Страница 257: ...ing many IBGP peering sessions per router Basically when you configure BGP confederations you break the AS into smaller sub AS and to those outside your network the confederations appear as one AS Within the confederation sub AS the IBGP neighbors are fully meshed and the MED NEXT_HOP and LOCAL_PREF attributes are maintained between confederations To configure BGP confederations use the following ...

Страница 258: ...g CONFIG ROUTER BGP mode bgp dampening half life reuse suppress max suppress time route map map name Enter the following optional parameters to configure route dampening parameters half life the range is from 1 to 45 Number of minutes after which the Penalty is decreased After the router assigns a Penalty of 1024 to a route the Penalty is decreased by half after the half life period expires The de...

Страница 259: ... regular express to match on By default the path selection in Dell Networking OS is deterministic that is paths are compared irrespective of the order of their arrival You can change the path selection method to non deterministic that is paths are compared in the order in which they arrived starting with the most recent Furthermore in non deterministic mode the software may not compare MED attribu...

Страница 260: ...3 79977 780266 0 2 00 38 51 118904 10 114 8 33 18508 117265 25069 780266 0 20 00 38 50 102759 Dell To view which routes are dampened non active use the show ip bgp dampened routes command in EXEC Privilege mode Changing BGP Timers To configure BGP timers use either or both of the following commands Timer values configured with the neighbor timers command override the timer values configured with t...

Страница 261: ...r ip bgp soft in command the update database stored in the router is replayed and updates are reevaluated With this command the replay and update process is triggered only if a route refresh request is not negotiated with the peer If the request is indeed negotiated after execution of clear ip bgp soft in BGP sends a route refresh request to the neighbor and receives all of the peer s updates To u...

Страница 262: ...e Clause The continue feature can exist without a match clause Without a match clause the continue clause executes and jumps to the specified route map entry With a match clause and a continue clause the match clause executes first and the continue clause next in a specified route map entry The continue clause launches only after a successful match The behavior is A successful match with a continu...

Страница 263: ... and withdrawn routes respectively If the peer has not been activated in any AFI SAFI the peer remains in Idle state Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command For a detailed description of the MBGP commands refer to the Dell Networking OS Command Line Interface Reference Guide Enables support for the IPv4 mul...

Страница 264: ...ations in out View information about BGP updates and filter by prefix name EXEC Privilege mode debug ip bgp ip address peer group peer group name updates in out prefix list name Enable soft reconfiguration debug EXEC Privilege mode debug ip bgp ip address peer group name soft reconfiguration To enhance debugging of soft reconfig use the bgp soft reconfig backup command only when route refresh is n...

Страница 265: ... before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 Capabilities advertised to neighbor for IPv4 Unicast MULTIPROTO_EXT 1 ROUTE_REFRESH 2 CISCO_ROUTE_REFRESH 128 For address family IPv4 Unicast BGP table version 1395 neighbor version 1394 Prefixes accepted 1 consume 4 bytes 0 withdrawn by peer Prefi...

Страница 266: ...and To view the captured PDUs use the show capture bgp pdu neighbor command Dell show capture bgp pdu neighbor 20 20 20 2 Incoming packet capture enabled for BGP neighbor 20 20 20 2 Available buffer size 40958758 26 packet s captured using 680 bytes PDU 1 len 101 captured 00 34 51 ago ffffffff ffffffff ffffffff ffffffff 00650100 00000013 00000000 00000000 419ef06c 00000000 00000000 00000000 000000...

Страница 267: ...Ver InQ OutQ Up Down State Pfx 1 1 1 2 2 17 18966 0 0 0 00 08 19 Active 172 30 1 250 18508 243295 25 313511 0 0 00 12 46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors These are seen in the output of the show ip bgp neighbor command Sample Configurations The following example configurations show how to enable BGP and s...

Страница 268: ...o 0 int te 1 21 R1 conf if te 1 21 ip address 10 0 1 21 24 R1 conf if te 1 21 no shutdown R1 conf if te 1 21 show config interface TengigabitEthernet 1 21 ip address 10 0 1 21 24 no shutdown R1 conf if te 1 21 int te 1 31 R1 conf if te 1 31 ip address 10 0 3 31 24 R1 conf if te 1 31 no shutdown R1 conf if te 1 31 show config interface TengigabitEthernet 1 31 ip address 10 0 3 31 24 no shutdown Bor...

Страница 269: ...ig interface Loopback 0 ip address 192 168 128 2 24 no shutdown R2 conf if lo 0 int te 2 11 R2 conf if te 2 11 ip address 10 0 1 22 24 R2 conf if te 2 11 no shutdown R2 conf if te 2 11 show config interface TengigabitEthernet 2 11 ip address 10 0 1 22 24 no shutdown R2 conf if te 2 11 int te 2 31 R2 conf if te 2 31 ip address 10 0 2 2 24 R2 conf if te 2 31 no shutdown R2 conf if te 2 31 show confi...

Страница 270: ... 1 update source loop 0 R3 conf router_bgp neighbor 192 168 128 2 remote 99 R3 conf router_bgp neighbor 192 168 128 2 no shut R3 conf router_bgp neighbor 192 168 128 2 update loop 0 R3 conf router_bgp show config Example of Enabling Peer Groups Router 1 conf R1 conf router bgp 99 R1 conf router_bgp network 192 168 128 0 24 R1 conf router_bgp neighbor AAA peer group R1 conf router_bgp neighbor AAA ...

Страница 271: ...ation History Connection Reset Sent 1 Recv 0 Last notification len 21 sent 00 00 57 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host 192 168 128 1 Local port 179 Foreign host 192 168 128 2 Foreign port 65464 BGP neighbor is 192 168 128 3 remote AS 100 external link Member of peer group BBB for session parameters BGP version 4 remote router ID 192 168 128 3 BGP state ESTABLISHED...

Страница 272: ...eer group R3 conf router_bgp neighbor AAA no shutdown R3 conf router_bgp neighbor CCC peer group R3 conf router_bgp neighbor CCC no shutdown R3 conf router_bgp neighbor 192 168 128 2 peer group BBB R3 conf router_bgp neighbor 192 168 128 2 no shutdown R3 conf router_bgp neighbor 192 168 128 1 peer group BBB R3 conf router_bgp neighbor 192 168 128 1 no shutdown R3 conf router_bgp R3 conf router_bgp...

Страница 273: ...awn 0 from peer Connections established 6 dropped 5 Last reset 00 12 01 due to Closed by neighbor Notification History HOLD error Timer expired Sent 1 Recv 0 Connection Reset Sent 2 Recv 2 Last notification len 21 received 00 12 01 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host 192 168 128 2 Local port 65464 Foreign host 192 168 128 1 Foreign port 179 BGP neighbor is 192 168 ...

Страница 274: ...ON mode The CAM space is allotted in field processor FP blocks The total space allocated must equal 13 FP blocks The following table lists the default CAM allocation settings NOTE There are 16 FP blocks but the system flow requires three blocks that cannot be reallocated The following table displays the default CAM allocation settings To display the default CAM allocation enter the show cam acl co...

Страница 275: ...ctor of 2 2 4 6 8 10 All other profile allocations can use either even or odd numbered ranges NOTE You can only have one odd number of blocks in the CLI configuration the other blocks must be in factors of 2 For example a CLI configuration of 5 4 2 1 1 blocks is not supported a configuration of 6 4 2 1 blocks is supported For the new settings to take effect you must save the new CAM settings to th...

Страница 276: ...alue is 0 3 Execute write memory and verify that the new settings are written to the CAM on the next boot EXEC Privilege mode show cam acl 4 Reload the system EXEC Privilege mode reload Test CAM Usage To determine whether sufficient CAM space is available to enable a service policy use the test cam usage command To verify the actual CAM space required create a Class Map with all required ACL rules...

Страница 277: ...0 fedgovacl 0 0 Stack unit 0 Current Settings in block sizes Next Boot in block sizes 1 block 128 entries L2Acl 6 4 Ipv4Acl 4 2 Ipv6Acl 0 0 Ipv4Qos 2 2 L2Qos 1 1 L2PT 0 0 IpMacAcl 0 0 VmanQos 0 0 VmanDualQos 0 0 EcfmAcl 0 0 FcoeAcl 0 0 iscsiOptAcl 0 0 ipv4pbr 0 2 vrfv4Acl 0 2 Openflow 0 0 fedgovacl 0 0 Dell conf Example of Viewing CAM ACL Settings NOTE If you change the cam acl setting from CONFIG...

Страница 278: ...zes 1 block 128 entries L2Acl 6 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 IpMacAcl 0 VmanQos 0 VmanDualQos 0 EcfmAcl 0 FcoeAcl 0 iscsiOptAcl 0 ipv4pbr 0 vrfv4Acl 0 Openflow 0 fedgovacl 0 Stack unit 7 Current Settings in block sizes 1 block 128 entries L2Acl 6 Ipv4Acl 4 Ipv6Acl 0 Ipv4Qos 2 L2Qos 1 L2PT 0 IpMacAcl 0 VmanQos 0 VmanDualQos 0 EcfmAcl 0 FcoeAcl 0 iscsiOptAcl 0 ipv4pbr 0 vrfv4Acl 0 Op...

Страница 279: ...L and or DSCP ip precedence rules is applied to more than one physical interface on the same port pipe only a single copy of the policy is written only one FP entry is used When you disable this command the system behaves as described in this chapter Troubleshoot CAM Profiling The following section describes CAM profiling troubleshooting QoS CAM Region Limitation To store QoS service policies the ...

Страница 280: ...m flow region 2 Allocate more entries in the IPv4Flow region to QoS Dell Networking OS supports the ability to view the actual CAM usage before applying a service policy The test cam usage service policy command provides this test framework For more information refer to Pre Calculating Available QoS CAM Space Content Addressable Memory CAM 280 ...

Страница 281: ... the system control plane rate limits traffic to an acceptable level CoPP increases security on the system by protecting the routing processor from unnecessary or DoS traffic giving priority to important control plane and management traffic CoPP uses a dedicated control plane configuration through the ACL and QoS command line interfaces CLIs to provide filtering and rate limiting capabilities for ...

Страница 282: ...tion shows an example of the difference between having CoPP implemented and not having CoPP implemented Figure 30 Control Plane Policing Figure 31 CoPP Implemented Versus CoPP Not Implemented Control Plane Policing CoPP 282 ...

Страница 283: ...P policies are assigned on a per protocol or a per queue basis and are assigned in CONTROL PLANE mode to each port pipe CoPP policies are configured by creating extended ACL rules and specifying rate limits through QoS policies The ACLs and QoS policies are assigned as service policies Configuring CoPP for Protocols This section lists the commands necessary to create and enable the service policie...

Страница 284: ...ntrol plane Enabling this command on a port pipe automatically enables the ACL and QoS rules creates with the cpu qos keyword CONTROL PLANE mode service policy rate limit protocols Examples of Configuring CoPP for Different Protocols The following example shows creating the IP IPv6 MAC extended ACL Dell conf ip access list extended ospf cpu qos Dell conf ip acl cpuqos permit ospf Dell conf ip acl ...

Страница 285: ...s matching the QoS class map to the QoS policy Dell conf policy map input egressFP_rate_policy cpu qos Dell conf policy map in cpuqos class map class_ospf qos policy rate_limit_500k Dell conf policy map in cpuqos class map class_bgp qos policy rate_limit_400k Dell conf policy map in cpuqos class map class_lacp qos policy rate_limit_200k Dell conf policy map in cpuqos class map class ipv6 qos polic...

Страница 286: ... cpuq_2 Dell conf qos policy in rate police 5000 80 peak 600 50 Dell conf qos policy in exit The following example shows assigning the QoS policy to the queues Dell conf policy map input cpuq_rate_policy cpu qos Dell conf qos policy in service queue 5 qos policy cpuq_1 Dell conf qos policy in service queue 6 qos policy cpuq_2 Dell conf qos policy in service queue 7 qos policy cpuq_1 The following ...

Страница 287: ...nown protocol streams that have to share these 4 CMIC queues Before 9 4 0 0 Dell Networking OS used only 8 queues most of the queues are shared to multiple protocols So increasing the number of CMIC queues will reduce the contention among the protocols for the queue bandwidth Currently there are 4 Queues for data and 4 for control in both front end and back plane ports In stacked systems the contr...

Страница 288: ...st be ensured even in case of stand alone systems and there is no dependency with stacking Policing provides a method for protecting CPU bound control plane packets by policing packets transmited to CPU with a specified rate and from undesired or malicious traffic This is done at each CPU queue on each unit FP Entries for Distribution of NDP Packets to Various CPU Queues At present generic mac bas...

Страница 289: ...case NDP packets intended to peer VLT chassis taken to CPU and tunnel to peer The following table describes the protocol to queue mapping with the CPU queues increased to be 12 Table 15 Redirecting Control Traffic to 12 CPU queues CPU Queue Weights Rate pps Protocol 0 100 1300 BFD 1 1 300 MC 2 2 300 TTL0 TTL1 IP with options Mac limit violation Hyper pull L3 with Bcast MacDA Unknown L3 ARP unresol...

Страница 290: ...Multicast traffic L3 packets with Broadcast MAC address The catch all route poses a risk of overloading the CPU with unknown unicast packets This CLI knob to turn off the catch all route is of use in networks where the user does not want to generate Destination Unreachable messages and have the CPU queue s bandwidth available for higher priority control plane traffic Configuring CoPP for OSPFv3 Yo...

Страница 291: ...des show commands to display the protocol traffic assigned to each control plane queue and the current rate limit applied to each queue Other show commands display statistical information for trouble shooting CoPP operation To view the rates for each queue use the show cpu queue rate cp command Viewing Queue Rates Example of Viewing Queue Rates Dell show cpu queue rate cp Service Queue Rate PPS Q0...

Страница 292: ...Port Rate kbps ARP any 0x0806 Q5 Q6 CP _ FRRP 01 01 e8 00 00 10 11 any Q7 CP _ LACP 01 80 c2 00 00 02 0x8809 Q7 CP _ LLDP any 0x88cc Q7 CP _ GVRP 01 80 c2 00 00 21 any Q7 CP _ STP 01 80 c2 00 00 00 any Q7 CP _ ISIS 01 80 c2 00 00 14 15 any Q7 CP _ 09 00 2b 00 00 04 05 any Q7 CP Dell To view the queue mapping for IPv6 protocols use the show ipv6 protocol queue mapping command Example of Viewing Que...

Страница 293: ...PFC to Manage Converged Ethernet Traffic Configure Enhanced Transmission Selection Hierarchical Scheduling in ETS Output Policies Using ETS to Manage Converged Ethernet Traffic Applying DCB Policies in a Switch Stack Configure a DCBx Operation Verifying the DCB Configuration QoS dot1p Traffic Classification and Queue Assignment Configuring the Dynamic Buffer Method Sample DCB Configuration Etherne...

Страница 294: ...quirements while certain applications such as streaming video are more sensitive to latency Ethernet functions as a best effort network that may drop packets in the case of network congestion IP networks rely on transport protocols for example TCP for reliable data transmission with the associated cost of greater processing overhead and performance impact LAN traffic consists of a large number of ...

Страница 295: ...traffic on a link according to the 802 1p priority set on a traffic type You can create lossless flows for storage and server traffic while allowing for loss in case of LAN traffic congestion on the same physical interface The following illustration shows how PFC handles traffic congestion by pausing the transmission of incoming traffic with dot1p priority 4 Figure 32 Illustration of Traffic Conge...

Страница 296: ...s in multiprotocol Ethernet FCoE SCSI links ETS allows you to divide traffic according to its 802 1p priority into different priority groups traffic classes and configure bandwidth allocation and queue scheduling for each group to ensure that each traffic type is correctly prioritized and receives its required bandwidth For example you can prioritize low latency storage or server cluster traffic i...

Страница 297: ...uration information PFC and ETS use DCBx to exchange and negotiate parameters with peer devices DCBx capabilities include Discovery of DCB capabilities on peer device connections Determination of possible mismatch in DCB configuration on a peer link Configuration of a peer device over a DCB link DCBx requires the link layer discovery protocol LLDP to provide the path to exchange DCB parameters wit...

Страница 298: ...CEE Priority based flow control Enhanced transmission selection Data center bridging exchange protocol FCoE initialization protocol FIP snooping DCB processes virtual local area network VLAN tagged packets and dot1p priority values Untagged packets are treated with a dot1p priority of 0 For DCB to operate effectively you can classify ingress traffic according to its dot1p priority so that it maps ...

Страница 299: ...dled with strict priority scheduling You can enable PFC on a maximum of two priority queues on an interface Enabling PFC for dot1p priorities makes the corresponding port queue lossless The sum of all allocated bandwidth percentages in all groups in the DCB map must be 100 Strict priority traffic is serviced first Afterwards you can configure either the peak rates or the committed rates The bandwi...

Страница 300: ...PFC and ETS parameters are applied on the interfaces This change may create a DCB mismatch with peer DCB devices and interrupt network operation Data Center Bridging Default Configuration Before you configure PFC and ETS on a switch see the priority group setting taken into account the following default settings DCB is enabled PFC and ETS are globally enabled by default The default dot1p priority ...

Страница 301: ...iable can have a maximum of 32 characters 2 Create a PFC group CONFIGURATION mode priority group group num bandwidth bandwidth strict priority pfc on The range for priority group is from 0 to 7 Set the bandwidth in percentage The percentage range is from 1 to 100 in units of 1 Committed and peak bandwidth is in megabits per second The range is from 0 to 40000 Committed and peak burst size is in ki...

Страница 302: ...erved on Port B since traffic flow on priorities is mapped to loss less queues Port B acting as Ingress If the traffic congestion is on PORT B Egress DROP is on PORT A or C as the PFC is not enabled on PORT B Refer the following configuration for queue to dot1p mapping NOTE Although each port on the S4810 S4820T and S5000 devices support 8 QoS queues you can configure only 4 QoS queues 0 3 to mana...

Страница 303: ... CoS priority values of the traffic that needs to be stopped DCBx provides the link level exchange of PFC parameters between peer devices PFC allows network administrators to create zero loss links for SAN traffic that requires no drop service while at the same time retaining packet drop congestion management for LAN traffic On a switch PFC is enabled by default on Ethernet ports pfc mode on comma...

Страница 304: ...ities result in more than two lossless queues When you apply a DCB map an error message is displayed if link level flow control is already enabled on an interface You cannot enable PFC and link level flow control at the same time on an interface In a switch stack configure all stacked ports with the same PFC configuration Dell Networking OS allows you to change the default dot1p priority queue ass...

Страница 305: ...N 2 Apply the DCB map on the Ethernet port to configure it with the PFC and ETS settings in the map for example Dell interface tengigabitEthernet 1 1 Dell config if te 1 1 dcb map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port You cannot apply a DCB map on an interface that has been already configured for PFC using thepfc priority command or which is already configure...

Страница 306: ...e PFC using the pfc priority command on an interface on which a DCB map has been applied or which is already configured for lossless queues pfc no drop queues command pfc priority priority range INTERFACE Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is disabled in a DCB map apply the map on the interface The configuration o...

Страница 307: ...nts By default no lossless queues are configured on a port A limit of two lossless queues is supported on a port If the number of lossless queues configured exceeds the maximum supported limit per port two an error message is displayed Reconfigure the value to a smaller number of queues If you configure lossless queues on an interface that already has a DCB map with PFC enabled pfc on an error mes...

Страница 308: ... a sending device transmits a pause frame the recipient acknowledges this frame by temporarily halting the transmission of data packets The sending device requests the recipient to restart the transmission of data traffic when the congestion eases and reduces The time period that is specified in the pause frame defines the duration for which the flow of data packets is halted When the time period ...

Страница 309: ... if a PFC priority is configured and applied on the interface The number of lossless queues supported on the system is dependent on the availability of total buffers for PFC The default configuration in the system guarantees a minimum of 52 KB per queue if all the 128 queues are congested However modifying the buffer allocation per queue impacts this default behavior By default the total available...

Страница 310: ... 1 Create class maps to group the DSCP subsets class map match any dscp pfc 1 match ip dscp 0 5 10 15 class map match any dscp pfc 2 match ip dscp 20 25 30 35 2 Associate above class maps to Queues Queue assignment as below NOTE Although each port on the S4810 S4820T and S5000 devices support 8 QoS queues you can configure only 4 QoS queues 0 3 to manage data traffic The remaining 4 queues 4 7 are...

Страница 311: ...c is latency sensitive ETS allows different traffic types to coexist without interruption in the same converged link by Allocating a guaranteed share of bandwidth to each priority group Allowing each group to exceed its minimum guaranteed bandwidth if another group is not fully using its allotted bandwidth ETS Prerequisites and Restrictions The following prerequisites and restrictions apply when y...

Страница 312: ...affic on which you want to apply an ETS output policy PRIORITY GROUP mode priority list value The range is from 0 to 7 The default is none Separate priority values with a comma Specify a priority range with a dash For example priority list 3 5 7 4 Exit priority group configuration mode PRIORITY GROUP mode exit 5 Repeat Steps 1 to 4 to configure all remaining dot1p priorities in an ETS priority gro...

Страница 313: ...tion with peer ETS devices ETS configuration is handled as follows ETS TLVs are supported in DCBx versions CIN CEE and IEEE2 5 The DCBx port role configurations determine the ETS operational parameters refer to Configure a DCBx Operation ETS configurations received from TLVs from a peer are validated If there is a hardware limitation or TLV error DCBx operation on an ETS port goes down New ETS con...

Страница 314: ...RATION mode Dell conf qos policy output test12 The maximum 32 alphanumeric characters 2 Configure the percentage of bandwidth to allocate to the dot1p priority queue traffic in the associated L2 class map QoS OUTPUT POLICY mode Dell conf qos policy out bandwidth percentage 100 The default is none 3 Repeat Step 2 to configure bandwidth percentages for other priority queues on the port QoS OUTPUT PO...

Страница 315: ... control queues Dell Networking OS supports hierarchical scheduling on an interface The control traffic on Dell Networking OS is redirected to control queues as higher priority traffic with strict priority scheduling After the control queues drain out the remaining data traffic is scheduled to queues according to the bandwidth and scheduler configuration in the DCB map The available bandwidth calc...

Страница 316: ...miting because these parameters are not negotiated by DCBx with peer devices you can apply a QoS output policy with WRED and or rate shaping on a DCBx CIN enabled interface In this case the WRED or rate shaping configuration in the QoS output policy must take into account the bandwidth allocation or queue scheduler configured in the DCB map Priority Group Configuration Notes When you configure pri...

Страница 317: ...ree bandwidth remains up to the 20 30 Strict priority groups If two priority groups have strict priority scheduling traffic assigned from the priority group with the higher priority queue number is scheduled first However when three priority groups are used and two groups have strict priority scheduling such as groups 1 and 3 in the example the strict priority group whose traffic is mapped to one ...

Страница 318: ...that is when DCB features are not compatibly configured on a peer device and the local switch Mis configuration detection is feature specific because some DCB features support asymmetric configuration Reconfigures a peer device with the DCB configuration from its configuration source if the peer device is willing to accept configuration Accepts the DCB configuration from a peer if a DCBx port is i...

Страница 319: ...ation the link with the DCBx peer is enabled If the received peer configuration is not compatible with the currently configured port configuration the link with the DCBx peer port is disabled and a syslog message for an incompatible configuration is generated The network administrator must then reconfigure the peer device so that it advertises a compatible DCB configuration The internally propagat...

Страница 320: ...es to match against the received application priority Otherwise these ports use their locally configured PFC priorities in application priority TLVs If no configuration source is configured auto upstream and auto downstream ports check to see that the locally configured PFC priorities match the priorities in a received application priority TLV On manual ports an application priority TLV is adverti...

Страница 321: ...ts receiving auto configuration information from the configuration source ignore their current settings and use the configuration source information Propagation of DCB Information When an auto upstream or auto downstream port receives a DCB configuration from a peer the port acts as a DCBx client and checks if a DCBx configuration source exists on the switch If a configuration source is found the ...

Страница 322: ... If a DCBx frame with a different version is received a syslog message is generated and the peer version is recorded in the peer status table If the frame cannot be processed it is discarded and the discard counter is incremented NOTE Because DCBx TLV processing is best effort it is possible that CIN frames may be processed when DCBx is configured to operate in CEE mode and vice versa In this case...

Страница 323: ...LDP is shut down The CIN version of DCBx supports only PFC ETS and FCOE it does not support iSCSI backward congestion management BCN logical link down LLDF and network interface virtualization NIV Configuring DCBx To configure DCBx follow these steps For DCBx to advertise DCBx TLVs to peers enable LLDP For more information refer to Link Layer Discovery Protocol LLDP Configure DCBx operation at the...

Страница 324: ...rom auto upstream ports auto downstream configures the port to accept the internally propagated DCB configuration from a configuration source config source configures the port to serve as the configuration source on the switch manual configures the port to operate only on administer configured DCB parameters The port does not accept a DCB configuration received from a peer or a local configuration...

Страница 325: ...he DCBx operation on a switch follow these steps 1 Enter Global Configuration mode EXEC PRIVILEGE mode configure 2 Enter LLDP Configuration mode to enable DCBx operation CONFIGURATION mode no protocol lldp 3 Configure the DCBx version used on all interfaces not already configured to exchange DCB information PROTOCOL LLDP mode no DCBx version auto cee cin ieee v2 5 auto configures all ports to oper...

Страница 326: ...Vs are enabled and advertise FCoE and iSCSI NOTE To disable TLV transmission use the no form of the command for example no advertise DCBx appln tlv iscsi 6 Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs PROTOCOL LLDP mode no fcoe priority bits priority bitmap The priority bitmap range is from 1 to FF The default is 0x8 7 Configure the iSCSI priority adver...

Страница 327: ...ging operations auto detect timer enables traces for DCBx auto detect timers config exchng enables traces for DCBx configuration exchanges fail enables traces for DCBx failures mgmt enables traces for DCBx management frames resource enables traces for DCBx system resource frames sem enables traces for the DCBx state machine tlv enables traces for DCBx TLVs Verifying the DCB Configuration To displa...

Страница 328: ...ll stack ports all pfc details Displays the PFC configuration applied to ingress traffic including priorities and link delay show stack unit 0 11 all stack ports all ets details Displays the ETS configuration applied to ingress traffic on stack links including priorities and link delay Examples of the show Commands The following example shows the show dot1p queue mapping command Dell conf show qos...

Страница 329: ...fc detail Interface TenGigabitEthernet 1 4 Admin mode is on Admin is enabled Remote is enabled Remote Willing Status is enabled Local is enabled Oper status is recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quanta Application Priority TLV Parameters FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE Pr...

Страница 330: ...e received from peer Internally propagated PFC configuration parameters were received from configuration source PFC DCBx Oper status Operational status for exchange of PFC configuration on local port match up or mismatch down State Machine Type Type of state machine used for DCBx exchanges of PFC parameters Feature for legacy DCBx versions Symmetric for an IEEE version TLV Tx Status Status of PFC ...

Страница 331: ...mber of PFC pause frames received The following example shows the show interface pfc statistics command Dell show interfaces te 1 1 pfc statistics Interface TenGigabitEthernet 1 1 Interface Priority Rx XOFF Frames Rx Total Frames Tx Total Frames Te 1 1 P0 0 0 0 Te 1 1 P1 0 0 0 Te 1 1 P2 0 0 0 Te 1 1 P3 0 0 0 Te 1 1 P4 0 0 0 Te 1 1 P5 0 0 0 Te 1 1 P6 0 0 0 Te 1 1 P7 0 0 0 The following example show...

Страница 332: ... command Dell conf show interfaces tengigabitethernet 1 1 ets detail Interface TenGigabitEthernet 1 1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 0 ETS 2 0 ETS 3 0 ETS 4 0 ETS 5 0 ETS 6 0 ETS 7 0 ETS Priority Bandwidth TSA 0 13 ETS 1 13 ETS 2 13 ETS 3 13 ETS 4 12 ETS 5 12 ET...

Страница 333: ...onfigured Admin mode ETS mode on or off Admin Parameters ETS configuration on local port including priority groups assigned dot1p priorities and bandwidth allocation Remote Parameters ETS configuration on remote peer port including Admin mode enabled if a valid TLV was received or disabled priority groups assigned dot1p priorities and bandwidth allocation If the ETS Admin mode is enabled on the re...

Страница 334: ...following example shows the show stack unit all stack ports all pfc details command Dell conf show stack unit all stack ports all pfc details stack unit 1 stack port all Admin mode is On Admin is enabled Priority list is 4 5 Local is enabled Priority list is 4 5 Link Delay 45556 pause quantum 0 Pause Tx pkts 0 Pause Rx pkts stack unit 2 stack port all Admin mode is On Admin is enabled Priority lis...

Страница 335: ...ets details Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 3 4 5 6 7 100 ETS 1 2 3 4 5 6 7 8 Stack unit 2 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters Admin is enabled TC grp Priority Bandwidth TSA 0 0 1 2 ...

Страница 336: ...Error ETS Conf TLV Pkts 1 Input ETS Reco TLV pkts 1 Output ETS Reco TLV pkts 0 Error ETS Reco TLV Pkts The following example shows the show interface DCBx detail command legacy CEE Dell conf if te 1 17 lldp do sho int te 1 14 dc d E ETS Configuration TLV enabled e ETS Configuration TLV disabled R ETS Recommendation TLV enabled r ETS Recommendation TLV disabled P PFC Configuration TLV enabled p PFC...

Страница 337: ...DCB configuration as compatible In auto upstream mode a port can only received a DCBx version supported on the remote peer Local DCBx Configured mode DCBx version configured on the port CEE CIN IEEE v2 5 or Auto port auto configures to use the DCBx version received from a peer Peer Operating version DCBx version that the peer uses to exchange DCB parameters Local DCBx TLVs Transmitted Transmission...

Страница 338: ...1p command in INTERFACE configuration mode Layer 2 class maps You can use dot1p priorities to classify traffic in a class map and apply a service policy to an ingress port to map traffic to egress queues NOTE Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS However Dell Networking does recommend using Ingress traffic classification using the s...

Страница 339: ...ow control using dynamic buffer spaces is supported on the switch To configure the dynamic buffer capability perform the following steps 1 Enable the DCB application By default DCB is enabled and link level flow control is disabled on all interfaces CONFIGURATION mode dcb enable 2 Configure the shared PFC buffer size and the total buffer size A maximum of 4 lossless queues are supported CONFIGURAT...

Страница 340: ...6 Assign the DCB policy to the DCB buffer threshold profile CONFIGURATION mode Dell conf dcb policy buffer threshold stack unit all stack ports all dcb policy name 7 Assign the DCB policy to the DCB buffer threshold profile on interfaces This setting takes precedence over the default buffer threshold setting INTERFACE mode conf if te dcb policy buffer threshold buffer threshold 8 Configuring Globa...

Страница 341: ...d has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table For more information refer to QoS dot1p Traffic Classification and Queue Assignment The following describes the dot1p priority class group assignment dot1p Value in the Incoming Frame Priority Group Assignment 0 LAN Data Center Bridging DCB 341 ...

Страница 342: ...r traffic 1 Enabling DCB Dell conf dcb enable 2 Configure DCB map and enable PFC and ETS Dell conf service class dynamic dot1p Or Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 service class dynamic dot1p 3 Apply DCB map to relevant interface dcb map test priority group 1 bandwidth 50 pfc on priority group 2 bandwidth 45 pfc off priority group 3 bandwidth 5 pfc on priority pgid 2 2...

Страница 343: ...Client This is a network device requesting configuration parameters from the server Relay Agent This is an intermediary network device that passes DHCP messages between the client and server when the server is not on the same subnet as the host Topics DHCP Packet Format and Options Assign an IP Address using DHCP Implementation Information Configure the System to be a DHCP Server Configure the Sys...

Страница 344: ...rve as the client s default gateway Domain Name Server Option 6 Specifies the domain name servers DNSs that are available to the client Domain Name Option 15 Specifies the domain name that clients should use when resolving hostnames via DNS IP Address Lease Time Option 51 Specifies the amount of time that the client is allowed to use an assigned IP address DHCP Message Type Option 53 1 DHCPDISCOVE...

Страница 345: ...ng DHCP The following section describes DHCP and the client in a network When a client joins a network 1 The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers This message includes the parameters that the client requires and might include suggested values for those parameters 2 Servers unicast or broadcast a DHCPOFFER message in response to the DHC...

Страница 346: ...ng Implementation Information The following describes DHCP implementation Dell Networking implements DHCP based on RFC 2131 and RFC 3046 IP source address validation is a sub feature of DHCP Snooping the Dell Networking OS uses access control lists ACLs internally to implement this feature and as such you cannot apply ACLs to an interface which has IP source address validation If you configure IP ...

Страница 347: ...configuration parameters to clients upon request Servers typically serve many clients making host management much more organized and efficient The following table lists the key responsibilities of DHCP servers Table 25 DHCP Server Responsibilities DHCP Server Responsibilities Description Address Storage and Management DHCP servers are the owners of the addresses used by DHCP clients The server sto...

Страница 348: ...r the network portion of the address you specify The prefix length range is from 17 to 31 4 Display the current pool configuration DHCP POOL mode show config After an IP address is leased to a client only that client may release the address Dell Networking OS performs a IP MAC source address validation to ensure that no client can release another clients address This validation is a default behavi...

Страница 349: ...P mode excluded address Specifying an Address Lease Time To specify an address lease time use the following command Specify an address lease time for the addresses in a pool DHCP POOL lease days hours minutes infinite The default is 24 hours Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client To specify a default gateway follow this step Spe...

Страница 350: ...ame server address 2 Specify the NetBIOS node type for a Microsoft DHCP client Dell Networking recommends specifying clients as hybrid DHCP POOL mode netbios node type type Creating Manual Binding Entries An address binding is a mapping between the IP address and the media access control MAC address of a client The DHCP server assigns the client an available IP address automatically and then creat...

Страница 351: ...ands Clear DHCP binding entries for the entire binding table EXEC Privilege mode clear ip dhcp binding Clear a DHCP binding entry for an individual IP address EXEC Privilege mode clear ip dhcp binding ip address Configure the System to be a Relay Agent DHCP clients and servers request and offer configuration information via broadcast DHCP messages Routers do not forward broadcasts so if there are ...

Страница 352: ...address as the relay device Responses from the server are unicast back to the relay agent on port 67 and the relay agent rewrites the destination address and forwards the packet to the client subnet via broadcast or unicast depending whether the client has set or cleared the BROADCAST flag in the DHCP Client PDUs NOTE DHCP Relay is not available on Layer 2 interfaces and VLANs on the Z Series and ...

Страница 353: ...namic IP address from a DHCP client is for a limited period or until the client releases the address A DHCP server manages and assigns IP addresses to clients from an address pool stored on the server For more information refer to Configuring the Server for Automatic Address Allocation Dynamically assigned IP addresses are supported on Ethernet VLAN and port channel interfaces The public out of ba...

Страница 354: ... a new DHCP server assigned address remains in the running configuration for the interface To acquire a new IP address use the renew DHCP command in EXEC Privilege mode or the ip address dhcp command in INTERFACE Configuration mode To manually configure a static IP address on an interface use the ip address command A prompt displays to release an existing dynamically acquired IP address If you con...

Страница 355: ...HCP Client on a Management Interface These conditions apply when you enable a management interface to operate as a DHCP client The management default route is added with the gateway as the router IP address received in the DHCP ACK packet It is required to send and receive traffic to and from other subnets on the external network The route is added irrespective when the DHCP client and server are ...

Страница 356: ...ion and behavior are the same on Virtual LAN VLAN and port channel LAG interfaces as on a physical interface DHCP Snooping A DHCP client can run on a switch simultaneously with the DHCP snooping feature as follows If you enable DHCP snooping globally on a switch and you enable a DHCP client on an interface the trust port source MAC address and snooping table validations are not performed on the in...

Страница 357: ...Define the configuration parameters on the DHCP server for each chassis based on the chassis MAC address Configure the following parameters unit number priority stack group ID The received stacking configuration is always applied on the master stack unit option 230 unit number 3 priority 2 stack group 14 Configure Secure DHCP DHCP as defined by RFC 2131 provides no authentication or security mecha...

Страница 358: ...gent and the DHCP server enter the trust downstream option Manually reset the remote ID for Option 82 CONFIGURATION mode ip dhcp relay information option remote id DHCP Snooping DHCP snooping protects networks from spoofing In the context of DHCP snooping ports are either trusted or not trusted By default all ports are not trusted Trusted ports are ports through which attackers cannot connect Manu...

Страница 359: ...ries new IP address assignments are allowed NOTE DHCP server packets are dropped on all not trusted interfaces of a system configured for DHCP snooping To prevent these packets from being dropped configure ip dhcp snooping trust on the server connected port Enabling DHCP Snooping To enable DHCP snooping use the following commands 1 Enable DHCP snooping globally CONFIGURATION mode ip dhcp snooping ...

Страница 360: ...nterface number lease value Clearing the Binding Table To clear the binding table use the following command Delete all of the entries in the binding table EXEC Privilege mode clear ip dhcp snooping binding Clearing the DHCP IPv6 Binding Table To clear the DHCP IPv6 binding table use the following command Delete all of the entries in the binding table EXEC Privilege mode clear ipv6 dhcp snooping bi...

Страница 361: ...ping Enabled Vlans Vl 10 List of DAI Trust ports Te 1 4 Displaying the Contents of the DHCPv6 Binding Table To display the contents of the DHCP IPv6 binding table use the following command Display the contents of the binding table EXEC Privilege mode show ipv6 dhcp snooping biniding Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp sno...

Страница 362: ...d 57 f2 50 172800 D Vl 10 Te 1 2 10 1 1 252 00 00 4d 57 e6 f6 172800 D Vl 10 Te 1 1 10 1 1 253 00 00 4d 57 f8 e8 172740 D Vl 10 Te 1 3 10 1 1 254 00 00 4d 69 e8 f2 172740 D Vl 10 Te 1 5 Total number of Entries in the table 4 Dynamic ARP Inspection Dynamic address resolution protocol ARP inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding...

Страница 363: ...AI You can configure 10 to 16 DAI enabled VLANs by allocating more CAM space to the L2SysFlow region before enabling DAI SystemFlow has 102 entries by default This region is comprised of two sub regions L2Protocol and L2SystemFlow L2Protocol has 87 entries L2SystemFlow has 15 entries Six L2SystemFlow entries are used by Layer 2 protocols leaving nine for DAI L2Protocol can have a maximum of 100 en...

Страница 364: ...stics command Dell show arp inspection statistics Dynamic ARP Inspection DAI Statistics Valid ARP Requests 0 Valid ARP Replies 1000 Invalid ARP Requests 1000 Invalid ARP Replies 0 Dell Bypassing the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted which is useful in multi switch environments ARPs received on trusted ports bypass validation against...

Страница 365: ...ddresses the DHCP servers assign with the port or the port channel interface on which the requesting client is attached and the VLAN the client belongs to When you enable IP source address validation on a port the system verifies that the source IP address is one that is associated with the incoming port and optionally that the client belongs to the permissible VLAN If an attacker is impostering a...

Страница 366: ...Address Validation IP source address validation SAV validates the IP source address of an incoming packet and optionally the VLAN ID of the client against the DHCP snooping binding table IP MAC SAV ensures that the IP source address and MAC source address are a legitimate pair rather than validating each attribute individually You cannot configure IP MAC SAV with IP SAV 1 Allocate at least one FP ...

Страница 367: ...deny vlan 20 count 0 packets The following output of the show ip dhcp snooping source address validation discard counters interface interface command displays the number of SAV dropped packets on a particular interface Dell show ip dhcp snooping source address validation discard counters interface TenGigabitEthernet 1 1 deny access list on TenGigabitEthernet 1 1 Total cam count 2 deny vlan 10 coun...

Страница 368: ...th Dell Networking OS version 8 2 1 2 the default hash algorithm is 24 Enabling Deterministic ECMP Next Hop Deterministic ECMP next hop arranges all ECMPs in order before writing them into the content addressable memory CAM For example suppose the RTM learns eight ECMPs in the order that the protocols and interfaces came up In this case the forwarding information base FIB and CAM sorts them so tha...

Страница 369: ...ation the hash seed does not return to the original factory default setting To configure the hash algorithm seed use the following command Specify the hash algorithm seed CONFIGURATION mode hash algorithm seed value stack unit stack unit number port set number The range is from 0 to 4095 Link Bundle Monitoring Link bundle monitoring allows the system to monitor the use of multiple links for an une...

Страница 370: ...ink Bundle Monitoring Dell show link bundle distribution ecmp group 1 Link bundle trigger threshold 60 ECMP bundle 1 Utilization In Percent 44 Alarm State Active Interface Line Protocol Utilization In Percent Te 1 1 Up 36 Te 1 1 Up 52 Managing ECMP Group Paths To avoid path degeneration configure the maximum number of paths for an ECMP route that the L3 CAM can hold When you do not configure the m...

Страница 371: ...de interface interface 3 Enable monitoring for the bundle CONFIGURATION ECMP GROUP mode link bundle monitor enable Modifying the ECMP Group Threshold You can customize the threshold percentage for monitoring ECMP group bundles To customize the ECMP group bundle threshold and to view the changes use the following commands Modify the threshold for monitoring ECMP group bundles CONFIGURATION mode lin...

Страница 372: ... using the RTAG7 hashing which is designed to have the member links used efficiently as the traffic profile gets more diverse Hashing based load balancing is used in the following applications L3 ECMP LAGs HiGig trunking The RTAG7 hash scheme generates a hash that consists of the following two portions The first portion is primarily generated from packet headers to identify micro flows in the traf...

Страница 373: ... crc16cc CRC16_CCITT 16 bit CRC16 using CRC16 CCITT polynomial crc32LSB CRC32_LOWER LSB 16 bits of computed CRC32 crc32MSB CRC32_UPPER MSB 16 bits of computed CRC32 default crc upper Use Upper 32 bits of key for hash computation flow based hashing Enable flow based hashing dest ip Use Destination IP for ECMP hashing lsb Always return the LSB of the key as the hash xor1 CRC16_BISYNC_AND_XOR1 Upper ...

Страница 374: ...fic goes through the same path to router D while no traffic is redirected to router E Some of the anti polarization techniques used generally to mitigate unequal traffic distribution in LAG ECMP as follows 1 Configuring different hash seed values at each node Hash seed is the primary parameter in hash computations that determine distribution of traffic among the ECMP paths The ECMP path can be con...

Страница 375: ...level of randomness in hash selection CLI to enable flow based hashing is shown in the given example Dell_GW1 conf hash algorithm ecmp flow based hashing crc16 CRC16_BISYNC 16 bit CRC16 bisync polynomial default crc16cc CRC16_CCITT 16 bit CRC16 using CRC16 CCITT polynomial crc32MSB CRC32_UPPER MSB 16 bits of computed CRC32 crc32LSB CRC32_LOWER LSB 16 bits of computed CRC32 xor1 CRC16_BISYNC_AND_XO...

Страница 376: ...ng flow based hashing When the flow based hashing is enabled at all the nodes in the multi tier network traffic distribution is balanced at all tiers of the network nullifying the polarization effect Traffic occurs by the randomness for the flow based hashing algorithm across multiple nodes in a given network Equal Cost Multi Path ECMP 376 ...

Страница 377: ... bridging DCB to support lossless no drop SAN and LAN traffic In addition DCB provides flexible bandwidth sharing for different traffic types such as LAN and SAN according to 802 1p priority classes of service DCBx should be enabled on the system before the FIP snooping feature is enabled For more information refer to the Data Center Bridging DCB chapter Ensure Robustness in a Converged Ethernet N...

Страница 378: ...ables FCoE devices to discover one another initialize and maintain virtual links over an Ethernet network and access storage devices in a storage area network SAN FIP satisfies the Fibre Channel requirement for point to point connections by creating a unique virtual link for each connection between an FCoE end device and an FCF via a transit switch FIP provides functionality for discovering and lo...

Страница 379: ...CoE traffic to be transmitted between an FCoE end device and an FCF An Ethernet bridge that provides these functions is called a FIP snooping bridge FSB On a FIP snooping bridge ACLs are created dynamically as FIP login frames are processed The ACLs are installed on switch ports configured for ENode mode for server facing ports and FCF mode for a trusted port directly connected to an FCF Enable FI...

Страница 380: ... to bridge links Port based ACLs take precedence over global ACLs FCoE generated ACLs These take precedence over user configured ACLs A user configured ACL entry cannot deny FCoE and FIP snooping frames The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network The top of rack ToR switch operates as an FCF for FCoE traffic Converged LAN and SAN traffic ...

Страница 381: ...ribe how to configure the FIP snooping feature on a switch Allocate CAM resources for FCoE Perform FIP snooping allowing and parsing FIP frames globally on all VLANs or on a per VLAN basis To assign a MAC address to an FCoE end device server ENode or storage device after a server successfully logs in set the FCoE MAC address prefix FC MAP value an FCF uses The FC MAP value is used in the ACLs inst...

Страница 382: ...orks VLANs or individual VLANs on a FIP snooping bridge 3 Configure the FC Map value applied globally by the switch on all VLANs or an individual VLAN 4 Configure FCF mode for a FIP snooping bridge to FCF link For a sample FIP snooping configuration refer to FIP Snooping Configuration Example Statistical information is available for FIP Snooping related information For available commands refer to ...

Страница 383: ...e to bridge port mode interface for any FIP snooping enabled VLAN You can configure multiple FCF trusted interfaces in a VLAN When you disable FIP snooping ACLs are not installed FIP and FCoE traffic is not blocked and FIP packets are not processed The existing per VLAN and FIP snooping configuration is stored The configuration is re applied the next time you enable the FIP snooping feature You mu...

Страница 384: ...ified VLAN When you enable FIP snooping on VLANs FIP frames are allowed to pass through the switch on the enabled VLANs and are processed to generate FIP snooping ACLs FCoE traffic is allowed on VLANs only after a successful virtual link initialization fabric login FLOGI between an ENode and an FCF All other FCoE traffic is dropped You must configure at least one interface for FCF FCoE Forwarder m...

Страница 385: ... of the configured FC MAP value for the VLAN FLOGI and fabric discovery FDISC request response packets are trapped to the CPU They are forwarded after the necessary ACLs are installed Impact on Other Software Features When you enable FIP snooping on a switch other software features are impacted The following table lists the impact of FIP snooping Table 28 Impact of Enabling FIP Snooping Impact Des...

Страница 386: ... FCoE VLAN By default FIP snooping is disabled To enable FCoE transit on the switch and configure the FCoE transit parameters on ports follow these steps 1 Configure FCoE FCoE configuration copy flash CONFIG_TEMPLATE FCoE_DCB_Config running config The configuration files are stored in the flash memory in the CONFIG_TEMPLATE file NOTE DCB DCBx is enabled when either of these configurations is appli...

Страница 387: ...dress VLAN ID and FC ID show fip snooping fcf fcf mac address Displays information on the FCFs in FIP snooped sessions including the FCF interface and MAC address FCF interface VLAN ID FC MAP value FKA advertisement period and number of ENodes connected clear fip snooping database interface vlan vlan id fcoe mac address enode mac address fcf mac address Clears FIP snooping information on a VLAN fo...

Страница 388: ...c 00 01 00 04 01 00 04 41 00 0e fc 00 00 00 02 21 00 0e fc 00 00 00 00 0e fc 00 01 00 05 01 00 05 41 00 0e fc 00 00 00 03 21 00 0e fc 00 00 00 00 The following table describes the show fip snooping sessions command fields Table 30 show fip snooping sessions Command Description Field Description ENode MAC MAC address of the ENode ENode Interface Slot port number of the interface connected to the EN...

Страница 389: ...N FC MAP FKA_ADV_PERIOD No of Enodes 54 7f ee 37 34 40 Po 22 100 0e fc 00 4000 2 The following table describes the show fip snooping fcf command fields Table 32 show fip snooping fcf Command Description Field Description FCF MAC MAC address of the FCF FCF Interface Slot port number of the interface to which the FCF is connected VLAN VLAN ID number used by the session FC MAP FC Map value advertised...

Страница 390: ...er of FLOGO 0 Number of Enode Keep Alive 4416 Number of VN Port Keep Alive 3136 Number of Multicast Discovery Advertisement 0 Number of Unicast Discovery Advertisement 0 Number of FLOGI Accepts 0 Number of FLOGI Rejects 0 Number of FDISC Accepts 0 Number of FDISC Rejects 0 Number of FLOGO Accepts 0 Number of FLOGO Rejects 0 Number of CVL 0 Number of FCF Discovery Timeouts 0 Number of VN Port Sessi...

Страница 391: ...d FLOGI request frames received on the interface Number of FDISC Number of FIP snooped FDISC request frames received on the interface Number of FLOGO Number of FIP snooped FLOGO frames received on the interface Number of ENode Keep Alives Number of FIP snooped ENode keep alive frames received on the interface Number of VN Port Keep Alives Number of FIP snooped VN port keep alive frames received on...

Страница 392: ... Port Session Timeouts Number of VN port session timeouts that occurred on the interface Number of Session failures due to Hardware Config Number of session failures due to hardware configuration that occurred on the interface The following example shows the show fip snooping system command Dell show fip snooping system Global Mode Enabled FCOE VLAN List Operational 1 100 FCFs 1 Enodes 2 Sessions ...

Страница 393: ...n FCF facing port is configured for DCBx in an auto upstream or configuration source role The DCBx configuration on the FCF facing port is detected by the server facing port and the DCB PFC configuration on both ports is synchronized For more information about how to configure DCBx and PFC on a port refer to the Data Center Bridging DCB chapter The following example shows how to configure FIP snoo...

Страница 394: ... for bridge ENode links Example of Configuring the FCF Facing Port Dell conf interface tengigabitethernet 1 5 Dell conf if te 1 5 portmode hybrid Dell conf if te 1 5 switchport Dell conf if te 1 5 fip snooping port mode fcf Dell conf if te 1 5 protocol lldp Dell conf if te 1 5 lldp dcbx port role auto upstream Example of Configuring FIP Snooping Ports as Tagged Members of the FCoE VLAN Dell conf i...

Страница 395: ...lidated cryptography module Certificate 1747 running on NetBSD 5 1 per FIPS 140 2 Implementation Guidance section G 5 guidelines NOTE Only the following features use the embedded FIPS 140 2 validated cryptography module SSH Client SSH Server RSA Host Key Generation SCP File Transfers Currently other features using cryptography do not use the embedded FIPS 140 2 validated cryptography module Topics...

Страница 396: ...nd it is re enabled for version 2 only If you re enable the SSH server a new RSA host key pair is generated automatically You can also manually create this key pair using the crypto key generate command NOTE Under certain unusual circumstances it is possible for the fips enable command to indicate a failure This failure occurs if any of the self tests fail when you enable FIPS mode This failure oc...

Страница 397: ...ommand to view the status of the current FIPS mode show fips status show system Examples of the show fips status and show system Commands The following example shows the show fips status command Dell show fips status FIPS Mode Enabled for the system using the show system command The following example shows the show system command Disabling FIPS Mode When you disable FIPS mode the following changes...

Страница 398: ...e no fips mode enable The following Warning message displays WARNING Disabling FIPS mode will close all SSH Telnet connections restart those servers and destroy all configured host keys Proceed y n FIPS Cryptography 398 ...

Страница 399: ...Overview Implementing FRRP FRRP Configuration Troubleshooting FRRP Sample Configuration and Topology Protocol Overview FRRP is built on a ring topology You can configure up to 255 rings on a system FRRP uses one Master node and multiple Transit nodes in each ring There is no limit to the number of nodes on a ring The Master node is responsible for the intelligence of the Ring and monitors the stat...

Страница 400: ... and continues normal operation If the Master node does not receive the RHF before the fail period timer expires a configurable timer the Master node moves from the Normal state to the Ring Fault state and unblocks its Secondary port The Master node also clears its forwarding table and sends a control frame to all other nodes instructing them to also clear their forwarding tables Immediately after...

Страница 401: ...iple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system More than the recommended number of rings may cause interface instability You can configure multiple rings with a single switch connection a single ring can have multiple FRRP groups multiple rings can be connected with a common link The platform supports up to 32 rings on a system including stacked ...

Страница 402: ...ngle Switch Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks The Master node originates a high speed frame that circulates around the ring This frame appropriately sets up or breaks down the ring The Master node transmits ring status check frames at specified intervals You can run multiple physical rings on the same switc...

Страница 403: ... has two ports for each ring Primary and Secondary The Master node Primary port generates RHFs The Master node Secondary port receives the RHFs On Transit nodes there is no distinction between a Primary and Secondary interface when operating in the Normal state Ring Interface State Each interface port that is part of the ring maintains one of four states Blocking State Accepts ring protocol packet...

Страница 404: ...h node of the ring TCRHFs are sent out the Master Node s Primary and Secondary interface when the ring is declared in a Failed state with the same sequence number on any topology change to ensure that all Transit nodes receive it There is no periodic transmission of TCRHFs The TCRHFs are sent on triggered events of ring failure or ring restoration only Implementing FRRP FRRP is media and speed ind...

Страница 405: ...onfiguring the Control VLAN Control and member VLANS are configured normally for Layer 2 Their status as control or member is determined at the FRRP group commands For more information about configuring VLANS in Layer 2 mode refer to Layer 2 Be sure to follow these guidelines All VLANS must be in Layer 2 mode You can only add ring nodes to the VLAN A control VLAN can belong to one FRRP group only ...

Страница 406: ...ace primary interface secondary interface control vlan vlan id Interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information 4 Configure the Master node CONFIG FRRP mode mode master 5 Identify the Member VLANs for this FRRP group CONFIG FRRP mod...

Страница 407: ...information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information 3 Assign the Primary and Secondary ports and the Control VLAN for the ports on the ring CONFIG FRRP mode interface primary interface secondary interface control vlan vlan id Interface For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport informati...

Страница 408: ...RRP counters use one of the following commands Clear the counters associated with this Ring ID EXEC PRIVELEGED mode clear frrp ring id Ring ID the range is from 1 to 255 Clear the counters associated with all FRRP groups EXEC PRIVELEGED mode clear frrp Viewing the FRRP Configuration To view the configuration for the FRRP group use the following command Show the configuration for this FRRP group CO...

Страница 409: ...disabled on both Primary and Secondary interfaces when you enable FRRP When the interface ceases to be a part of any FRRP process if you enable Spanning Tree globally also enable it explicitly for the interface The maximum number of rings allowed on a chassis is 255 Sample Configuration and Topology The following example shows a basic FRRP topology Example of R1 MASTER interface TenGigabitEthernet...

Страница 410: ...4 31 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 2 14 secondary TenGigabitEthernet 2 31 control vlan 101 member vlan 201 mode transit no disable Example of R3 TRANSIT interface TenGigabitEthernet 3 14 no ip address switchport no shutdown interface TenGigabitEthernet 3 21 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 3 14 21 n...

Страница 411: ...mode transit no disable Force10 Resilient Ring Protocol FRRP 411 ...

Страница 412: ...e idea is to configure switches at the edge and have the information dynamically propagate into the core As such the edge ports must still be statically configured with VLAN membership information and they do not run GVRP It is this information that is propagated to create dynamic VLAN membership in the core of the network Important Points to Remember GVRP propagates VLAN membership throughout a n...

Страница 413: ...PVST running Cannot enable GVRP Error MSTP running Cannot enable GVRP Topics Configure GVRP Enabling GVRP Globally Enabling GVRP on a Layer 2 Interface Configure GVRP Registration Configure a GARP Timer RPM Redundancy GARP VLAN Registration Protocol GVRP 413 ...

Страница 414: ...witch basis Enable GVRP on each port that connects to a switch where you want GVRP information exchanged In the following example GVRP is configured on VLAN trunk ports Figure 46 Global GVRP Configuration Example Basic GVRP configuration is a two step process 1 Enabling GVRP Globally 2 Enabling GVRP on a Layer 2 Interface GARP VLAN Registration Protocol GVRP 414 ...

Страница 415: ...rief command Enabling GVRP on a Layer 2 Interface To enable GVRP on a Layer 2 interface use the following command Enable GVRP on a Layer 2 interface INTERFACE mode gvrp enable Example of Enabling GVRP on an Interface Dell conf if te 1 21 switchport Dell conf if te 1 21 gvrp enable Dell conf if te 1 21 no shutdown Dell conf if te 1 21 show config interface TenGigabitEthernet 1 21 no ip address swit...

Страница 416: ...istration fixed 34 35 Dell conf if te 1 21 gvrp registration forbidden 45 46 Dell conf if te 1 21 show conf interface TenGigabitEthernet 1 21 no ip address switchport gvrp enable gvrp registration fixed 34 35 gvrp registration forbidden 45 46 no shutdown Dell conf if te 1 21 Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP There ar...

Страница 417: ...l conf garp timers join 300 Error Leave timer should be 3 Join timer RPM Redundancy The current version of Dell Networking OS supports 1 1 hitless route processor module RPM redundancy The primary RPM performs all routing switching and control operations while the standby RPM monitors the primary RPM In the event that the primary RPM fails the standby RPM can assume control of the system without r...

Страница 418: ... Networking OS release Table 34 Boot Code Requirements Component Boot Code S4048 ON 1 2 0 3 The features in this collection are Component Redundancy Hitless Behavior Graceful Restart Software Resiliency Hot Lock Behavior Topics Component Redundancy Pre Configuring a Stack Unit Slot Removing a Provisioned Logical Stack Unit Hitless Behavior Graceful Restart Software Resiliency Hot Lock Behavior Com...

Страница 419: ...ole Primary Stack unit State Active Stack unit SW Version 9 6 0 0 Link to Peer Down Peer Stack unit not present Stack unit Redundancy Configuration Primary Stack unit mgmt id 0 Auto Data Sync Full Failover Type Hot Failover Auto reboot Stack unit Enabled Auto failover limit 3 times in 60 minutes Stack unit Failover Record Failover Count 0 Last failover timestamp None Last failover Reason None Last...

Страница 420: ...e redundancy force failover stack unit Example of the redundancy force failover stack unit Command Dell redundancy force failover stack unit System configuration has been modified Save yes no yes Proceed with Stack unit hot failover confirm yes no yes Dell Specifying an Auto Failover Limit When a non recoverable fatal error is detected an automatic failover occurs However Dell Networking OS is con...

Страница 421: ...gure an empty stack unit slot with a logical stack unit To pre configure an empty stack unit slot use the following command Pre configure an empty stack unit slot with a logical stack unit CONFIGURATION mode stack unit unit_id provisionS4048 ON Example of Viewing a Logical Configuration of a Pre Configured Stack Unit After creating the logical stack unit you can configure the interfaces on the sta...

Страница 422: ... hitless end result if the hitless behavior involves multiple protocols all protocols must be hitless For example if OSPF is hitless but bidirectional forwarding detection BFD is not OSPF operates hitlessly and BFD flaps upon an RPM failover The following protocols are hitless Link aggregation control protocol Spanning tree protocol Refer to Configuring Spanning Trees as Hitless Graceful Restart G...

Страница 423: ...reshold can be used to initiate recovery mechanism Failure and Event Logging Dell Networking systems provide multiple options for logging failures and events Trace Log Developers interlace messages with software code to track the execution of a program These messages are called trace messages and are primarily used for debugging and to provide lower level information then event messages which syst...

Страница 424: ...tors diagnostics and auditing information Dell Networking OS sends event messages to the internal buffer all terminal lines the console and optionally to a syslog server For more information about event messages and configurable options refer to Management Hot Lock Behavior Dell Networking OS hot lock features allow you to append and delete their corresponding content addressable memory CAM entrie...

Страница 425: ... RFCs 1112 2236 and 3376 respectively Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet IGMP on Dell Networking OS supports an unlimited number of groups Dell Networking systems cannot serve as an IGMP host or an IGMP version 1 IGMP Querier Dell Networking OS automatically enables IGMP on interfaces on which you enable a multicast routing protocol Topics IGM...

Страница 426: ...y response timer several times the value of the query interval to expire before it stops forwarding traffic To receive multicast traffic from a particular source a host must join the multicast group to which the source is sending traffic A host that is a member of a group is called a receiver A host may join many groups and may join or leave any group at any time A host joins and leaves a multicas...

Страница 427: ...cific Query to determine whether there are any remaining hosts in the group There must be at least one receiver in a group on a subnet for a router to forward multicast traffic for that group to the subnet 3 Any remaining hosts respond to the query according to the delay timer mechanism refer to Adjusting Query and Response Timers If no hosts respond because there are none remaining in the group t...

Страница 428: ... host indicates that it wants to receive traffic for group 224 1 1 1 2 The host s second report indicates that it is only interested in traffic from group 224 1 1 1 source 10 11 1 1 Include messages prevents traffic from all other sources in the group from reaching the subnet Before recording this request the querier sends a group and source query to verify that there are no hosts interested in an...

Страница 429: ...ssage indicates that it is only interested in traffic from sources 10 11 1 1 and 10 11 1 2 Because this request again prevents all other sources from reaching the subnet the router sends another group and source query so that it can satisfy all other hosts There are no other interested hosts so the request is recorded Figure 50 Membership Reports Joining and Filtering Internet Group Management Pro...

Страница 430: ...es sends a group and source query to see if any other host is interested in these two sources queries for state changes are retransmitted multiple times If any are they respond with their current state information and the querier refreshes the relevant state information 3 Separately in the following illustration the querier sends a general query to 224 0 0 1 4 Host 2 responds to the periodic gener...

Страница 431: ...d with PIM SM are automatically enabled with IGMP To view IGMP enabled interfaces use the following command View IGMP enabled interfaces EXEC Privilege mode show ip igmp interface Example of the show ip igmp interface Command Dell show ip igmp interface TenGigabitEthernet 3 10 Inbound IGMP access group is not set Internet address is 165 87 34 5 24 IGMP is up on the interface IGMP query interval is...

Страница 432: ... interval is 60 seconds IGMP querier timeout is 125 seconds IGMP max query response time is 10 seconds IGMP last member query response interval is 1000 ms IGMP immediate leave is disabled IGMP activity 0 joins 0 leaves 0 channel joins 0 channel leaves IGMP querying router is 1 1 1 1 this system IGMP version is 3 Viewing IGMP Groups To view both learned and statically configured IGMP groups use the...

Страница 433: ... querier waits for a response to a query before taking further action The querier advertises this value in the query refer to the illustration in IGMP Version 2 Lowering this value decreases leave latency but increases response burstiness because all host membership reports must be sent before the maximum response time expires Inversely increasing this value decreases burstiness at the expense of ...

Страница 434: ...fter entering your first deny rule the Dell Networking OS clears the multicast routing table and re learns all groups even those not covered by the rules in the access list because there is an implicit deny all rule at the end of all access lists Therefore configuring an IGMP join request filter in this order might result in data loss If you must enter the ip igmp access group command before creat...

Страница 435: ...enting a Host from Joining a Group The following table lists the location and description shown in the previous illustration Table 35 Preventing a Host from Joining a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 Internet Group Management Protocol IGMP 435 ...

Страница 436: ...Ethernet 2 31 ip pim sparse mode ip address 10 11 23 1 24 no shutdown 3 1 Interface TenGigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim sparse mode...

Страница 437: ...oping IGMP snooping enables switches to use information in IGMP packets to generate a forwarding table that associates ports with multicast groups so that when they receive multicast frames they can forward them only to interested receivers Multicast packets are addressed with multicast MAC addresses which represent a group of devices rather than one unique device Switches forward multicast frames...

Страница 438: ... enable View the configuration CONFIGURATION mode show running config Disable snooping on a VLAN INTERFACE VLAN mode no ip igmp snooping Related Configuration Tasks Removing a Group Port Association Disabling Multicast Flooding Specifying a Port as Connected to a Multicast Router Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell conf ip igmp snooping enable Dell con...

Страница 439: ...mp snooping flood Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN use the following commands Statically specify a port in a VLAN as connected to a multicast router INTERFACE VLAN mode ip igmp snooping mrouter View the ports that are connected to multicast routers EXEC Privilege mode show ip igmp snooping mrouter Configuring the Switch as Querier ...

Страница 440: ...ng table Adjust the last member query interval INTERFACE VLAN mode ip igmp snooping last member query interval Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change Dell Networking OS sends a general query out of all ports except the multicast router ports The host sends a response to the general query and the for...

Страница 441: ...ent protocols must exit out of the management port In this chapter all the references to traffic indicate switch initiated traffic and responses to switch destined traffic with management port IP address as the source IP address In customer deployment topologies it might be required that the traffic for certain management applications needs to exit out of the management port only You can use EIS t...

Страница 442: ...e after a packet is sent The switch also processes user specified port numbers for applications such as RADIUS TACACS SSH and sFlow The OS maintains a list of configured management applications and their port numbers You can configure two default routes one configured on the management port and the other on the front end port Two tables namely Egress Interface Selection routing table and default r...

Страница 443: ...management port IP address the response to the request is sent out of the management port by performing a route lookup in the EIS routing table If the SSH request is received on the front end port destined for the front end IP address the response traffic is sent by doing a route lookup in the default routing table only If the management port is down or route lookup fails in the management EIS rou...

Страница 444: ...ucture in the in_selectsrc call which is called as part of the connect system call or in the ip_output function If the destination TCP UDP port number belongs to a configured management application then sin_port of destination sockaddr structure is set to Management EIS ID 2 so that route lookup can be done in the management EIS routing table To ensure that protocol separation is done only for swi...

Страница 445: ...he response traffic and hence is sent out of the management port In this case the source IP address is a management port IP address only if the traffic was originally destined to the management port IP ICMP based applications like ping and traceroute are exceptions to the preceding logic since we do not have TCP UDP port number So if source IP address of the packet matches the management port IP a...

Страница 446: ... when the management egress interface selection feature is enabled Table 37 Mapping of Management Applications and Traffic Type Traffic type Application type Switch initiated traffic Switch destined traffic Transit Traffic EIS Management Application Management is the preferred egress port selected based on route lookup in EIS table If the management port is down or the route lookup fails packets a...

Страница 447: ...rom the switch 1 Management Applications Applications that are configured as management applications The management port is an egress port for management applications If the management port is down or the destination is not reachable through the management port next hop ARP is not resolved and so on and if the destination is reachable through a data port then the management application traffic is ...

Страница 448: ... Default Behavior tacacs EIS Behavior Default Behavior telnet EIS Behavior Default Behavior tftp EIS Behavior Default Behavior icmp ping and traceroute EIS Behavior for ICMP Default Behavior Behavior of Various Applications for Switch Destined Traffic This section describes the different system behaviors that occur when traffic is terminated on the switch Traffic has not originated from the switch...

Страница 449: ...avior Default Behavior Snmp snmp mib response EIS Behavior Default Behavior telnet EIS Behavior Default Behavior icmp ping and traceroute EIS Behavior for ICMP Default Behavior Interworking of EIS With Various Applications Stacking The management EIS is enabled on the master and the standby unit Because traffic can be initiated from the Master unit only the preference to management EIS table for s...

Страница 450: ... if sFlow is configured in stacking environment Designating a Multicast Router Interface To designate an interface as a multicast router interface use the following command Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non zero IP source address All IGMP control...

Страница 451: ...n Interface Types View Basic Interface Information Enabling a Physical Interface Physical Interfaces Management Interfaces VLAN Interfaces Loopback Interfaces Null Interfaces Port Channel Interfaces Advanced Interface Configuration Bulk Configuration Defining Interface Range Macros Monitoring and Maintaining Interfaces Splitting QSFP Ports to SFP Ports Link Dampening Link Bundle Monitoring Etherne...

Страница 452: ...P or QSFP Port to an SFP or SFP Port Link Dampening Link Bundle Monitoring Using Ethernet Pause Frames for Flow Control Configure the MTU Size on an Interface Port Pipes Auto Negotiation on Ethernet Interfaces View Advanced Interface Information Dynamic Counters Interface Types The following table describes different interface types Table 40 Different Types of Interfaces Interface Type Modes Possi...

Страница 453: ...played as 0 zero for the Rx Tx power values To obtain the correct power information perform a simple network management protocol SNMP query Examples of the show Commands The following example shows the configuration and status information for one interface Dell show interfaces tengigabitethernet 1 1 TenGigabitEthernet 1 1 is up line protocol is up Hardware is Force10Eth address is 00 01 e8 05 f3 6...

Страница 454: ...dministratively down down TenGigabitEthernet 1 2 unassigned NO Manual administratively down down TenGigabitEthernet 1 3 unassigned YES Manual up up TenGigabitEthernet 1 4 unassigned YES Manual up up TenGigabitEthernet 1 5 unassigned YES Manual up up TenGigabitEthernet 1 6 10 10 10 1 YES Manual up up TenGigabitEthernet 1 7 unassigned NO Manual administratively down down TenGigabitEthernet 1 8 unass...

Страница 455: ...ory default state CONFIGURATION mode default interface interface type Dell conf default interface tengigabitethernet 1 5 3 Verify the configuration INTERFACE mode show config Dell conf if te 1 5 show config interface TenGigabitEthernet 1 5 no ip address shutdown All the applied configurations are removed and the interface is set to the factory default state Enabling a Physical Interface After dete...

Страница 456: ...o become part of virtual interfaces such as virtual local area networks VLANs or port channels For more information about VLANs refer to Bulk Configuration For more information on port channels refer to Port Channel Interfaces Dell Networking OS Behavior The system uses a single MAC address for all physical interfaces Configuration Task List for Physical Interfaces By default all interfaces are op...

Страница 457: ...ta Link Mode Do not configure switching or Layer 2 protocols such as spanning tree protocol STP on an interface unless the interface has been set to Layer 2 mode To set Layer 2 data transmissions through an individual interface use the following command Enable Layer 2 data transmissions through an individual interface INTERFACE mode switchport Example of a Basic Layer 2 Interface Configuration Del...

Страница 458: ...able Layer 3 on an individual interface INTERFACE mode ip address ip address Enable the interface INTERFACE mode no shutdown Example of Error Due to Issuing a Layer 3 Command on a Layer 2 Interface If an interface is in the incorrect layer mode for a given command an error message is displayed shown in bold In the following example the ip address command triggered an error message because the inte...

Страница 459: ...led ICMP redirects are not sent ICMP unreachables are not sent Egress Interface Selection EIS EIS allows you to isolate the management and front end port domains by preventing switch initiated traffic routing between the two domains This feature provides additional security by preventing flooding attacks on front end ports The following protocols support EIS DNS FTP NTP RADIUS sFlow SNMP SSH Syslo...

Страница 460: ...ncoming SNMP packets as the source address for outgoing SNMP responses for security Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port You can use either method to connect to the system Configuring Management Interfaces The dedicated Management interface provides management access to the system You can configure this interface ...

Страница 461: ...rrent address is 00 01 e8 a0 bf f3 Pluggable media not present Interface index is 302006472 Internet address is 10 16 130 5 16 Link local IPv6 address fe80 201 e8ff fea0 bff3 64 Global IPv6 address 1 1 Global IPv6 address 2 1 64 Virtual IP is not set Virtual IP IPv6 address is not set MTU 1554 bytes IP MTU 1500 bytes LineSpeed 1000 Mbit Mode full duplex ARP type ARPA ARP Timeout 04 00 00 Last clea...

Страница 462: ...y management interface IP and virtual IP must be in the same subnet To view the Primary RPM Management port use the show interface Managementethernet command in EXEC Privilege mode If there are two RPMs you cannot view information on that interface Configuring a Management Interface on an Ethernet Port You can manage the system through any port using remote access such as Telnet To configure an IP...

Страница 463: ...g on the same VLAN Dell Networking OS supports Inter VLAN routing Layer 3 routing in VLANs You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used For more information about configuring different routing protocols refer to the chapters on the specific protocol A consideration for including VLANs in routing protocols is that you must ...

Страница 464: ...nterface CONFIGURATION mode interface loopback number The range is from 0 to 16383 View Loopback interface configurations EXEC mode show interface loopback number Delete a Loopback interface CONFIGURATION mode no interface loopback number Many of the commands supported on physical interfaces are also supported on a Loopback interface Null Interfaces The Null interface is another virtual interface ...

Страница 465: ... including easy management link redundancy and sharing Port channels are transparent to network configurations and can be modified and managed as one interface For example you configure one IP address for the group and that IP address is used for all routed traffic on the port channel With this feature you can create larger capacity interfaces by utilizing a group of lower speed links For example ...

Страница 466: ...ces The common speed is determined when the port channel is first enabled Then the software checks the first interface listed in the port channel configuration If you enabled that interface its speed configuration becomes the common speed of the port channel If the other interfaces configured in that port channel are configured with a different speed Dell Networking OS disables them Port channels ...

Страница 467: ...ng or configuring protocols or assigning access control lists Adding a Physical Interface to a Port Channel The physical interfaces in a port channel can be on any line card in the chassis but must be the same physical type NOTE Port channels can contain a mix of Ethernet interfaces but Dell Networking OS disables the interfaces that are not the same speed of the first channel member in the port c...

Страница 468: ...00 06 03 Te 1 7 Up Te 1 8 Up Te 1 13 Up Te 1 14 Up Dell The following example shows the port channel s mode L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2 port channel assigned to a routed VLAN the status and the number of interfaces belonging to the port channel Dell show interface port channel 20 Port channel 20 is up line protocol is up Hardware address is 00 01 e8 01 46 fa Internet a...

Страница 469: ... 6 is part of port channel 5 which is in Layer 2 mode and an error message appeared when an IP address was configured Dell conf if portch show config interface Port channel 5 no ip address switchport channel member TenGigabitEthernet 1 6 Dell conf if portch int Te 1 6 Dell conf if ip address 10 56 4 4 24 Error Port is part of a LAG Te 1 6 Dell conf if Reassigning an Interface to a New Port Channel...

Страница 470: ...to consider the port channel to be in oper up status To set the oper up status of your links use the following command Enter the number of links in a LAG that must be in oper up status INTERFACE mode minimum links number The default is 1 Example of Configuring the Minimum Oper Up Links in a Port Channel Dell config t Dell conf int po 1 Dell conf if po 1 minimum links 5 Dell conf if po 1 Adding or ...

Страница 471: ...orm the following 1 Configure VLAN membership on individual ports INTERFACE mode Dell conf if vlan tagged 2 3 4 2 Use the switchport command in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell conf if switchport 3 Verify the manually configured VLAN membership show interfaces switchport interface command EXEC mode Dell conf interface tengigabi...

Страница 472: ...ionally down also Load Balancing Through Port Channels Dell Networking OS uses hash algorithms for distributing traffic evenly over channel members in a port channel LAG The hash algorithm distributes traffic among Equal Cost Multi path ECMP paths and LAG members The distribution is based on a flow except for packet based hashing A flow is identified by the hash and is assigned to one link In pack...

Страница 473: ...more information about algorithm choices refer to the command details in the IP Routing chapter of the Dell Networking OS Command Reference Guide Change to another algorithm CONFIGURATION mode hash algorithm ecmp crc16 crc16cc crc32LSB crc32MSB crc upper dest ip lsb xor1 xor2 xor4 xor8 xor16 Example of the hash algorithm Command The hash algorithm command is specific to ECMP group The default ECMP...

Страница 474: ...at are part of interface range You can avoid specifying spaces between the range of interfaces separated by commas that you configure by using the interface range command For example if you enter a list of interface ranges such as interface range fo 2 50 2 53 te 1 1 this configuration is considered valid The comma separated list is not required to be separated by spaces in between the ranges You c...

Страница 475: ...itethernet 2 1 2 23 gigab 2 1 2 10 Dell conf if range te 2 1 2 23 Overlap Port Ranges The following is an example showing how the interface range prompt extends a port range from the smallest start port number to the largest end port number when port ranges overlap handles overlapping port ranges Example of the Interface Range Prompt for Overlapping Port Ranges Dell conf interface range tengigabit...

Страница 476: ...t Ethernet interfaces 5 1 through 5 4 Example of the define interface range Command for Macros Dell config define interface range test tengigabitethernet 5 1 5 4 Choosing an Interface Range Macro To use an interface range macro use the following command Selects the interfaces range to be configured using the values saved in a named interface range macro CONFIGURATION mode interface range macro nam...

Страница 477: ...t Dell monitor interface Te 3 1 Dell uptime is 1 day s 4 hour s 31 minute s Monitor time 00 00 00 Refresh Intvl 2s Interface Te 3 1 Disabled Link is Down Linespeed is 1000 Mbit Traffic statistics Current Rate Delta Input bytes 0 0 Bps 0 Output bytes 0 0 Bps 0 Input packets 0 0 pps 0 Output packets 0 0 pps 0 64B packets 0 0 pps 0 Over 64B packets 0 0 pps 0 Over 127B packets 0 0 pps 0 Over 255B pack...

Страница 478: ... the TenGigabitEthernet cable EXEC Privilege mode tdr cable test tengigabitethernet slot port subport Between two ports do not start the test on both ends of the cable Enable the interface before starting the test Enable the port to run the test or the test prints an error message 2 Displays TDR test results EXEC Privilege mode show tdr tengigabitethernet slot port subport Non Dell Qualified Trans...

Страница 479: ... ignore these error messages Similarly such error messages are displayed during a reload after you configure the four individual 10G ports to be stacked as a single 40G port To split a single 40G port into four 10G ports use the following command Split a single 40G port into four 10G ports CONFIGURATION mode stack unit stack unit number port number portmode quad number enter the port number of the...

Страница 480: ...four fanned out 10 Gigabit ports have plugged in SFP or SFP optical cables However the link UP event happens only for the first 10 Gigabit port and you can use only that port for data transfer As a result only the first fanned out port is identified as the active 10 Gigabit port with a speed of 10G or 1G depending on whether you insert an SFP or SFP cable respectively NOTE Although it is possible ...

Страница 481: ...stic Information SFP 1 Rx Power measurement type OMA SFP 1 Temp High Alarm threshold 0 000C SFP 1 Voltage High Alarm threshold 0 000V SFP 1 Bias High Alarm threshold 0 000mA NOTE In the following show interfaces tengigbitethernet commands the ports 1 2 and 3 are inactive and no physical SFP or SFP connection actually exists on these ports However Dell Networking OS still perceives these ports as v...

Страница 482: ...lapping by imposing a penalty for each interface flap and decaying the penalty exponentially After the penalty exceeds a certain threshold the interface is put in an Error Disabled state and for all practical purposes of routing the interface is deemed to be down After the interface becomes stable and the penalty decays below a certain threshold the interface comes up again and the routing protoco...

Страница 483: ...4 Te 1 2 Up 0 0 1 2 3 4 Te 1 2 Up 0 0 1 2 3 4 Dell To view a dampening summary for the entire system use the show interfaces dampening summary command from EXEC Privilege mode Dell show interfaces dampening summary 20 interfaces are configured with dampening 3 interfaces are currently suppressed Following interfaces are currently suppressed Te 1 2 Te 3 1 Te 4 2 Dell Clearing Dampening Counters To ...

Страница 484: ... for each transmission media Transmission Media MTU Range in bytes Ethernet 592 9216 link MTU 576 9398 IP MTU Link Bundle Monitoring Monitoring linked LAG bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time A threshold of 60 is defined as an acceptable amount of traffic on a member link Links are monitored in 15 second intervals for three...

Страница 485: ... equal to egress port speed The globally assigned 48 bit Multicast address 01 80 C2 00 00 01 is used to send and receive pause frames To allow full duplex flow control stations implementing the pause operation instruct the MAC to enable reception of frames with destination address equal to this multicast address The PAUSE frame is defined by IEEE 802 3x and uses MAC Control frames to carry the PAU...

Страница 486: ...ow control frames on this port rx off enter the keywords rx off to ignore the received flow control frames on this port tx on enter the keywords tx on to send control frames from this port to the connected device when a higher rate of traffic is received tx off enter the keywords tx off so that flow control frames are not sent from this port to the connected device when a higher rate of traffic is...

Страница 487: ...bers For example if the members have a link MTU of 2100 and an IP MTU 2000 the port channel s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU VLANs All members of a VLAN must have the same IP MTU value Members can have different Link MTU values Tagged members must have a link MTU 4 bytes higher than untagged members to account for the packet tag The VLAN link MTU and IP...

Страница 488: ...s arise from interoperability issues Setting the Speed and Duplex Mode of Ethernet Interfaces To discover whether the remote and local interface requires manual speed synchronization and to manually synchronize them if necessary use the following command sequence 1 Determine the local interface status Refer to the following example EXEC Privilege mode show interfaces interface stack unit stack uni...

Страница 489: ...Mbit Auto 1 Te 1 2 Down Auto Auto 1 Te 1 3 Down Auto Auto Te 1 4 Force10Port Up 1000 Mbit Auto 30 130 Te 1 5 Down Auto Auto Te 1 6 Down Auto Auto Te 1 7 Up 1000 Mbit Auto 1502 1504 1506 1508 1602 Te 1 8 Down Auto Auto Te 1 9 Down Auto Auto Te 1 10 Down Auto Auto Te 1 11 Down Auto Auto Te 1 12 Down Auto Auto output omitted In the previous example several ports display Auto in the Speed field In the...

Страница 490: ...ter mode forced slave Force port to slave mode Dell conf if te 1 1 autoneg For details about the speed duplex and negotiation auto commands refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces use the keepalive command The interface sends keepalive messages to itself ...

Страница 491: ...r it supports IEEE 802 1Q tagging or not and the VLANs to which the interface belongs Dell show interfaces switchport Name TenGigabitEthernet 3 1 802 1QTagged True Vlan membership Vlan 2 Name TenGigabitEthernet 3 2 802 1QTagged True Vlan membership Vlan 2 Name TenGigabitEthernet 3 3 802 1QTagged True Vlan membership Vlan 2 Name TenGigabitEthernet 3 4 802 1QTagged True Vlan membership Vlan 2 More C...

Страница 492: ...ackets sec 0 00 of line rate Output 00 00 Mbits sec 0 packets sec 0 00 of line rate Time since last interface status change 1d23h40m Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 rate interval 100 Dell show interfaces TenGigabitEthernet 1 1 is down line protocol is down Hardware is Force10Eth address is 00 01 e8 01 9e d9 Internet address is not set MTU 1554 bytes IP MTU 1500 bytes...

Страница 493: ...s use the following the command Clear the counters used in the show interface commands for all VRRP groups VLANs and physical interfaces or selected ones Without an interface specified the command clears all interface counters EXEC Privilege mode clear counters interface vrrp vrid learning limit OPTIONAL Enter the following interface keywords and slot port or number information For a 10 Gigabit Et...

Страница 494: ...s SA drop counters when you configure the MAC learning limit on the interface enter the keywords learning limit Example of the clear counters Command When you enter this command confirm that you want Dell Networking OS to clear the interface counters for that interface Dell clear counters te 1 1 Clear counters on TenGigabitEthernet 1 1 confirm Dell Interfaces 494 ...

Страница 495: ...the IP header Typically used when creating virtual private networks VPNs NOTE Due to performance limitations on the control processor you cannot enable IPSec on all packets in a communication session IPSec uses the following protocols Authentication Headers AH Disconnected integrity and origin authentication for IP packets Encapsulating Security Payload ESP Confidentiality authentication and data ...

Страница 496: ...myXform set session key inbound esp 256 auth key encrypt key session key outbound esp 257 auth key encrypt key match 0 tcp a 1 128 0 a 2 128 23 match 1 tcp a 1 128 23 a 2 128 0 match 2 tcp a 1 128 0 a 2 128 21 match 3 tcp a 1 128 21 a 2 128 0 match 4 tcp 1 1 1 1 32 0 1 1 1 2 32 23 match 5 tcp 1 1 1 1 32 23 1 1 1 2 32 0 match 6 tcp 1 1 1 1 32 0 1 1 1 2 32 21 match 7 tcp 1 1 1 1 32 21 1 1 1 2 32 0 3...

Страница 497: ...an Interface Configuring Static Routes Configure Static Routes for the Management Interface IPv4 Path MTU Discovery Overview Using the Configured Source IP Address in ICMP Messages Configuring the Duration to Establish a TCP Connection Enabling Directed Broadcast Resolution of Host Names Enabling Dynamic Resolution of Host Names Specifying the Local System Domain and a List of Domains Configuring ...

Страница 498: ...nted in dotted decimal format For example 00001010110101100101011110000011 is represented as 10 214 87 131 For more information about IP addressing refer to RFC 791 Internet Protocol Implementation Information You can configure any IP address as a static route except IP addresses already assigned to interfaces NOTE Dell Networking OS supports 31 bit subnet masks 31 or 255 255 255 254 as defined by...

Страница 499: ...ormation For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For the Management interface on the stack unit enter the keyword ManagementEthernet then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 2 Enable the interface INTERFACE mode no shutd...

Страница 500: ...type then the slot port information distance the range is from 1 to 255 optional permanent keep the static route in the routing table if you use the interface option even if you disable the interface with the route optional tag tag value the range is from 1 to 4294967295 optional Example of the show ip route static Command To view the configured routes use the show ip route static command Dell sho...

Страница 501: ...ign a static route to point to the management interface or forwarding router CONFIGURATION mode management route ip address mask forwarding router address ManagementEthernet slot port Example of the show ip management route Command To view the configured static routes for the management port use the show ip management route command in EXEC privilege mode Dell show ip management route Destination G...

Страница 502: ...and IPv6 traffic are applied the same MTU size you cannot specify different MTU values for IPv4 and IPv6 packets Using the Configured Source IP Address in ICMP Messages ICMP error or unreachable messages are now sent with the configured IP address of the source interface instead of the front end port IP address as the source IP address Enable the generation of ICMP unreachable messages through the...

Страница 503: ...l to a higher value depending on the complexity of your network and the configuration attributes To configure the duration for which the device waits for the ACK packet to be sent from the requesting host to establish the TCP connection perform the following steps 1 Define the wait duration in seconds for the TCP connection to be established CONFIGURATION mode Dell conf ip tcp reduced syn ack wait...

Страница 504: ...nd a List of Domains Configuring DNS with Traceroute Name server Domain name and Domain list are VRF specific The maximum number of Name servers and Domain lists per VRF is six Enabling Dynamic Resolution of Host Names By default dynamic resolution of host names DNS is disabled To enable DNS use the following commands Enable dynamic resolution of host names CONFIGURATION mode ip domain lookup Spec...

Страница 505: ... to 63 characters to configure one domain name CONFIGURATION mode ip domain name name Enter up to 63 characters to configure names to complete unqualified host names CONFIGURATION mode ip domain list name Configure this command up to six times to specify a list of possible domain names Dell Networking OS searches the domain names in the order they were configured until a match is found or the list...

Страница 506: ...P ARP runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network Over time Dell Networking OS creates a forwarding table mapping the MAC addresses to their corresponding IP address This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time For more information about ARP refer to RFC 826 An Ethernet Addres...

Страница 507: ...ess IP address in dotted decimal format A B C D mac address MAC address in nnnn nnnn nnnn format interface enter the interface type slot port information For 10G interfaces enter the slot port information Example of the show arp Command These entries do not age and can only be removed manually To remove a static ARP entry use the no arp ip address command To view the static entries in the ARP cach...

Страница 508: ...et then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 NOTE Transit traffic may not be forwarded during the period when deleted ARP entries are resolved again and re inst...

Страница 509: ...ons prior to 8 3 1 0 Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface This is the case when a host is attempting to resolve the gateway address If the target IP does not match the incoming interface the packet is dropped If there is an existing entry for the requesting host it is updated Figure 53 ARP ...

Страница 510: ...tries The default backoff interval remains at 20 seconds On the device the time between ARP resend is configurable This timer is an exponential backoff timer Over the specified period the time between ARP requests increases This time increase reduces the potential for the system to slow down while waiting for a multitude of ARP responses To set and display ARP retries use the following commands Se...

Страница 511: ...e Dell Networking OS Command Line Reference Guide Enabling ICMP Unreachable Messages By default ICMP unreachable messages are disabled When enabled ICMP unreachable messages are created and sent out all interfaces To disable and re enable ICMP unreachable messages use the following commands To disable ICMP unreachable messages INTERFACE mode no ip unreachable Set Dell Networking OS to create and s...

Страница 512: ...r is compatible with IP helper ip helper address UDP broadcast traffic with port number 67 or 68 are unicast to the dynamic host configuration protocol DHCP server per the ip helper address configuration whether or not the UDP port list contains those ports If the UDP port list contains ports 67 or 68 UDP broadcast traffic is forwarded on those ports Enabling UDP Helper To enable UDP helper use th...

Страница 513: ...e8 0d b9 7a Interface index is 1107787876 Internet address is 1 1 0 1 24 IP UDP Broadcast address is 1 1 255 255 MTU 1554 bytes IP MTU 1500 bytes LineSpeed auto ARP type ARPA ARP Timeout 04 00 00 Last clearing of show interface counters 00 07 44 Queueing strategy fifo Input Statistics 0 packets 0 bytes Time since last interface status change 00 07 44 Configurations Using UDP Helper When you enable...

Страница 514: ...nd 101 If you do not configure an IP broadcast address using the ip udp broadcast address command on VLANs 100 or 101 the packet is forwarded using the original destination IP address 255 255 255 255 Packet 2 sent from a host on VLAN 101 has a broadcast MAC address and IP address In this case 1 It is flooded on VLAN 101 without changing the destination address because the forwarding process is Lay...

Страница 515: ...P address of 1 1 1 255 In this case it is flooded on VLAN 101 in its original condition as the forwarding process is Layer 2 Figure 56 UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces In the following illustratio...

Страница 516: ...stination IP address that matches the subnet broadcast address of any interface the unaltered packet is routed to the matching interfaces Troubleshooting UDP Helper To display debugging information for troubleshooting use the debug ip udp helper command Example of the debug ip udp helper Command Dell conf debug ip udp helper 01 20 22 Pkt rcvd on Te 5 1 with IP DA 0xffffffff will be sent on Te 5 2 ...

Страница 517: ...OTREQUEST Forwarded BOOTREQUEST for 00 02 2D 8D 46 DC to 137 138 17 6 2005 11 05 11 59 36 RELAY I PACKET BOOTP REPLY Unicast received at interface 194 12 129 98 BOOTP Reply XID 0x9265f901 secs 0 hwaddr 00 02 2D 8D 46 DC giaddr 172 21 50 193 hops 2 2005 07 05 11 59 36 RELAY I BOOTREPLY Forwarded BOOTREPLY for 00 02 2D 8D 46 DC to 128 141 128 90 Packet 0 0 0 0 68 255 255 255 255 67 TTL 128 IPv4 Rout...

Страница 518: ...rms refer to Implementing IPv6 with Dell Networking OS NOTE Even though Dell Networking OS listens to all ports you can only use the ports starting from 1024 for IPv6 traffic Ports from 0 to 1023 are reserved for internal use and you cannot use them for IPv6 traffic Topics Protocol Overview Implementing IPv6 with Dell Networking OS ICMPv6 Path MTU Discovery IPv6 Neighbor Discovery Configuration Ta...

Страница 519: ...ganization changes its service provider NOTE As an alternative to stateless autoconfiguration network hosts can obtain their IPv6 addresses using the dynamic host control protocol DHCP servers via stateful auto configuration NOTE Dell Networking OS provides the flexibility to add prefixes on Router Advertisements RA to advertise responses to Router Solicitations RS By default RA response messages ...

Страница 520: ...There can be no extension headers one extension header or more than one extension header in an IPv6 packet Extension headers are defined in the Next Header field of the preceding IPv6 header IPv6 Header Fields The 40 bytes of the IPv6 header are ordered as shown in the following illustration Figure 58 IPv6 Header Fields Version 4 bits The Version field always contains the number 6 referring to the...

Страница 521: ... packet payload be 64 KB However the Jumbogram option type Extension header supports larger packet sizes when required Next Header 8 bits The Next Header field identifies the next header s type If an Extension header is used this field contains the type of Extension header as shown in the following table If the next header is a transmission control protocol TCP or user datagram protocol UDP header...

Страница 522: ...e viewed only by the destination router identified in the Destination Address field If the Destination Address is a multicast address the Extension headers are examined by all the routers in that multicast group However if the Destination Address is a Hop by Hop options header the Extension header is examined by every forwarding router along the packet s route The Hop by Hop options header must im...

Страница 523: ...IPv6 address If one or more four digit group s is 0000 the zeros may be omitted and replaced with two colons For example 2001 0db8 0000 0000 0000 0000 1428 57ab can be shortened to 2001 0db8 1428 57ab Only one set of double colons is supported in a single address Any number of consecutive 0000 groups may be reduced to two colons as long as there is only one double colon used in an address Leading ...

Страница 524: ...y implement dynamically assigned static IPv6 addresses In this case a DHCP server is used but it is specifically configured to always assign the same IPv6 address to a particular computer and never to assign that IP address to another computer This allows static IPv6 addresses to be configured in one place without having to specifically configure each computer on the network in a different way In ...

Страница 525: ...and IPv6 BGP chapters in the Dell Networking OS Command Line Reference Guide Multiprotocol BGP extensions for IPv6 9 7 0 1 IPv6 BGP in the Dell Networking OS Command Line Reference Guide IPv6 BGP MD5 Authentication 9 7 0 1 IPv6 BGP in the Dell Networking OS Command Line Reference Guide IS IS for IPv6 9 7 0 1 Intermediate System to Intermediate System IPv6 IS IS in the Dell Networking OS Command Li...

Страница 526: ...Line Reference Guide Telnet server over IPv6 inbound Telnet 9 7 0 1 Configuring Telnet with IPv6 Control and Monitoring in the Dell Networking OS Command Line Reference Guide Secure Shell SSH client support over IPv6 outbound SSH Layer 3 only 9 7 0 1 Secure Shell SSH Over an IPv6 Transport Secure Shell SSH server support over IPv6 inbound SSH Layer 3 only 9 7 0 1 Secure Shell SSH Over an IPv6 Tran...

Страница 527: ...Exceeded and Parameter Problem messages Informational messages provide diagnostic functions and additional host functions such as Neighbor Discovery and Multicast Listener Discovery These messages also include Echo Request and Echo Reply messages The Dell Networking OS ping and traceroute commands extend to support IPv6 addresses These commands use ICMPv6 Type 2 messages Path MTU Discovery Path MT...

Страница 528: ...an IPv6 device learns the link layer addresses for neighbors known to reside on attached links quickly purging cached values that become invalid NOTE If a neighboring node does not have an IPv6 address assigned it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node NOTE To avoid problems with network discovery Dell Networking recommends configurin...

Страница 529: ... interface The ipv6 nd mtu command sets the value advertised to routers It does not set the actual MTU rate For example if you set ipv6 nd mtu to 1280 the interface still passes 1500 byte packets if that is what is set with the mtu command Configuration Task List for IPv6 RDNSS This section describes how to configure the IPv6 Recursive DNS Server This sections contains the following configuration ...

Страница 530: ...on in the IPv6 RDNSS configuration a DNS error is displayed Example for Configuring an IPv6 Recursive DNS Server The following example configures a RDNNS server with an IPv6 address of 1000 1 and a lifetime of 1 second Dell conf if te 1 1 ipv6 nd dns server X X X X X Recursive DNS Server s RDNSS IPv6 address Dell conf if te 1 1 ipv6 nd dns server 1000 1 0 4294967295 Max lifetime sec which RDNSS ad...

Страница 531: ...ates that the IPv6 RDNSS was correctly configured on interface te 1 1 Dell show ipv6 interface te 1 1 TenGigabitEthernet 1 1 is up line protocol is up IPV6 is enabled Link Local address fe80 201 e8ff fe8b 7570 Global Unicast address es 1212 12 subnet is 1212 64 MANUAL Remaining lifetime infinite Global Anycast address es Joined Group address es ff02 1 ff02 2 ff02 1 ff00 12 ff02 1 ff8b 7570 ND MTU ...

Страница 532: ...ide Configuration Tasks for IPv6 The following are configuration tasks for the IPv6 protocol Adjusting Your CAM Profile Assigning an IPv6 Address to an Interface Assigning a Static IPv6 Route Configuring Telnet with IPv6 SNMP over IPv6 Showing IPv6 Information Clearing IPv6 Routes Adjusting Your CAM Profile Although adjusting your CAM profile is not a mandatory step if you plan to implement IPv6 A...

Страница 533: ...d IPv4 ACL The total number of groups is 4 Assigning an IPv6 Address to an Interface Essentially IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces You can use IPv6 and IPv4 together on a system but be sure to differentiate that usage carefully To assign an IPv6 address to an interface use the ipv6 address command You can configure up to two IP...

Страница 534: ...g Enter the keyword interface then the type of interface and slot port information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a Loopback interface enter the keyword loopback then a number from 0 to 16383 For a port channel interface...

Страница 535: ... Line Interface Reference Guide snmp server host snmp server user ipv6 snmp server community ipv6 snmp server community access list name ipv6 snmp server group ipv6 snmp server group access list name ipv6 Displaying IPv6 Information View specific IPv6 configuration with the following commands List the IPv6 show options EXEC mode or EXEC Privileged mode show ipv6 Example of show ipv6 Command Option...

Страница 536: ...er from 1 to 4094 Example of the show ipv6 interface Command Dell show ipv6 int ManagementEthernet 1 1 ManagementEthernet 1 1 is up line protocol is up IPV6 is enabled Stateless address autoconfiguration is enabled Link Local address fe80 201 e8ff fe8b 386e Global Unicast address es Actual address is 400 201 e8ff fe8b 386e subnet is 400 64 Actual address is 412 201 e8ff fe8b 386e subnet is 412 64 ...

Страница 537: ...tes enter static To display information about an IPv6 Prefix lists enter list and the prefix list name Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command Dell show ipv6 route summary Route Source Active Routes Non active Routes connected 5 0 static 0 0 Total 5 0 The following example shows the show ipv6 route command Dell show ipv6 route Codes ...

Страница 538: ...information For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For the Management interface on the stack unit enter the keyword ManagementEthernet then the slot port information Example of the show running config interface Command Dell show run...

Страница 539: ...de ipv6 nd ra guard policy policy name 4 Define the role of the device attached to the port POLICY LIST CONFIGURATION mode device role host router Use the keyword host to set the device role as host Use the keyword router to set the device role as router 5 Set the hop count limit POLICY LIST CONFIGURATION mode hop limit maximum minimum limit The hop limit range is from 0 to 254 6 Set the managed a...

Страница 540: ...e advertised reachability time POLICY LIST CONFIGURATION mode reachable time value The reachability time range is from 0 to 3 600 000 milliseconds 14 Set the advertised retransmission time POLICY LIST CONFIGURATION mode retrans timer value The retransmission time range is from 100 to 4 294 967 295 milliseconds 15 Display the configurations applied on the RA guard policy mode POLICY LIST CONFIGURAT...

Страница 541: ...a guard policy policy name The policy name string can be up to 140 characters Example of the show ipv6 nd ra guard policy Command Dell show ipv6 nd ra guard policy test ipv6 nd ra guard policy test device role router hop limit maximum 1 match ra ipv6 access list access other config flag on router preference maximum medium trusted port Interfaces Te 1 1 Dell Monitoring IPv6 RA Guard To debug IPv6 R...

Страница 542: ...ns that enables optimization of the network for better storage traffic throughput iSCSI is disabled by default iSCSI optimization also provides a means of monitoring iSCSI sessions and applying quality of service QoS policies on iSCSI traffic When enabled iSCSI optimization allows a switch to monitor snoop the establishment and termination of iSCSI connections The switch uses the snooped informati...

Страница 543: ...luding port information and iSCSI session information iSCSI QoS A user configured iSCSI class of service CoS profile is applied to all iSCSI traffic Classifier rules are used to direct the iSCSI data traffic to queues that can be given preferential QoS treatment over other data passing through the switch Preferential treatment helps to avoid session interruptions during times of congestion that wo...

Страница 544: ...trap iSCSI protocol packets to the CPU for examination Devices that initiate iSCSI sessions usually use well known TCP ports 3260 or 860 to contact targets When you enable iSCSI optimization by default the switch identifies IP packets to or from these ports as iSCSI traffic You can configure the switch to monitor traffic for additional port numbers or a combination of port number and target IP add...

Страница 545: ...re re marked to contain the configured VLAN priority tag or IP DSCP when forwarded through the switch NOTE On a switch in which a large proportion of traffic is iSCSI CoS queue assignments may interfere with other network control plane traffic such as ARP or LACP Balance preferential treatment of iSCSI traffic against the needs of other critical data in the network Information Monitored in iSCSI T...

Страница 546: ...o Configuration for Dell EqualLogic Arrays The iSCSI optimization feature includes auto provisioning support with the ability to detect directly connected Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic flows The switch uses the link layer discovery protocol LLDP to discover Dell EqualLogic devices on the network LLDP is enabled by default For mor...

Страница 547: ... to the maximum for all interfaces on all ports and port channels if it is not already enabled Spanning tree portfast is enabled on the interface Unicast storm control is disabled on the interface Enter the iscsi profile compellent command in INTERFACE Configuration mode for example Dell conf if te o 50 iscsi profile compellent Synchronizing iSCSI Sessions Learned on VLT Lags with VLT Peer The fol...

Страница 548: ...etect EqualLogic arrays The following message displays when you enable iSCSI on a switch and describes the configuration changes that are automatically performed STKUNIT0 M CP IFMGR 5 IFM_ISCSI_ENABLE iSCSI has been enabled causing flow control to be enabled on all interfaces EQL detection and enabling iscsi profile compellent on an interface may cause some automatic configurations to occur like j...

Страница 549: ...k setting DSCP None user configurable Remark Not configured iSCSI session aging time 10 minutes iSCSI optimization target ports iSCSI well known ports 3260 and 860 are configured as default with no IP address or name but can be removed as any other configured target iSCSI session monitoring Disabled The CAM allocation for iSCSI is set to zero 0 iSCSI Optimization Prerequisites The following are iS...

Страница 550: ...he flash memory in the CONFIG_TEMPLATE file NOTE DCB DCBx is enabled when you apply the iSCSI configuration in step 3 If you manually apply the iSCSI configuration by following steps 1 and 2 enable link layer discovery protocol LLDP before enabling iSCSI in step 2 You cannot disable LLDP if you enable iSCSI 4 Save the configuration on the switch EXEC Privilege mode write memory 5 Reload the switch...

Страница 551: ...ith dotp1 priority 4 without remark disable disables the application of preferential QoS treatment to iSCSI frames dot1p vlan priority value specifies the virtual local area network VLAN priority tag assigned to incoming packets in an iSCSI session The range is from 0 to 7 The default is the dot1p value in ingress iSCSI frames is not changed and the same priority is used in iSCSI TLV advertisement...

Страница 552: ...pecified iSCSI session enter the session s iSCSI ID show iscsi sessions detailed session isid Display all globally configured non default iSCSI settings in the current Dell Networking OS session show run iscsi Examples of the show iscsi Commands The following example shows the show iscsi command Dell show iscsi iSCSI is enabled iSCSI session monitoring is disabled iSCSI COS dot1p is 4 no remark Se...

Страница 553: ...2c Up Time 00 00 01 28 DD HH MM SS Time for aging out 00 00 09 34 DD HH MM SS ISID 806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10 10 0 44 33345 10 10 0 101 3260 0 VLT PEER2 Session 0 Target iqn 2010 11 com ixia ixload iscsi TG1 Initiator iqn 2010 11 com ixia ixload initiator iscsi 2c Up Time 00 00 01 28 DD HH MM SS Time for aging out 00 00 09...

Страница 554: ... 1 Level 2 or Level 1 2 systems Level 1 routers only route traffic within an area while Level 2 routers route traffic between areas At its most basic Level 1 systems route traffic within the area and any traffic destined for outside the area is sent to a Level 1 2 system Level 2 systems manage destination paths for external routers Only Level 2 routers can exchange data packets or routing informat...

Страница 555: ... an example of the ISO style address to show the address format IS IS uses In this example the first five bytes 47 0005 0001 are the area address The system portion is 000c 000a 4321 and the last byte is always 0 Figure 62 ISO Address Format Multi Topology IS IS Multi topology IS IS MT IS IS allows you to create multiple IS IS topologies on a single router with separate databases Use this feature ...

Страница 556: ...gical restrictions of single topology mode are no longer in effect Interface Support MT IS IS is supported on physical Ethernet interfaces physical synchronous optical network technologies SONET interfaces port channel interfaces static and dynamic using LACP and virtual local area network VLAN interfaces Adjacencies Adjacencies on point to point interfaces are formed as usual where IS IS routers ...

Страница 557: ...nt of time seconds or a number of attempts The T2 timer is the maximum time that the system waits for LSP database synchronization This timer applies to the database type level 1 level 2 or both The T3 timer sets the overall wait time after which the router determines that it has failed to achieve database synchronization by setting the overload bit in its own LSP You can base this timer on adjace...

Страница 558: ...Value Complete sequence number PDU CSNP interval 10 seconds IS to IS hello PDU interval 10 seconds IS IS interface metric 10 Metric style Narrow Designated Router priority 64 Circuit Type Level 1 and Level 2 IS Type Level 1 and Level 2 Equal Cost Multi Paths 16 Configuration Information To use IS IS you must configure and enable IS IS in two or three modes CONFIGURATION ROUTER ISIS CONFIGURATION I...

Страница 559: ... For example a Level 1 router never forms an adjacency with a Level 2 router A Level 1 2 router forms Level 1 adjacencies with a neighboring Level 1 router and forms Level 2 adjacencies with a neighboring Level 2 router NOTE Even though you enable IS IS globally enable the IS IS process on an interface for the IS IS process to exchange protocol information and form adjacencies To configure IS IS g...

Страница 560: ...pv6 address x x x x x mask The prefix length is from 0 to 128 The IPv6 address must be on the same subnet as other IS IS neighbors but the IP address does not need to relate to the NET address 6 Enable IS IS on the IPv4 interface ROUTER ISIS mode ip router isis tag If you configure a tag variable it must be the same as the tag variable assigned in step 1 7 Enable IS IS on the IPv6 interface ROUTER...

Страница 561: ...evel 2 SPF Calculations 29 IS IS LSP checksum errors received 0 IS IS LSP authentication failures 0 Dell You can assign more NET addresses but the System ID portion of the NET address must remain the same Dell Networking OS supports up to six area addresses Some address considerations are In order to be neighbors configure Level 1 routers with at least one common area address A Level 2 router beco...

Страница 562: ...d 16 777 215 Configuring IS IS Graceful Restart To enable IS IS graceful restart globally use the following commands Additionally you can implement optional commands to enable the graceful restart settings Enable graceful restart on ISIS processes ROUTER ISIS mode graceful restart ietf Configure the time during which the graceful restart attempt is prevented ROUTER ISIS mode graceful restart inter...

Страница 563: ...uter receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option manual allows you to specify a fixed value that the restarting router should use The range is from 50 to 120 seconds The default is 30 seconds Examples of the show isis graceful restart detail Command NOTE If this timer expires before the synchronization has completed the restarting ...

Страница 564: ...ello Multiplier 3 CSNP Interval 10 Number of active level 1 adjacencies 1 Level 2 Metric 10 Priority 64 Circuit ID 0000 0000 000B 01 Hello Interval 10 Hello Multiplier 3 CSNP Interval 10 Number of active level 2 adjacencies 1 Next IS IS LAN Level 1 Hello in 4 seconds Next IS IS LAN Level 2 Hello in 6 seconds LSP Interval 33 Next IS IS LAN Level 1 Hello in 4 seconds Next IS IS LAN Level 2 Hello in ...

Страница 565: ...erfaces are associated with a cost that is used in the shortest path first SPF calculations The possible cost varies depending on the metric style supported If you configure narrow transition or narrow transition metric style the cost can be a number between 0 and 63 If you configure wide or wide transition metric style the cost can be a number between 0 and 16 777 215 Dell Networking OS supports ...

Страница 566: ...etric style narrow transition transition wide transition level 1 level 2 The default is narrow The default is Level 1 and Level 2 level 1 2 To view which metric types are generated and received use the show isis protocol command in EXEC Privilege mode The IS IS matrixes settings are in bold Example of Viewing IS IS Metric Types Dell show isis protocol IS IS Router Null Tag System Id EEEE EEEE EEEE...

Страница 567: ...tric level 1 level 2 default metric the range is from 0 to 63 for narrow and transition metric styles The range is from 0 to 16777215 for wide metric styles The default is 10 The default level is level 1 For more information about this command refer to Configuring the IS IS Metric Style The following table describes the correct value range for the isis metric command Metric Sytle Correct Value Ran...

Страница 568: ... 1 2 the software maintains two Link State databases one for each level To view the Link State databases use the show isis database command Dell show isis database IS IS Level 1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL B233 00 00 0x00000003 0x07BF 1088 0 0 0 eljefe 00 00 0x00000009 0xF76A 1126 0 0 0 eljefe 01 00 0x00000001 0x68DF 1122 0 0 0 eljefe 02 00 0x00000001 0...

Страница 569: ... use the following commands NOTE These commands apply to IPv4 IS IS only To apply prefix lists to IPv6 routes use ADDRESS FAMILY IPV6 mode shown later Apply a configured prefix list to all incoming IPv4 IS IS routes ROUTER ISIS mode distribute list prefix list name in interface Enter the type of interface and the interface information For a 10 Gigabit Ethernet interface enter the keyword TenGigabi...

Страница 570: ...annel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Apply a configured prefix list to all outgoing IPv6 IS IS routes ROUTER ISIS AF IPV6 mode distribute list prefix list name out bgp as number connected ospf process id rip static You can configure one of the optional parameters connected for directly connected routes ospf process id for OSPF routes only rip...

Страница 571: ...rnal 1 2 match internal metric type external internal route map map name Configure the following parameters process id the range is from 1 to 65535 level 1 level 1 2 or level 2 assign all redistributed routes to a level The default is level 2 metric value the range is from 0 to 16777215 The default is 0 match external the range is from 1 or 2 match internal metric type external or internal map nam...

Страница 572: ...rrent IPv4 IS IS configuration use the show config command in ROUTER ISIS mode To view the current IPv6 IS IS configuration use the show config command in ROUTER ISIS ADDRESS FAMILY IPV6 mode Configuring Authentication Passwords You can assign an authentication password for routers in Level 1 and for routers in Level 2 Because Level 1 and Level 2 routers do not communicate with each other you can ...

Страница 573: ... ROUTER ISIS mode no set overload bit Example of Viewing the Overload Bit Setting When the bit is set a 1 is placed in the OL column in the show isis database command output The overload bit is set in both the Level 1 and Level 2 database because the IS type for the router is Level 1 2 Dell show isis database IS IS Level 1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT P OL B2...

Страница 574: ...nterface Enter the type of interface and slot port information to view IS IS information on that interface only View the events that triggered IS IS shortest path first SPF events for debugging purposes EXEC Privilege mode debug isis spf triggers View sent and received LSPs EXEC Privilege mode debug isis update packets interface To view specific information enter the following optional parameter i...

Страница 575: ...anges depending on the metric style The following describes the correct value range for the isis metric command Metric Style Correct Value Range for the isis metric Command wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 Maximum Values in the Routing Table IS IS metric styles support different cost ranges for the route The cost range for...

Страница 576: ...ow transition default value 10 if the original value is greater than 63 A message is sent to the console wide wide transition original value narrow wide original value narrow transition original value narrow narrow transition original value narrow wide transition original value transition wide original value transition narrow original value transition narrow original value transition wide transiti...

Страница 577: ... Final Metric Value wide transition truncated value wide original value is recovered wide transition transition truncated value wide transition original value is recovered wide transition truncated value narrow default value 10 A message is sent to the logging buffer wide transition transition truncated value narrow transition default value 10 A message is sent to the logging buffer Leaks from One...

Страница 578: ...and IPv6 routing is being used You can copy and paste from these examples to your CLI To support your own IP addresses interfaces names and so on be sure that you make the necessary changes NOTE Whenever you make IS IS configuration changes clear the IS IS process re started using the clear isis command The clear isis command must include the tag for the ISIS process The following example shows th...

Страница 579: ...figuration Multi topology IS IS Sample Configuration Multi topology Transition The following is a sample configuration for enabling IPv6 IS IS Dell conf if te 3 17 show config interface TenGigabitEthernet 3 17 ip address 24 3 1 1 24 ipv6 address 24 3 1 76 ip router isis ipv6 router isis no shutdown Dell conf if te 3 17 Dell conf router_isis show config router isis metric style wide level 1 metric ...

Страница 580: ... router_isis Dell conf if te 3 17 show config interface TenGigabitEthernet 3 17 ipv6 address 24 3 1 76 ipv6 router isis no shutdown Dell conf if te 3 17 Dell conf router_isis show config router isis net 34 0000 0000 AAAA 00 address family ipv6 unicast multi topology transition exit address family Dell conf router_isis Intermediate System to Intermediate System 580 ...

Страница 581: ... automatically establishes the LAG between the systems LACP permits the exchange of messages on a link to allow their LACP instances to Reach an agreement on the identity of the LAG to which the link belongs Move the link to that LAG Enable the transmission and reception functions in an orderly manner The Dell Networking OS implementation of LACP is based on the standards specified in the IEEE 802...

Страница 582: ...e Off In this state an interface is not capable of being part of a dynamic LAG LACP does not run on any port that is configured to be in this state Active In this state the interface is said to be in the active negotiating state LACP runs on any link that is configured to be in this state A port in Active state also automatically initiates negotiations with other ports by initiating LACP packets P...

Страница 583: ...er the number the lower the priority The default is 32768 LACP Configuration Tasks The following configuration tasks apply to LACP Creating a LAG Configuring the LAG Interfaces as Dynamic Setting the LACP Long Timeout Monitoring and Debugging LACP Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel LAG use the following command First you define the LAG and then th...

Страница 584: ...e Dell conf interface TenGigabitethernet 4 15 Dell conf if te 4 15 no shutdown Dell conf if te 4 15 port channel protocol lacp Dell conf if te 4 15 lacp port channel 32 mode active Dell conf interface TenGigabitethernet 4 16 Dell conf if te 4 16 no shutdown Dell conf if te 4 16 port channel protocol lacp Dell conf if te 4 16 lacp port channel 32 mode active The port channel 32 mode active command ...

Страница 585: ...e Link F Individual Link G IN_SYNC H OUT_OF_SYNC I Collection enabled J Collection disabled K Distribution enabled L Distribution disabled M Partner Defaulted N Partner Non defaulted O Receiver is in expired state P Receiver is not in expired state Port Te 3 6 is enabled LACP is enabled and mode is lacp Actor Admin State ADEHJLMP Key 1 Priority 128 To view the PDU exchanges and the timeout value u...

Страница 586: ...G 2 into a single entity called a failover group Configuring Shared LAG State Tracking To configure shared LAG state tracking you configure a failover group NOTE If a LAG interface is part of a redundant pair you cannot use it as a member of a failover group created for shared LAG state tracking 1 Enter port channel failover group mode CONFIGURATION mode port channel failover group 2 Create a fail...

Страница 587: ...ber use the show interface port channel command Dell show interface port channel 2 Port channel 2 is up line protocol is down Failover group 1 is down Hardware address is 00 01 e8 05 e8 4c Current address is 00 01 e8 05 e8 4c Interface index is 1107755010 Minimum number of links to bring Port channel up is 1 Port channel is part of failover group 1 Internet address is not set MTU 1554 bytes IP MTU...

Страница 588: ...ature its members may still be in the Up state LACP Basic Configuration Example The screenshots in this section are based on the following example topology Two routers are named ALPHA and BRAVO and their hostname prompts reflect those names Figure 66 LACP Basic Configuration Example Configure a LAG on ALPHA The following example creates a LAG on ALPHA Example of Configuring a LAG Alpha conf interf...

Страница 589: ... show interface counters 00 02 11 Queueing strategy fifo Input statistics 132 packets 163668 bytes 0 Vlans 0 64 byte pkts 12 over 64 byte pkts 120 over 127 byte pkts 0 over 255 byte pkts 0 over 511 byte pkts 0 over 1023 byte pkts 132 Multicasts 0 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 136 packets 16718 bytes 0 underruns 0 64 byte pkts 15 over 64 byte ...

Страница 590: ...Figure 67 Inspecting the LAG Configuration Link Aggregation Control Protocol LACP 590 ...

Страница 591: ...Figure 68 Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol LACP 591 ...

Страница 592: ... Alpha conf if te 2 31 shutdown Alpha conf if te 2 31 port channel protocol lacp Alpha conf if te 2 31 lacp port channel 10 mode active Alpha conf if te 2 31 lacp no shut Alpha conf if te 2 31 show config interface GigabitEthernet 2 31 no ip address port channel protocol LACP port channel 10 mode active no shutdown Alpha conf if te 2 31 interface Port channel 10 no ip address Link Aggregation Cont...

Страница 593: ... 10 exit Bravo conf int tengig 3 21 Bravo conf no ip address Bravo conf no switchport Bravo conf shutdown Bravo conf if te 3 21 port channel protocol lacp Bravo conf if te 3 21 lacp port channel 10 mode active Bravo conf if te 3 21 lacp no shut Bravo conf if te 3 21 end interface TenGigabitEthernet 3 21 no ip address port channel protocol LACP port channel 10 mode active no shutdown Bravo conf if ...

Страница 594: ...Figure 70 Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol LACP 594 ...

Страница 595: ...Figure 71 Inspecting LAG 10 Using the show interfaces port channel Command Link Aggregation Control Protocol LACP 595 ...

Страница 596: ...ed on both synchronous and asynchronous lines and can operate in Half Duplex or Full Duplex mode It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection As its name implies it is for point to point connections between exactly two devices and assumes that frames are sent and received in the same order Link Aggregation Co...

Страница 597: ... address all interface vlan address deletes the specified entry all deletes all dynamic entries interface deletes all entries for the specified interface vlan deletes all entries for the specified VLAN Setting the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries which means that they are subject to aging For any dynamic entry if no packet arrives on ...

Страница 598: ...ace static vlan address displays the specified entry aging time displays the configured aging time count displays the number of dynamic and static entries for all VLANs and the total number of entries dynamic displays only dynamic entries interface displays only entries for the specified interface static displays only static entries vlan displays only entries for the specified VLAN MAC Learning Li...

Страница 599: ...nt from versions 8 2 1 1 and earlier which read Error ACL returned error Error Remove existing limit configuration if it was configured before Setting the MAC Learning Limit To set a MAC learning limit on an interface use the following command Specify the number of MAC addresses that the system can learn off a Layer 2 interface INTERFACE mode mac learning limit address_limit Three options are avai...

Страница 600: ...any additional MAC addresses are converted to sticky MACs on that interface To remove all sticky MAC addresses from the running config file disable sticky MAC and use the write config command When you enable sticky mac on an interface dynamically learned MAC addresses do not age even if you enabled mac learning limit dynamic If you configured mac learning limit and mac learning limit dynamic and y...

Страница 601: ...rface and a new address is received using one the following options with the mac learning limit command use the following commands Generate a system log message when the MAC learning limit is exceeded INTERFACE mode learn limit violation log Shut down the interface and generate a system log message when the MAC learning limit is exceeded INTERFACE mode learn limit violation shutdown Setting Statio...

Страница 602: ... learning limit use the following commands NOTE Alternatively you can reset the interface by shutting it down using the shutdown command and then re enabling it using the no shutdown command Reset interfaces in the ERR_Disabled state caused by a learning limit violation or station move violation EXEC Privilege mode mac learning limit reset Reset interfaces in the ERR_Disabled state caused by a lea...

Страница 603: ...over port When the NIC fails the system automatically sends an ARP request for the gateway or host NIC to resolve the ARP and refresh the egress interface When the ARP is resolved the same MAC address is learned on the same port where the ARP is resolved in the previous example this location is Port 0 5 of the switch To ensure that the MAC address is disassociated with one port and reassociated wi...

Страница 604: ...witching loops as shown in the following illustration The redundant pairs feature allows you to create redundant links in networks that do not use STP by configuring backup interfaces for the interfaces on either side of the primary link NOTE For more information about STP refer to Spanning Tree Protocol STP Assign a backup interface to an interface using the switchport backup command The backup i...

Страница 605: ...p it remains as the backup interface for the redundant pair If the interface is a member link of a LAG the following primary backup interfaces are also supported primary interface is a physical interface the backup interface can be a physical interface primary interface is a physical interface the backup interface can be a static or dynamic LAG primary interface is a static or dynamic LAG the back...

Страница 606: ...up link active A message similar to the following message appears whenever you configure a backup port 02 28 04 RPM0 P CP IFMGR 5 L2BKUP_WARN Do not run any Layer2 protocols on Te 3 41 and Te 3 42 02 28 04 RPM0 P CP IFMGR 5 OSTATE_DN Changed interface state to down Te 3 42 02 28 04 RPM0 P CP IFMGR 5 STATE_ACT_STBY Changed interface state to standby te 3 42 Example of Configuring Redundant Layer 2 ...

Страница 607: ...rface port channel 2 Apr 9 00 15 13 STKUNIT0 M CP IFMGR 5 L2BKUP_WARN Do not run any Layer2 protocols on Po 1 and Po 2 Apr 9 00 15 13 STKUNIT0 M CP IFMGR 5 OSTATE_DN Changed interface state to down Po 2 Apr 9 00 15 13 STKUNIT0 M CP IFMGR 5 STATE_ACT_STBY Changed interface state to standby Po 2 Dell conf if po 1 Dell Dell show interfaces switchport backup Interface Status Paired Interface Status Po...

Страница 608: ... that upper layer protocols can detect the neighbor unavailability faster FEFD State Changes FEFD has two operational modes Normal and Aggressive When you enable Normal mode on an interface and a far end failure is detected no intervention is required to reset the interface to bring it back to an FEFD operational state When you enable Aggressive mode on an interface in the same state manual interv...

Страница 609: ...Change When Configuring FEFD Local Event Mode Local State Remote State Local Admin Status Local Protocol Status Remote Admin Status Remote Protocol Status Shutdown Normal Admin Shutdown Unknown Down Down Up Down Shutdown Aggressive Admin Shutdown Err disabled Down Down Up Down FEFD enable Normal Bi directional Bi directional Up Up Up Up FEFD enable Aggressive Bi directional Bi directional Up Up Up...

Страница 610: ...e ip address ip address switchport 2 Enable the necessary ports administratively INTERFACE mode no shutdown 3 Enable fefd globally CONFIGURATION mode fefd global interval mode Example of the show fefd Command To display information about the state of each interface use the show fefd command in EXEC privilege mode Dell show fefd FEFD is globally ON interval is 3 seconds mode is Normal INTERFACE MOD...

Страница 611: ...evious FEFD configuration which you can enable again at any time To set up and activate two or more connected interfaces use the following commands 1 Setup two or more connected interfaces for Layer 2 or Layer 3 INTERFACE mode ip address ip address switchport 2 Activate the necessary ports administratively INTERFACE mode no shutdown 3 INTERFACE mode fefd disable interval mode Example of Viewing FE...

Страница 612: ...Te 4 1 changed from Bi directional to Unknown Dell debug fefd packets Dell 2w1d22h FEFD packet sent via interface Te 1 1 Sender state Bi directional Sender info Mgmt Mac 00 01 e8 14 89 25 Slot Port Te 1 1 Peer info Mgmt Mac 00 01 e8 14 89 25 Slot Port Te 4 1 Sender hold time 3 second 2w1d22h FEFD packet received on interface Te 4 1 Sender state Bi directional Sender info Mgmt Mac 00 01 e8 14 89 25...

Страница 613: ...uration information is exchanged in the form of Type Length Value TLV segments Type The kind of information included in the TLV Length The value in octets of the TLV after the Length field Value The configuration information that the agent is advertising The chassis ID TLV is shown in the following illustration Figure 77 Type Length Value TLV Segment TLVs are encapsulated in a frame called an LLDP...

Страница 614: ...dentifies a port through which TLVs are sent and received 3 Time to Live An administratively assigned name that identifies a port through which TLVs are sent and received Optional Includes sub types of TLVs that advertise specific configuration information These sub types are Management TLVs IEEE 802 1 IEEE 802 3 and TIA 1057 Organizationally Specific TLVs Figure 78 LLDPDU Frame Optional TLVs The ...

Страница 615: ...igure the Dell Networking system to advertise any or all of these TLVs Table 52 Optional TLV Types Type TLV Description Optional TLVs 4 Port description A user defined alphanumeric string that describes the port Dell Networking OS does not currently support this TLV 5 System name A user defined alphanumeric string that identifies the system 6 System description A user defined alphanumeric string t...

Страница 616: ...ing of the duplex status and bit rate and whether the current settings are the result of auto negotiation This TLV is not available in the Dell Networking OS implementation of LLDP but is available and mandatory non configurable in the LLDP MED implementation 127 Power via MDI Dell Networking supports the LLDP MED protocol which recommends that Power via MDI TLV be not implemented and therefore De...

Страница 617: ...point devices LLDP MED provides network connectivity devices with the ability to manage inventory manage Power over Ethernet PoE identify physical location identify network policy LLDP MED is designed for but not limited to VoIP endpoints TIA Organizationally Specific TLVs The Dell Networking system is an LLDP MED Network Connectivity Device Device Type 4 Network connectivity devices are responsib...

Страница 618: ...support these TLVs 127 5 Inventory Hardware Revision Indicates the hardware revision of the LLDP MED device 127 6 Inventory Firmware Revision Indicates the firmware revision of the LLDP MED device 127 7 Inventory Software Revision Indicates the software revision of the LLDP MED device 127 8 Inventory Serial Number Indicates the device serial number of the LLDP MED device 127 9 Inventory Manufactur...

Страница 619: ...system is a network connectivity device which is Type 4 When you enable LLDP MED in Dell Networking OS using the advertise med command the system begins transmitting this TLV Figure 80 LLDP MED Capabilities TLV Table 54 Dell Networking OS LLDP MED Capabilities Bit Position TLV Dell Networking OS Support 0 LLDP MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power...

Страница 620: ...or which a connection is made In this case configure the signaling application Table 56 Network Policy Applications Type Application Description 0 Reserved 1 Voice Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services 2 Voice Signaling Specify this application type only if voice control packets use a separate network policy tha...

Страница 621: ...ary and backup The Dell Networking system is a primary power source which corresponds to a value of 1 based on the TIA 1057 specification Power Priority there are three possible priorities Low High and Critical On Dell Networking systems the default power priority is High which corresponds to a value of 2 based on the TIA 1057 specification You can configure a different power priority through the ...

Страница 622: ...ceeds the maximum the system does not configure more than 8000 INTERFACE level configurations override all CONFIGURATION level configurations LLDP is not hitless LLDP Compatibility Spanning tree and force10 ring protocol blocked ports allow LLDPDUs 802 1X controlled ports do not allow LLDPDUs until the connected device is authenticated CONFIGURATION versus INTERFACE Configurations All LLDP configu...

Страница 623: ...figuration mode exit Exit from LLDP configuration mode hello LLDP hello configuration mode LLDP mode configuration default rx and tx multiplier LLDP multiplier configuration no Negate a command or set its defaults show Show LLDP configuration Dell conf if te 1 3 lldp Enabling LLDP LLDP is enabled by default Enable and disable LLDP globally or per interface If you enable LLDP globally all UP interf...

Страница 624: ... lldp 2 Enter LLDP management interface mode LLDP MANAGEMENT INTERFACE mode management interface 3 Enter the disable command LLDP MANAGEMENT INTERFACE mode To undo an LLDP management port configuration precede the relevant command with the keyword no Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces If you configure the system globa...

Страница 625: ...s system capabilities system description For 802 1 TLVs port protocol vlan id port vlan id vlan name For 802 3 TLVs max frame size For TIA 1057 TLVs guest voice guest voice signaling location identification power via mdi softphone voice streaming video video conferencing video signaling voice voice signaling In the following example LLDP is enabled globally R1 and R2 are transmitting periodic LLDP...

Страница 626: ...no disable Dell conf lldp Dell conf lldp exit Dell conf interface tengigabitethernet 1 31 Dell conf if te 1 31 show config interface TenGigabitEthernet 1 31 no ip address switchport no shutdown Dell conf if te 1 31 protocol lldp Dell conf if te 1 31 lldp show config protocol lldp Dell conf if te 1 31 lldp Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjace...

Страница 627: ... Chassis ID 00 01 e8 06 95 3e Remote Port Subtype Interface name 5 Remote Port ID TeGigabitEthernet 2 11 Local Port ID TeGigabitEthernet 1 21 Locally assigned remote Neighbor Index 4 Remote TTL 120 Information valid for next 120 seconds Time since last information change of this neighbor 01 50 16 Remote MTU 1554 Remote System Desc Dell Networks Real Time Operating System Software Dell Operating Sy...

Страница 628: ...de R1 conf lldp show config protocol lldp advertise dot1 tlv port protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Configuring Transmit and Receive Mode After you enable LLDP the system transmits and receives LLDPDUs by default To configure the system to transmit or receive only and return to the...

Страница 629: ...g the Time to Live Value The information received from a neighbor expires after a specific amount of time measured in seconds called a time to live TTL The TTL is the product of the LLDPDU transmit interval hello and an integer called a multiplier The default multiplier is 4 which results in a default TTL of 120 seconds Adjust the TTL value CONFIGURATION mode or INTERFACE mode multiplier Return to...

Страница 630: ...protocol vlan id port vlan id advertise dot3 tlv max frame size advertise management tlv system capabilities system description no disable R1 conf lldp Debugging LLDP You can view the TLVs that your system is sending and receiving To view the TLVs use the following commands View a readable version of the TLVs debug lldp brief View a readable version of the TLVs plus a hexadecimal version of the en...

Страница 631: ...t Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802 1AB MIB objects The following tables list the objects associated with received and transmitted TLVs the LLDP configuration on the local agent IEEE 802 1AB Organizationally Specific TLVs received and transmitted LLDP MED TLVs Link Layer Discovery Protocol LLDP 631 ...

Страница 632: ... they are enabled for transmission LLDP Statistics statsAgeoutsTotal lldpStatsRxPortAgeoutsTotal Total number of times that a neighbor s information is deleted on the local system due to an rxInfoTTL timer expiration statsFramesDiscardedTotal lldpStatsRxPortFramesDiscar dedTotal Total number of LLDP frames received then discarded statsFramesInErrorsTotal lldpStatsRxPortFramesErrors Total number of...

Страница 633: ...e lldpRemPortDesc 5 System Name system name Local lldpLocSysName Remote lldpRemSysName 6 System Description system description Local lldpLocSysDesc Remote lldpRemSysDesc 7 System Capabilities system capabilities Local lldpLocSysCapSuppor ted Remote lldpRemSysCapSupp orted 8 Management Address enabled capabilities Local lldpLocSysCapEnable d Remote lldpRemSysCapEnabl ed management address length Lo...

Страница 634: ...dpXdot1LocPortVlan Id Remote lldpXdot1RemPortVla nId 127 Port and Protocol VLAN ID port and protocol VLAN supported Local lldpXdot1LocProtoVla nSupported Remote lldpXdot1RemProtoVl anSupported port and protocol VLAN enabled Local lldpXdot1LocProtoVla nEnabled Remote lldpXdot1RemProtoVl anEnabled PPVID Local lldpXdot1LocProtoVla nId Remote lldpXdot1RemProtoVl anId 127 VLAN Name VID Local lldpXdot1L...

Страница 635: ...olicy Application Type Local lldpXMedLocMediaPo licyAppType Remote lldpXMedRemMediaP olicyAppType Unknown Policy Flag Local lldpXMedLocMediaPo licyUnknown Remote lldpXMedLocMediaPo licyUnknown Tagged Flag Local lldpXMedLocMediaPo licyTagged Remote lldpXMedLocMediaPo licyTagged VLAN ID Local lldpXMedLocMediaPo licyVlanID Remote lldpXMedRemMediaP olicyVlanID L2 Priority Local lldpXMedLocMediaPo licy...

Страница 636: ...iceType Remote lldpXMedRemXPoED eviceType Power Source Local lldpXMedLocXPoEPS EPowerSource lldpXMedLocXPoEPD PowerSource Remote lldpXMedRemXPoEPS EPowerSource lldpXMedRemXPoEP DPowerSource Power Priority Local lldpXMedLocXPoEPD PowerPriority lldpXMedLocXPoEPS EPortPDPriority Remote lldpXMedRemXPoEPS EPowerPriority lldpXMedRemXPoEP DPowerPriority Power Value Local lldpXMedLocXPoEPS EPortPowerAv ll...

Страница 637: ...P with the MAC address cluster MAC address In Multicast mode the cluster IP address maps to a cluster multicast MAC address you configured using a static ARP command After the NLB entry is learned the traffic forwards to all the servers in the VLAN corresponding to the cluster virtual IP address NLB Unicast Mode Scenario Consider a topology in which you configure four servers S1 through S4 as a cl...

Страница 638: ...RP header SHA frames a flooding of packets over the relevant VLAN occurs The maximum number of concurrent clusters that is supported is eight Microsoft Clustering To provide transparent failover or balancing Microsoft clustering allows multiple servers using Microsoft Windows to be represented by one MAC address and IP address The Dell Networking OS does not recognize server clusters by default yo...

Страница 639: ...ning config command output that displays the ip vlan flooding CLI configuration This is the only output where you see the VLAN flooding status enabled or disabled Configuring a Switch for NLB To enable a switch for Unicast NLB mode perform the following steps Enter the ip vlan flooding command to specify that all Layer 3 unicast routed data traffic going through a VLAN member port floods across al...

Страница 640: ... the cluster IP address for the NLB mode of operation of the switch 2 Associate specific MAC or hardware addresses to VLANs CONFIGURATION mode mac address table static multicast mac address vlan vlan id output range interface Microsoft Network Load Balancing 640 ...

Страница 641: ...efined by an exterior gateway protocol such as border gateway protocol BGP Each rendezvous point RP peers with every other RP via the transmission control protocol TCP Through this connection peers advertise the sources in their domain 1 When an RP in a PIM SM domain receives a PIM register message from a source it sends a source active SA message to MSDP peers as shown in the following illustrati...

Страница 642: ...mbers within the domain interested in any of the advertised sources If there are the receiving RP sends a join message to the originating RP creating a shortest path tree SPT to the source Figure 85 Multicast Source Discovery Protocol MSDP Multicast Source Discovery Protocol MSDP 642 ...

Страница 643: ... Discovery Protocol Enable MSDP Manage the Source Active Cache Accept Source Active Messages that Fail the RFP Check Specifying Source Active Messages Limiting the Source Active Messages from a Peer Preventing MSDP from Caching a Local Source Preventing MSDP from Caching a Remote Source Preventing MSDP from Advertising a Local Source Logging Changes in Peership States Terminating a Peership Cleari...

Страница 644: ... When a source registers with one RP an SA message is sent to the other RPs informing them that there is an active source for a particular multicast group The result is that each RP is aware of the active sources in the area of the other RPs If any of the RPs fail IP routing converges and one of the RPs becomes the active RP in more than one area New sources register with the backup RP Receivers j...

Страница 645: ...RFP Check Specifying Source Active Messages Limiting the Source Active Cache Preventing MSDP from Caching a Local Source Preventing MSDP from Caching a Remote Source Preventing MSDP from Advertising a Local Source Terminating a Peership Clearing Peer Statistics Debugging MSDP MSDP with Anycast RP MSDP Sample Configurations Multicast Source Discovery Protocol MSDP 645 ...

Страница 646: ...Figure 87 Configuring Interfaces for MSDP Multicast Source Discovery Protocol MSDP 646 ...

Страница 647: ...Figure 88 Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol MSDP 647 ...

Страница 648: ...Figure 89 Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol MSDP 648 ...

Страница 649: ...Figure 90 Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains 1 Enable MSDP CONFIGURATION mode Multicast Source Discovery Protocol MSDP 649 ...

Страница 650: ... 0 1 Local Addr 192 168 0 3 639 Connect Source Lo 0 State Established Up Down Time 00 15 20 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 8 0 SAs learned from this peer 1 SA Filtering Input S G filter none Output S G filter none Manage the Source Active Cache Each SA originating RP caches the sources inside its domain domain local and the sources which it has learned fr...

Страница 651: ...ege mode show ip msdp sa limit If the total number of active sources is already larger than the limit when limiting is applied the sources that are already in Dell Networking OS are not discarded To enforce the limit in such a situation use the clear ip msdp sa cache command to clear all existing entries Clearing the Source Active Cache To clear the source active cache use the following command Cl...

Страница 652: ...learns all active sources from RP3 but the sources from RP2 and RP4 are rejected because the reverse path to these routers is through Interface A In Scenario 3 RP3 is configured as a default MSDP peer for RP1 and so the RPF check is disregarded for RP3 In Scenario 4 RP1 has a default peer plus an access list The list permits RP4 so the RPF check is disregarded for active sources from it but RP5 an...

Страница 653: ...Figure 91 MSDP Default Peer Scenario 2 Multicast Source Discovery Protocol MSDP 653 ...

Страница 654: ...Figure 92 MSDP Default Peer Scenario 3 Multicast Source Discovery Protocol MSDP 654 ...

Страница 655: ...riginating RP from which all active sources are accepted without regard for the RPF check CONFIGURATION mode ip msdp default peer ip address list If you do not specify an access list the peer accepts all sources that peer advertises All sources from RPs that the ACL denies are subject to the normal RPF check Multicast Source Discovery Protocol MSDP 655 ...

Страница 656: ...229 0 50 66 24 0 50 66 200 0 1 50 10 0 50 2 Rpf Fail Limiting the Source Active Messages from a Peer To limit the source active messages from a peer use the following commands 1 OPTIONAL Store sources that are received after the limit is reached in the rejected SA cache CONFIGURATION mode ip msdp cache rejected sa 2 Set the upper limit for the number of sources allowed from an MSDP peer CONFIGURAT...

Страница 657: ...p redistribute list mylocalfilter ip msdp cache rejected sa 1000 R1_E600 conf do show run acl ip access list extended mylocalfilter seq 5 deny ip host 239 0 0 1 host 10 11 4 2 seq 10 deny ip any any R1_E600 conf do show ip msdp sa cache R1_E600 conf do show ip msdp sa cache rejected sa MSDP Rejected SA Cache 1 rejected SAs received cache size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom Rea...

Страница 658: ... msdp peer Peer Addr 192 168 0 1 Local Addr 0 0 0 0 639 Connect Source Lo 0 State Listening Up Down Time 00 01 19 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 0 0 SAs learned from this peer 0 SA Filtering Input S G filter myremotefilter Output S G filter none Preventing MSDP from Advertising a Local Source To prevent MSDP from advertising a local source use the followi...

Страница 659: ...N mode ip msdp log adjacency changes Terminating a Peership MSDP uses TCP as its transport protocol In a peering relationship the peer with the lower IP address initiates the TCP session while the peer with the higher IP address listens on port 639 Terminate the TCP connection with a peer CONFIGURATION mode ip msdp shutdown Example of the Verifying that Peering State is Disabled After the relation...

Страница 660: ...Local Addr 192 168 0 3 639 Connect Source Lo 0 State Established Up Down Time 00 04 26 Timers KeepAlive 30 sec Hold time 75 sec SourceActive packet count in out 5 0 SAs learned from this peer 0 SA Filtering Input S G filter myremotefilter Output S G filter none R3 conf do clear ip msdp peer 192 168 0 1 R3 conf do show ip msdp peer Peer Addr 192 168 0 1 Local Addr 0 0 0 0 0 Connect Source Lo 0 Stat...

Страница 661: ...t least initially travel over the same part of the network You can load balance source registration between multiple RPs by strategically mapping groups to RPs but this technique is less effective as traffic increases because preemptive load balancing requires prior knowledge of traffic distributions lack of scalable register decasulation With only a single RP per group all joins are sent to that ...

Страница 662: ...o configure anycast RP use the following commands 1 In each routing domain that has multiple RPs serving a group create a Loopback interface on each RP serving the group with the same IP address CONFIGURATION mode interface loopback 2 Make this address the RP for the group Multicast Source Discovery Protocol MSDP 662 ...

Страница 663: ... creating a mesh group A mesh in this context is a topology in which each RP in a set of RPs has a peership with all other RPs in the set When an RP is a member of the mesh group it forwards active source information only to its peers outside of the group To create a mesh group use the following command Create a mesh group CONFIGURATION mode ip msdp mesh group Specifying the RP Address Used in SA ...

Страница 664: ...92 168 0 3 connect source Loopback 1 ip msdp peer 192 168 0 22 connect source Loopback 1 ip msdp mesh group AS100 192 168 0 22 ip msdp originator id Loopback 1 ip pim rp address 192 168 0 1 group address 224 0 0 0 4 The following example shows an R2 configuration for MSDP with Anycast RP ip multicast routing interface TenGigabitEthernet 2 1 ip pim sparse mode ip address 10 11 4 1 24 no shutdown in...

Страница 665: ...guration for MSDP with Anycast RP ip multicast routing interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 0 32 24 no shutdown interface TenGigabitEthernet 3 41 ip pim sparse mode ip address 10 11 6 34 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 3 32 no shutdown router ospf 1 network 10 11 6 0 24 area 0 network 192 168 0 3 32 area 0 redistribute st...

Страница 666: ...2 1 24 no shutdown interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 1 12 24 no shutdown interface Loopback 0 ip pim sparse mode ip address 192 168 0 1 32 no shutdown router ospf 1 network 10 11 2 0 24 area 0 network 10 11 1 0 24 area 0 network 192 168 0 1 32 area 0 network 10 11 3 0 24 area 0 ip multicast msdp ip msdp peer 192 168 0 3 connect source Loopback 0 ip pim rp addres...

Страница 667: ...ip pim rp address 192 168 0 1 group address 224 0 0 0 4 MSDP Sample Configuration R3 Running Config ip multicast routing interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 0 32 24 no shutdown interface TenGigabitEthernet 3 41 ip pim sparse mode ip address 10 11 6 34 24 no shutdown interface ManagementEthernet 1 1 ip address 10 11 80 3 24 no shutdown interface Loopback 0 ip pim s...

Страница 668: ...4 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown interface TenGigabitEthernet 4 22 ip address 10 10 42 1 24 no shutdown interface TenGigabitEthernet 4 31 ip pim sparse mode ip address 10 11 6 43 24 no shutdown interface Loopback 0 ip address 192 168 0 4 32 no shutdown router ospf 1 network 10 11 5 0 24 area 0 network 10 11 6 0 24 area 0 network 192 168 0 4 32 area 0 ip pim rp address 192...

Страница 669: ...nces Protocol Overview MSTP specified in IEEE 802 1Q 2003 is a rapid spanning tree protocol RSTP based spanning tree variation that improves on per VLAN spanning tree plus PVST MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances In contrast PVST allows a spanning tree instance for each VLAN Thi...

Страница 670: ...nning Tree Variations Configure Multiple Spanning Tree Protocol Enable Multiple Spanning Tree Globally Adding and Removing Interfaces Creating Multiple Spanning Tree Instances Influencing MSTP Root Selection Interoperate with Non Dell Bridges Changing the Region Name or Revision Modifying Global Parameters Modifying the Interface Parameters Configuring an EdgePort Flush MAC Addresses after a Topol...

Страница 671: ...idges that also use this standard implementation MSTP is compatible with STP and RSTP Dell Networking OS supports only one MSTP region When you enable MSTP all ports in Layer 2 mode participate in MSTP You can configure 64 MSTIs including the default instance 0 CIST Configure Multiple Spanning Tree Protocol Configuring multiple spanning tree is a four step process 1 Configure interfaces for Layer ...

Страница 672: ...e automatically part of the MSTI 0 Within an MSTI only one path from any bridge to any other bridge is enabled Bridges block a redundant path by disabling one of the link ports 1 Enter PROTOCOL MSTP mode CONFIGURATION mode protocol spanning tree mstp 2 Enable MSTP PROTOCOL MSTP mode no disable Example of Verifying MSTP is Enabled To verify that MSTP is enabled use the show config command in PROTOC...

Страница 673: ...ee mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 All bridges in the MSTP region must have the same VLAN to instance mapping To view which instance a VLAN is mapped to use the show spanning tree mst vlan command from EXEC Privilege mode Dell conf mstp name my mstp region Dell conf mstp exit Dell conf do show spanning tree mst config MST region name my mstp region Revision 0 MSTI VID 1 100 2 2...

Страница 674: ...encing MSTP Root Selection MSTP determines the root bridge but you can assign one bridge a lower priority to increase the probability that it becomes the root bridge To change the bridge priority use the following command Assign a number as the bridge priority PROTOCOL MSTP mode msti instance bridge priority priority A lower number increases the probability that the bridge becomes the root bridge ...

Страница 675: ...on Dell devices that participate in MSTP ensure these values match on all devices NOTE Some non Dell devices may implement a non null default region name SFTOS for example uses the Bridge ID while others may use a MAC address Changing the Region Name or Revision To change the region name or revision use the following commands Change the region name PROTOCOL MSTP mode name name Change the region re...

Страница 676: ...hat only experienced network administrators change MSTP parameters Poorly planned modification of MSTP parameters can negatively affect network performance To change the MSTP parameters use the following commands on the root bridge 1 Change the forward delay parameter PROTOCOL MSTP mode forward delay seconds The range is from 4 to 30 The default is 15 seconds 2 Change the hello time parameter PROT...

Страница 677: ...y the port is selected to be a forwarding port Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost The following lists the default values for port cost by interface Table 62 Default Values for Port Costs by Interface Port Cost Default Value 100 Mb s Ethernet interfaces 200000 1 Gigabit Ethernet interfaces 20000 ...

Страница 678: ...uard shutdown on violation option causes the interface hardware to be shut down when it receives a BPDU When you implement only bpduguard although the interface is placed in an Error Disabled state when receiving the BPDU the physical interface remains up and spanning tree drops packets in the hardware after a BPDU violation BPDUs are dropped in the software after receiving the BPDU violation This...

Страница 679: ...at EdgePort is enabled use the show config command from INTERFACE mode Dell conf if te 3 11 spanning tree mstp edge port Dell conf if te 3 11 show config interface TenGigabitEthernet 3 11 no ip address switchport spanning tree mstp edge port spanning tree MSTI 1 priority 144 no shutdown Dell conf if te 3 11 Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address...

Страница 680: ...is example uses the following steps 1 Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs 2 Assign Layer 2 interfaces to the MSTP topology 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs Step 1 protocol spanning tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 Step 2 interface TenGigabitEthernet 1 21 no ip a...

Страница 681: ...evision map MSTP instances to the VLANs 2 Assign Layer 2 interfaces to the MSTP topology 3 Create VLANs mapped to MSTP instances tag interfaces to the VLANs Step 1 protocol spanning tree mstp no disable name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 Step 2 interface TenGigabitEthernet 2 11 no ip address switchport no shutdown interface TenGigabitEthernet 2 31 no ip address switchport...

Страница 682: ...p address switchport no shutdown interface TenGigabitEthernet 3 21 no ip address switchport no shutdown Step 3 interface Vlan 100 no ip address tagged TenGigabitEthernet 3 11 21 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3 11 21 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 3 11 21 no shutdown SFTOS Example Running Configuration This example use...

Страница 683: ... exit interface vlan 200 tagged 1 0 31 tagged 1 0 32 exit interface vlan 300 tagged 1 0 31 tagged 1 0 32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration use the following commands Display BPDUs EXEC Privilege mode debug spanning tree mstp bpdu Display MSTP triggered topology change messages debug spanning tree mstp events Examples of Viewing MSTP Configurati...

Страница 684: ...un spanning tree mstp protocol spanning tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200 300 The following example shows viewing the debug log of a successful MSTP configuration Dell debug spanning tree mstp bpdu MSTP debug bpdu is ON Dell 4w0d4h MSTP Sending BPDU on Te 2 21 ProtId 0 Ver 3 Bpdu Type MSTP Flags 0x6e CIST Root Bridge Id 32768 0001 e806 953e Ext Path Cost 0 Regional...

Страница 685: ...icates MSTP routers are in different regions and are not communicating with each other CIST Root Bridge Id 32768 0001 e806 953e Ext Path Cost 0 Regional Bridge Id 32768 0001 e806 953e CIST Port Id 128 470 Msg Age 0 Max Age 20 Hello 2 Fwd Delay 15 Ver1 Len 0 Ver Name Tahiti Rev 123 Int Root Path Cost 0 Rem Hops 20 Bridge Id 32768 0001 e8d5 cbbd 4w0d4h INST 1 Flags 0x70 Reg Root 32768 0001 e8d5 cbbd...

Страница 686: ...C address and multicast control traffic and multicast data traffic might map to the same MAC address the Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic As the upper five bits of an IP Multicast address are dropped in the translation 32 different multicast group IDs map to the same Ethernet address For example 224 0 0 5 is a known ...

Страница 687: ...number of multicast routes on a system limit is reached the Dell Networking OS does not process Internet group management protocol IGMP or multicast listener discovery protocol MLD joins to protocol independent multicast PIM though it still processes leave messages until the number of entries decreases below 95 of the limit When the limit falls below 95 after hitting the maximum the system begins ...

Страница 688: ... packet For IGMPv2 use the keyword any for source as shown in the following example because the IGMPv2 hosts do not know in advance who the source is for the group in which they are interested To apply the access list use the following command Apply the access list INTERFACE mode ip igmp access group access list name Dell Networking OS Behavior Do not enter the ip igmp access group command before ...

Страница 689: ...ure 97 Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration Table 63 Preventing a Host from Joining a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 Multicast Features 689 ...

Страница 690: ...TenGigabitEthernet 2 31 ip pim sparse mode ip address 10 11 23 1 24 no shutdown 3 1 Interface TenGigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim s...

Страница 691: ...source and group use the following command If the source DR never sends register packets to the RP no hosts can ever discover the source and create a shortest path tree SPT to it Prevent a source from transmitting to a particular group CONFIGURATION mode ip pim register filter In the following example Source 1 and Source 2 are both transmitting packets for groups 239 0 0 1 and 239 0 0 2 R3 has a P...

Страница 692: ... table lists the location and description shown in the previous illustration Table 64 Preventing a Source from Transmitting to a Group Description Location Description 1 21 Interface TenGigabitEthernet 1 21 ip pim sparse mode ip address 10 11 12 1 24 Multicast Features 692 ...

Страница 693: ...TenGigabitEthernet 2 31 ip pim sparse mode ip address 10 11 23 1 24 no shutdown 3 1 Interface TenGigabitEthernet 3 1 ip pim sparse mode ip address 10 11 5 1 24 no shutdown 3 11 Interface TenGigabitEthernet 3 11 ip pim sparse mode ip address 10 11 13 2 24 no shutdown 3 21 Interface TenGigabitEthernet 3 21 ip pim sparse mode ip address 10 11 23 2 24 no shutdown Receiver 1 Interface VLAN 300 ip pim s...

Страница 694: ...ent to the CPU of both the RP and PIM DR of the source Excessive traffic generates when the join process from the RP back to the source is blocked due to a new source group being permitted in the join filter This results in the new source becoming stuck in registering on the DR and the continuous generation of user datagram protocol UDP encapsulated registration messages between the DR and RP rout...

Страница 695: ...holds of IPv4 and IPv6 routes Tracking of IP Hosts In future releases environmental alarms and available free memory will be supported You can configure client applications such as VRRP to receive a notification when the state of a tracked object changes The following example shows how object tracking is performed Router A and Router B are both connected to the internet via interfaces running OSPF...

Страница 696: ...before changes in a tracked object s state are reported to a client Track Layer 2 Interfaces You can create an object to track the line protocol state of a Layer 2 interface In this type of object tracking the link level operational status UP or DOWN of the interface is monitored When the link level status goes down the tracked resource status is considered to be DOWN if the link level status goes...

Страница 697: ...paring the UP or DOWN threshold for a route s metric with current entries in the route table Track Route Reachability If you configure the reachability of an IP route entry as a tracked object the UP DOWN state of the route is determined by the entry of the next hop address in the ARP cache A tracked route is considered to be reachable if there is an address resolution protocol ARP cache entry for...

Страница 698: ...Delays You can configure an optional UP and or DOWN timer for each tracked object to set the time delay before a change in the state of a tracked object is communicated to clients The configured time delay starts when the state changes from UP to DOWN or the opposite way If the state of an object changes back to its former UP DOWN state before the timer expires the timer is cancelled and the clien...

Страница 699: ... vlan vlan id where valid VLAN IDs are from 1 to 4094 A line protocol object only tracks the link level UP DOWN status of a specified interface When the link level status goes down the tracked object status is DOWN if the link level status is up the tracked object status is UP To remove object tracking on a Layer 2 interface use the no track object id command To configure object tracking on the st...

Страница 700: ...rd vlan then a number from 1 to 4094 For an IPv4 interface a routing object only tracks the UP DOWN status of the specified IPv4 interface the track interface ip routing command The status of an IPv4 interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address The Layer 3 status of an IPv4 interface goes DOWN when its Layer 2 status goes down for a Lay...

Страница 701: ...figuring Object Tracking for an IPv4 or IPv6 Interface Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface The following is an example of configuring object tracking for an IPv4 interface Dell conf track 101 interface tengigabitethernet 1 2 ip routing Dell conf track 101 delay up 20 Dell conf track 101 description NYC metro Dell conf track 101 end Dell show track 101 Track 101 In...

Страница 702: ...ring the route DOWN By comparing the threshold for a route s metric with current entries in the route table The UP DOWN state of the tracked route is determined by the threshold for the current value of the route metric in the routing table To provide a common tracking interface for different clients route metrics are scaled in the range from 0 to 255 where 0 is connected and 255 is inaccessible T...

Страница 703: ... to 128 Optional E Series only For an IPv4 route you can enter a VRF name to specify the virtual routing table to which the tracked route belongs 2 Optional Configure the time delay used before communicating a change in the status of a tracked route OBJECT TRACKING mode delay up seconds down seconds Valid delay times are from 0 to 180 seconds The default is 0 3 Optional Identify the tracked object...

Страница 704: ...e the default resolution value used by the specified protocol to scale the metric for IPv4 or IPv6 routes CONFIGURATION mode track resolution ip route ipv6 route isis resolution value ospf resolution value The range of resolution values is ISIS routes 1 to 1000 The default is 1 OSPF routes 1 to 1592 The efault is 1 2 Configure object tracking on the metric of an IPv4 or IPv6 route CONFIGURATION mo...

Страница 705: ...isplay the tracking configuration EXEC Privilege mode show track object id Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv4 route Dell conf track 6 ip route 2 1 1 0 24 metric threshold Dell conf track 6 delay down 20 Dell conf track 6 delay up 20 Dell conf track 6 description track ip route metric Dell conf trac...

Страница 706: ...pecified object or all objects that are currently configured on the router show running config track object id Examples of Viewing Tracked Objects Dell show track Track 1 IP route 23 0 0 0 8 reachability Reachability is Down route not in route table 2 changes last change 00 16 08 Tracked by Track 2 IPv6 route 2040 64 metric threshold Metric threshold is Up STATIC 0 0 5 changes last change 00 02 16...

Страница 707: ...Up CONNECTED 3 changes last change 00 02 39 First hop interface is TenGigabitEthernet 1 4 Example of Viewing Object Tracking Configuration Dell show running config track track 1 ip route 23 0 0 0 8 reachability track 2 ipv6 route 2040 64 metric threshold delay down 3 delay up 5 threshold metric up 200 track 3 ipv6 route 2050 64 reachability track 4 interface TenGigabitEthernet 1 4 ip routing track...

Страница 708: ...col Overview OSPF routing is a link state routing protocol that calls for the sending of link state advertisements LSAs to all other routers within the same autonomous system AS areas Information on attached interfaces metrics used and other variables is included in OSPF LSAs As OSPF routers accumulate link state information they use the shortest path first SPF algorithm to calculate the shortest ...

Страница 709: ...nterfaces can participate in multiple areas These routers called area border routers ABRs maintain separate databases for each area Areas are a logical grouping of OSPF routers identified by an integer or dotted decimal number Areas allow you to further organize your routers within in the AS One or more areas are required within the AS Areas are valuable in that they allow sub networks to hide wit...

Страница 710: ...he backbone It cannot receive external AS information from the backbone or other areas Totally stubby areas are referred to as no summary areas in the Dell Networking OS Networks and Neighbors As a link state protocol OSPF sends routing information to other OSPF routers concerning the state of the links between them The state up or down of those links is important Routers that share a link become ...

Страница 711: ...ckbone Router BR A backbone router BR is part of the OSPF Backbone Area 0 This includes all ABRs It can also include any routers that connect only to the backbone and another ABR but are only part of Area 0 such as Router I in the previous example Open Shortest Path First OSPFv2 and OSPFv3 711 ...

Страница 712: ...in network traffic and in the size of the topological database The DR maintains a complete topology table of the network and sends the updates to the other routers via multicast All routers in an area form a slave master relationship with the DR Every time a router sends an update the router sends it to the DR and BDR The DR sends the update out to all other routers in the area The BDR is the rout...

Страница 713: ...an NSSA do not receive external LSAs from ABRs but are allowed to send external routing information for redistribution They use Type 7 LSAs to tell the ABRs about these external routes which the ABR then translates to Type 5 external LSAs and floods as normal to the rest of the OSPF network Type 8 Link LSA OSPFv3 This LSA carries the IPv6 address information of the local links Type 9 Link Local LS...

Страница 714: ...ansmit after 45000ms Mar 15 09 46 06 STKUNIT0 M CP OSPF 4 LSA_BACKOFF OSPF Process 10 Router lsa id 3 3 3 3 rtrid 3 3 3 3 received before 1000ms time NOTE The sequence numbers are reset when previously cleared routes that are waiting for the LSA throttle timer to expire are re enabled Router Priority and Cost Router priority and cost is the method the system uses to rate the routers For example if...

Страница 715: ... one OSPFv2 process per VRF Dell Networking OS version 9 7 0 0 and later support OSPFv3 in VRF Also on OSPFv3 Dell Networking OS supports only one OSPFv3 process per VRF OSPFv2 and OSPFv3 can co exist but you must configure them individually Dell Networking OS supports stub areas totally stub no summary and not so stubby areas NSSAs and supports the following LSAs as described earlier Router type ...

Страница 716: ...lowing link local Grace LSAs An OSPFv2 router sends Type 9 LSAs An OSPFv3 router sends Type 11 LSAs Type 9 and 11 LSAs include a grace period which is the time period an OSPF router advertises to adjacent neighbor routers as the time to wait for it to return to full control plane functionality During the grace period neighbor OSPFv2 v3 interfaces save the LSAs from the restarting OSPF interface He...

Страница 717: ...Fv2 and the show run ospf and show ipv6 ospf database database summary commands for OSPFv3 Fast Convergence OSPFv2 IPv4 Only Fast convergence allows you to define the speeds at which LSAs are originated and accepted and reduce OSPFv2 end to end convergence time Dell Networking OS allows you to accept and originate LSAs as soon as they are available to speed up route information propagation NOTE Th...

Страница 718: ...g as the hello interval Changing the hello interval on the Cisco router automatically changes the dead interval To ensure equal intervals between the routers use the following command Manually set the dead interval of the Dell Networking router to match the Cisco configuration INTERFACE mode ip ospf dead interval x Examples of Setting and Viewing a Dead Interval In the following example the dead i...

Страница 719: ...rtest Path First version 2 OSPF for IPv4 on the switch Two of the tasks are mandatory others are optional The following configuration tasks include two mandatory tasks and several optional tasks Enabling OSPFv2 mandatory Assigning a Router ID Assigning an OSPFv2 Area mandatory Enable OSPFv2 on Interfaces Configuring Stub Areas Enabling Passive Interfaces Enabling Fast Convergence Changing OSPFv2 P...

Страница 720: ...u create four OSPFv2 process IDs you must have four interfaces with Layer 3 enabled 1 Assign an IP address to an interface CONFIG INTERFACE mode ip address ip address mask The format is A B C D M If you are using a Loopback interface refer to Loopback Interfaces 2 Enable the interface CONFIG INTERFACE mode no shutdown 3 Return to CONFIGURATION mode to enable the OSPFv2 process globally CONFIGURATI...

Страница 721: ...uting Process ospf 55555 with ID 10 10 10 10 Supports only single TOS TOS0 routes SPF schedule delay 5 secs Hold time between two SPFs 10 secs Number of area in this router is 0 normal 0 stub 0 nssa 0 Dell Assigning an OSPFv2 Area After you enable OSPFv2 assign the interface to an OSPF area Set up OSPF areas and enable OSPFv2 on an interface with the network command You must have at least one AS a...

Страница 722: ...to a Layer 3 interface and theno shutdown command ensures that the interface is UP The second bold line assigns the IP address of an interface to an area Example of Enabling OSPFv2 and Assigning an Area to an Interface Dell conf int te 4 14 Dell conf if te 4 14 ip address 10 10 10 10 24 Dell conf if te 4 14 no shutdown Dell conf if te 4 14 ex Dell conf router ospf 1 Dell conf router_ospf 1 network...

Страница 723: ... 1 int TenGigabitEthernet 1 23 is up line protocol is up Internet Address 10 168 0 1 24 Area 0 0 0 1 Process ID 1 Router ID 10 168 253 2 Network Type BROADCAST Cost 1 Transmit Delay is 1 sec State DROTHER Priority 1 Designated Router ID 10 168 253 5 Interface address 10 168 0 4 Backup Designated Router ID 192 168 253 3 Interface address 10 168 0 2 Timer intervals configured Hello 10 Dead 40 Wait 4...

Страница 724: ... 2 100 Process ID 34 Area ID Router Network S Net S ASBR Type 7 Subtotal 2 2 2 2 1 0 0 0 0 1 3 3 3 3 1 0 0 0 0 1 Dell To view information on areas use the show ip ospf process id command in EXEC Privilege mode Enabling Passive Interfaces A passive interface is one that does not send or receive routing information Enabling passive interface suppresses routing updates on an interface Although the pa...

Страница 725: ... 2 100 Interface address 0 0 0 0 Backup Designated Router ID 0 0 0 0 Interface address 0 0 0 0 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 13 39 46 Neighbor Count is 0 Adjacent neighbor count is 0 TenGigabitEthernet 2 1 is up line protocol is down Internet Address 10 1 3 100 24 Area 2 2 2 2 Process ID 34 Router ID 10 1 2 100 Network Type BROADCAST Cost 10 Transmit...

Страница 726: ...SPFs 10 secs Convergence Level 2 Min LSA origination 0 secs Min LSA arrival 0 secs Number of area in this router is 0 normal 0 stub 0 nssa 0 Dell The following examples shows how to disable fast convergence Dell conf router_ospf 1 no fast converge Dell conf router_ospf 1 ex Dell conf ex Dell show ip ospf 1 Routing Process ospf 1 with ID 192 168 67 2 Supports only single TOS TOS0 routes SPF schedul...

Страница 727: ...he range is from 1 to 255 Key a character string NOTE Be sure to write down or otherwise record the key You cannot learn the key after it is configured You must be careful when changing this key NOTE You can configure a maximum of six digest keys on an interface Of the available six digest keys the switches select the MD5 key that is common The remaining MD5 keys are unused Change the priority of ...

Страница 728: ...nterface address 0 0 0 0 Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 06 Neighbor Count is 0 Adjacent neighbor count is 0 Dell Enabling OSPFv2 Authentication To enable or change various OSPF authentication parameters use the following commands Set a clear text authentication scheme on the interface CONFIG INTERFACE mode ip ospf authentication key key Configur...

Страница 729: ...s neighbors advertises it as fully adjacent regardless of the synchronization state during a graceful restart OSPFv2 terminates this process when the grace period ends 2 Enter the Router ID of the OSPFv2 helper router from which the router does not accept graceful restart assistance CONFIG ROUTEROSPF id mode graceful restart helper reject router id Planned only the OSPFv2 router supports graceful ...

Страница 730: ...igure a graceful restart on an OSPFv2 router the show run ospf command displays information similar to the following Dell show run ospf router ospf 1 graceful restart grace period 300 graceful restart role helper only graceful restart mode unplanned only graceful restart helper reject 10 1 1 1 graceful restart helper reject 20 1 1 1 network 10 0 2 0 24 area 0 Dell Creating Filter Routes To filter ...

Страница 731: ...e routes use the following command Specify which routes are redistributed into OSPF process CONFIG ROUTEROSPF id mode redistribute bgp connected isis rip static metric metric value metric type type value route map map name tag tag value Configure the following required and optional parameters bgp connected isis rip static enter one of the keywords to redistribute those routes metric metric value t...

Страница 732: ...OSPF database Some useful troubleshooting commands are show interfaces show protocols debug IP OSPF events and or packets show neighbors show routes To help troubleshoot OSPFv2 use the following commands View the summary of all OSPF process IDs enables on the router EXEC Privilege mode show running config ospf View the summary information of the IP routes EXEC Privilege mode show ip route summary ...

Страница 733: ...mple of Viewing OSPF Configuration Dell show run ospf router ospf 4 router id 4 4 4 4 network 4 4 4 0 28 area 1 ipv6 router ospf 999 default information originate always router id 10 10 10 10 Dell Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2 These examples are not comprehensive directions They are intended to give you some guidance with typical con...

Страница 734: ...interface TenGigabitEthernet 1 1 ip address 10 1 11 1 24 no shutdown interface TenGigabitEthernet 1 2 ip address 10 2 12 2 24 no shutdown interface Loopback 10 ip address 192 168 100 100 24 no shutdown OSPF Area 0 Te 3 1 and 3 2 router ospf 33333 network 192 168 100 0 24 area 0 network 10 0 13 0 24 area 0 network 10 0 23 0 24 area 0 interface Loopback 30 ip address 192 168 100 100 24 no shutdown i...

Страница 735: ...ress and enabled so that they can send and receive traffic The OSPF process must know about these interfaces To make the OSPF process aware of these interfaces assign them to OSPF areas The OSPFv3 ipv6 ospf area command enables OSPFv3 on the interface and places the interface in an area With OSPFv2 two commands are required to accomplish the same tasks the router ospf command to create the OSPF pr...

Страница 736: ...nterface use the following commands 1 Assign an IPv6 address to the interface CONF INT type slot port mode ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits separate each group by a colon The format is A B C F 128 2 Bring up the interface CONF INT type slot port mode no shutdown Assigning Area ID on an Interface To assign the OSPFv3 process to...

Страница 737: ... ospf process ID The range is from 0 to 65535 Assign the router ID for this OSPFv3 process CONF IPV6 ROUTER OSPF mode router id number number the IPv4 address The format is A B C D NOTE Enter the router id for an OSPFv3 router as an IPv4 IP address Disable OSPF CONFIGURATION mode no ipv6 router ospf process id Reset the OSPFv3 process EXEC Privilege mode clear ipv6 ospf process Assigning OSPFv3 Pr...

Страница 738: ...on an OSPFv3 interface use the following command This command stops the router from sending updates on that interface Specify whether some or all some of the interfaces are passive CONF IPV6 ROUTER OSPF mode passive interface interface type Interface identifies the specific interface that is passive For a 10 Gigabit Ethernet interface enter the keyword TenGigabitEthernet then the slot port subport...

Страница 739: ...ify the information for the default route use the following command Specify the information for the default route CONF IPV6 ROUTER OSPF mode default information originate always metric metric value metric type type value route map map name Configure the following required and optional parameters always indicate that default route information is always advertised metric metric value The range is fr...

Страница 740: ...ode graceful restart mode planned only unplanned only Planned only the OSPFv3 router supports graceful restart only for planned restarts A planned restart is when you manually enter a redundancy force failover rpm command to force the primary RPM over to the secondary RPM During a planned restart OSPFv3 sends out a Grace LSA before the system switches over to the secondary RPM OSPFv3 is notified t...

Страница 741: ...ry command Dell show ipv6 ospf database database summary OSPFv3 Router with ID 200 1 1 1 Process ID 1 Process 1 database summary Type Count Status Oper Status 1 Admin Status 1 Area Bdr Rtr Status 0 AS Bdr Rtr Status 1 AS Scope LSA Count 0 AS Scope LSA Cksum sum 0 Originate New LSAS 73 Rx New LSAS 114085 Ext LSA Count 0 Rte Max Eq Cost Paths 5 GR grace period 180 GR mode planned and unplanned Area ...

Страница 742: ...ered during transmission and ensures that users are communicating with the intended individual or organization Insert the authentication header after the IP header with a value of 51 AH provides integrity and validation of data origin by authenticating every OSPFv3 packet For detailed information about the IP AH protocol refer to RFC 4302 ESP encapsulating security payload encapsulates data enabli...

Страница 743: ...t key exchange IKE protocol is not supported In an OSPFv3 authentication policy AH is used to authenticate OSPFv3 headers and certain fields in IPv6 headers and extension headers MD5 and SHA1 authentication types are supported encrypted and unencrypted keys are supported In an OSPFv3 encryption policy Both encryption and authentication are used IPsec security associations SAs are supported only in...

Страница 744: ... encrypted For SHA 1 authentication the key must be 40 hex digits non encrypted or 80 hex digits encrypted Remove an IPsec authentication policy from an interface no ipv6 ospf authentication ipsec spi number Remove null authentication on an interface to allow the interface to inherit the authentication policy configured for the OSPFv3 area no ipv6 ospf authentication null Display the configuration...

Страница 745: ...n key is encrypted The valid values are 0 or 7 Remove an IPsec encryption policy from an interface no ipv6 ospf encryption ipsec spi number Remove null encryption on an interface to allow the interface to inherit the encryption policy configured for the OSPFv3 area no ipv6 ospf encryption null Display the configuration of IPsec encryption policies on the router show crypto ipsec policy Display the...

Страница 746: ...ion command you enable both IPsec encryption and authentication However when you enable authentication on an area using the area authentication command you do not enable encryption at the same time If you have enabled IPsec authentication in an OSPFv3 area using the area authentication command you cannot use the area encryption command in the area at the same time The configuration of IPsec encryp...

Страница 747: ...nfiguration details about a specified policy Display security associations set up for OSPFv3 links in IPsec authentication and encryption policies on the router EXEC Privilege show crypto ipsec sa ipv6 interface interface To display information on the SAs used on a specific interface enter interface interface where interface is one of the following values For a 10 Gigabit Ethernet interface enter ...

Страница 748: ...P Auth Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97eb7c0c30808825fb5 Inbound ESP Cipher Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Outbound ESP Cipher Key bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba10345a1039ba8f8a Transform set esp 128 aes esp sha1 hmac The following example shows the show crypto ipsec sa ipv6 command Dell show crypto ipsec sa...

Страница 749: ...e the adjacencies established correctly Did you configure the interfaces for Layer 3 correctly Is the router in the correct area type Did you include the routes in the OSPF database Did you include the OSPF routes in the routing table not just the OSPF database Some useful troubleshooting commands are show ipv6 interfaces show ipv6 protocols debug ipv6 ospf events and or packets show ipv6 neighbor...

Страница 750: ...must know about these interfaces To make the OSPF process aware of these interfaces assign them to OSPF areas The OSPFv3 ipv6 ospf area command enables OSPFv3 on the interface and places the interface in an area With OSPFv2 two commands are required to accomplish the same tasks the router ospf command to create the OSPF process then the network area command to enable OSPF on an interface NOTE The ...

Страница 751: ...th Specify how the OSPF interface cost is calculated based on the reference bandwidth method The cost of an interface is calculated as Reference Bandwidth Interface speed ROUTER OSPFv3 auto cost reference bandwidth ref bw To return to the default bandwidth or to assign cost based on the interface type use the no auto cost reference bandwidth ref bw command ref bw The range is from 1 to 4294967 The...

Страница 752: ...e single command Use the OSPFv3 ipv6 ospf area command on each interface that runs OSPFv3 Assign the OSPFv3 process and an OSPFv3 area to this interface CONF INT type slot port mode ipv6 ospf process id area area id process id the process ID number assigned area id the area ID for this interface Assigning OSPFv3 Process ID and Router ID Globally To assign disable or reset OSPFv3 globally use the f...

Страница 753: ... this OSPFv3 process CONF IPV6 ROUTER OSPF mode router id number number the IPv4 address The format is A B C D NOTE Enter the router id for an OSPFv3 router as an IPv4 IP address Disable OSPF CONFIGURATION mode no ipv6 router ospf process id Reset the OSPFv3 process EXEC Privilege mode clear ipv6 ospf process Configuring Stub Areas To configure IPv6 stub areas use the following command Configure t...

Страница 754: ...e interface interface command To indicate that hello packets are not transmitted on that interface when you configure a passive interface the show ipv6 ospf interface command adds the words passive interface Redistributing Routes You can add routes from other routing instances or protocols to the OSPFv3 process With the redistribute command you can include RIP static or directly connected routes i...

Страница 755: ...er role to help restarting neighbor routers in their graceful restarts when it receives a Grace LSA To enable OSPFv3 graceful restart enter the ipv6 router ospf process id command to enter OSPFv3 configuration mode Then configure a grace period using the graceful restart grace period command The grace period is the time that the OSPFv3 neighbors continue to advertise the restarting router as thoug...

Страница 756: ...r the other mode restricts OSPFv3 to the single selected mode Disable OSPFv3 graceful restart CONF IPV6 ROUTER OSPF mode no graceful restart grace period Displaying Graceful Restart To display information on the use and configuration of OSPFv3 graceful restart enter any of the following commands Display the graceful restart configuration for OSPFv2 and OSPFv3 shown in the following example EXEC Pr...

Страница 757: ...tr Count 2 AS Bdr Rtr Count 2 LSA count 12010 Summary LSAs 1 Rtr LSA Count 4 Net LSA Count 3 Inter Area Pfx LSA Count 12000 Inter Area Rtr LSA Count 0 Group Mem LSA Count 0 The following example shows the show ipv6 ospf database grace lsa command Dell show ipv6 ospf database grace lsa Type 11 Grace LSA Area 0 LS Age 10 Link State ID 6 16 192 66 Advertising Router 100 1 1 1 LS Seq Number 0x80000001...

Страница 758: ... the IP header and before the next layer protocol header in Transport mode It is possible to insert the ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode However Tunnel mode is not supported in Dell Networking OS For detailed information about the IP ESP protocol refer to RFC 4303 In OSPFv3 communication IPsec provides security services between a pair of c...

Страница 759: ...does not provide a high level of network security To enable key encryption in an IPsec security policy at an interface or area level specify 7 for key encryption type when you enter the ipv6 ospf authentication ipsec or ipv6 ospf encryption ipsec command To configure an IPsec security policy for authenticating or encrypting OSPFv3 packets on a physical port channel or VLAN interface or OSPFv3 area...

Страница 760: ...and enable OSPFv3 on the interface and assign it to an area refer to Configuration Task List for OSPFv3 OSPF for IPv6 NOTE When you configure encryption using the ipv6 ospf encryption ipsec command you enable both IPsec encryption and authentication However when you enable authentication on an interface using the ipv6 ospf authentication ipsec command you do not enable encryption at the same time ...

Страница 761: ...e to one IPSec security policy authentication or encryption on the router Configure the same authentication policy the same SPI and key on each interface in an OPSFv3 link If you have enabled IPSec encryption in an OSPFv3 area using the area encryption command you cannot use the area authentication command in the area at the same time The configuration of IPSec authentication on an interface level...

Страница 762: ...mber esp encryption algorithm key encryption type key authentication algorithm key authentication type key area area id specifies the area for which OSPFv3 traffic is to be encrypted For area id enter a number or an IPv6 prefix spi number is the security policy index SPI value The range is from 256 to 4294967295 esp encryption algorithm specifies the encryption algorithm used with ESP The valid va...

Страница 763: ...yword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Examples of the show crypto ipsec Commands In the first example the keys are not encrypted shown in bold In the second and third examples the keys are encrypted shown in bold The following example shows th...

Страница 764: ... 128 aes esp sha1 hmac The following example shows the show crypto ipsec sa ipv6 command Dell show crypto ipsec sa ipv6 Interface TenGigabitEthernet 1 1 Link Local address fe80 201 e8ff fe40 4d10 IPSecv6 policy name OSPFv3 1 500 inbound ah sas spi 500 0x1f4 transform ah md5 hmac in use settings Transport replay detection support N STATUS ACTIVE outbound ah sas spi 500 0x1f4 transform ah md5 hmac i...

Страница 765: ... database Did you include the OSPF routes in the routing table not just the OSPF database Some useful troubleshooting commands are show ipv6 interfaces show ipv6 protocols debug ipv6 ospf events and or packets show ipv6 neighbors show ipv6 routes Viewing Summary Information To get general route configuration links status and debug information use the following commands View the summary information...

Страница 766: ... information For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 Open Shortest Path First OSPFv2 and OSPFv3 766 ...

Страница 767: ...so on For example a network administrator might want to forward a packet that uses transmission control protocol TCP across a different next hop than packets using Internet control message protocol ICMP In these situations you can a configure switch route packet according to a policy applied to interfaces In another scenario when the packet comes from one source and wants to go to another destinat...

Страница 768: ...next hop to be a tunnel interface If you do not provide the tunnel destination IP as the next hop the next hop is treated as an IPv4 next hop and not a tunnel next hop PBR with Multiple Tracking Option PBR with the multiple tracking option enabled extends and introduces the capabilities of object tracking to verify the next hop IP address before forwarding the traffic to the next hop The multiple ...

Страница 769: ...direct list to an Interface using a Redirect group PBR Exceptions Permit To create an exception to a redirect list use thepermit command Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy The Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CA...

Страница 770: ...edirect list CONF REDIRECT LIST mode seq number redirect ip address tunnel tunnel id track obj id ip protocol number protocol type bit source mask any host ip address destination mask any host ip address number is the number in sequence to initiate this rule ip address is the Forwarding router s address tunnel is used to configure the tunnel settings tunnel id is used to redirect the traffic track...

Страница 771: ... 222 1 1 1 32 A B C D Destination address any Any destination host host A single destination host Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 32 77 1 1 1 Mask A B C D or nn Mask in dotted decimal or in slash format Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 32 77 1 1 1 32 Dell conf redirect list redirect 3 3 3 3 ip 222 1 1 1 32 77 1 1 1 32 Dell conf redirect list do show ip re...

Страница 772: ... IP redirect lists are supported on physical interfaces as well as virtual local area network VLAN and port channel interfaces NOTE When you apply a redirect list on a port channel when traffic is redirected to the next hop and the destination port channel is shut down the traffic is dropped However the traffic redirected to the destination port channel is sometimes switched To apply a redirect li...

Страница 773: ... show ip redirect list redirect list name 2 View the redirect list entries programmed in the CAM EXEC mode show cam pbr show cam usage List the redirect list configuration using the show ip redirect list redirect list name command The non contiguous mask displays in dotted format x x x x The contiguous mask displays in x format Dell show ip redirect list explicit_tunnel IP redirect list explicit_t...

Страница 774: ... 222 222 24 eq 40 ack Next hop reachable via Te 2 1 Applied interfaces Te 2 2 NOTE If you apply the redirect list to an interface the output of the show ip redirect list redirect list name command displays reachability status for the specified next hop Example Showing CAM PBR Configuration Dell show cam pbr stack unit 1 port set 0 TCP Flag Bit 5 URG Bit 4 ACK Bit 3 PSH Bit 2 RST Bit 1 SYN Bit 0 FI...

Страница 775: ...riginating in 192 168 2 0 24 seq 15 permit ip any Create the Redirect List GOLD EDGE_ROUTER conf if Te 2 23 ip redirect list GOLD EDGE_ROUTER conf redirect list description Route GOLD traffic to ISP_GOLD EDGE_ROUTER conf redirect list direct 10 99 99 254 ip 192 168 1 0 24 any EDGE_ROUTER conf redirect list redirect 10 99 99 254 ip 192 168 2 0 24 any EDGE_ROUTER conf redirect list seq 15 permit ip ...

Страница 776: ...g Explicit Track Objects for Redirect IPs Create Track Objects to track the Redirect IPs Dell configure terminal Dell conf track 3 ip host 42 1 1 2 reachability Dell conf track 3 probe icmp Dell conf track 3 track 4 ip host 43 1 1 2 reachability Dell conf track 4 probe icmp Dell conf track 4 end Create a Redirect list with Track Objects pertaining to Redirect IPs Dell configure terminal Dell conf ...

Страница 777: ...ack 3 up Next hop reachable via Vl 20 seq 20 redirect 42 1 1 2 track 3 udp any host 144 144 144 144 Track 3 up Next hop reachable via Vl 20 seq 25 redirect 43 1 1 2 track 4 ip host 7 7 7 7 host 144 144 144 144 Track 4 up Next hop reachable via Vl 20 Applied interfaces Te 2 28 Dell Creating a PBR list using Explicit Track Objects for Tunnel Interfaces Creating steps for Tunnel Interfaces Dell confi...

Страница 778: ...t list redirect tunnel 2 track 2 tcp 155 55 2 0 24 222 22 2 0 24 Dell conf redirect list redirect tunnel 2 track 2 tcp any any Dell conf redirect list end Dell Apply the Redirect Rule to an Interface Dell configure terminal Dell conf interface TenGigabitEthernet 2 28 Dell conf if te 2 28 ip redirect group explicit_tunnel Dell conf if te 2 28 exit Dell conf end Verify the Applied Redirect Rules Del...

Страница 779: ...e requests in the same message Dell Networking OS supports PIM SM on physical virtual local area network VLAN and port channel interfaces NOTE Multicast routing is supported across default and non default VRFs Protocol Overview PIM SM initially uses unidirectional shared trees to forward multicast traffic that is all multicast traffic must flow only from the rendezvous point RP to the receivers Af...

Страница 780: ... about the source and create an SPT to it Then the last hop DR may create an SPT directly to the source 1 The source gateway router first hop DR receives the multicast packets and creates an S G entry in its multicast routing table The first hop DR encapsulates the initial multicast packets in PIM Register packets and unicasts them to the RP 2 The RP decapsulates the PIM Register packets and forwa...

Страница 781: ...ng step 2 Select a rendezvous point 3 Enable PIM SM on an interface Enable multicast routing CONFIGURATION mode ip multicast routing Related Configuration Tasks The following are related PIM SM configuration tasks Configuring S G Expiry Timers Configuring a Static Rendezvous Point Configuring a Designated Router Creating Multicast Boundaries and Domains Enable PIM SM You must enable PIM SM on each...

Страница 782: ... v2 1 S Dell To display the PIM routing table use the show ip pim tib command from EXEC privilege mode Dell show ip pim tib PIM Multicast Routing Table Flags D Dense S Sparse C Connected L Local P Pruned R RP bit set F Register flag T SPT bit set J Join SPT Timers Uptime Expires Interface state Interface next Hop State Mode 192 1 2 1 uptime 00 29 36 expires 00 03 26 RP 10 87 2 6 flags SCJ Incoming...

Страница 783: ...sg expiry timer command but the ACL has not been created or is a standard ACL if the expiry time is specified for an S G entry in a deny rule Dell conf ip access list extended SGtimer Dell config ext nacl permit ip 10 1 2 3 24 225 1 1 0 24 Dell config ext nacl permit ip any 232 1 1 0 24 Dell config ext nacl permit ip 100 1 1 0 16 any Dell config ext nacl show conf ip access list extended SGtimer s...

Страница 784: ...mand from EXEC privilege mode Dell show ip pim rp Group RP 225 0 1 40 165 87 50 5 226 1 1 1 165 87 50 5 To display the assigned RP for a group range group to RP mapping use the show ip pim rp mapping command in EXEC privilege mode Dell show ip pim rp mapping PIM Group to RP Mappings Group s 224 0 0 0 4 Static RP 165 87 50 5 v2 Configuring a Designated Router Multiple PIM SM routers might be connec...

Страница 785: ...n a common boundary defined by PIM multicast border routers PMBRs PMBRs connect each PIM domain to the rest of the Internet Create multicast boundaries and domains by filtering inbound and outbound bootstrap router BSR messages per interface The following command is applied to the subsequent inbound and outbound updates Timeout removes existing BSR advertisements Create multicast boundaries and do...

Страница 786: ...ing systems it is possible to use PIM SM with IGMPv3 to achieve the same result but PIM SSM eliminates the unnecessary protocol overhead PIM SSM also solves the multicast address allocation problem Applications must use unique multicast addresses because if multiple applications use the same address receivers receive unwanted traffic However global multicast address space is limited Currently GLOP...

Страница 787: ...for a range of addresses Related Configuration Tasks Use PIM SSM with IGMP Version 2 Hosts Enabling PIM SSM To enable PIM SSM follow these steps 1 Create an ACL that uses permit rules to specify what range of addresses should use SSM CONFIGURATION mode ip access list standard name 2 Enter the ip pim ssm range command and specify the ACL you created CONFIGURATION mode ip pim ssm range acl name Enab...

Страница 788: ...his command Dell Networking OS displays an error message If you apply an extended ACL before you create it Dell Networking OS accepts the configuration but when the ACL is later defined Dell Networking OS ignores the ACL and the stated mapping has no effect To display the source to which a group is mapped use the show ip igmp ssm map group command If you use the group option the command displays t...

Страница 789: ... 0 0 0 4 ip pim ssm range ssm R1 conf do show run acl ip access list standard map seq 5 permit host 239 0 0 2 ip access list standard ssm seq 5 permit host 239 0 0 2 R1 conf ip igmp ssm map map 10 11 5 2 R1 conf do show ip igmp groups Total Number of Groups 2 IGMP Connected Group Membership Group Address Interface Mode Uptime Expires Last Reporter 239 0 0 2 Vlan 300 IGMPv2 Compat 00 00 07 Never 10...

Страница 790: ...address Uptime Expires 10 11 5 2 00 00 01 Never Interface Vlan 400 Group 239 0 0 1 Uptime 00 00 05 Expires Never Router mode INCLUDE Last reporter 10 11 4 2 Last reporter mode INCLUDE Last report received ALLOW Group source list Source address Uptime Expires 10 11 5 2 00 00 05 00 02 04 Member Ports Te 1 2 PIM Source Specific Mode PIM SSM 790 ...

Страница 791: ...he normal Port Monitoring feature This feature is generally referred as RPM where mirror traffic is carried over L2 network Encapsulated Remote Port Monitoring ERPM ERPM is a feature to encapsulate mirrored packet using GRE with IP delivery so that it can be sent across a routed network Topics Important Points to Remember Port Monitoring Configuring Port Monitoring Configuring Monitor Multicast Qu...

Страница 792: ...t mirroring directions as follows 4 per port pipe if the four destination ports mirror in one direction either rx or tx 2 per port pipe if the two destination ports mirror in bidirection 3 per port pipe if one of the destination port mirrors bidirection and the other two ports mirror in one direction either rx or tx In the following examples ports 1 13 1 14 1 15 and 1 16 all belong to the same por...

Страница 793: ... example below 0 25 and 0 26 belong to Port pipe 1 This port pipe has the same restriction of only four destination ports new or used Dell conf mon sess 300 do show mon session SessionID Source Destination Direction Mode Type 0 Te 1 13 Te 1 1 rx interface Port based 10 Te 1 14 Te 1 2 rx interface Port based 20 Te 1 15 Te 1 3 rx interface Port based 30 Te 1 16 Te 1 37 rx interface Port based 100 Te...

Страница 794: ...session using the command monitor session from CONFIGURATION mode as shown in the following example CONFIGURATION mode monitor session monitor session type rpm erpm type is an optional keyword required only for rpm and erpm 3 Specify the source and destination port and direction of traffic as shown in the following example MONITOR SESSION mode source Example of Viewing Port Monitoring Configuratio...

Страница 795: ... Flow based mirroring Please refer section Enabling Flow Based Monitoring In the following example the host and server are exchanging traffic which passes through the uplink interface 1 1 Port 1 1 is the monitored port and port 1 42 is the destination port which is configured to only monitor traffic received on tengigabitethernet 1 1 host originated traffic Figure 105 Port Monitoring Example Confi...

Страница 796: ...ude the keyword monitor For port monitoring Dell Networking OS only considers traffic matching rules with the keyword monitor CONFIGURATION mode ip access list Refer to Access Control Lists ACLs 3 Apply the ACL to the monitored port INTERFACE mode ip access group access list Example of the flow based enable Command To view an access list that you applied to an interface use the show ip accounting ...

Страница 797: ...to multiple destination ports on different switches Remote port mirroring helps network administrators monitor and analyze traffic to troubleshoot network problems in a time saving and efficient way In a remote port mirroring session monitored traffic is tagged with a VLAN ID and switched on a user defined non routable L2 VLAN The VLAN is reserved in the network to carry only mirrored traffic whic...

Страница 798: ...ate and destination switches and a destination session destination ports connected to analyzers on destination switches Configuration Notes When you configure remote port mirroring the following conditions apply You can configure any switch in the network with source ports and destination ports and allow it to function in an intermediate transport session for a reserved VLAN at the same time for m...

Страница 799: ...if the switch has a L3 VLAN configured In a source session used for remote port mirroring You can configure any port as a source port in a remote port monitoring session with a maximum of three source ports per port pipe Maximum number of source sessions supported on a switch 4 Maximum number of source ports supported in a source session 128 You can configure physical ports and port channels as so...

Страница 800: ...oring Configurations To display the current configuration of remote port mirroring for a specified session enter the show config command in MONITOR SESSION configuration mode Dell conf mon sess 2 show config monitor session 2 type rpm source fortyGigE 1 52 destination remote vlan 300 direction rx source Port channel 10 destination remote vlan 300 direction rx no disable To display the currently co...

Страница 801: ...Specify the source ip address and the destination ip where the packet needs to be sent 6 no flow based enable Specify flow based enable for mirroring on a flow by flow basis and also for vlan as source 7 no enable Optional No disable command is mandatory in order for a rpm session to be active Configuring the sample Source Remote Port Mirroring Dell conf interface vlan 10 Dell conf if vl 10 mode r...

Страница 802: ...0 dest remote vlan 30 dir both Dell conf mon sess 3 no disable Dell conf mon sess 3 Dell conf mon sess 3 exit Dell conf end Dell Dell show monitor session SessID Source Destination Dir Mode Source IP Dest IP 1 Te 1 5 remote vlan 10 rx Port N A N A 2 Vl 100 remote vlan 20 rx Flow N A N A 3 Po 10 remote vlan 30 both Port N A N A Dell Configuring the sample Source Remote Port Mirroring Dell conf inte...

Страница 803: ... N A N A N A 2 remote vlan 20 Te 1 5 N A N A N A N A 3 remote vlan 30 Te 1 6 N A N A N A N A Dell Configuring RSPAN Source Sessions to Avoid BPD Issues When ever you configure an RPM source session you must ensure the following to avoid BPDU issues 1 Enable control plane egress acl using the following command mac control plane egress acl 2 Create an extended MAC access list and add a deny rule of ...

Страница 804: ...data under GRE header IP header and outer MAC header and sends it out at the next hop interface as pointed by the routing table Specify flow based enable in case of source as VLAN or where you need monitoring on a per flow basis Specify the monitor keyword in the access list rules for which you want to mirror The maximum number of source ports that can be defined in a session is 128 The system all...

Страница 805: ... no disable Enter the no disable command to activate the ERPM session The following example shows an ERPM configuration Dell conf monitor session 0 type erpm Dell conf mon sess 0 source tengigabitethernet 1 9 direction rx Dell conf mon sess 0 source port channel 1 direction tx Dell conf mon sess 0 erpm source ip 1 1 1 1 dest ip 7 1 1 2 Dell conf mon sess 0 no disable Dell conf monitor session 1 ty...

Страница 806: ...sulation of the data received transmitted at the specified source port Port A An ERPM destination session decapsulation of the ERPM packets at the destination Switch are not supported Figure 107 ERPM Behavior As seen in the above figure the packets received transmitted on Port A will be encapsulated with an IP GRE header plus a new L2 header and sent to the destination ip address Port D s ip addre...

Страница 807: ...can be converted back into stream and fed to any egress interface b Using Python script Either have a Linux server s ethernet port ip as the ERPM destination ip or connect the ingress interface of the server to the ERPM MirrorToPort The analyzer should listen in the forward egress interface If there is only one interface one can choose the ingress and forward interface to be same and listen in the...

Страница 808: ...interface on the Linux server via which the decapsulation packets can Egress In case there is only one interface the ingress interface itself can be specified as Egress and the analyzer can listen in the tx direction Port Monitoring 808 ...

Страница 809: ...e same time using the same IP subnet address space for all community and isolated VLANs mapped to the same primary VLAN In more detail community VLANs are especially useful in the service provider environment because multiple customers are likely to maintain servers that must be strictly separated in customer specific groups A set of servers owned by a customer could comprise a community VLAN so t...

Страница 810: ...e VLAN is a port in a secondary VLAN The port must first be assigned that role in INTERFACE mode A port assigned the host role cannot be added to a regular VLAN Isolated port a port that in Layer 2 can only communicate with promiscuous ports that are in the same PVLAN Promiscuous port a port that is allowed to communicate with any other port type in the PVLAN A promiscuous port can be part of more...

Страница 811: ...EC mode or EXEC Privilege mode show vlan private vlan community interface isolated primary primary_vlan interface interface Display primary secondary VLAN mapping EXEC mode or EXEC Privilege mode show vlan private vlan mapping Set the PVLAN mode of the selected port INTERFACE switchport mode private vlan host promiscuous trunk NOTE Secondary VLANs are Layer 2 VLANs so even if they are operationall...

Страница 812: ...the Interfaces chapter NOTE You cannot add interfaces that are configured as PVLAN ports to regular VLANs You also cannot add regular ports ports not configured as PVLAN ports to PVLANs The following example shows the switchport mode private vlan command on a port and on a port channel Dell conf Dell conf interface TenGigabitEthernet 2 1 Dell conf if te 2 1 switchport mode private vlan promiscuous...

Страница 813: ...vlan list The list of secondary VLANs can be Specified in comma delimited VLAN ID VLAN ID or hyphenated range format VLAN ID VLAN ID Specified with this command even before they have been created Amended by specifying the new secondary VLAN to be added to the list 5 Add promiscuous ports as tagged or untagged interfaces INTERFACE VLAN mode tagged interface or untagged interface Add PVLAN trunk por...

Страница 814: ...VLAN mode private vlan mode community 4 Add one or more host ports to the VLAN INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format either comma delimited slot port port port or hyphenated slot port port You can only add host isolated ports to the VLAN Creating an Isolated VLAN An isolated VLAN is a secondary VLAN of a primary VLAN An is...

Страница 815: ...ommands that are used in VLAN INTERFACE mode to configure the PVLAN member VLANs primary community and isolated VLANs Dell conf Dell conf interface vlan 10 Dell conf vlan 10 private vlan mode primary Dell conf vlan 10 private vlan mapping secondary vlan 100 101 Dell conf vlan 10 untagged Te 2 1 Dell conf vlan 10 tagged Te 2 3 Dell conf interface vlan 101 Dell conf vlan 101 private vlan mode commun...

Страница 816: ...ssigned to the primary VLAN 4000 Te 1 24 and Te 1 47 are configured as host ports and assigned to the isolated VLAN VLAN 4003 Te 4 1 and Te 23 are configured as host ports and assigned to the community VLAN VLAN 4001 Te 4 24 and Te 4 47 are configured as host ports and assigned to community VLAN 4002 The result is that The ports in community VLAN 4001 can communicate directly with each other and w...

Страница 817: ...n one secondary VLAN and destined for host PVLAN ports in the other switch travel through the promiscuous ports in the local VLAN 4000 and then through the trunk ports 1 25 in each switch Inspecting the Private VLAN Configuration The standard methods of inspecting configurations also apply in PVLANs To inspect your PVLAN configurations use the following commands Display the specific interface conf...

Страница 818: ...e show vlan private vlan mapping command S50 1 show vlan private vlan mapping Private Vlan Primary 4000 Isolated 4003 Community 4001 NOTE In the following example notice the addition of the PVLAN codes P I and C in the left column The following example shows viewing the VLAN status S50V show vlan Codes Default VLAN G GVRP VLANs P Primary C Community I Isolated Q U Untagged T Tagged x Dot1x untagge...

Страница 819: ...e vlan host no shutdown interface TenGigabitEthernet 1 25 no ip address switchport switchport mode private vlan trunk no shutdown interface Vlan 4000 private vlan mode primary private vlan mapping secondary vlan 4001 4003 no ip address tagged TenGigabitEthernet 1 3 25 no shutdown interface Vlan 4001 private vlan mode community Private VLANs PVLAN 819 ...

Страница 820: ...ng tree instance for each virtual local area network VLAN Protocol Overview PVST is a variation of spanning tree developed by a third party that allows you to configure a separate spanning tree instance for each virtual local area network VLAN For more information about spanning tree refer to the Spanning Tree Protocol STP chapter 42 Per VLAN Spanning Tree Plus PVST 820 ...

Страница 821: ...Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Implementation Information The Dell Networking OS implementation of PVST is based on IEEE Standard 802 1w Per VLAN Spanning Tree Plus PVST 821 ...

Страница 822: ...nable PVST 4 Optionally for load balancing select a nondefault bridge priority for a VLAN Related Configuration Tasks Modifying Global PVST Parameters Modifying Interface PVST Parameters Configuring an EdgePort Flush MAC Addresses after a Topology Change Prevent Network Disruptions with BPDU Guard Enabling SNMP Traps for Root Elections and Topology Changes Configuring Spanning Trees as Hitless PVS...

Страница 823: ...nterface or remove a PVST parameter configuration INTERFACE mode no spanning tree pvst Example of Viewing PVST Configuration To display your PVST configuration use the show config command from PROTOCOL PVST mode Dell_E600 conf pvst show config verbose protocol spanning tree pvst no disable vlan 100 bridge priority 4096 Per VLAN Spanning Tree Plus PVST 823 ...

Страница 824: ...each VLAN This behavior demonstrates how you can use PVST to achieve load balancing Figure 110 Load Balancing with PVST The bridge with the bridge value for bridge priority is elected root Because all bridges use the default priority until configured otherwise the lowest MAC address is used as a tie breaker To increase the likelihood that a bridge is selected as the STP root assign bridges a low n...

Страница 825: ...st 0 Number of transitions to forwarding state 2 BPDU sent 1159 received 632 The port is not in the Edge port mode Port 385 TenGigabitEthernet 1 32 is designated Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 385 Designated root has priority 4096 address 0001 e80d b6 d6 Designated bridge has priority 4096 address 0001 e80d b6 d6 Designated port id is 128 385 designated path ...

Страница 826: ...ability that a port becomes a forwarding port Port cost a value that is based on the interface type The greater the port cost the less likely the port is selected to be a forwarding port Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost The following tables lists the default values for port cost by interface T...

Страница 827: ...t is 128 The values for interface PVST parameters are given in the output of the show spanning tree pvst command as previously shown Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise it does not go thr...

Страница 828: ...ee the no spanning tree command in CONFIGURATION mode PVST in Multi Vendor Networks Some non Dell Networking systems which have hybrid ports participating in PVST transmit two kinds of BPDUs an 802 1D BPDU and an untagged PVST BPDU Dell Networking systems do not expect PVST BPDU tagged or untagged on an untagged port If this situation occurs Dell Networking OS places the port in an Error Disable s...

Страница 829: ...t do show spanning tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773 Address 0001 e832 73f7 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 32773 priority 32768 sys id ext 5 Address 0001 e832 73f7 We are the root of Vlan 5 Configured hello time 2 max age 20 forward delay 15 PVST Sample Configurations The following examples...

Страница 830: ...riority 4096 Example of PVST Configuration R2 interface TenGigabitEthernet 2 12 no ip address switchport no shutdown interface TenGigabitEthernet 2 32 no ip address switchport no shutdown interface Vlan 100 no ip address tagged TenGigabitEthernet 2 12 32 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 2 12 32 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthe...

Страница 831: ...gged TenGigabitEthernet 3 12 22 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 3 12 22 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 3 12 22 no shutdown protocol spanning tree pvst no disable vlan 300 bridge priority 4096 Per VLAN Spanning Tree Plus PVST 831 ...

Страница 832: ...ies on Ingress Traffic Ingress Configure Port based Rate Policing Ingress Configure Port based Rate Shaping Egress Policy Based QoS Configurations Ingress Egress Classify Traffic Ingress Create a Layer 3 Class Map Ingress Set DSCP Values for Egress Packets Based on Flow Ingress Create a Layer 2 Class Map Ingress Create a QoS Policy Ingress Egress Create an Input QoS Policy Ingress Configure Policy...

Страница 833: ...icy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict Priority Queueing Weighted Random Early Detection Egress Quality of Service QoS 833 ...

Страница 834: ...Policy Based QoS Configurations DSCP Color Maps Enabling QoS Rate Adjustment Enabling Strict Priority Queueing Weighted Random Early Detection Pre Calculating Available QoS CAM Space Configuring Weights and ECN for WRED Configuring WRED and ECN Attributes Guidelines for Configuring ECN for Classifying and Color Marking Packets Quality of Service QoS 834 ...

Страница 835: ...ted Services RFC 2597 Assured Forwarding PHB Group RFC 2598 An Expedited Forwarding PHB You cannot configure port based and policy based QoS on the same interface Port Based QoS Configurations You can configure the following QoS features on an interface NOTE You cannot simultaneously use egress rate shaping and ingress rate policing on the same virtual local area network VLAN Setting dot1p Priorit...

Страница 836: ...CE entries For more information refer to Mapping dot1p Values to Service Queues NOTE You cannot configure service policy input and service class dynamic dot1p on the same interface Honor dot1p priorities on ingress traffic INTERFACE mode service class dynamic dot1p Example of Configuring an Interface to Honor dot1p Priorities on Ingress Traffic Dell configure terminal Dell conf interface tengigabi...

Страница 837: ...onf interface tengigabitethernet 1 1 Dell conf if te 1 1 rate police 100 40 peak 150 50 Dell conf if te 1 1 end Configuring Port Based Rate Shaping Rate shaping buffers rather than drops traffic exceeding the specified rate until the buffer is exhausted If any stream exceeds the configured bandwidth on a continuous basis it can consume all of the buffer space that is allocated to the port Dell Net...

Страница 838: ...owing example Figure 113 Constructing Policy Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic For both class maps Layer 2 and Layer 3 Dell Networking OS matches packets against match criteria in the order that you configure them Quality of Service QoS 838 ...

Страница 839: ... in CLASS MAP mode Match any class maps allow up to five ACLs Match all class maps allow only one ACL 4 Link the class map to a queue POLICY MAP mode service queue Example of Creating a Layer 3 Class Map Dell conf ip access list standard acl1 Dell config std nacl permit 20 0 0 0 8 Dell config std nacl exit Dell conf ip access list standard acl2 Dell config std nacl permit 20 1 1 0 24 order 0 Dell ...

Страница 840: ...map CONFIGURATION mode class map match all 3 Specify your match criteria CLASS MAP mode match mac After you create a class map Dell Networking OS places you in CLASS MAP mode Match any class maps allow up to five access lists Match all class maps allow only one You can match against only one VLAN ID 4 Link the class map to a queue POLICY MAP mode service queue Determining the Order in Which ACLs a...

Страница 841: ...s unintended traffic classification In the following example traffic is classified in two Queues 1 and 2 Class map ClassAF1 is match any and ClassAF2 is match all Display all class maps or a specific class map EXEC Privilege mode show qos class map Examples of Traffic Classifications The following example shows incorrect traffic classifications Dell show running config policy map input policy map ...

Страница 842: ...0 IP 0x0 0 0 23 64 0 3 32 0 0 0 0 0 12 1 20419 1 10 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 14 1 24511 1 0 0 0x0 0 0 0 0 0 0 0 0 0 0 0 0 0 Create a QoS Policy There are two types of QoS policies input and output Input QoS policies regulate Layer 3 and Layer 2 ingress traffic The regulation mechanisms for input QoS policies are rate policing and setting priority values Layer 3 QoS input policies allow you to...

Страница 843: ... POLICY IN mode rate police Setting a dot1p Value for Egress Packets To set a dot1p value for egress packets use the following command Set a dscp or dot1p value for egress packets QOS POLICY IN mode set mac dot1p Creating an Output QoS Policy To create an output QoS policy use the following commands 1 Create an output QoS policy CONFIGURATION mode qos policy output 2 After you configure an output ...

Страница 844: ... Bandwidth Weights Queue Default Bandwidth Percentage for 4 Queue System Default Bandwidth Percentage for 8 Queue System 0 6 67 1 1 13 33 2 2 26 67 3 3 53 33 4 4 5 5 10 6 25 7 50 NOTE The system supports 8 data queues When you assign a percentage to one queue note that this change also affects the amount of bandwidth that is allocated to other queues Therefore whenever you are allocating bandwidth...

Страница 845: ... Class Map or Input QoS Policy to a Queue To apply a class map or input QoS policy to a queue use the following command Assign an input QoS policy to a queue POLICY MAP IN mode service queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map use the following command Apply an input QoS policy to an input policy map POLICY MAP IN mode policy serv...

Страница 846: ...te 1 16 31 001XXX AF1 Priority 0 0 15 000XXX BE Best Effort Best Effort 0 0 15 Enable the trust DSCP feature POLICY MAP IN mode trust diffserv Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature The following table specifies the queue to which the classified traffic is sent based on the dot1p value Table 73 Default dot1p t...

Страница 847: ...th to dot1p based service queues use the following command Apply this command in the same way as the bandwidth percentage command in an output QoS policy refer to Allocating Bandwidth to Queue The bandwidth percentage command in QOS POLICY OUT mode supersedes the service class bandwidth percentage command Guarantee a minimum bandwidth to queues globally CONFIGURATION mode service class bandwidth p...

Страница 848: ... interface Applying an Output QoS Policy to a Queue To apply an output QoS policy to a queue use the following command Apply an output QoS policy to queues INTERFACE mode service queue Specifying an Aggregate QoS Policy To specify an aggregate QoS policy use the following command Specify an aggregate QoS policy POLICY MAP OUT mode policy aggregate Applying an Output Policy Map to an Interface To a...

Страница 849: ...ce which will either transmit or drop the packet based on configured queuing behavior Traffic marked as red high drop precedence is dropped Important Points to Remember All DSCP values that are not specified as yellow or red are colored green low drop precedence A DSCP value cannot be in both the yellow and red lists Setting the red or yellow list with any DSCP value that is already in the other l...

Страница 850: ...e 1 11 qos dscp color policy bat enclave map Displaying DSCP Color Maps To display DSCP color maps use the show qos dscp color map command in EXEC mode Examples for Creating a DSCP Color Map Display all DSCP color maps Dell show qos dscp color map Dscp color map mapONE yellow 4 7 red 20 30 Dscp color map mapTWO yellow 16 55 Display a specific DSCP color map Dell show qos dscp color map mapTWO Dscp...

Страница 851: ...Networking OS does not include the Preamble SFD or the IFG fields These fields are overhead only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations The Ethernet packet format consists of Preamble 7 bytes Preamble Start frame delimiter SFD 1 byte Destination MAC address 6 bytes Source MAC address 6 bytes Ethernet Type Leng...

Страница 852: ... buffering resources from being consumed The WRED congestion avoidance mechanism drops packets to prevent buffering resources from being consumed Traffic is a mixture of various kinds of packets The rate at which some types of packets arrive might be greater than others In this case the space on the buffer and traffic manager BTM ingress or egress can be consumed by only one or a few types of traf...

Страница 853: ...shold Maximum Threshold Maximum Drop Rate wred_drop 0 0 100 wred_teng_y 467 4671 100 wred_teng_g 467 4671 50 wred_fortyg_y 467 4671 50 wred_fortyg_g 467 4671 25 Creating WRED Profiles To create WRED profiles use the following commands 1 Create a WRED profile CONFIGURATION mode wred profile 2 Specify the minimum and maximum threshold values WRED mode threshold Quality of Service QoS 853 ...

Страница 854: ...ecedence Assign a WRED profile to either yellow or green traffic QOS POLICY OUT mode wred Displaying Default and Configured WRED Profiles To display the default and configured WRED profiles use the following command Display default and configured WRED profiles and their threshold values EXEC mode show qos wred profile Displaying WRED Profiles Example of the show qos wred profile Command Dell show ...

Страница 855: ...ble to apply to an interface a policy map that requires more entries than are available In this case the system writes as many entries as possible and then generates an CAM full error message shown in the following example The partial policy map configuration might cause unintentional system behavior EX2YD 12 DIFFSERV 2 DSA_QOS_CAM_INSTALL_FAILED Not enough space in L3 Cam PolicyQos for class 2 Te...

Страница 856: ...s much of the same information as the test cam usage command but whether a policy map can be successfully applied to an interface cannot be determined without first measuring how many CAM entries the policy map would consume the test cam usage command is useful because it provides this measurement Verify that there are enough available CAM entries test cam usage Example of the test cam usage Comma...

Страница 857: ...le a smooth seamless averaging of packets to handle the sudden overload of packets based on the previous time sampling performed You can specify the weight parameter for front end and backplane ports separately in the range of 0 through 15 You can enable WRED and ECN capabilities per queue for granularity You can disable these functionality per queue and you can also specify the minimum and maximu...

Страница 858: ...guration Queue Configuration Service Pool Configuration WRED Threshold Relationship Q threshold Q T Service pool threshold SP T Expected Functionality WRED ECN WRED ECN 0 0 X X X WRED ECN not applicable 1 0 0 X X Queue based WRED No ECN marking 1 X Q T SP T SP T Q T SP based WRED No ECN marking 1 1 0 X X Queue based ECN marking above queue threshold ECN marking to shared buffer limits of the servi...

Страница 859: ...e Dell conf wred wred profile thresh 2 Dell conf wred threshold min 300 max 400 max drop rate 80 4 Create a global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed mode Dell conf service pool wred green pool0 thresh 1 pool1 thresh 2 Dell conf service pool wred yellow pool0 thresh 3 pool1 thresh 4 Dell conf service p...

Страница 860: ...packets as yellow packets ip access list standard ecn_0 seq 5 permit any ecn 0 class map match any ecn_0_cmap match ip access group ecn_0 set color yellow policy map input ecn_0_pmap service queue 0 class map ecn_0_cmap Applying this policy map ecn_0_pmap will mark all the packets with ecn 0 as yellow packets on queue0 default queue Classifying Incoming Packets Using ECN and Color Marking Explicit...

Страница 861: ... 8 bit ToS field of the IPv4 header shall be used to classify traffic The Dell Networking OS Release 9 3 0 0 supports the following QOS actions in the ingress policy based QOS 1 Rate Policing 2 Queuing 3 Marking For the L3 Routed packets the DSCP marking is the only marking action supported in the software As a part of this feature the additional marking action to set the color of the traffic will...

Страница 862: ...y default Dell Networking OS drops all the RED or violate packets The following combination of marking actions to be specified match sequence of the class map command set a new DSCP for the packet set the packet color as yellow set the packet color as yellow and set a new DSCP for the packet This marking action to set the color of the packet is allowed only on the match any logical operator of the...

Страница 863: ...dscp_40 service queue 3 class map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets ip access list standard dscp_50_ecn seq 5 permit any dscp 50 ecn 1 seq 10 permit any dscp 50 ecn 2 seq 15 permit any dscp 50 ecn 3 ip access list standard dscp_40_ecn seq 5 permit any dscp 40 ecn 1 seq 10 permit any dscp 40 ecn 2 seq 15 permit any dscp 40 ecn 3 ip access list standard dscp_5...

Страница 864: ... Configure a Layer 2 QoS policy with Layer 2 Dot1p or source MAC based match criteria CONFIGURATION mode Dell conf policy map input l2p layer2 3 Apply the Layer 2 policy on a Layer 3 interface INTERFACE mode Dell conf if fo 1 4 service policy input l2p layer2 Applying DSCP and VLAN Match Criteria on a Service Queue You can configure Layer 3 class maps which contain both a Layer 3 Differentiated Se...

Страница 865: ... IN mode Dell conf qos policy in set ip dscp 5 6 Create an input policy map CONFIGURATION mode Dell conf policy map input pp_policmap 7 Create a service queue to associate the class map and QoS policy map POLICY MAP mode Dell conf policy map in service queue 0 class map pp_classmap qos policy pp_qospolicy Classifying Incoming Packets Using ECN and Color Marking Explicit Congestion Notification ECN...

Страница 866: ...the 2 bit ECN field of the IPv4 packet will also be available to be configured as one of the match qualifier This way the entire 8 bit ToS field of the IPv4 header shall be used to classify traffic The Dell Networking OS Release 9 3 0 0 supports the following QOS actions in the ingress policy based QOS 1 Rate Policing 2 Queuing 3 Marking For the L3 Routed packets the DSCP marking is the only marki...

Страница 867: ... the class map configuration By default all packets are considered as green without the rate policer and trust diffserve configuration and hence support would be provided to mark the packets as yellow alone will be provided By default Dell Networking OS drops all the RED or violate packets The following combination of marking actions to be specified match sequence of the class map command set a ne...

Страница 868: ...lt all packets less than PIR would be considered as Green But Green packets matching the specific match criteria for which color marking is configured will be over written and marked as Yellow If two rate three color policer is configured along with this feature then x CIR will be marked as Green CIR x PIR will be marked as Yellow PIR x will be marked as Red But Green packets matching the specific...

Страница 869: ... can be achieved using either of the two approaches Approach without explicit ECN match qualifiers for ECN packets ip access list standard dscp_50 seq 5 permit any dscp 50 ip access list standard dscp_40 seq 5 permit any dscp 40 ip access list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ip access list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class map match any class_dsc...

Страница 870: ... the tracking of statistical values of buffer spaces at a global level The buffer statistics tracking utility operates in the max use count mode that enables the collection of maximum values of counters To configure the buffer statistics tracking utility perform the following step 1 Enable the buffer statistics tracking utility and enter the Buffer Statistics Snapshot configuration mode CONFIGURAT...

Страница 871: ...ERED CELLS MCAST 3 0 Unit 1 unit 3 port 5 interface Fo 1 148 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 9 interface Fo 1 152 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 13 interface Fo 1 156 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 17 interface Fo 1 160 Q TYPE Q TOTAL BUFFERED CELLS MCAST 3 0 Unit 1 unit 3 port 21 interface Fo 1 164 Q TYPE Q TOTAL B...

Страница 872: ...ormation for a specific interface EXEC EXEC Privilege mode Dell show hardware buffer stats snapshot resource interface fortyGigE 0 0 queue all Unit 0 unit 0 port 1 interface Fo 0 0 Q TYPE Q TOTAL BUFFERED CELLS UCAST 0 0 UCAST 1 0 UCAST 2 0 UCAST 3 0 UCAST 4 0 UCAST 5 0 UCAST 6 0 UCAST 7 0 UCAST 8 0 UCAST 9 0 UCAST 10 0 UCAST 11 0 MCAST 0 0 MCAST 1 0 MCAST 2 0 MCAST 3 0 MCAST 4 0 MCAST 5 0 MCAST 6...

Страница 873: ...hed after RIP sends out one or more broadcast signals to all adjacent nodes in a network Hop counts of these signals are tracked and entered into the routing table which defines where nodes in the network are located The information that is used to update the routing table is sent as either a request or response message In RIPv1 automatic updates to the routing table are performed as either one ti...

Страница 874: ...terfaces The following table lists the defaults for RIP in Dell Networking OS Table 77 RIP Defaults Feature Default Interfaces running RIP Listen to RIPv1 and RIPv2 Transmit RIPv1 RIP timers update timer 30 seconds invalid timer 180 seconds holddown timer 180 seconds flush timer 240 seconds Auto summarization Enabled ECMP paths supported 16 Configuration Information By default RIP is disabled in D...

Страница 875: ... mode and enable the RIP process on Dell Networking OS CONFIGURATION mode router rip 2 Assign an IP network address as a RIP network to exchange routing information ROUTER RIP mode network ip address Examples of Verifying RIP is Enabled and Viewing RIP Routes After designating networks with which the system is to exchange RIP information ensure that all devices on that network are configured to ex...

Страница 876: ...0 10 12 00 01 22 Fa 1 49 192 162 3 0 24 auto summary To disable RIP globally use the no router rip command in CONFIGURATION mode Configure RIP on Interfaces When you enable RIP globally on the system interfaces meeting certain conditions start receiving RIP routes By default interfaces that you enable and configure with an IP address in the same subnet as the RIP network address receive RIPv1 and ...

Страница 877: ...P routes use the following commands Assign a configured prefix list to all incoming RIP routes ROUTER RIP mode distribute list prefix list name in Assign a configured prefix list to all outgoing RIP routes ROUTER RIP mode distribute list prefix list name out To view the current RIP configuration use the show running config command in EXEC mode or the show config command in ROUTER RIP mode Adding R...

Страница 878: ...only one or the other version use the ip rip send version or the ip rip receive version commands in INTERFACE mode You can set one RIP version globally on the system using system This command sets the RIP version for RIP traffic on the interfaces participating in RIP unless the interface was specifically configured for a specific RIP version Set the RIP version sent and received on the system ROUT...

Страница 879: ...ing both RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example Dell conf if ip rip send version 1 2 Dell conf if ip rip receive version 2 The following example of the show ip protocols command confirms that both versions are sent out that interface This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally shown in bold Dell show ip p...

Страница 880: ... and summarizes RIP routes up to the classful network boundary If you must perform routing between discontiguous subnets disable automatic summarization With automatic route summarization disabled subnets are advertised The autosummary command requires no other configuration commands To disable automatic route summarization enter no autosummary in ROUTER RIP mode NOTE If you enable the ip split ho...

Страница 881: ... the configuration changes use the show config command in ROUTER RIP mode Debugging RIP The debug ip rip command enables RIP debugging When you enable debugging you can view information on RIP protocol changes or RIP routes To enable RIP debugging use the following command debug ip rip interface database events trigger EXEC privilege mode Enable debugging of RIP Example of the debug ip rip Command...

Страница 882: ... 0 Core2 conf router_rip show config router rip network 10 0 0 0 version 2 Core2 conf router_rip Core 2 RIP Output The examples in the section show the core 2 RIP output Examples of the show ip Commands to View Core 2 Information To display Core 2 RIP database use the show ip rip database command To display Core 2 RIP setup use the show ip route command To display Core 2 RIP activity use the show ...

Страница 883: ...y Dist Metric Last Change C 10 11 10 0 24 Direct Te 2 11 0 0 00 02 26 C 10 11 20 0 24 Direct Te 2 3 0 0 00 02 02 R 10 11 30 0 24 via 10 11 20 1 Te 2 3 120 1 00 01 20 C 10 200 10 0 24 Direct Te 2 4 0 0 00 03 03 C 10 300 10 0 24 Direct Te 2 5 0 0 00 02 42 R 192 168 1 0 24 via 10 11 20 1 Te 2 3 120 1 00 01 20 R 192 168 2 0 24 via 10 11 20 1 Te 2 3 120 1 00 01 20 Core2 R 192 168 1 0 24 via 10 11 20 1 ...

Страница 884: ... show ip rip database command To display Core 3 RIP setup use the show ip route command To display Core 3 RIP activity use the show ip protocols command Examples of the show ip Commands to View Learned RIP Routes on Core 3 The following example shows the show ip rip database command to view the learned RIP routes on Core 3 Core3 show ip rip database Total number of routes in RIP database 7 10 11 1...

Страница 885: ...0 01 14 C 192 168 1 0 24 Direct Te 3 23 0 0 00 06 53 C 192 168 2 0 24 Direct Te 3 24 0 0 00 06 26 Core3 The following example shows the show ip protocols command to show the RIP configuration activity on Core 3 Core3 show ip protocols Routing Protocol is RIP Sending updates every 30 seconds next due in 6 Invalid after 180 seconds hold down 180 flushed after 240 Output delay 8 milliseconds between ...

Страница 886: ...2 5 ip address 10 250 10 1 24 no shutdown router rip version 2 10 200 10 0 10 300 10 0 10 11 10 0 10 11 20 0 The following example shows viewing the RIP configuration on Core 3 interface TenGigabitEthernet 3 1 ip address 10 11 30 1 24 no shutdown interface TenGigabitEthernet 3 2 ip address 10 11 20 1 24 no shutdown interface TenGigabitEthernet 3 4 ip address 192 168 1 1 24 no shutdown interface Te...

Страница 887: ...erfaces may be chosen by using alarms and events with standard management information bases MIBs Topics Implementation Information Fault Recovery Implementation Information Configure SNMP prior to setting up RMON For a complete SNMP implementation description refer to Simple Network Management Protocol SNMP Configuring RMON requires using the RMON CLI and includes the following tasks Setting the r...

Страница 888: ...al delta absolute rising threshold value event number falling threshold value event number owner string OR no rmon hc alarm number variable interval delta absolute rising threshold value event number falling threshold value event number owner string Configure the alarm using the following optional parameters number alarm number an integer from 1 to 65 535 the value must be unique in the RMON Alarm...

Страница 889: ... falling threshold 0 the alarm is reset and can be triggered again Dell conf rmon alarm 10 1 3 6 1 2 1 2 2 1 20 1 20 delta rising threshold 15 1 falling threshold 0 1 owner nms1 Configuring an RMON Event To add an event in the RMON event table use the rmon event command in GLOBAL CONFIGURATION mode Add an event in the RMON event table CONFIGURATION mode no rmon event number log trap community desc...

Страница 890: ...a specified RMON statistics collection use the no form of this command The following command example enables the RMON statistics collection on the interface with an ID value of 20 and an owner of john Dell conf if mgmt rmon collection statistics controlEntry 20 owner john Configuring the RMON Collection History To enable the RMON MIB history group of statistics collection on an interface use the r...

Страница 891: ... The value is ranged from 5 to 3 600 Seconds The default is 1 800 as defined in RFC 2819 Example of the rmon collection history Command To remove a specified RMON history group of statistics collection use the no form of this command The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john both the sampling interval and t...

Страница 892: ...pports three other variations of spanning tree as shown in the following table Table 78 Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol STP 802 1d Rapid Spanning Tree Protocol RSTP 802 1w Multiple Spanning Tree Protocol MSTP 802 1s Per VLAN Spanning Tree Plus PVST Third Party Configuring Rapid Spanning Tree Configuring RSTP is a t...

Страница 893: ...e possible topology changes after link or node failure configure it using the following specifications The following recommendations help you avoid these issues and the associated traffic loss caused by using RSTP when you enable VLT on both VLT peers Configure any ports at the edge of the spanning tree s operating domain as edge ports which are directly connected to end stations or server racks P...

Страница 894: ...mode are automatically part of the RST topology Only one path from any bridge to any other bridge is enabled Bridges block a redundant path by disabling one of the link ports To enable RSTP globally for all Layer 2 interfaces use the following commands 1 Enter PROTOCOL SPANNING TREE RSTP mode CONFIGURATION mode protocol spanning tree rstp 2 Enable RSTP PROTOCOL SPANNING TREE RSTP mode no disable E...

Страница 895: ... 0 We are the root Current root has priority 32768 Address 0001 e801 cbb4 Number of topology changes 4 last change occurred 00 02 17 ago on Te 1 26 Port 377 TenGigabitEthernet 2 1 is designated Forwarding Port path cost 20000 Port priority 128 Port Identifier 128 377 Designated root has priority 32768 address 0001 e801 cbb4 Designated bridge has priority 32768 address 0001 e801 cbb4 Designated por...

Страница 896: ...m EXEC privilege mode R3 show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768 Address 0001 e801 cbb4 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 32768 Address 0001 e80f 1dad Configured hello time 2 max age 20 forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID Te 3 1 128 681 128 20000 BLK...

Страница 897: ...g Tree group parameters Poorly planned modification of the RSTP parameters can negatively affect network performance The following table displays the default values for RSTP Table 79 RSTP Default Values RSTP Parameter Default Value Forward Delay 15 seconds Hello Time 2 seconds Max Age 20 seconds Port Cost 100 Mb s Ethernet interfaces 1 Gigabit Ethernet interfaces 10 Gigabit Ethernet interfaces 40 ...

Страница 898: ...es To enable SNMP traps use the following command Enable SNMP traps for RSTP MSTP and PVST collectively snmp server enable traps xstp Modifying Interface Parameters On interfaces in Layer 2 mode you can set the port cost and port priority values Port cost a value that is based on the interface type The previous table lists the default values The greater the port cost the less likely the port is se...

Страница 899: ... bridge To change the bridge priority use the following command Assign a number as the bridge priority or designate it as the primary or secondary root PROTOCOL SPANNING TREE RSTP mode bridge priority priority value priority value The range is from 0 to 65535 The lower the number assigned the more likely this bridge becomes the root bridge The default is 32768 Entries must be multiples of 4096 Exa...

Страница 900: ...ew member port is also disabled in the hardware When you remove a physical port from a port channel in the Error Disable state the error disabled state is cleared on this physical port the physical port is enabled in the hardware You can clear the Error Disabled state with any of the following methods Perform an shutdown command on the interface Disable the shutdown on violation command on the int...

Страница 901: ...e order of milliseconds PROTOCOL RSTP mode hello time milli second interval The range is from 50 to 950 milliseconds Example of Verifying Hello Time Interval Dell conf rstp do show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0 Address 0001 e811 2233 Root Bridge hello time 50 ms max age 20 forward delay 15 Bridge ID Priority 0 Address 0001 e811 2233 We...

Страница 902: ...Software Defined Networking SDN The Dell Networking OS supports software defined networking SDN For more information see the SDN Deployment Guide 47 Software Defined Networking SDN 902 ...

Страница 903: ...d to AAA security refer to the Security chapter in the Dell Networking OS Command Reference Guide AAA accounting enables tracking of services that users are accessing and the amount of network resources being consumed by those services When you enable AAA accounting the network server reports user activity to the security server in the form of accounting records Each accounting record comprises ac...

Страница 904: ...s start stop use for more accounting information to send a start accounting notice at the beginning of the requested event and a stop accounting notice at the end wait start ensures that the TACACS security server acknowledges the start notice before granting the user s process request stop only use for minimal accounting instructs the TACACS server to send a stop record accounting notice at the e...

Страница 905: ...g for Terminal Lines To enable AAA accounting with a named method list for a specific terminal line where com15 and execAcct are the method list names use the following commands Configure AAA accounting for terminal lines CONFIG LINE VTY mode accounting commands 15 com15 accounting exec execAcct Example of Enabling AAA Accounting with a Named Method List Dell config line vty accounting commands 15...

Страница 906: ...n which they are applied You can define a method list or use the default method list User defined method lists take precedence over the default method list NOTE If a console user logs in with RADIUS authentication the privilege level is applied from the RADIUS server if the privilege level is configured for that user in RADIUS whether you configure RADIUS authorization NOTE RADIUS and TACACS serve...

Страница 907: ...rules the enable password command line use the password you defined using the password command in LINE mode local use the username password database defined in the local configuration none no authentication radius use the RADIUS servers configured with the radius server host command tacacs use the TACACS servers configured with the tacacs server host command 2 Enter LINE mode CONFIGURATION mode li...

Страница 908: ...ver host x x x x key some password 3 Establish a host address and password CONFIGURATION mode tacacs server host x x x x key some password Examples of the enable commands for RADIUS To get enable authentication from the RADIUS server and use TACACS as a backup issue the following commands The following example shows enabling authentication from the RADIUS server Dell config aaa authentication enab...

Страница 909: ... and keys are stored encrypted in the configuration file and by default are displayed in the encrypted form when the configuration is displayed Enabling the service obscure passwords command displays asterisks instead of the encrypted passwords and keys This command prevents a user from reading these passwords and keys by obscuring this information with asterisks Password obscuring masks the passw...

Страница 910: ... disable commands Privilege level 15 the default level for the enable command is the highest level In this level you can access any command in Dell Networking OS Privilege levels 2 through 14 are not configured and you can customize them for different users and access After you configure other privilege levels enter those levels by adding the level parameter after the enable command or by configur...

Страница 911: ...level The range is from 0 to 15 Secret Specify the secret for the user To view username use the show users command in EXEC Privilege mode Configuring the Enable Password Command To configure Dell Networking OS use the enable command to enter EXEC Privilege level 15 After entering the command Dell Networking OS requests that you enter a password Privilege levels are not assigned to passwords rather...

Страница 912: ...custom privilege level use the following commands You must be in privilege level 15 1 Assign a user name and password CONFIGURATION mode username name access class access list name privilege level nopassword password encryption type password Secret Configure the optional and required parameters name Enter a text string up to 63 characters maximum long access class access list name Restrict access ...

Страница 913: ...s privilege level 8 Line 3 The configure command is assigned to privilege level 8 because it needs to reach CONFIGURATION mode where the snmp server commands are located Line 4 The snmp server commands in CONFIGURATION mode are assigned to privilege level 8 Dell conf username john privilege 8 password john Dell conf enable password level 8 notjohn Dell conf privilege exec level 8 configure Dell co...

Страница 914: ...l for the terminal lines LINE mode privilege level level level level The range is from 0 to 15 Levels 0 1 and 15 are pre configured Levels 2 to 14 are available for custom configuration Specify either a plain text or encrypted password LINE mode password encryption type password Configure the following optional and required parameters encryption type Enter 0 for plain text or 7 for encrypted text ...

Страница 915: ...more information about RADIUS refer to RFC 2865 Remote Authentication Dial in User Service RADIUS Authentication Dell Networking OS supports RADIUS for user authentication text password at login and can be specified as one of the login authentication methods in the aaa authentication login command When configuring AAA authorization you can configure to limit the attributes of services available to...

Страница 916: ... there is a very long delay for an entry or a denied entry because of an ACL and a message is logged NOTE The ACL name must be a string Only standard ACLs in authorization both RADIUS and TACACS are supported Authorization is denied in cases using Extended ACLs Auto Command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line...

Страница 917: ...o authenticate or authorize users on the system create a AAA method list Default method lists do not need to be explicitly applied to the line so they are not mandatory To create a method list use the following commands Enter a text string up to 16 characters long as the name of the method list you wish to use with the RADIUS authentication method CONFIGURATION mode aaa authentication login method...

Страница 918: ...obal default values for all RADIUS host are applied To specify multiple RADIUS server hosts configure the radius server host command multiple times If you configure multiple RADIUS server hosts Dell Networking OS attempts to connect with them in the order in which they were configured When Dell Networking OS attempts to authenticate a user the software connects with the RADIUS server hosts one at ...

Страница 919: ... key can be up to 42 characters long You cannot use spaces in the key Configure the number of times Dell Networking OS retransmits RADIUS requests CONFIGURATION mode radius server retransmit retries retries the range is from 0 to 100 Default is 3 retries Configure the time interval the system waits for a RADIUS server host response CONFIGURATION mode radius server timeout seconds seconds the range...

Страница 920: ...sts specified To use TACACS to authenticate users specify at least one TACACS server for the system to communicate with and configure TACACS as one of your authentication methods To select TACACS as the login authentication method use the following commands 1 Configure a TACACS server host CONFIGURATION mode tacacs server host ip address host Enter the IP address or host name of the TACACS server ...

Страница 921: ...ation exec default tacacs none aaa authorization commands 1 default tacacs none aaa authorization commands 15 default tacacs none aaa accounting exec default start stop tacacs aaa accounting commands 1 default start stop tacacs aaa accounting commands 15 default start stop tacacs Dell conf Dell conf do show run tacacs tacacs server key 7 d05206c308f4d35b tacacs server host 10 10 10 10 timeout 1 De...

Страница 922: ...ACS Server Host Dell conf Dell conf aaa authentication login tacacsmethod tacacs Dell conf aaa authentication exec tacacsauthorization tacacs Dell conf tacacs server host 25 1 1 2 key Force Dell conf Dell conf line vty 0 9 Dell config line vty login authentication tacacsmethod Dell config line vty end Specifying a TACACS Server Host To specify a TACACS server host and configure its communication p...

Страница 923: ...ation failure Command authorization failed for user denyall on vty0 10 11 9 209 Certain TACACS servers do not authenticate the device if you use the aaa authorization commands level default local tacacs command To resolve the issue use the aaa authorization commands level default tacacs local command Protection from TCP Tiny and Overlapping Fragment Attacks Tiny and overlapping fragment attack is ...

Страница 924: ... example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting Dell conf ip ssh server version 2 Dell conf do show ip ssh SSH server enabled SSH server version v2 SSH server vrf default SSH server ciphers 3des cbc aes128 cbc aes192 cbc aes256 cbc aes128 ctr aes192 ctr aes256 ctr SSH server macs hmac md5 hmac md5 96 hmac sha1 hmac sha1 9...

Страница 925: ...e a user ip ssh connection rate limit configure the maximum number of incoming SSH connections per minute ip ssh hostbased authentication enable enable host based authentication for the SSHv2 server ip ssh key size configure the size of the server generated RSA SSHv1 key ip ssh password authentication enable enable password authentication for the SSH server ip ssh pub key file specify the file the...

Страница 926: ...r one of the thresholds is reached To configure the time or volume rekey threshold at which to re generate the SSH key during an SSH session use the ip ssh rekey time rekey interval volume rekey limit command CONFIGURATION mode Configure the following parameters rekey interval time based rekey threshold for an SSH session The range is from 10 to 1440 minutes The default is 60 minutes rekey limit v...

Страница 927: ...y Exchange Algorithm The following example shows you how to configure a key exchange algorithm Dell conf ip ssh server kex diffie hellman group exchange sha1 diffie hellman group14 sha1 Configuring the HMAC Algorithm for the SSH Server To configure the HMAC algorithm for the SSH server use the ip ssh server mac hmac algorithm command in CONFIGURATION mode hmac algorithm Enter a space delimited lis...

Страница 928: ...es192 ctr aes256 ctr The default cipher list is aes256 ctr aes256 cbc aes192 ctr aes192 cbc aes128 ctr aes128 cbc 3des cbc Example of Configuring a Cipher List The following example shows you how to configure a cipher list Dell conf ip ssh server cipher 3des cbc aes128 cbc aes128 ctr Secure Shell Authentication Secure Shell SSH is enabled by default using the SSH Password Authentication method Ena...

Страница 929: ...tes an SSH client based on an RSA key using RSA authentication This method uses SSH version 2 1 On the SSH client Unix machine generate an RSA key as shown in the following example 2 Copy the public key id_rsa pub to the Dell Networking system 3 Disable password authentication if enabled CONFIGURATION mode no ip ssh password authentication enable 4 Enable RSA authentication in SSH CONFIGURATION Mo...

Страница 930: ...tication CONFIGURATION mode ip ssh hostbased authentication enable 7 Bind shosts and rhosts to host based authentication CONFIGURATION mode ip ssh pub key file flash filename or ip ssh rhostsfile flash filename Examples of Creating shosts and rhosts The following example shows creating shosts admin Unix_client cd etc ssh admin Unix_client ls moduli sshd_config ssh_host_dsa_key pub ssh_host_key pub...

Страница 931: ...erm Enable host based authentication on the server Dell Networking system and the client Unix machine The following message appears if you attempt to log in via SSH and host based is disabled on the client In this case verify that host based authentication is set to Yes in the file ssh_config root permission is required to edit this file permission denied host based If the IP address in the RSA ke...

Страница 932: ...ter RADIUS YES NO YES with Dell Networking OS version 6 1 1 0 and later Dell Networking OS provides several ways to configure access classes for VTY lines including VTY Line Local Authentication and Authorization VTY Line Remote Authentication and Authorization VTY Line Local Authentication and Authorization Dell Networking OS retrieves the access class from the local database To use this feature ...

Страница 933: ...fig line vty login authentication localmethod Dell config line vty end VTY Line Remote Authentication and Authorization Dell Networking OS retrieves the access class from the VTY line The Dell Networking OS takes the access class from the VTY line and applies it to ALL users Dell Networking OS does not need to know the identity of the incoming user and can immediately apply the access class If the...

Страница 934: ...ed Access Control With Role Based Access Control RBAC access and authorization is controlled based on a user s role Users are granted permissions based on their user roles not on their individual user ID User roles are created for job functions and through those roles they acquire the permissions to perform their associated job function This chapter consists of the following sections Overview Priv...

Страница 935: ...role commands The role command allows you to change permissions based on the role You can modify the permissions specific to that command and or command option For more information see Modifying Command Permissions for Roles NOTE When you enter a user role you have already been authenticated and authorized You do not need to enter an enable password because you will be automatically placed in EXEC...

Страница 936: ...le if you configure the authentication method list in the following order TACACS local Dell Networking recommends that authorization method list is configured in the same order TACACS local 4 Specify authorization method list RADIUS TACACS or Local You must at least specify local authorization For consistency the best practice is to define the same authorization method list across all lines in the...

Страница 937: ...rk topology The security administrator commands include FIPS mode enablement password policies inactivity timeouts banner establishment and cryptographic key operations for secure access paths System Administrator sysadmin This role has full access to all the commands in the system exclusive access to commands that manipulate the file system formatting and access to the system shell This role can ...

Страница 938: ... and create it again If the user role is in use you cannot delete the user role 1 Create a new user role CONFIGURATION mode userrole name inherit existing role name 2 Verify that the new user role has inherited the security administrator permissions Dell conf do show userroles EXEC Privilege mode 3 After you create a user role configure permissions for the new user role See Modifying Command Permi...

Страница 939: ... mode exec Exec Mode interface Interface configuration mode line Line Configuration mode route map Route map configuration mode router Router configuration mode Examples Deny Network Administrator from Using the show users Command The following example denies the netadmin role from using the show users command and then verifies that netadmin cannot access the show users command in exec mode Note t...

Страница 940: ...cess to LINE mode and then verifies that the security administrator can no longer access LINE mode using the show role mode configure line command in EXEC Privilege mode Dell conf role configure deleterole secadmin LINE Initial keywords of the command to modify Dell conf role configure deleterole secadmin line Dell conf do show role mode configure Global configuration mode exec Exec Mode interface...

Страница 941: ...e following AAA Authentication and Authorization for Roles configuration tasks Configuring AAA Authentication for Roles Configuring AAA Authorization for Roles Configuring TACACS and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination Users with defined roles and users with privileges are authenticated with the s...

Страница 942: ...le based only mode To configure AAA authorization use the aaa authorization exec command in CONFIGURATION mode The aaa authorization exec command determines which CLI mode the user will start in for their session for example Exec mode or Exec Privilege mode For information about how to configure authentication for roles see Configure AAA Authentication for Roles aaa authorization exec method list ...

Страница 943: ...raaa accounting commands role netadmin ucraaa line vty 9 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin ucraaa Configuring TACACS and RADIUS VSA Attributes for RBAC For RBAC and privilege levels the Dell Networking OS RADIUS and TACACS implementation supports two vendor specific options privilege level and roles The Dell Networking vendor ID is 6027 and the...

Страница 944: ...S user group The user IDs are associated with the user group Role Accounting This section describes how to configure role accounting and how to display active sessions for roles This sections consists of the following topics Configuring AAA Accounting for Roles Applying an Accounting Method to a Role Displaying Active Accounting Sessions for Roles Configuring AAA Accounting for Roles To configure ...

Страница 945: ...ord 00 00 26 Elapsed service shell Display Information About User Roles This section describes how to display information about user roles This sections consists of the following topics Displaying User Roles Displaying Information About Roles Logged into the Switch Displaying Active Accounting Sessions for Roles Displaying User Roles To display user roles using the show userrole command in EXEC Pr...

Страница 946: ...ow role mode configure interface Role access netadmin sysadmin Dell show role mode configure line Role access netadmin sysadmin Displaying Information About Users Logged into the Switch To display information on all users logged into the switch using the show users command in EXEC Privilege mode The output displays privilege level and or user role The mode is displayed at the start of the output a...

Страница 947: ...tions customers and the provider would still share the 4094 available VLANs Instead 802 1ad allows service providers to add their own VLAN tag to frames traversing the provider network The provider can then differentiate customers even if they use the same VLAN ID and providers can map multiple customers to a single VLAN to overcome the 4094 VLAN limitation Forwarding decisions in the provider net...

Страница 948: ...raffic add these interfaces to a non default VLAN Stack enabled VLAN Dell Networking cautions against using the same MAC address on different customer VLANs on the same VLAN Stack VLAN You cannot ping across the trunk port link if one or both of the systems is an S4048 ON This limitation becomes relevant if you enable the port as a multi purpose port carrying single tagged and double tagged traffi...

Страница 949: ... port on a service provider bridge that connects to another service provider bridge and is a member of multiple service provider VLANs Physical ports and port channels can be access or trunk ports 1 Assign the role of access port to a Layer 2 port on a provider bridge that is connected to a customer INTERFACE mode vlan stack access 2 Assign the role of trunk port to a Layer 2 port on a provider br...

Страница 950: ...king enabled VLAN are marked with an M in column Q Dell show vlan Codes Default VLAN G GVRP VLANs NUM Status Q Ports 1 Active U Te 3 0 5 18 2 Inactive 3 Inactive 4 Inactive 5 Inactive 6 Active M Po1 Te 3 14 15 M Te 3 13 Dell Configuring the Protocol Type Value for the Outer VLAN Tag The tag protocol identifier TPID field of the S Tag is user configurable To set the S Tag TPID use the following com...

Страница 951: ...TenGigabitEthernet 1 1 is a trunk port that is configured as a hybrid port and then added to VLAN 100 as untagged VLAN 101 as tagged and VLAN 103 which is a stacking VLAN Dell conf interface tenigabitethernet 1 1 Dell conf if te 1 1 portmode hybrid Dell conf if te 1 1 switchport Dell conf if te 1 1 vlan stack trunk Dell conf if te 1 1 show config interface TenGigabitEthernet 1 1 no ip address port...

Страница 952: ...ue for the outer tag TPID Systems may use any 2 byte value Dell Networking OS uses 0x9100 shown in the following while non Dell Networking systems might use a different value If the next hop system s TPID does not match the outer tag TPID of the incoming frame the system drops the frame For example as shown in the following the frame originating from Building A is tagged VLAN RED and then double t...

Страница 953: ...ated as untagged This rule applies for both the outer tag TPID of a double tagged frame and the TPID of a single tagged frame For example if you configure TPID 0x9100 the system treats 0x8100 and untagged traffic the same and maps both types to the default VLAN as shown by the frame originating from Building C For the same traffic types if you configure TPID 0x8100 the system is able to differenti...

Страница 954: ...Therefore a mismatched TPID results in the port not differentiating between tagged and untagged traffic Figure 118 Single and Double Tag TPID Match Service Provider Bridging 954 ...

Страница 955: ...Figure 119 Single and Double Tag First byte TPID Match Service Provider Bridging 955 ...

Страница 956: ...Figure 120 Single and Double Tag TPID Mismatch The following table details the outcome of matched and mismatched TPIDs in a VLAN stacking network with the S Series Service Provider Bridging 956 ...

Страница 957: ...witch to default VLAN switch to default VLAN Egress Access Point untagged 0xUVWX switch to default VLAN switch to default VLAN double tag 0xUVWX 0xUVWX double tag match switch to VLAN switch to VLAN 0xUVYZ double tag first byte match switch to VLAN switch to default VLAN 0xQRST double tag mismatch switch to default VLAN switch to default VLAN VLAN Stacking Packet Drop Precedence VLAN stacking pack...

Страница 958: ... Networking OS drop precedence Precedence can have one of three colors Precedence Description Green High priority packets that are the least preferred to be dropped Yellow Lower priority packets that are treated as best effort Red Lowest priority packets that are always dropped regardless of congestion status Honor the incoming DEI value by mapping it to an Dell Networking OS drop precedence INTER...

Страница 959: ...the DEI value on egress according to the color currently assigned to the packet INTERFACE mode dei mark green yellow 0 1 Example of Viewing DEI Marking Configuration To display the DEI marking configuration use the show interface dei mark interface slot port subport in EXEC Privilege mode Dell show interface dei mark Default CFI DEI Marking 0 Interface Drop precedence CFI DEI Te 1 1 Green 0 Te 1 1...

Страница 960: ...nt CAM entries each in a different Layer 2 ACL FP block NOTE The ability to map incoming C Tag dot1p to any S Tag dot1p requires installing up to eight entries in the Layer 2 QoS and Layer 2 ACL table for each configured customer VLAN The scalability of this feature is limited by the impact of the 1 8 expansion in these content addressable memory CAM tables Dell Networking OS Behavior For Option A...

Страница 961: ...down Mapping C Tag to S Tag dot1p Values To map C Tag dot1p values to S Tag dot1p values and mark the frames accordingly use the following commands 1 Allocate CAM space to enable queuing frames according to the C Tag or the S Tag CONFIGURATION mode cam acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number vman qos vman qos dual fp num...

Страница 962: ...te Shaping or Rate Policing Layer 2 Protocol Tunneling Spanning tree bridge protocol data units BPDUs use a reserved destination MAC address called the bridge group address which is 01 80 C2 00 00 00 Only spanning tree bridges on the local area network LAN recognize this address and process the BPDU When you use VLAN stacking to connect physically separate regions of a network BPDUs attempting to ...

Страница 963: ...e MAC address BPDUs are treated as normal data frames by the switches in the intermediate network core On egress edge of the intermediate network the MAC address rewritten to the original MAC address and forwarded to the opposing network region shown in the following illustration Dell Networking OS Behavior In Dell Networking OS versions prior to 8 2 1 0 the MAC address that Dell Networking system...

Страница 964: ...could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address In Dell Networking OS version 8 2 1 0 and later the L2PT MAC address is user configurable so you can specify an address that non Dell Networking systems can recognize and rewrite the address at egress edge Service Provider Bridging 964 ...

Страница 965: ...ing with L2PT Implementation Information L2PT is available for STP RSTP MSTP and PVST BPDUs No protocol packets are tunneled when you enable VLAN stacking L2PT requires the default CAM profile Service Provider Bridging 965 ...

Страница 966: ... BPDUs You can configure another value To specify a destination MAC address for BPDUs use the following command Overwrite the BPDU with a user specified destination MAC address when BPDUs are tunneled across the provider network CONFIGURATION mode protocol tunnel destination mac The default is 01 01 e8 00 00 00 Setting Rate Limit BPDUs CAM space is allocated in sections called field processor FP b...

Страница 967: ...tween customers and the provider 802 1ad specifies that provider bridges operating spanning tree use a reserved destination MAC address called the Provider Bridge Group Address 01 80 C2 00 00 08 to exchange BPDUs instead of the Bridge Group Address 01 80 C2 00 00 00 originally specified in 802 1Q Only bridges in the service provider network use this destination MAC address so these bridges treat B...

Страница 968: ...AC addresses of core switches as opposed to all MAC addresses received from attached customer devices Use the Provider Bridge Group address as the destination MAC address in BPDUs The xstp keyword applies this functionality to STP RSTP and MSTP this functionality is not available for PVST CONFIGURATION Mode bpdu destination mac address xstp gvrp provider bridge group Service Provider Bridging 968 ...

Страница 969: ...fic It is designed to provide traffic monitoring for high speed networks with many switches and routers sFlow uses two types of sampling Statistical packet based sampling of switched or routed packet flows Time based sampling of interface counters The sFlow monitoring system consists of an sFlow agent embedded in the switch router and an sFlow collector The sFlow agent resides anywhere within the ...

Страница 970: ...non default sampling rate that is 256 To avoid the back off either increase the global sampling rate or configure all the line card ports with the desired sampling rate even if some ports have no sFlow configured Important Points to Remember The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via snmpset By default sFlow collection is supported only on data ports If...

Страница 971: ...hat extended information packing is enabled show sflow Examples of Verifying Extended sFlow The bold line shows that extended sFlow settings are enabled on all three types Dell show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate 32768 Global default counter polling interval 20 Global default extended maximum header size 128 byt...

Страница 972: ...fault the maximum header size of a packet is 128 bytes When sflow max header size extended is enabled 256 bytes are copied These bytes are useful for VxLAN NvGRE IPv4 and IPv6 tunneled packets NOTE Interface mode configuration takes priority To reset the maximum header size of a packet use the following command no sflow max header size extended View the maximum header size of a packet show running...

Страница 973: ... show running config sflow Command Dell show running config sflow sflow collector 100 1 1 12 agent addr 100 1 1 1 sflow enable sflow max header size extended Dell show run int tengigabitEthernet 1 10 interface TenGigabitEthernet 1 10 no ip address switchport sflow ingress enable sflow max header size extended no shutdown sFlow Show Commands Dell Networking OS includes the following sFlow display c...

Страница 974: ... 16384 actual rate 16384 sub sampling rate 2 Displaying Show sFlow on an Interface To view sFlow information on a specific interface use the following command Display sFlow configuration information and statistics on a specific interface EXEC mode show sflow interface interface name Examples of the sFlow show Commands The following example shows the show sflow interface command Dell show sflow int...

Страница 975: ... both Identify sFlow collectors to which sFlow datagrams are forwarded CONFIGURATION mode sflow collector ip address agent addr ip address number max datagram size number max datagram size number The default UDP port is 6343 The default max datagram size is 1400 Changing the Polling Intervals The sflow polling interval command configures the polling interval for an interface in the maximum number ...

Страница 976: ...on LAG ports When a physical port becomes a member of a LAG it inherits the sFlow configuration from the LAG port Enabling Extended sFlow Extended sFlow packs additional information in the sFlow datagram depend on the type of sampled packet The platform supports extended switch information processing only Extended sFlow packs additional information in the sFlow datagram depending on the type of sa...

Страница 977: ...0 Global extended information enabled none 0 collectors configured 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected 0 sFlow samples dropped due to sub sampling Important Points to Remember To export extended gateway data BGP must learn the IP destination address If the IP destination address is not learned via BGP the Dell Networking system does not export extended gateway da...

Страница 978: ... connected IGP Exported Exported Prior to Dell Networking OS version 7 8 1 0 extended gateway data is not exported because IP DA is not learned via BGP Version 7 8 1 0 allows extended gateway information in cases where the source and destination IP addresses are learned by different routing protocols and for cases where is source is reachable over ECMP BGP BGP Exported Exported Extended gateway da...

Страница 979: ...t up SNMP Reading Managed Object Values Writing Managed Object Values Configuring Contact and Location Information using SNMP Subscribing to Managed Object Value Updates using SNMP Enabling a Subset of SNMP Traps Enabling an SNMP Agent to Notify Syslog Server Failure Copy Configuration Files Using SNMP MIB Support to Display the Available Memory Size on Flash MIB Support to Display the Software Co...

Страница 980: ...IB RFC 1483 for STP and IEEE 802 1 draft ruzin mstp mib 02 for MSTP SNMPv3 Compliance With FIPS SNMPv3 is compliant with the Federal information processing standard FIPS cryptography standard The Advanced Encryption Standard AES Cipher Feedback CFB 128 bit encryption algorithm is in compliance with RFC 3826 SNMPv3 provides multiple authentication and privacy options for user configuration A subset...

Страница 981: ...S mode by using the fips mode enable command in Global Configuration mode You can enable or disable FIPS mode only if SNMPv3 users are not previously set up If previously configured users exist on the system you must delete the existing users before you change the FIPS mode Keep the following points in mind when you configure the AES128 CFB algorithm for SNMPv3 1 SNMPv3 authentication provides onl...

Страница 982: ... SNMP As previously stated Dell Networking OS supports SNMP version 1 and version 2 that are community based security models The primary difference between the two versions is that version 2 supports two additional protocol operations informs operation and snmpgetbulk query and one additional object counter64 object SNMP version 3 SNMPv3 is a user based security model that provides password authen...

Страница 983: ... Dell show running config snmp snmp server community mycommunity ro Setting Up User Based Security SNMPv3 When setting up SNMPv3 you can set users up with one of the following three types of configuration for SNMP read write operations Users are typically associated to an SNMP group with permissions provided such as OID view noauth no password or privacy Select this option to set up a user with no...

Страница 984: ...CONFIGURATION mode snmp server user name group name oid tree auth md5 auth password priv des56 priv password Configure an SNMPv3 view CONFIGURATION mode snmp server view view name oid tree included excluded Select a User based Security Type Dell conf snmp server host 1 1 1 1 traps oid tree version 3 auth Use the SNMPv3 authNoPriv Security Level noauth Use the SNMPv3 noAuthNoPriv Security Level pri...

Страница 985: ... sysContact 0 The following example shows reading the value of the many managed objects at one time snmpwalk v 2c c mycommunity 10 11 131 161 1 3 6 1 2 1 1 SNMPv2 MIB sysDescr 0 STRING Dell Real Time Operating System Software Dell Operating System Version 1 0 Dell Application Software Version E_MAIN4 9 4 0 0 Copyright c 1999 2014 by Dell Build Time Mon May 12 14 02 22 PDT 2008 SNMPv2 MIB sysObject...

Страница 986: ...ng system Identify the physical location of the system for example San Jose 350 Holger Way 1st floor lab rack A1 1 CONFIGURATION mode snmp server location text You may use up to 55 characters The default is None From a management station Identify the system manager along with this person s contact information for example an email address or phone number CONFIGURATION mode snmpset v version c commu...

Страница 987: ...o send notifications to an SNMP server CONFIGURATION mode snmp server host ip address traps informs version 1 2c 3 community string To send trap messages enter the keyword traps To send informational messages enter the keyword informs To send the SNMP version to use for notification messages enter the keyword version To identify the SNMPv1 community string enter the name of the community string 2 ...

Страница 988: ... sLine card d is up CARD_MISMATCH Mismatch line card d is type s type s required RPM_STATE RPM1 is in Active State RPM_STATE RPM0 is in Standby State RPM_DOWN RPM 0 down hard reset RPM_DOWN RPM 0 down card removed HOT_FAILOVER RPM Failover Completed SFM_DISCOVERY Found SFM 1 SFM_REMOVE Removed SFM 1 MAJOR_SFM Major alarm Switch fabric down MAJOR_SFM_CLR Major alarm cleared Switch fabric up MINOR_S...

Страница 989: ...1 8 transitioned from forwarding to discarding state ecfm ECFM 5 ECFM_XCON_ALARM Cross connect fault detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000 ECFM 5 ECFM_ERROR_ALARM Error CCM Defect detected by MEP 1 in Domain customer1 at Level 7 VLAN 1000 ECFM 5 ECFM_MAC_STATUS_ALARM MAC Status Defect detected by MEP 1 in Domain provider at Level 4 VLAN 3000 ECFM 5 ECFM_REMOTE_ALARM Remote CCM...

Страница 990: ...agent service starts the SNMP trap is not sent To enable an SNMP agent to send a trap when the syslog server is not reachable enter the following command CONFIGURATION MODE snmp server enable traps snmp syslog unreachable To enable an SNMP agent to send a trap when the syslog server resumes connectivity enter the following command CONFIGURATION MODE snmp server enable traps snmp syslog reachable T...

Страница 991: ... running config file to the startup config file copy configuration files from the Dell Networking system to a server copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses The examples in this section use IPv4 addresses however you can substitute IPv6 addresses for the IPv4 addresses in all of the examples The following ...

Страница 992: ...s running config or startup config the default copyDestFileLocatio n is flash If copyDestFileType is a binary you must specify copyDestFileLocatio n and copyDestFileName copyDestFileLocation 1 3 6 1 4 1 6027 3 5 1 1 1 1 6 1 flash 2 slot0 3 tftp 4 ftp 5 scp Specifies the location of destination file If copyDestFileLocatio n is FTP or SCP you must specify copyServerAddress copyUserName and copyUserP...

Страница 993: ...the configuration file 3 On the server use the snmpset command as shown in the following example snmpset v snmp version c community name m mib_path f10 copy config mib force10system ip address mib object index i a s object value Every specified object must have an object value and must precede with the keyword i Refer to the previous table index must be unique to all previously executed snmpset co...

Страница 994: ...oth cases a unique index number follows the object The following example shows copying configuration files using MIB object names snmpset v 2c r 0 t 60 c private m f10 copy config mib 10 10 10 10 copySrcFileType 101 i 2 copyDestFileType 101 i 3 FTOS COPY CONFIG MIB copySrcFileType 101 INTEGER runningConfig 2 FTOS COPY CONFIG MIB copyDestFileType 101 INTEGER startupConfig 3 The following example sh...

Страница 995: ...FileLocation index i 4 copyServerAddress index a server ip address copyUserName index s server login id copyUserPassword index s server login password precede server ip address by the keyword a precede the values for copyUsername and copyUserPassword by the keyword s Example of Copying Configuration Files via FTP From a UNIX Machine snmpset v 2c c private m f10 copy config mib 10 10 10 10 copySrcF...

Страница 996: ...set v 2c c public m f10 copy config mib force10system ip address copySrcFileType index i 1 copySrcFileLocation index i 4 copySrcFileName index s filepath filename copyDestFileType index i 3 copyServerAddress index a server ip address copyUserName index s server login id copyUserPassword index s server login password Example of Copying a Binary File From the Server to the Startup Configuration via ...

Страница 997: ...s Specifies the state of the copy operation Uses CreateAndGo when you are performing the copy The state is set to active when the copy is completed Obtaining a Value for MIB Objects To obtain a value for any of the MIB objects use the following command Get a copy config MIB object value snmpset v 2c c public m f10 copy config mib force10system ip address OID index mib object index index the index ...

Страница 998: ...ticks 1179831 3 16 38 31 MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory The following table lists the MIB object that contains the available memory size on flash memory Table 88 MIB Objects for Displaying the Available Memory Size on Flash via SNMP MIB Object OID Description chStackUnitFlashUs...

Страница 999: ...ains the core file names and the file paths chSysCoresTimeCreated 1 3 6 1 4 1 6027 3 10 1 2 10 1 3 Contains the time at which core files are created chSysCoresStackUnitNumber 1 3 6 1 4 1 6027 3 10 1 2 10 1 4 Contains information that includes which stack unit or processor the core file was originated from chSysCoresProcess 1 3 6 1 4 1 6027 3 10 1 2 10 1 5 Contains information that includes the pro...

Страница 1000: ... files generated by the system Manage VLANs using SNMP The qBridgeMIB managed objects in Q BRIDGE MIB defined in RFC 2674 allows you to use SNMP to manage VLANs Creating a VLAN To create a VLAN use the dot1qVlanStaticRowStatus object The snmpset operation shown in the following example creates VLAN 10 by specifying a value of 4 for instance 10 of the dot1qVlanStaticRowStatus object Example of Crea...

Страница 1001: ... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 The table that the Dell Networking system sends in response to the snmpget request is a table that contains hexadecimal hex pairs each pair representing a group of eight ports Seven hex pairs represent a stack unit Seven pairs accommodate the greatest number of ports available 64 ports on the device The last stack...

Страница 1002: ...a VLAN write the port to the dot1qVlanStaticEgressPorts object To add an untagged port to a VLAN write the port to the dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts objects NOTE Whether adding a tagged or untagged port specify values for both dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts Example of Adding an Untagged Port to a VLAN using SNMP In the following example Po...

Страница 1003: ... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Managing Overload on Startup If you are running IS IS you can set a specific amount of time to prevent ingress traffic from being received after a reload and allow the routing protocol upgrade process to complete To prevent ingress traffic on a router while the IS reload is implemented use the following command Set the amount of time ...

Страница 1004: ...tch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs NOTE The 802 1q Q BRIDGE MIB defines VLANs regarding 802 1d as 802 1d itself does not define them As a switchport must belong a VLAN the default VLAN or a configured VLAN all MAC address learned on a switchport are associated with a VLAN For this reason ...

Страница 1005: ... manager returns the integer 118 Example of Fetching MAC Addresses Learned on the Default VLAN Using SNMP MAC Addresses on Force10 System Dell show mac address table VlanId Mac Address Type Interface State 1 00 01 e8 06 95 ac Dynamic Te 1 21 Active Query from Management Station snmpwalk v 2c c techpubs 10 11 131 162 1 3 6 1 2 1 17 4 3 1 SNMPv2 SMI mib 2 17 4 3 1 1 0 1 232 6 149 172 Hex STRING 00 0...

Страница 1006: ...ent the interface type the next 7 bits represent the port number the next 5 bits represent the slot number the next 1 bit is 0 for a physical interface and 1 for a logical interface the next 1 bit is unused For example the index 72925242 is 100010110001100000000111010 in binary The binary interface index for TeGigabitEthernet 1 21 of a 48 port 10 100 1000Base T line card with RJ 45 interface Notic...

Страница 1007: ...G 00 01 E8 13 A5 C7 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 2 2 Hex STRING 00 01 E8 13 A5 C8 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 3 1 INTEGER 1107755009 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 3 2 INTEGER 1107755010 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 4 1 INTEGER 1 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 4 2 INTEGER 1 SNMPv2 SMI enterprises 6027 3 2 1 1 1 1 5 1 Hex STRING 00 00 SNMPv2 SMI e...

Страница 1008: ...OID 0 OID IF MIB linkUp IF MIB ifIndex 33865785 INTEGER 33865785 SNMPv2 SMI enterprises 6027 3 1 1 4 1 2 STRING OSTATE_UP Changed interface state to up Te 1 1 2010 02 10 14 22 40 10 16 130 4 10 16 130 4 SNMPv2 MIB sysUpTime 0 Timeticks 8500934 23 36 49 34 SNMPv2 MIB snmpTrapOID 0 OID IF MIB linkUp IF MIB ifIndex 1107755009 INTEGER 1107755009 SNMPv2 SMI enterprises 6027 3 1 1 4 1 2 STRING OSTATE_UP...

Страница 1009: ...mple shows the SNMP trap that is sent when connectivity to the syslog server is resumed DISMAN EVENT MIB sysUpTimeInstance Timeticks 10230 0 01 42 30 SNMPv2 MIB snmpTrapOID 0 OID SNMPv2 SMI enterprises 6027 3 30 1 1 2 SNMPv2 SMI enterprises 6027 3 30 1 1 STRING REACHABLE Syslog server 10 11 226 121 port 9140 is reachable SNMPv2 SMI enterprises 6027 3 6 1 1 2 0 INTEGER 2 Following is the sample aud...

Страница 1010: ...kts object in the ICMP table by using the snmpwalk command the echo response output may not be displayed To correctly display ICMP statistics such as echo response use the show ip traffic command Simple Network Management Protocol SNMP 1010 ...

Страница 1011: ... are member units Dell Networking OS presents all of the units For example to access Ten GigabitEthernet Port 1 on Stack Unit 1 enter interface tengigabitethernet 1 1 from CONFIGURATION mode Stack Management Roles The stack elects the management units for the stack management Stack master primary management unit also called the master unit Standby secondary management unit Stack units the remainin...

Страница 1012: ...ro The unit with the highest priority is elected the master management unit the unit with the second highest priority is elected the standby unit MAC address in case of priority tie The unit with the higher MAC value becomes the master unit The stack takes the MAC address of the master unit and retains it unless it is reloaded To view which switch is the stack master enter the show system command ...

Страница 1013: ...No Of MACs 3 Power Supplies Unit Bay Status Type FanStatus FanSpeed rpm 2 1 up UNKNOWN up 10768 2 2 down UNKNOWN down 0 Fan Status Unit Bay TrayStatus Fan1 Speed Fan2 Speed 2 1 up up 10031 up 10031 2 2 up up 10031 up 10031 2 3 up up 10134 up 10031 Speed in RPM Unit 3 Unit Type Member Unit Status online Next Boot online Required Type S4048 ON 54 port TE FG SK ON Current Type S4048 ON 54 port TE FG ...

Страница 1014: ... late may have a higher priority configured This happens because the master and standby have already been elected hence the unit that boots up late joins only as a member When an up and running standalone unit or stack is merged with another stack based on election the losing stack reloads and the master unit of the winning stack becomes the master of the merged stack For more details see sections...

Страница 1015: ...ues to use the master s chassis MAC address even after a failover The MAC address is not refreshed until the stack is reloaded and a different unit becomes the stack master NOTE If the removed management unit is brought up as a standalone unit or as part of a different stack there is a possibility of MAC address collisions A standalone is added to a stack The standalone and the master unit have th...

Страница 1016: ...ing a Standalone with a Lower MAC Address and Equal Priority to a Stack Stacking LAG When multiple links are used between stack units Dell Networking OS automatically bundles them in a stacking LAG to provide aggregated throughput and redundancy The stacking LAG is established automatically and transparently by Dell Networking OS without user configuration after peering is detected and behaves as ...

Страница 1017: ...ute processor modules RPM The master unit synchronizes the running configuration and protocol states so that the system fails over in the event of a hardware or software fault on the master unit In such an event or when the master unit is removed the standby unit becomes the stack manager and Dell Networking OS elects a new standby unit Dell Networking OS resets the failed master unit after online...

Страница 1018: ... 15 29 58 ACL Mgr succeeded Nov 25 2014 15 29 58 LACP no block sync done STP no block sync done SPAN no block sync done Management Access on Stacks You can access the stack via the console port or VTY line Console access You may access the stack through the console port of the master unit stack manager only Similar to a standby RPM the console port of the standby unit does not provide management c...

Страница 1019: ...the S4048T ON as well as the S4048 ON switches However the S4048T ON switches can join a S4048T ON stack without having to enable mixed mode stacking NOTE Even though the S4048 ON and S4048T ON belong to the same family of switches the system detects a card type mismatch during stack insertion if mixed mode stacking is not enabled When a S4048T ON switch on which mixed mode stacking is enabled joi...

Страница 1020: ...k use only the 40G ports between the range 49 to 54 You cannot form a mixed mode stack using the 10G ports Because the 10G ports on the S4048T ON are copper ports where as the 10G ports on the S4048 ON are SFP ports It is mandatory to enable mixed mode stacking on the S4048 ON and S4048T ON switches before joining a mixed mode stack Stack election is based on the priority or the MAC address of the...

Страница 1021: ...eate a Stack Stacking is enabled on the device using the front end ports No configuration is allowed on front end ports used for stacking Stacking can be made between 10G ports of two units or 40G ports of two units The stack links between the two units are grouped into a single LAG Stack Group Port Numbers By default each unit in Standalone mode is numbered stack unit 1 A maximum of eight 10G sta...

Страница 1022: ...ates an SNMP trap if the software version of the new unit predates Dell Networking OS version 8 3 12 0 the management unit puts the new unit into a card problem state and generates a syslog that identifies the unit its Dell Networking OS version and its incompatibility for firmware synchronization NOTE You must enter the stack unit stack unit stack group stack group command when adding units to a ...

Страница 1023: ...it will be the management unit and which will be the standby unit Enable the front ports of the units for stacking For more information refer to Enabling Front End Port Stacking To create a new stack use the following commands 1 Power up all units in the stack 2 Verify that each unit has the same Dell Networking OS version prior to stacking them together EXEC Privilege mode show version 3 Manually...

Страница 1024: ...t to completely boot and verify that the stack manager detects the unit then power the next unit Example of a Syslog Figure 126 Creating a New Stack In the above example stack unit 1 is the master management unit stack unit 2 is the standby unit The cables are connected to each unit Configure the stack groups on the units in the following order Configure the first stack group on unit 1 stack unit ...

Страница 1025: ...tack can be accessed from the management unit To view the stack unit information after the reload use the show system brief command Dell show system brief Stack MAC 34 17 eb f2 94 c4 Reload Type normal reload Next boot normal reload Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 1 Management online S4048 ON S4048 ON 1 0 0 5005 72 2 Standby online S4048 ON S4048 ON 1 0 0 5005 72 3 Memb...

Страница 1026: ...nit to an existing stack By merging two stacks If you are adding units to an existing stack you can either allow Dell Networking OS to automatically assign the new unit a position in the stack or manually determine each units position in the stack by configuring each unit to correspond with the stack before connecting it If you add a unit that has a stack number that conflicts with the stack the s...

Страница 1027: ...llowing example shows adding a stack unit with a conflicting stack number before Dell show system brief Stack MAC 00 01 e8 8a df e6 Reload Type normal reload Stack Info Unit UnitType Status ReqTyp CurTyp Version Ports 1 Management online S4048 ON S4048 ON 9 10 0 0 72 2 Member not present 3 Member not present 4 Standby online S4048 ON S4048 ON 9 10 0 0 72 5 Member not present 6 Member not present T...

Страница 1028: ... 6 Save the stacking configuration on the ports EXEC Privilege mode write memory 7 Reload the switch EXEC Privilege mode reload Dell Networking OS automatically assigns a number to the new unit and adds it as member switch in the stack The new unit synchronizes its running and startup configurations with the stack 8 If a standalone switch already has stack groups configured Attach cables to connec...

Страница 1029: ... the units are online or offline Each portion of the split stack retains the startup and running configuration of the original stack For a parent stack that is split into two child stacks A and B each with multiple units If one of the new stacks receives the master and the standby management units it is unaffected by the split If one of the new stacks receives only the master unit that unit remain...

Страница 1030: ...roceed to renumber confirm yes no yes Creating a Virtual Stack Unit on a Stack Use virtual stack units to configure ports on the stack before adding a new unit Create a virtual stack unit CONFIGURATION mode stack unit stack unit number provision S4048T ON Displaying Information about a Stack To display information about the stack use the following command Display for stack identity status and hard...

Страница 1031: ...le yes POE Capable no FIPS Mode disabled Burned In MAC 34 17 eb f2 94 c4 No Of MACs 3 Power Supplies Unit Bay Status Type FanStatus FanSpeed rpm 1 1 up UNKNOWN up 10704 1 2 absent absent 0 Fan Status Unit Bay TrayStatus Fan1 Speed Fan2 Speed 1 1 up up 10134 up 10031 1 2 up up 10031 up 10031 1 3 up up 10031 up 10031 Speed in RPM Unit 2 Unit Type Standby Unit Status online Next Boot online Required ...

Страница 1032: ...Mode disabled Burned In MAC 34 17 eb f2 99 c4 No Of MACs 3 Power Supplies Unit Bay Status Type FanStatus FanSpeed rpm 3 1 up UNKNOWN up 10704 3 2 absent absent 0 Fan Status Unit Bay TrayStatus Fan1 Speed Fan2 Speed 3 1 up up 10031 up 10031 3 2 up up 9929 up 10031 3 3 up up 10031 up 10134 Speed in RPM Dell The following is an example of the show system brief command to view the stack summary inform...

Страница 1033: ...in RPM Dell The following example shows the show system stack ports command Dell show system stack ports Topology Ring Interface Connection Link Speed Admin Link Trunk Gb s Status Status Group 1 56 3 56 40 up up 1 60 3 60 40 up up 3 48 40 up down 3 52 40 up down 3 56 0 56 40 up up 3 60 0 60 40 up up Influencing Management Unit Selection on a Stack Stack priority is the system variable that Dell Ne...

Страница 1034: ...t The range is from 1 to 14 The default is 0 Managing Redundancy on a Stack Use the following commands to manage the redundancy on a stack Reset the current management unit and make the standby unit the new master unit EXEC Privilege mode redundancy force failover stack unit A new standby is elected When the former stack master comes back online it becomes a member unit Prevent the stack master fr...

Страница 1035: ...want to reload Proceed confirm yes no 2 Enter yes at this prompt and press the return key The following message appears prompting you to save the configuration System configuration has been modified Save yes no 3 Enter yes again and press the return key Verify a Stack Configuration The light of the LED status indicator on the front panel of the stack identifies the unit s role in the stack Off ind...

Страница 1036: ... 0 Hardware Rev 3 0 Num Ports 64 Up Time 1 min 14 sec Dell Networking OS Version 4810 8 3 12 1447 Jumbo Capable yes POE Capable no Boot Flash 1 2 0 2 Memory Size 2147483648 bytes Temperature 44C Voltage ok Serial Number H1DL104400018 Part Number Rev Vendor Id Date Code Country Code Piece Part ID N A PPID Revision N A Service Tag N A Expr Svc Code N A Auto Reboot disabled Burned In MAC 00 01 e8 8c ...

Страница 1037: ... Stack Removing Front End Port Stacking Removing a Unit from a Stack The running configuration and startup configuration are synchronized on all stack units A stack member that is disconnected from the stack maintains this configuration To remove a stack member from the stack disconnect the stacking cables from the unit You may do this at any time whether the unit is powered or unpowered online or...

Страница 1038: ...7 13 64 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not present 9 Member not present 10 Member not present 11 Member not present Removing Front End Port Stacking To remove the configuration on the front end ports used for stacking use the following commands 1 Remove the stack group configuration that is configured CONFIGURATION mode no stack unit id...

Страница 1039: ...Please check the stack cable module and power cycle the stack 10 55 20 STKUNIT1 M CP KERN 2 INT Error Stack Port 50 has flapped 5 times w ithin 10 seconds Shutting down this stack port now 10 55 20 STKUNIT1 M CP KERN 2 INT Error Please check the stack cable module and power cycle the stack STANDBY UNIT 10 55 18 STKUNIT1 M CP KERN 2 INT Error Stack Port 50 has flapped 5 times within 10 seonds Shutt...

Страница 1040: ...esent 4 Member not present 5 Member not present 6 Member not present 7 Member not present 8 Member not present 9 Member not present 10 Member not present 11 Member not present Power Supplies Unit Bay Status Type FanStatus 0 0 down DC down 0 1 up DC up 1 0 absent absent 1 1 up AC up Fan Status Unit Bay TrayStatus Fan0 Speed Fan1 Speed 0 0 up up 9360 up 9360 0 1 up up 9600 up 9360 1 0 up up 6720 up ...

Страница 1041: ...on show storm control broadcast multicast unknown unicast pfc llfc interface command EXEC Privilege To view the storm control multicast configuration use the show storm control broadcast multicast unknown unicast pfc llfc interface command EXEC Privilege Example Dell show storm control multicast Tengigabitethernet 1 1 Multicast storm control configuration Interface Direction Packets Second Te 1 1 ...

Страница 1042: ...t receives the PFC LLFC packets more than the configured rate INTERFACE mode storm control pfc llfc pps in shutdown NOTE PFC LLFC storm control enabled interface disables the interfaces if it receives continuous PFC LLFC packets It can be a result of a faulty NIC Switch that sends spurious PFC LLFC packets Configuring Storm Control from CONFIGURATION Mode To configure storm control from CONFIGURAT...

Страница 1043: ...m control multicast packets_per_second in Configure the packets per second of unknown unicast traffic allowed in or out of the network CONFIGURATION mode storm control unknown unicast packets_per_second in Storm Control 1043 ...

Страница 1044: ...EEE 802 1d that eliminates loops in a bridged topology by enabling only a single path through the network By eliminating loops the protocol improves scalability in a large network and allows you to implement redundant paths which can be activated after the failure of active paths Layer 2 loops which can occur in a network due to poor network design and without enabling protocols like xSTP can caus...

Страница 1045: ...ints to Remember STP is disabled by default The Dell Networking OS supports only one spanning tree instance 0 For multiple instances enable the multiple spanning tree protocol MSTP or per VLAN spanning tree plus PVST You may only enable one flavor of spanning tree at any one time All ports in virtual local area networks VLANs and all enabled interfaces in Layer 2 mode are automatically added to th...

Страница 1046: ...mode and enabled Figure 127 Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2 use the following command 1 If the interface has been assigned an IP address remove it INTERFACE mode no ip address 2 Place the interface in Layer 2 mode INTERFACE Spanning Tree Protocol STP 1046 ...

Страница 1047: ...chport no shutdown Dell conf if te 1 1 Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally it is not enabled by default When you enable STP all physical VLAN and port channel interfaces that are enabled and in Layer 2 mode are automatically part of the Spanning Tree topology Only one path from any bridge to any other bridge participating in STP is enabled Bridges bl...

Страница 1048: ...TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces use the disable command from PROTOCOL SPANNING TREE mode To verify that STP is enabled use the show config command from PROTOCOL SPANNING TREE mode Dell conf protocol spanning tree 0 Dell config span show config protocol spanning tree 0 no disable Dell Spanning Tree Protocol STP ...

Страница 1049: ...ddress 0001 e80d 2462 Designated port id is 8 496 designated path cost 0 Timers message age 1 forward delay 0 hold 0 Number of transitions to forwarding state 1 BPDU sent 21 received 486 The port is not in the portfast mode Port 290 TenGigabitEthernet 2 2 is Blocking Port path cost 4 Port priority 8 Port Identifier 8 290 More Timers message age 1 forward delay 0 hold 0 Number of transitions to for...

Страница 1050: ...ree parameters can negatively affect network performance The following table displays the default values for STP Table 94 STP Default Values STP Parameters Default Value Forward Delay 15 seconds Hello Time 2 seconds Max Age 20 seconds Port Cost 100 Mb s Ethernet interfaces 1 Gigabit Ethernet interfaces 10 Gigabit Ethernet interfaces 40 Gigabit Ethernet interfaces Port Channel with 100 Mb s Etherne...

Страница 1051: ... from EXEC privilege mode Refer to the second example in Enabling Spanning Tree Protocol Globally Modifying Interface STP Parameters You can set the port cost and port priority values of interfaces in Layer 2 mode Port cost a value that is based on the interface type The greater the port cost the less likely the port is selected to be a forwarding port Port priority influences the likelihood that ...

Страница 1052: ...bled state when receiving the BPDU the physical interface remains up and spanning tree drops packets in the hardware after a BPDU violation BPDUs are dropped in the software after receiving the BPDU violation CAUTION Enable PortFast only on links connecting to an end station PortFast can cause loops if it is enabled on an interface connected to a network To enable PortFast on an interface use the ...

Страница 1053: ...ntionally receive a BPDU The port on the Dell Networking system is configured with Portfast If the switch is connected to the hub the BPDUs that the switch generates might trigger an undesirable topology change If you enable BPDU Guard when the edge port receives the BPDU the BPDU is dropped the port is blocked and a console message is generated NOTE Unless you enable the shutdown on violation opt...

Страница 1054: ...le message BPDU filtering disables spanning tree on an interface drops all BPDUs at the line card without generating a console message Example of Blocked BPDUs Dell conf if te 1 7 do show spanning tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768 Address 0001 e805 fb07 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 32768 Address 0001 e...

Страница 1055: ...idge priority priority value primary secondary priority value the range is from 0 to 65535 The lower the number assigned the more likely this bridge becomes the root bridge The primary option specifies a bridge priority of 8192 The secondary option specifies a bridge priority of 16384 The default is 32768 Example of Viewing STP Root Information To view only the root information use the show spanni...

Страница 1056: ... is started to connect to the network Because the priority of the bridge in device D is lower than the root bridge in Switch A device D is elected as root causing the link between Switches A and B to enter a Blocking state Network traffic then begins to flow in the directions indicated by the BPDU arrows in the topology If the links between Switches C and A or Switches C and B cannot handle the in...

Страница 1057: ...in the CIST the port is also blocked in all other MST instances To enable the root guard on an STP enabled port or port channel interface in instance 0 use the following command Enable root guard on a port or port channel interface INTERFACE mode or INTERFACE PORT CHANNEL mode spanning tree 0 mstp rstp pvst rootguard 0 enables root guard on an STP enabled port assigned to instance 0 mstp enables r...

Страница 1058: ...l and an STP port does not receive BPDUs When an STP blocking port does not receive BPDUs it transitions to a Forwarding state This condition can create a loop in the network For example in the following example STP topology 1 upper left Switch A is the root switch and Switch B normally transmits BPDUs to Switch C The link between Switch C and Switch B is in a Blocking state However if there is a ...

Страница 1059: ...tate the port returns to a blocking state If you disable STP loop guard on a port in a Loop Inconsistent state the port transitions to an STP blocking state and restarts the max age timer Figure 131 STP Loop Guard Prevents Forwarding Loops Configuring Loop Guard Enable STP loop guard on a per port or per port channel basis The following conditions apply to a port enabled with loop guard Spanning T...

Страница 1060: ...n a VLAN interface the port or port channel transitions to a Loop Inconsistent Blocking state only for this VLAN To enable a loop guard on an STP enabled port or port channel interface use the following command Enable loop guard on a port or port channel interface INTERFACE mode or INTERFACE PORT CHANNEL mode spanning tree 0 mstp rstp pvst loopguard 0 enables loop guard on an STP enabled port assi...

Страница 1061: ...iewing STP Guard Configuration Dell show spanning tree 0 guard Interface Name Instance Sts Guard type Te 1 1 0 INCON Root Rootguard Te 1 2 0 LIS Loopguard Te 1 3 0 EDS Shut Bpduguard Spanning Tree Protocol STP 1061 ...

Страница 1062: ... or reports SupportAssist requires Dell Networking OS 9 9 0 0 and SmartScripts 9 7 or later to be installed on the Dell Networking device For more information on SmartScripts see Dell Networking Open Automation guide Figure 132 SupportAssist NOTE SupportAssist is enabled by default on the system To disable SupportAssist enter the eula consent support assist reject command in Global Configuration m...

Страница 1063: ... the SupportAssist service CONFIGURATION mode support assist activate Dell conf support assist activate This command guides you through steps to configure SupportAssist Configuring SupportAssist Manually To manually configure SupportAssist service use the following commands 1 Accept the end user license agreement EULA CONFIGURATION mode eula consent support assist accept reject NOTE Once accepted ...

Страница 1064: ...ell and or to Dells affiliates subcontractors or business partners When making such transfers Dell shall ensure appropriate protection is in place to safeguard the Collected Data being transferred in connection with SupportAssist If you are downloading SupportAssist on behalf of a company or other legal entity you are further certifying to Dell that you have appropriate authority to provide this c...

Страница 1065: ... Dell conf support assist Dell conf supportassist enable all 7 Trigger an activity event immediately EXEC Privilege mode support assist activity full transfer start now Dell support assist activity full transfer start now Configuring SupportAssist Activity SupportAssist Activity mode allows you to configure and view the action manifest file for a specific activity To configure SupportAssist activi...

Страница 1066: ...history_records show logging system_logging_records show tech support tech support_records 3 Configure the action manifest to use for a specific activity SUPPORTASSIST ACTIVITY mode no action manifest install default local file name Dell conf supportassist act full transfer action manifest install default Dell conf supportassist act full transfer 4 Remove the action manifest file for an activity S...

Страница 1067: ...upportassist cmpy test 2 Configure the address information for the company SUPPORTASSIST COMPANY mode no address city company city province region state name country company country postalcode zipcode company code Dell conf supportassist cmpy test address city MyCity state MyState country MyCountry Dell conf supportassist cmpy test 3 Configure the street address information for the company SUPPORT...

Страница 1068: ...il address Dell conf supportassist pers john_doe email address primary jdoe mycompany com Dell conf supportassist pers john_doe 3 Configure phone numbers of the contact person SUPPORTASSIST PERSON mode no phone primary phone alternate phone Dell conf supportassist pers john_doe phone primary 919999999999 Dell conf supportassist pers john_doe 4 Configure the preferred method for contacting the pers...

Страница 1069: ...pv4 address ipv6 address port port number username userid password encryption type password Dell conf supportassist serv default proxy ip address 10 0 0 1 port 90 username test password 0 test1 Dell conf supportassist serv default 3 Enable communication with the SupportAssist server SUPPORTASSIST SERVER mode no enable Dell conf supportassist serv default enable Dell conf supportassist serv default...

Страница 1070: ...ess 123 Main Street address city MyCity country MyCountry contact person first john last doe email address primary jdoe mycompany com preferred method email server default enable url https 192 168 1 1 index htm 3 Display the EULA for the feature EXEC Privilege mode show eula consent support assist other feature Dell show eula consent SupportAssist EULA has been Accepted Additional information abou...

Страница 1071: ...ormance of all of the various functions of SupportAssist during your entitlement to receive related repair services from Dell You further agree to allow Dell to transmit and store the Collected Data from SupportAssist in accordance with these terms You agree that the provision of SupportAssist may involve international transfers of data from you to Dell and or to Dells affiliates subcontractors or...

Страница 1072: ...ources to synchronize to You can combine multiple candidates to minimize the accumulated error Temporarily or permanently insane time sources are detected and avoided Dell Networking recommends configuring NTP for the most accurate time In Dell Networking OS you can configure other time sources the hardware clock and the software clock NTP is designed to produce three products clock offset roundtr...

Страница 1073: ...el downwards secondary servers in the hierarchy assigned as one greater than the preceding level Dell Networking OS synchronizes with a time serving host to get the correct time You can set Dell Networking OS to poll specific NTP time serving hosts for the current time From those time serving hosts the system chooses one NTP host with which to synchronize and serve as a client to the NTP host As s...

Страница 1074: ...Tasks Configuring NTP Broadcasts Disabling NTP on an Interface Configuring a Source IP Address for NTP Packets optional Enabling NTP NTP is disabled by default To enable NTP specify an NTP server to which the Dell Networking system synchronizes To specify multiple servers enter the command multiple times You may specify an unlimited number of servers at the expense of CPU resources System Time and...

Страница 1075: ...sociations command from EXEC Privilege mode R6_E300 conf do show ntp associations remote ref clock st when poll reach delay offset disp 192 168 1 1 LOCL 1 16 16 76 0 98 2 470 879 23 master synced master unsynced selected candidate Configuring NTP Broadcasts With Dell Networking OS you can receive broadcasts of time information You can set interfaces within the system to receive NTP information thr...

Страница 1076: ...o 4094 To view the configuration use the show running config ntp command in EXEC privilege mode refer to the example in Configuring NTP Authentication Configuring NTP Authentication NTP authentication and the corresponding trusted key provide a reliable means of exchanging NTP packets with trusted time sources NTP authentication begins when the first NTP packet is created following the configurati...

Страница 1077: ... remote device ipv4 address Enter an IPv4 address in dotted decimal format A B C D ipv6 address Enter an IPv6 address in the format 0000 0000 0000 0000 0000 0000 0000 0000 Elision of zeros is supported key keyid Configure a text string as the key exchanged between the NTP server and the client prefer Enter the keyword prefer to set this NTP server as the preferred server version number Enter a num...

Страница 1078: ...65 UTC Wed Apr 1 2009 org CD7F5368 D0535000 15 8 24 813 UTC Thu Apr 2 2009 rec CD7F5368 D0000000 15 8 24 812 UTC Thu Apr 2 2009 xmt CD7F5368 D0000000 15 8 24 812 UTC Thu Apr 2 2009 inp CD7F5368 D1974000 15 8 24 818 UTC Thu Apr 2 2009 rtdel root delay rtdsp round trip dispersion refid reference id org rec last receive timestamp xmt transmit timestamp mode 3 client 4 server stratum 1 primary referen...

Страница 1079: ...spersion a signed fixed point number indicating the maximum error relative to the primary reference source at the root of the synchronization subnet in seconds Only positive values greater than zero are possible Reference Clock Identifier sys refid peer refid pkt refid This is a 32 bit code identifying the particular reference clock In the case of stratum 0 unspecified or stratum 1 primary referen...

Страница 1080: ... restarts based on the hardware clock when the switch reboots To set the software clock use the following command Set the system software clock to the current time and date EXEC Privilege mode clock set time month day year time enter the time in hours minutes seconds For the hour variable use the 24 hour format for example 17 15 00 is 5 15 pm month enter the name of one of the 12 months in English...

Страница 1081: ...timezone Pacific 8 Dell conf 01 40 19 RPM0 P CP CLOCK 6 TIME CHANGE Timezone configuration changed from UTC 0 hrs 0 mins to Pacific 8 hrs 0 mins Dell Set Daylight Saving Time Dell Networking OS supports setting the system to daylight saving time once or on a recurring basis every year Setting Daylight Saving Time Once Set a date and time zone on which to convert the switch to daylight saving time ...

Страница 1082: ...Time Set a date and time zone on which to convert the switch to daylight saving time on a specific day every year If you have already set daylight saving for a one time setting you can set that date and time as the recurring setting with the clock summer time time zone recurring command To set a recurring daylight saving time use the following command Set the clock to the appropriate timezone and ...

Страница 1083: ...ommand The following example shows the clock summer time recurring command Dell conf clock summer time pacific recurring Mar 14 2009 00 00 Nov 7 2009 00 00 Dell conf 02 02 13 RPM0 P CP CLOCK 6 TIME CHANGE Summertime configuration changed from none to Summer time starts 00 00 00 Pacific Sat Mar 14 2009 Summer time ends 00 00 00 pacific Sat Nov 7 2009 Dell conf clock summer time pacific recurring Ma...

Страница 1084: ...n address must be an IPv4 address If the tunnel mode is IPv6 the tunnel source address and the tunnel destination address must be an IPv6 address If the tunnel mode is IPv6 or IPIP you can use either an IPv6 address or an IPv4 address for the logical address of the tunnel but in IPv6IP mode the logical address must be an IPv6 address The following sample configuration shows a tunnel configured in ...

Страница 1085: ... if tu 3 tunnel mode ipv6 Dell conf if tu 3 ip address 3 1 1 1 24 Dell conf if tu 3 ipv6 address 3 1 64 Dell conf if tu 3 no shutdown Dell conf if tu 3 show config interface Tunnel 3 ip address 3 1 1 1 24 ipv6 address 3 1 64 tunnel destination 8 9 tunnel source 5 5 tunnel mode ipv6 no shutdown Configuring Tunnel Keepalive Settings You can configure a tunnel keepalive target keepalive interval and ...

Страница 1086: ...ace TenGigabitEthernet 1 1 ip address 20 1 1 1 24 ipv6 address 20 1 1 64 no shutdown Dell conf interface tunnel 1 Dell conf if tu 1 ip unnumbered tengigabitethernet 1 1 Dell conf if tu 1 ipv6 unnumbered tengigabitethernet 1 1 Dell conf if tu 1 tunnel source 40 1 1 1 Dell conf if tu 1 tunnel mode ipip decapsulate any Dell conf if tu 1 no shutdown Dell conf if tu 1 show config interface Tunnel 1 ip ...

Страница 1087: ...dress or interface but only with multipoint receive only mode tunnels The tunnel source anylocal command allows the multipoint receive only tunnel to decapsulate tunnel packets addressed to any IPv4 or IPv6 depending on the tunnel mode address configured on the switch that is operationally UP The following sample configuration shows the tunnel source anylocal command Dell conf interface tunnel 1 D...

Страница 1088: ...h upstream interfaces When upstream connectivity fails the switch disables the downstream links Failures on the downstream links allow downstream devices to recognize the loss of upstream connectivity For example as shown in the following illustration Switches S1 and S2 both have upstream connectivity to Router R1 and downstream connectivity to the server UFD operation is shown in Steps A through ...

Страница 1089: ...134 Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces The association of uplink and downlink interfaces is called an uplink state group An interface in an uplink state group can be a physical interface or a port channel LAG aggregation of physical interfaces Uplink Failure Detection UFD 1089 ...

Страница 1090: ...ue to insufficient bandwidth on the upstream links to the routers switches By default if all upstream interfaces in an uplink state group go down all downstream interfaces in the same uplink state group are put into a Link Down state Using UFD you can configure the automatic recovery of downstream ports in an uplink state group when the link status of an upstream port changes The tracking of upstr...

Страница 1091: ...an uplink state group goes down either a user configurable set of downstream ports or all the downstream ports in the group are put in an Operationally Down state with an UFD Disabled error The order in which downstream ports are disabled is from the lowest numbered port to the highest If one of the upstream interfaces in an uplink state group that was down comes up the set of UFD disabled downstr...

Страница 1092: ...ed Oper Down state if one upstream link in the group goes down UPLINK STATE GROUP mode downstream disable links number all number specifies the number of downstream links to be brought down The range is from 1 to 1024 all brings down all downstream links in the group The default is no downstream links are disabled when an upstream link goes down NOTE Downstream interfaces in an uplink state group ...

Страница 1093: ...nge of ports separated by a dash and or individual ports port channels in any order for example gigabitethernet tengigabitethernet 1 1 1 2 1 5 1 9 1 11 1 12 port channel 1 3 5 A comma is required to separate each port and port range entry clear ufd disable interface interface uplink state group group id re enables all UFD disabled downstream interfaces in the group The range is from 1 to 16 Exampl...

Страница 1094: ...TATE_UP Downstream interface cleared from UFD error disabled Fo 3 52 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interface state to up Fo 3 49 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interface state to up Fo 3 50 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interface state to up Fo 3 51 02 38 53 RPM0 P CP IFMGR 5 OSTATE_UP Changed interface state to up Fo 3 52 Displaying Uplink Failure Detec...

Страница 1095: ...ll show uplink state group detail Up Interface up Dwn Interface down Dis Interface disabled Uplink State Group 1 Status Enabled Up Upstream Interfaces Downstream Interfaces Uplink State Group 3 Status Enabled Up Upstream Interfaces Te 1 6 Up Te 1 7 Up Downstream Interfaces Te 3 1 Up Te 3 3 Up Te 3 5 Up Te 3 6 Up Uplink State Group 5 Status Enabled Down Upstream Interfaces Te 1 1 Dwn Te 1 3 Dwn Te ...

Страница 1096: ...ec 0 packets sec 0 00 of line rate Output 00 00 Mbits sec 0 packets sec 0 00 of line rate Time since last interface status change 00 01 23 The following example shows viewing the UFD configuration Dell show running config uplink state group no enable uplink state track 1 downstream TenGigabitEthernet 1 2 4 6 11 19 upstream TengigabitEthernet 1 8 12 upstream PortChannel 1 uplink state track 2 downs...

Страница 1097: ...up 3 description Testing UFD feature Dell conf uplink state group 3 show config uplink state group 3 description Testing UFD feature downstream disable links 2 downstream TenGigabitEthernet 1 1 2 5 9 11 12 upstream TenGigabitEthernet 1 3 4 Dell conf uplink state group 3 Dell conf uplink state group 3 exit Dell conf exit Dell 00 13 06 STKUNIT0 M CP SYS 5 CONFIG_I Configured from console by console ...

Страница 1098: ...ystem type follow the procedures in the Dell Networking OS Release Notes Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center You can reach Technical Support On the web http www dell com support By email Dell Force10_Technical_Support Dell com By phone US and Canada 866 965 5800 International 408 965 5800 59 Up...

Страница 1099: ... 1Q Virtual Bridged Local Area Networks In this guide also refer to Bulk Configuration in the Interfaces chapter VLAN Stacking in the Service Provider Bridging chapter For a complete listing of all commands related to Dell Networking OS VLANs refer to these Dell Networking OS Command Reference Guide chapters Interfaces 802 1X GARP VLAN Registration Protocol GVRP Service Provider Bridging Per VLAN ...

Страница 1100: ...port command and Dell Networking OS removes the interface from the Default VLAN A tagged interface requires an additional step to remove it from Layer 2 mode Because tagged interfaces can belong to multiple VLANs remove the tagged interface from all VLANs using the no tagged interface command Only after the interface is untagged and a member of the Default VLAN can you use the no switchport comman...

Страница 1101: ... inserted in the tag header Figure 136 Tagged Frame Format The tag header contains some key information that Dell Networking OS uses The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802 1Q specifications 2 bytes Tag control information TCI includes the VLAN ID 2 bytes total The VLAN ID can have 4 096 values but two are reserved NOTE The insertion of the tag header ...

Страница 1102: ...t based VLAN use the following command Configure a port based VLAN if the VLAN ID is different from the Default VLAN ID and enter INTERFACE VLAN mode CONFIGURATION mode interface vlan vlan id To activate the VLAN after you create a VLAN assign interfaces in Layer 2 mode to the VLAN Example of Verifying a Port Based VLAN To view the configured VLANs use the show vlan command in EXEC Privilege mode ...

Страница 1103: ...ces that are in Layer 2 mode use the show interfaces switchport command in EXEC Privilege mode or EXEC mode The following example shows the steps to add a tagged interface in this case port channel 1 to VLAN 4 To view the interface s status Interface po 1 is tagged and in VLAN 2 and 3 use the show vlan command In a port based VLAN use the tagged command to add the interface to another VLAN The sho...

Страница 1104: ...removes the untagged interface from a port based VLAN and places the interface in the Default VLAN You cannot use the no untagged interface command in the Default VLAN The following example shows the steps and commands to move an untagged interface from the Default VLAN to another VLAN To determine interface status use the show vlan command Interface 1 2 is untagged and in the Default VLAN vlan 1 ...

Страница 1105: ...ace VLANs and other logical interfaces in Layer 3 mode to receive and send routed traffic For more information refer to Bulk Configuration To assign an IP address use the following command Configure an IP address and mask on the interface INTERFACE mode ip address ip address mask secondary ip address mask Enter an address in dotted decimal format A B C D and the mask must be in slash format 24 sec...

Страница 1106: ... the interface for Switchport mode INTERFACE mode switchport 4 Add the interface to a tagged or untagged VLAN VLAN INTERFACE mode tagged untagged Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces each connected to a differ...

Страница 1107: ...scenario is virtual movement of servers across data centers Virtual movement enables live migration of running virtual machines VMs from one host to another without downtime For example consider a square VLT connecting two data centers If a VM VM1 on Server Rack 1 has C as its default gateway and VM1 performs a virtual movement to Server Rack 2 with no change in default gateway In this case L3 pac...

Страница 1108: ...nts in mind when you enable a VLT proxy gateway Proxy gateway is supported only for VLT for example across a VLT domain You must enable the VLT peer routing command for the VLT proxy gateway to function Asymmetric virtual local area network VLAN configuration such as the same VLAN configured with Layer 2 L2 mode on one VLT domain and L3 mode on another VLT domain is not supported You must always c...

Страница 1109: ... 60 success rate considering it takes a longer path When you remove and add back a MAC address L3 frames can be received out of order at the L3 cloud This happens when proxy gateway routing and sub optimal routing intersperse with each other Enabling the VLT Proxy Gateway To enable the VLT proxy gateway the system mac addresses of C and D in the local VLT domain must be installed in C1 and D1 in t...

Страница 1110: ...way LLDP to enable the proxy gateway LLDP TLV You must configure the interface proxy gateway LLDP to enable or disable a proxy gateway LLDP TLV on specific interfaces The interface is typically a VLT port channel that connects to a remote VLT domain The new proxy gateway TLV is carried on the physical links under the port channel only You must have at least one link connection to each unit of the ...

Страница 1111: ...domain 1 and C1 and D1 in the VLT domain 2 This causes sub optimal routing with the VLT Proxy Gateway LLDP method For VLT Proxy Gateway to work in this scenario you must configure the VLT peer mac transmit command under VLT Domain Proxy Gateway LLDP mode in both C and D VLT domain 1 and C1 and D1 VLT domain 2 This behavior is applicable only in the LLDP configuration and not required in the static...

Страница 1112: ...called VLAN 10 in C and D and in C1 and D1 If packets for VLAN 10 with C s MAC address C is in VLT domain 1 gets an L3 hit at C1 in VLT domain 2 they are switched to both D1 via ICL and C via inter DC link This may lead to packet duplication Therefore if C s MAC address is learned at C1 the packet does not flood to D1 and only switches to C and avoids packet duplication With the existing hardware ...

Страница 1113: ...mote VLT domain 1 Configure proxy gateway static in VLT Domain Configuration mode 2 Configure remote mac address mac address in VLT Domain Proxy Gateway LLDP mode Configure the system mac addresses of both C and D in C1 and also in D1 in the remote VLT domain and vice versa Sample Static Configuration on C switch or C1 switch Switch_C conf Switch_C conf vlt domain 1 Switch_C conf vlt domain1 proxy...

Страница 1114: ... upstream devices Eliminates STP blocked ports Provides a loop free topology Uses all available uplink bandwidth Provides fast convergence if either the link or a device fails Optimized forwarding with virtual router redundancy protocol VRRP Provides link level resiliency Assures high availability CAUTION Dell Networking does not recommend enabling Stacking and VLT simultaneously If you enable bot...

Страница 1115: ...ayer and VLT at the aggregation layer such that all the uplinks from servers to access and access to aggregation are in Active Active Load Sharing mode This example provides the highest form of resiliency scaling and load balancing in data center switching networks The following example shows stacking at the access VLT in aggregation and Layer 3 at the core The aggregation layer is mostly in the L...

Страница 1116: ...w the core aggregation port density in the Layer 2 topology is increased using eVLT For inter VLAN routing and other Layer 3 routing you need a separate Layer 3 router Figure 140 Enhanced VLT VLT Terminology The following are key VLT terms Virtual link trunk VLT The combined port channel between an attached device and the VLT peer switches VLT backup link The backup link monitors the vitality of V...

Страница 1117: ... and that you disable LACP on the VLTi Ensure that the spanning tree root bridge is at the Aggregation layer Refer to RSTP and VLT for guidelines to avoid traffic loss if you enable RSTP on the VLT device If you reboot both VLT peers in BMP mode and the VLT LAGs are static the DHCP server reply to the DHCP discover offer may not be forwarded by the ToR to the correct node To avoid this scenario co...

Страница 1118: ...er1 ignores the ARP requests that it receives on VLTi ICL and updates only the ARP requests that it receives on the local VLT As a result the remaining ARP requests still points to the Non VLT links and traffic does not reach half of the hosts To mitigate this issue ensure that you configure the following settings on both the Peers Peer1 and Peer2 arp learn enable and mac address table station mov...

Страница 1119: ...switches operate as separate chassis with independent control and data planes for devices attached to non VLT ports Port channel link aggregation LAG across the ports in the VLT interconnect is required individual ports are not supported Dell Networking strongly recommends configuring a static LAG for VLTi The VLT interconnect synchronizes L2 and L3 control plane information across the two chassis...

Страница 1120: ...nel as shown in Overview Up to 48 port channels are supported up to 16 member links are supported in each port channel between the VLT domain and an access device The discovery protocol running between VLT peers automatically generates the ID number of the port channel that connects an access device and a VLT switch The discovery protocol uses LACP properties to identify connectivity to a common c...

Страница 1121: ...ocal DA spaces for wild card functionality are required Software features supported on VLT physical ports In a VLT domain the following software features are supported on VLT physical ports 802 1p LLDP flow control IPv6 dynamic routing port monitoring and jumbo frames Software features not supported with VLT In a VLT domain the following software features are not supported on VLT ports 802 1x DHCP...

Страница 1122: ...ary and Secondary roles for VLT peers You can elect or configure the Primary Peer By default the peer with the lowest MAC address is selected as the Primary Peer You can configure another peer as the Primary Peer using the VLT domain domain id role priority priority value command If the VLTi link fails the status of the remote VLT Primary Peer is checked using the backup link If the remote VLT Pri...

Страница 1123: ...T LAG ICL Overall Bandwidth utilization of VLT ICL LAG port channel 25 crosses threshold Bandwidth usage 80 When the bandwidth usage drops below the 80 threshold the system generates another syslog message shown in the following message and an SNMP trap STKUNIT0 M CP VLTMGR 6 VLT LAG ICL Overall Bandwidth utilization of VLT ICL LAG port channel 25 reaches below threshold Bandwidth usage 74 VLT sho...

Страница 1124: ...nloaded to the newly enabled VLT node the system allows time for the VLT ports on the new node to be enabled and begin receiving traffic The delay restore feature waits for all saved configurations to be applied then starts a configurable timer After the timer expires the VLT ports are enabled one by one in a controlled manner The delay between bringing up each VLT port channel is proportional to ...

Страница 1125: ...t protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports VLT peer switches can act as a last hop router for IGMP receivers and as a first hop router for multicast sources Figure 141 PIM Sparse Mode Support on VLT Virtual Link Trunking VLT 1125 ...

Страница 1126: ... the multicast port use the show ip pim neighbor show ip igmp snooping mrouter and show running config commands You can configure virtual link trunking VLT peer nodes as rendezvous points RPs in a Protocol Independent Multicast PIM domain If the VLT node elected as the designated router fails and you enable VLT Multicast Routing multicast routes are synced to the other peer for traffic forwarding ...

Страница 1127: ... syslog and display in the show vlt mismatch command output If you enable VLT unicast routing the following actions occur L3 routing is enabled on any new IP address IPv6 address configured for a VLAN interface that is up L3 routing is enabled on any VLAN with an admin state of up NOTE If the CAM is full do not enable peer routing NOTE The peer routing and peer routing timeout is applicable for bo...

Страница 1128: ...ring PIM router If you connect multiple spanned VLANs to a PIM neighbor or if both spanned and non spanned VLANs can access the PIM neighbor ECMP can cause the PIM protocol running on each VLT peer node to choose a different VLAN or IP route to reach the PIM neighbor This can result in issues with multicast route syncing between peers Both VLT peers require symmetric Layer 2 and Layer 3 configurat...

Страница 1129: ...commends configuring the primary VLT peer as the RSTP primary root device and configuring the secondary VLT peer as the RSTP secondary root device BPDUs use the MAC address of the primary VLT peer as the RSTP bridge ID in the designated bridge ID field The primary VLT peer sends these BPDUs on VLT interfaces connected to access devices The MAC address for a VLT domain is automatically selected on ...

Страница 1130: ... never blocked In the case of a primary VLT switch failure the secondary switch starts sending BPDUs with its own bridge ID and inherits all the port states from the last synchronization with the primary switch An access device never detects the change in primary secondary roles and does not see it as a topology change The following examples show the RSTP configuration that you must perform on eac...

Страница 1131: ...s the MAC address and VLT primary secondary roles 5 Connect the peer switches in a VLT domain to an attached access device switch or server Configuring a VLT Interconnect To configure a VLT interconnect follow these steps 1 Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port channel id number Enter the same po...

Страница 1132: ...e time interval used to send hello messages The range is from 1 to 5 seconds 3 Configure the port channel to be used as the VLT interconnect between VLT peers in the domain VLT DOMAIN CONFIGURATION mode peer link port channel id number 4 Optional After you configure a VLT domain on each peer switch and connect cable the two VLT peers on each side of the VLT interconnect the system elects a primary...

Страница 1133: ...s ipv4 address mask ipv6 address ipv6 address mask This is the IP address to be configured on the VLT peer with the back up destination command 3 Ensure that the interface is active MANAGEMENT INTERFACE mode no shutdown 4 Configure a VLT backup link using the IPv4 or IPv6 address of the VLT peer s management interface MANAGEMENT INTERFACE mode back up destination ip address ipv4 address mask ipv6 ...

Страница 1134: ...on 3 Optional When you create a VLT domain on a switch Dell Networking OS automatically creates a VLT system MAC address used for internal system operations VLT DOMAIN CONFIGURATION mode system mac mac address mac address To explicitly configure the default MAC address for the domain by entering a new MAC address use the system mac command The format is aaaa bbbb cccc Also reconfigure the same MAC...

Страница 1135: ...rmation For a 40 Gigabit Ethernet interface enter the keyword fortyGigE then the slot port information 5 Ensure that the port channel is active INTERFACE PORT CHANNEL mode no shutdown 6 Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device INTERFACE PORT CHANNEL mode vlt peer lag port channel id number 7 Repeat Steps 1 to 6 on the...

Страница 1136: ...le To set up the VLT domain use the following commands 1 Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port channel id number Enter the same port channel number configured with the peer link port channel command in the Enabling VLT and Creating a VLT Domain 2 Add one or more port interfaces to the ...

Страница 1137: ...ed for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots 7 When you create a VLT domain on a switch Dell Networking OS automatically assigns a unique unit ID 0 or 1 to each peer switch VLT DOMAIN CONFIGURATION mode unit id 0 1 The unit IDs are used for internal system operations To explicitly configure the default values on e...

Страница 1138: ...7 Repeat steps 1 through 15 for the first VLT node in Domain 2 18 Repeat steps 1 through 15 for the VLT peer node in Domain 2 To verify the configuration of a VLT domain use any of the show commands described in Verifying a VLT Configuration VLT Sample Configuration To review a sample VLT configuration setup study these steps 1 Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2...

Страница 1139: ...he VLT peer link port channel id in VLT peer 1 and VLT peer 2 EXEC mode or EXEC Privilege mode show interfaces interface 11 In the top of rack unit configure LACP in the physical ports EXEC Privilege mode show running config entity 12 Verify that VLT is running EXEC mode show vlt brief or show vlt detail 13 Verify that the VLT LAG is running in both VLT peer units EXEC mode or EXEC Privilege mode ...

Страница 1140: ...1 206 43 Dell 4 Dell 4 show running config interface managementethernet 1 1 ip address 10 11 206 58 16 no shutdown Configure the VLT links between VLT peer 1 and VLT peer 2 to the Top of Rack unit In the following example port Te 1 4 in VLT peer 1 is connected to Te 1 8 of ToR and port Te 1 18 in VLT peer 2 is connected to Te 1 30 of ToR 1 Configure the static LAG LACP between the ports connected ...

Страница 1141: ...ng config interface port channel 100 interface Port channel 100 no ip address switchport no shutdown s60 1 show interfaces port channel 100 brief Codes L LACP Port channel LAG Mode Status Uptime Ports L 100 L2 up 03 33 48 Te 1 8 Up Te 1 30 Up Verify VLT is up Verify that the VLTi ICL link backup link connectivity heartbeat status and VLT peer link peer chassis are all up Dell show vlt br VLT Domai...

Страница 1142: ...and states on VLT ports and ensures that the VLT interconnect link is never blocked The PVST instance in Primary peer sends the role state of VLT LAGs for all VLANs to the Secondary peer The Secondary peer uses this information to program the hardware The PVST instance running in Secondary peer does not control the VLT LAGs Dell Networking recommends configuring the primary VLT peer as the primary...

Страница 1143: ...1 1cf4 9b79 128 3 Te 1 10 128 230 128 2000 FWD 0 0 90b1 1cf4 9b79 128 230 Te 1 13 128 233 128 2000 FWD 0 0 90b1 1cf4 9b79 128 233 Interface Name Role PortID Prio Cost Sts Cost Link type Edge Po 1 Desg 128 2 128 188 FWD 0 vltI P2P No Po 2 Desg 128 3 128 2000 FWD 0 vlt P2P No Te 1 10 Desg 128 230 128 2000 FWD 0 P2P Yes Te 1 13 Desg 128 233 128 2000 FWD 0 P2P No Dell eVLT Configuration Example The fo...

Страница 1144: ...on Peer 1 Domain_1_Peer1 conf interface port channel 100 Domain_1_Peer1 conf if po 100 switchport Domain_1_Peer1 conf if po 100 vlt peer lag port channel 100 Domain_1_Peer1 conf if po 100 no shutdown Add links to the eVLT port channel on Peer 1 Domain_1_Peer1 conf interface range tengigabitethernet 1 16 1 17 Domain_1_Peer1 conf if range te 1 16 17 port channel protocol LACP Domain_1_Peer1 conf if ...

Страница 1145: ...in back up destination 10 18 130 11 Domain_2_Peer3 conf vlt domain system mac mac address 00 0b 00 0b 00 0b Domain_2_Peer3 conf vlt domain unit id 0 Configure eVLT on Peer 3 Domain_2_Peer3 conf interface port channel 100 Domain_2_Peer3 conf if po 100 switchport Domain_2_Peer3 conf if po 100 vlt peer lag port channel 100 Domain_2_Peer3 conf if po 100 no shutdown Add links to the eVLT port channel o...

Страница 1146: ...t VLANs VLT_Peer1 conf interface vlan 4001 VLT_Peer1 conf if vl 4001 ip address 140 0 0 1 24 VLT_Peer1 conf if vl 4001 ip pim sparse mode VLT_Peer1 conf if vl 4001 tagged port channel 101 VLT_Peer1 conf if vl 4001 tagged port channel 102 VLT_Peer1 conf if vl 4001 no shutdown VLT_Peer1 conf if vl 4001 exit The following example shows how to configure the VLTi port as a static multicast router port ...

Страница 1147: ...e MAC address and priority of the locally attached VLT device EXEC mode show vlt role Display the current configuration of all VLT domains or a specified group on the switch EXEC mode show running config vlt Display statistics on VLT operation EXEC mode show vlt statistics Display the RSTP configuration on a VLT peer switch including the status of port channels used in the VLT interconnect trunk a...

Страница 1148: ...ssages Sent 1030 HeartBeat Messages Received 1014 The following example shows the show vlt brief command Dell show vlt brief VLT Domain Brief Domain ID 1 Role Secondary Role Priority 32768 ICL Link Status Up HeartBeat Status Up VLT Peer Status Up Version 6 3 Local System MAC address 00 01 e8 8a e9 91 Remote System MAC address 00 01 e8 8a e9 76 Remote system version 6 3 Delay Restore timer 90 secon...

Страница 1149: ... The following example shows the show running config vlt command Dell_VLTpeer1 show running config vlt vlt domain 30 peer link port channel 60 back up destination 10 11 200 18 Dell_VLTpeer2 show running config vlt vlt domain 30 peer link port channel 60 back up destination 10 11 200 20 The following example shows the show vlt statistics command Dell_VLTpeer1 show vlt statistics VLT Statistics Hear...

Страница 1150: ... ID Priority 0 Address 0001 e88a dff8 Root Bridge hello time 2 max age 20 forward delay 15 Bridge ID Priority 0 Address 0001 e88a dff8 We are the root Configured hello time 2 max age 20 forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID Po 1 128 2 128 200000 DIS 0 0 0001 e88a dff8 128 2 Po 3 128 4 128 200000 DIS 0 0 0001 e88a dff8 128 4 Po 4 128 5 128 200000 DIS ...

Страница 1151: ...gned to the same VLAN Dell_VLTpeer1 show vlan id 10 Codes Default VLAN G GVRP VLANs P Primary C Community I Isolated Q U Untagged T Tagged x Dot1x untagged X Dot1x tagged G GVRP tagged M Vlan stack H Hyperpull tagged NUM Status Description Q Ports 10 Active U Po110 Fo 1 51 T Po100 Fo 1 49 50 Configuring Virtual Link Trunking VLT Peer 2 Enable VLT and create a VLT domain with a backup link VLT inte...

Страница 1152: ...nnection to a VLT Domain From an Attached Access Switch On an access device verify the port channel connection to a VLT domain Dell_TORswitch conf show running config interface port channel 11 interface Port channel 11 no ip address switchport channel member fortyGigE 1 49 50 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur use the following information NOTE...

Страница 1153: ...nerated During run time a loop may occur as long as the mismatch lasts To resolve enable RSTP on both VLT peers Spanning tree mismatch at port level A syslog error message is generated A one time informational syslog message is generated Correct the spanning tree configuration on the ports System MAC mismatch A syslog error message and an SNMP trap are generated A syslog error message and an SNMP ...

Страница 1154: ...or both switches 5 Reload the stack and confirm the new configurations have been applied 6 On the Secondary switch stack unit 2 enter the command stack unit 2 renumber 1 7 Confirm the reload query 8 After reloading confirm that VLT is enabled 9 Confirm that the management ports are interconnected or connected to a switch that can transfer Heartbeat information Specifying VLT Nodes in a PVLAN You c...

Страница 1155: ... be a member of a normal VLAN or a PVLAN If you configure a VLT LAG to be a promiscuous port you can configure that LAG to be a member of PVLAN only If you configure a VLT LAG to be in access port mode you can add that LAG to be a member of the secondary VLAN only ARP entries are synchronized even when a mismatch occurs in the PVLAN mode of a VLT LAG Any VLAN that contains at least one VLT port as...

Страница 1156: ...eers this modification is synchronized with the other peers Depending on the validation mechanism that is initiated for MAC synchronization of VLT peers MAC addresses learned on a particular VLAN are either synchronized with the other peers or MAC addresses synchronized from the other peers on the same VLAN are deleted This method of processing occurs when the PVLAN mode of VLT LAGs is modified Be...

Страница 1157: ...s The ARP reply is sent with the MAC address of the primary VLAN The ARP request packet originates on the primary VLAN for the intended destination IP address The ARP request received on ICLs are not proxied even if they are received with a secondary VLAN tag This behavior change occurs because the node from which the ARP request was forwarded would have replied with its MAC address and the curren...

Страница 1158: ...es Promiscuous Promiscuous Primary Primary Yes Yes Secondary Community Secondary Community Yes Yes Secondary Isolated Secondary Isolated Yes Yes Promiscuous Trunk Primary Normal No No Promiscuous Trunk Primary Primary Yes No Access Access Secondary Community Secondary Community Yes Yes Primary VLAN X Primary VLAN X Yes Yes Access Access Secondary Isolated Secondary Isolated Yes Yes Primary VLAN X ...

Страница 1159: ... configuration of VLT nodes in a PVLAN enables Layer 2 security functionalities to be achieved This section describe how to configure a VLT VLAN or a VLT LAG VLTi link and assign that VLT interface to a PVLAN Creating a VLT LAG or a VLT VLAN 1 Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port channel id numb...

Страница 1160: ...VLT DOMAIN CONFIGURATION mode peer link port channel id number 8 Optional To configure a VLT LAG enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down VLT DOMAIN CONFIGURATION mode peer link port channel id number peer down vlan vlan interface number Associating the VLT LAG or VLT VLAN in a PVLAN 1 Access INTERFACE mode for the ...

Страница 1161: ...abled device answers the ARP requests that are destined for another host or router The local host forwards the traffic to the proxy ARP enabled device which in turn transmits the packets to the destination By default proxy ARP is enabled To disable proxy ARP use the no proxy arp command in Interface mode To re enable proxy ARP use the ip proxy arp command in Interface mode To view if proxy ARP is ...

Страница 1162: ...RP database because of peer routing timer expiry The source hardware address in the ARP response contains the VLT peer MAC address Proxy ARP is supported for both unicast and broadcast ARP requests Control packets other than ARP requests destined for the VLT peers that reach the undesired and incorrect VLT node are dropped if the ICL link is down Further processing is not done on these control pac...

Страница 1163: ...ed to the device Only S G routes are used to forward the multicast traffic from the source to the receiver You can configure VLT nodes which function as RP as Multicast source discovery protocol MSDP peers in different domains However you cannot configure the VLT peers as MSDP peers in the same VLT domain In such instances the VLT peer does not support the RP functionality If the same source or RP...

Страница 1164: ...eer 1 Configure the VLT domain Dell conf vlt domain 1 Dell conf vlt domain peer link port channel 1 Dell conf vlt domain back up destination 10 16 151 116 Dell conf vlt domain primary priority 100 Dell conf vlt domain system mac mac address 00 00 00 11 11 11 Dell conf vlt domain unit id 0 Dell conf vlt domain Dell show running config vlt vlt domain 1 peer link port channel 1 back up destination 10...

Страница 1165: ...conf if vl 50 vlan stack compatible Dell conf if vl 50 stack member port channel 10 Dell conf if vl 50 stack member port channel 20 Dell show running config interface vlan 50 interface Vlan 50 vlan stack compatible member Port channel 10 20 shutdown Dell Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN Stack VLAN Dell show vlan id 50 Codes Default VLAN G GVRP VLANs R R...

Страница 1166: ...onfig interface port channel 10 interface Port channel 10 no ip address switchport vlan stack access vlt peer lag port channel 10 no shutdown Dell Dell conf interface port channel 20 Dell conf if po 20 switchport Dell conf if po 20 vlt peer lag port channel 20 Dell conf if po 20 vlan stack trunk Dell conf if po 20 no shutdown Dell show running config interface port channel 20 interface Port channe...

Страница 1167: ... support VLT This functionality performs the following operations Forwarding control traffic to the correct VLT node when the control traffic reaches the wrong VLT node due to hashing at the VLT LAG level on the ToR Routing the data traffic which is destined to peer VLT node Synchronizing neighbor entries learned on VLT VLAN interfaces between the primary and secondary node Synchronizing the IP ad...

Страница 1168: ... a node from Neighbor advertisements NA ND entries synchronization scenarios When you enable and configure VLT on both VLT node1 and node2 any dynamically learned ND entry in VLT node1 be synchronizes instantaneously to VLT node2 and vice versa The link local address also synchronizes if learned on the VLT VLAN interface During failure cases when a VLT node goes down and comes back up all the ND e...

Страница 1169: ...is case the solicited NA has the destination address field set to the unicast MAC address of the initial NS sender This solicited NA must be tunneled when they reach the wrong peer Sometimes NA messages are sent by a node when its link layer address changes This NA message is sent as an unsolicited NA to advertise its new address and the destination address field is set to the link local scope of ...

Страница 1170: ...f IPv6 Peer Routing in a VLT Domain Consider a sample scenario as shown in the following figure in which two VLT nodes Unit1 and Unit2 are connected in a VLT domain using an ICL or VLTi link To the south of the VLT domain Unit1 and Unit2 are connected to a ToR switch named Node B Also Unit1 is connected to another node Node A and Unit2 is linked to a node Node C The network between the ToR and the...

Страница 1171: ...om VLT Hosts Consider an example in which NA for VLT node1 reaches VLT node1 on the VLT interface and NA for VLT node1 reaches VLT node2 due to LAG level hashing in ToR When VLT node1 receives NA on VLT interface it learns the Host MAC address on VLT interface This learned neighbor entry is synchronized to VLT node2 as it is learned on VLT interface of Node2 If VLT node2 receives a NA packet on VL...

Страница 1172: ...raffic to one of the VLT nodes using a global IP or Link Local address When the host communicates with the VLT node using LLA and traffic reaches the wrong peer due to LAG level hashing in the ToR the wrong peer routes the packet to correct the VLT node though the destination IP is LLA Consider a case in which traffic destined for VLT node1 reaches VLT node1 on the VLT interface and traffic destin...

Страница 1173: ...s traffic to VLT interface If traffic reaches wrong VLT peer it routes the traffic over ICL Non VLT host to Non VLT host traffic flow When VLT node receives traffic from non VLT host intended to the non VLT host it does neighbor entry lookup and routes traffic over ICL interface If traffic reaches wrong VLT peer it routes the traffic over ICL Router Solicitation When VLT node receives router Solic...

Страница 1174: ...oint VTEP functionality VXLAN is a technology where in the data traffic from the virtualized servers is transparently transported over an existing legacy network Figure 145 VXLAN Gateway Topics Components of VXLAN network Functional Overview of VXLAN Gateway VXLAN Frame Format Configuring and Controlling VXLAN from the NVP Controller GUI 63 Virtual Extensible LAN VXLAN 1174 ...

Страница 1175: ...way function is NSX from VMWare The top level functions of NVP are Provide a GUI for creating service gateways Manage the VTEPs Binds Port and VLAN Install VTEP tunnels Distribute the VTEPs to MAC binding to all relevant VTEPs Provide an interface for cloud orchestration in cloud data center management VTEP VXLAN Tunnel End Point VTEPs work as the open vSwitch running on the hypervisor on a virtua...

Страница 1176: ...etworks VTEP is responsible for identifying and binding a Port and VLAN to a logical network VTEP maintains MAC bindings to a VTEP VTEP is typically managed by a network orchestrator When the device functions as VTEP VXLAN from VMWare is the network orchestrator VXLAN communicates with the VTEP using a standard protocol called OvsDb Protocol The protocol uses the JSON RPC based message format The ...

Страница 1177: ...s Source Address It is the source MAC address of the router that routes the packet VLAN It is optional in a VXLAN implementation and will be designated by an ethertype of 0 8100 and has an associated VLAN ID tag Ethertype It is set to 0 0800 because the payload packet is an IPv4 packet The initial VXLAN draft does not include an IPv6 implementation but it is planned for the next draft Outer IP Hea...

Страница 1178: ...hat is the VXLAN Network Identifier Reserved A set of fields 24 bits and 8 bits that are reserved and set to zero Frame Check Sequence FCS Note that the original Ethernet frame s FCS is not included but new FCS is generated on the outer Ethernet frame Configuring and Controlling VXLAN from the NVP Controller GUI To configure and control VXLAN from the NVP controller GUI follow these steps 1 Create...

Страница 1179: ...Figure 147 Create Hypervisor Figure 148 Edit Hypervisor Figure 149 Create Transport Connector Virtual Extensible LAN VXLAN 1179 ...

Страница 1180: ...te Service Node 3 Create VXLAN Gateway To create a VXLAN L2 Gateway the IP address of the Gateway is mandatory The following is the snapshot of the user interface in creating a VXLAN Gateway Figure 151 Create Gateway 4 Create Logical Switch You can create a logical network by creating a logical switch The logical network acts as the forwarding domain for workloads on the physical as well as virtua...

Страница 1181: ...ting to NVP controller 2 Advertising VXLAN access ports to controller Connecting to an NVP Controller To connect to an NVP controller use the following commands 1 feature vxlan CONFIGURATION mode feature vxlan You must configure feature VXLAN to configure vxlan instance 2 vxlan instance CONFIGURATION mode vxlan instance instance ID The platform supports only the instance ID 1 in the initial releas...

Страница 1182: ...mmand configures a VXLAN Access Port into a VXLAN instance INTERFACE mode vxlan instance Examples of the show vxlan instance Command Dell show vxlan vxlan instance 1 Instance 1 Admin State enabled Management IP 192 168 200 200 Gateway IP 3 3 3 3 MAX Backoff 30000 Controller 1 192 168 122 6 6632 ssl connected Fail Mode secure Port List Fo 1 49 Te 1 6 Te 1 8 Po 2 The following example shows the show...

Страница 1183: ...an vxlan instance unicast mac local command Dell show vxlan vxlan instance 1 unicast mac local Total Local Mac Count 5 VNI MAC PORT VLAN 4656 00 00 02 00 03 00 Te 1 17 0 4656 00 00 02 00 03 01 Te 1 17 0 4656 00 00 02 00 03 02 Te 1 17 0 4656 00 00 02 00 03 03 Te 1 17 0 4656 00 00 02 00 03 04 Te 1 17 0 Dell show vxlan vxlan instance 1 unicast mac local Total Local Mac Count 5 VNI MAC PORT VLAN 4656 ...

Страница 1184: ...ame VNID bffc3be0 13e6 4745 9f6b 0bcbc5877f01 4656 Dell n instance 1 logical network n 2a8d5d19 8845 4365 ad04 243f0b6df252 Name 2a8d5d19 8845 4365 ad04 243f0b6df252 Description Tunnel Key 2 VFI 28674 Unknown Multicast MAC Tunnels 192 168 122 133 vxlan_over_ipv4 up Port Vlan Bindings Te 0 80 VLAN 0 0x80000001 Fo 0 124 VLAN 0 0x80000004 The following example shows the show vxlan vxlan instance stat...

Страница 1185: ...e nodes for forwarding Broadcast unknown Unicast and Multicast Traffic BUM When one of the service nodes goes down or bfd is down in that service node the gateway switches to the alternate service node for Broadcast unknown Unicast and Multicast Traffic BUM Examples of the show bfd neighbors command To verify that the session is established use the show bfd neighbors command Dell_GW1 show bfd neig...

Страница 1186: ...PNs for customers VRF is also referred to as VPN routing and forwarding VRF acts like a logical router while a physical router may include many routing tables a VRF instance uses only a single routing table VRF uses a forwarding table that designates the next hop for each data packet a list of devices that may be called upon to forward the packet and a set of rules and routing protocols that gover...

Страница 1187: ...ce by using Forwarding Information Bases FIBs A network device may have the ability to configure different virtual routers where entries in the FIB that belong to one VRF cannot be accessed by another VRF on the same device Only Layer 3 interfaces can belong to a VRF VRF is supported on following types of interface Physical Ethernet interfaces Port channel interfaces static dynamic using LACP VLAN...

Страница 1188: ...RF Feature Capability Support Status for Default VRF Support Status for Non default VRF Configuration rollback for commands introduced or modified Yes No LLDP protocol on the port Yes No 802 1x protocol on the VLAN port Yes No OSPF RIP ISIS BGP on physical and logical interfaces Yes Yes NOTE OSPF supported on all VRF ports OSPF V2 and BGP V4 are supported on non default VRF ports also Others suppo...

Страница 1189: ...nterfaces and LAGs Yes No IPv4 ARP Yes Yes IPv6 Neighbor Discovery Yes Yes Layer 2 ACLs on VLANs Yes No FEED Yes No Layer 2 QoS Yes Yes Support for storm control broadcast and unknown unicast Yes No sFlow Yes No VRRP on physical and logical interfaces Yes Yes VRRPV3 Yes Yes Secondary IP Addresses Yes No Following IPv6 capabilities No Basic Yes No OSPFv3 Yes Yes IS IS Yes Yes BGP Yes Yes ACL Yes No...

Страница 1190: ...Loading VRF CAM Load CAM memory for the VRF feature CONFIGURATION feature vrf After you load VRF CAM CLI parameters that allow you to configure non default VRFs are made available on the system Creating a Non Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances 1 to 63 and the default VRF 0 Create a non default VRF instance by specifying a name and VRF I...

Страница 1191: ...host interface NOTE You cannot assign loop back and port channel interfaces to a management port To assign a front end port to a management VRF perform the following steps 1 Enter the front end interface that you want to assign to a management interface CONFIGURATION interface tengigabitethernet 1 1 2 Assign the interface to management VRF INTERFACE CONFIGURATION ip vrf forwarding management Befor...

Страница 1192: ... the OSPF Process ID cannot be used again in the system Enable the OSPFv2 process globally for a VRF instance Enter the VRF key word and instance name to tie the OSPF instance to the VRF All network commands under this OSPF instance are subsequently tied to the VRF instance CONFIGURATION router ospf process id vrf vrf name The process id range is from 0 65535 Configuring VRRP on a VRF Instance You...

Страница 1193: ...ress 10 1 1 100 no shutdown View VRRP command output for the VRF vrf1 show vrrp vrf vrf1 TenGigabitEthernet 1 13 IPv4 VRID 10 Version 2 Net 10 1 1 1 VRF 2 vrf1 State Master Priority 100 Master 10 1 1 1 local Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 43 Gratuitous ARP sent 0 Virtual MAC address 00 00 5e 00 01 0a Virtual IP address 10 1 1 100 Authentication none C...

Страница 1194: ...r Set NS retransmit interval used and advertised in RA ipv6 nd suppress ra Suppress IPv6 Router Advertisements ipv6 ad ipv6 address IPv6 Address Detection ipv6 ad autoconfig IPv6 stateless auto configuration ipv6 address ipv6 address Configure IPv6 address on an interface NOTE The command line help still displays relevant details corresponding to each of these commands However these interface rang...

Страница 1195: ...Sample VRF Configuration The following configuration illustrates a typical VRF set up Figure 155 Setup OSPF and Static Routes Virtual Routing and Forwarding VRF 1195 ...

Страница 1196: ...hown in the above illustrations Router 1 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface TenGigabitEthernet 3 1 no ip address switchport no shutdown interface TenGigabitEthernet 1 1 ip vrf forwarding blue ip address 10 0 0 1 24 no shutdown Virtual Routing and Forwarding VRF 1196 ...

Страница 1197: ...n ip address 3 0 0 1 24 tagged TenGigabitEthernet 3 1 no shutdown router ospf 1 vrf blue router id 1 0 0 1 network 1 0 0 0 24 area 0 network 10 0 0 0 24 area 0 router ospf 2 vrf orange router id 2 0 0 1 network 2 0 0 0 24 area 0 network 20 0 0 0 24 area 0 ip route vrf green 31 0 0 0 24 3 0 0 2 Router 2 ip vrf blue 1 ip vrf orange 2 ip vrf green 3 interface TenGigabitEthernet 3 1 no ip address swit...

Страница 1198: ...ork 1 0 0 0 24 area 0 passive interface TenGigabitEthernet 2 1 router ospf 2 vrf orange router id 2 0 0 2 network 21 0 0 0 24 area 0 network 2 0 0 0 24 area 0 passive interface TenGigabitEthernet 2 2 ip route vrf green30 0 0 0 24 3 0 0 1 The following shows the output of the show commands on Router 1 Router 1 Dell show ip vrf VRF Name VRF ID Interfaces default vrf 0 Te 3 1 3 3 Te 1 3 1 47 Te 2 1 2...

Страница 1199: ... OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active route summary route Gateway of last resort is not set Destination Gateway Dist Metric Last Change C 2 0 0 0 24 Direct Vl 192 0 0 00 20 55 C 20 0 0 0 24 Direct Te 1 2 0 0 00 10 05 O 21 0 0 0 24 via 2 0 0 2 ...

Страница 1200: ...nnected S static R RIP B BGP IN internal BGP EX external BGP LO Locally Originated O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 i IS IS L1 IS IS level 1 L2 IS IS level 2 IA IS IS inter area candidate default non active route summary route Gateway of last resort is not set Destination Gateway Dist Metric Last Cha...

Страница 1201: ...e summary route Gateway of last resort is not set Destination Gateway Dist Metric Last Change C 3 0 0 0 24 Direct Vl 256 0 0 00 26 27 S 30 0 0 0 24 via 3 0 0 1 Vl 256 1 0 00 17 03 C 31 0 0 0 24 Direct Te 2 3 0 0 00 20 19 Dell Route Leaking VRFs Static routes can be used to redistribute routes between non default to default non default VRF and vice versa You can configure route leaking between two ...

Страница 1202: ... to various other VRFs The destinations or target VRFs then import these IPv4 or IPv6 routes using the ip route import tag or the ipv6 route import tag command respectively NOTE In Dell Networking OS you can configure at most one route export per VRF as only one set of routes can be exposed for leaking However you can configure multiple route import targets because a VRF can accept routes from mul...

Страница 1203: ...s mask A non default VRF named VRF Shared is created and the interface 1 4 is assigned to this VRF 2 Configure the export target in the source VRF ip route export 1 1 3 Configure VRF red ip vrf vrf red interface type slot port subport ip vrf forwarding VRF red ip address ip address mask A non default VRF named VRF red is created and the interface is assigned to this VRF 4 Configure the import targ...

Страница 1204: ... import 1 1 ip vrf VRF Green ip vrf VRF shared ip route export 1 1 ip route import 2 2 ip route import 3 3 Show routing tables of all the VRFs without any route export and route import tags being configured Dell show ip route vrf VRF Red O 11 1 1 1 32 via 111 1 1 1 110 0 00 00 10 C 111 1 1 0 24 Direct Te 1 11 0 0 22 39 59 Dell show ip route vrf VRF Blue O 22 2 2 2 32 via 122 2 2 2 110 0 00 00 11 C...

Страница 1205: ...er the sourced or Leaked route from some other VRF then route Leaking for that particular prefix fails and the following error log is thrown SYSLOG Duplicate prefix found s in the target VRF d address import_vrf_id with The type level is EVT_LOGWARNING The source routes always take precedence over leaked routes The leaked routes are deleted as soon as routes are locally learnt by the VRF using oth...

Страница 1206: ... end to define the filtering criteria based on which the routes are imported into VRF blue You can define a route map import_ospf_protocol and then specify the match criteria as OSPF using the match source protocol ospf command You can then use the ip route import route map command to import routes matching the filtering criteria defined in the import_ospf_protocol route map For a reply communicat...

Страница 1207: ..._ospfbgp_protocol ip route import 2 2 this action exports only the OSPF and BGP routes to other VRFs ip vrf vrf Blue ip route export 2 2 ip route import 1 1 import_ospf_protocol this action accepts only OSPF routes from VRF red even though both OSPF as well as BGP routes are shared The show VRF commands displays the following output Dell show ip route vrf VRF Blue C 122 2 2 0 24 Direct Te 1 22 0 0...

Страница 1208: ...Similarly when two VRFs leak or export routes there is no option to discretely filter leaked routes from each source VRF Meaning you cannot import one set of routes from VRF red and another set of routes from VRF blue Virtual Routing and Forwarding VRF 1208 ...

Страница 1209: ...d allows for up to 255 VRRP routers on a network The following example shows a typical network configuration using VRRP Instead of configuring the hosts on the network 10 10 10 0 with the IP address of either Router A or Router B as their default router their default router is the IP address configured on the virtual router When any host on the LAN segment wants to access the Internet it sends pac...

Страница 1210: ...dent on internal gateway protocol IGP protocols to converge or update routing tables VRRP Implementation Within a single VRRP group up to 12 virtual IP addresses are supported Virtual IP addresses can belong to the primary or secondary IP address subnet configured on the interface You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet Virtu...

Страница 1211: ... dead interval may cause packets to be dropped during that switch over time Table 99 Recommended VRRP Advertise Intervals Recommended Advertise Interval Groups Interface Total VRRP Groups Groups Interface Less than 250 1 second 12 Between 250 and 450 2 3 seconds 24 Between 450 and 600 3 4 seconds 36 Between 600 and 800 4 seconds 48 Between 800 and 1000 5 seconds 84 Between 1000 and 1200 7 seconds ...

Страница 1212: ...fying VRRP The following examples how to configure VRRP Dell conf interface tengigabitethernet 1 1 Dell conf if te 1 1 vrrp group 111 Dell conf if te 1 1 vrid 111 The following examples how to verify the VRRP configuration Dell conf if te 1 1 show conf interface TenGigabitEthernet 1 1 ip address 10 10 10 1 24 vrrp group 111 no shutdown Configuring the VRRP Version for an IPv4 Group For IPv4 you ca...

Страница 1213: ...up_switch1 conf if te 1 1 vrid 100 version both Dell_backup_switch2 conf if te 1 2 vrid 100 version both 2 Set the master switch to VRRP protocol version 3 Dell_master_switch conf if te 1 1 vrid 100 version 3 3 Set the backup switches to version 3 Dell_backup_switch1 conf if te 1 1 vrid 100 version 3 Dell_backup_switch2 conf if te 1 2 vrid 100 version 3 Assign Virtual IP addresses Virtual routers ...

Страница 1214: ...erface primary or secondary IP address On a stack system if a force failover is performed on a master stack unit the VRRP virtual addresses are disabled To re enable VRRP execute the mac address table station move refresh arp command Configuring a Virtual IP Address To configure a virtual IP address use the following commands 1 Configure a VRRP group INTERFACE mode vrrp group vrrp id The VRID rang...

Страница 1215: ...ontains either Master or Backup Setting VRRP Group Virtual Router Priority Setting a virtual router priority to 255 ensures that router is the owner virtual router for the VRRP group VRRP elects the MASTER router by choosing the router with the highest priority The default priority for a virtual router is 100 The higher the number the higher the priority If the MASTER router fails VRRP begins the ...

Страница 1216: ...he password in its VRRP transmission The receiving router uses that password to verify the transmission NOTE You must configure all virtual routers in the VRRP group the same you must enable authentication with the same password or authentication is disabled NOTE Authentication for VRRPv3 is not supported To configure simple authentication use the following command Configure a simple text password...

Страница 1217: ...no preempt Dell conf if te 1 1 vrid 111 The following example shows how to verify preempt is disabled using the show conf command Dell conf if te 1 1 vrid 111 show conf vrrp group 111 authentication type simple 7 387a7f2df5969da4 no preempt priority 255 virtual address 10 10 10 1 virtual address 10 10 10 2 virtual address 10 10 10 3 virtual address 10 10 10 10 Changing the Advertisement Interval B...

Страница 1218: ...is from 1 to 255 seconds The default is 1 second For VRRPv3 change the advertisement centisecs interval setting INTERFACE VRID mode advertise interval centisecs centisecs The range is from 25 to 4075 centisecs in units of 25 centisecs The default is 100 centisecs Examples of the advertise interval Command The following example shows how to change the advertise interval using the advertise interval...

Страница 1219: ...ter the keyword fortyGigE then the slot port information For a port channel interface enter the keywords port channel then a number For a VLAN interface enter the keyword vlan then a number from 1 to 4094 For a virtual group you can also track the status of a configured object the track object id command by entering its object number NOTE You can configure a tracked object for a VRRP group using t...

Страница 1220: ...entication type simple 7 387a7f2df5969da4 no preempt priority 255 track TenGigabitEthernet 1 2 virtual address 10 10 10 1 virtual address 10 10 10 2 virtual address 10 10 10 3 virtual address 10 10 10 10 The following example shows verifying the tracking status Dell show track Track 2 IPv6 route 2040 64 metric threshold Metric threshold is Up STATIC 0 0 5 changes last change 00 02 16 Metric thresh...

Страница 1221: ...bles normally NOTE When you reload a node that contains VRRP configuration and is enabled for VLT Dell Networking recommends that you configure the reload timer by using the vrrp delay reload command to ensure that VRRP is functional Otherwise when you reload a VLT node configured for VRRP the local destination address is not seen on the reloaded node causing suboptimal routing Set the delay timer...

Страница 1222: ...p VRRP review the following sample configurations VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration You can copy and paste from the example to your CLI To support your own IP addresses interfaces names and so on be sure that you mak...

Страница 1223: ...terface tengigabitethernet 2 31 R2 conf if te 2 31 ip address 10 1 1 1 24 R2 conf if te 2 31 vrrp group 99 R2 conf if te 2 31 vrid 99 priority 200 R2 conf if te 2 31 vrid 99 virtual 10 1 1 3 R2 conf if te 2 31 vrid 99 no shut R2 conf if te 2 31 show conf interface TenGigabitEthernet 2 31 ip address 10 1 1 1 24 Virtual Router Redundancy Protocol VRRP 1223 ...

Страница 1224: ...rnet 3 21 R3 conf if te 3 21 ip address 10 1 1 2 24 R3 conf if te 3 21 vrrp group 99 R3 conf if te 3 21 vrid 99 virtual 10 1 1 3 R3 conf if te 3 21 vrid 99 no shut R3 conf if te 3 21 show conf interface TenGigabitEthernet 3 21 ip address 10 1 1 1 24 vrrp group 99 virtual address 10 1 1 3 no shutdown R3 conf if te 3 21 end R3 show vrrp TenGigabitEthernet 3 21 VRID 99 Net 10 1 1 2 State Backup Prior...

Страница 1225: ...nues to be MASTER even if one of two routers has a higher IP or IPv6 address The following example shows configuring VRRP for IPv6 Router 2 and Router 3 Configure a virtual link local fe80 address for each VRRPv3 group created for an interface The VRRPv3 group becomes active as soon as you configure the link local address Afterward you can configure the group s virtual IPv6 address Virtual Router ...

Страница 1226: ...Net fe80 201 e8ff fe6a c59f VRF 0 default vrf State Master Priority 100 Master fe80 201 e8ff fe6a c59f local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 135 Virtual MAC address 00 00 5e 00 02 0a Virtual IP address 1 10 fe80 10 Router 3 R3 conf interface tengigabitethernet 1 2 R3 conf if te 1 2 no ipv6 addres...

Страница 1227: ...ssociated with each VRF Both Switch 1 and Switch 2 have three VRF instances defined VRF 1 VRF 2 and VRF 3 Each VRF has a separate physical interface to a LAN switch and an upstream VPN interface to connect to the Internet Both Switch 1 and Switch 2 use VRRP groups on each VRF instance in order that there is one MASTER and one backup router for each VRF In VRF 1 and VRF 2 Switch 2 serves as owner m...

Страница 1228: ...rrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S1 conf if te 1 1 vrid 101 priority 100 S1 conf if te 1 1 vrid 101 virtual address 10 10 1 2 S1 conf if te 1 1 no shutdown S1 conf interface TenGigabitEthernet 1 2 S1 conf if te 1 2 ip vrf forwarding VRF 2 S1 conf if te 1 2 ip address 10 10 1 6 24 S1 conf if te 1 2 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF...

Страница 1229: ...f ip vrf VRF 3 3 S2 conf interface TenGigabitEthernet 1 1 S2 conf if te 1 1 ip vrf forwarding VRF 1 S2 conf if te 1 1 ip address 10 10 1 2 24 S2 conf if te 1 1 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if te 1 1 vrid 101 priority 255 S2 conf if te 1 1 vrid 101 virtual address 10 10 1 2 S2 conf if te 1 1 no shutdown S2 conf interface TenGigabitEthernet 1 2 S...

Страница 1230: ...conf if te 1 1 interface vlan 100 S1 conf if vl 100 ip vrf forwarding VRF 1 S1 conf if vl 100 ip address 10 10 1 5 24 S1 conf if vl 100 tagged TenGigabitethernet 1 1 S1 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S1 conf if vl 100 vrid 101 priority 100 S1 conf if vl 100 vrid 101 virtual address 10 10 1 2 S1 conf if vl 100 no shutdown S1 conf if te 1 1 ...

Страница 1231: ...hport S2 conf if te 1 1 no shutdown S2 conf if te 1 1 interface vlan 100 S2 conf if vl 100 ip vrf forwarding VRF 1 S2 conf if vl 100 ip address 10 10 1 2 24 S2 conf if vl 100 tagged TenGigabitethernet 1 1 S2 conf if vl 100 vrrp group 11 Info The VRID used by the VRRP group 11 in VRF 1 will be 177 S2 conf if vl 100 vrid 101 priority 255 S2 conf if vl 100 vrid 101 virtual address 10 10 1 2 S2 conf i...

Страница 1232: ...sion 2 Net 20 1 1 2 VRF 1 vrf1 State Backup Priority 90 Master 20 1 1 1 Hold Down 0 sec Preempt TRUE AdvInt 1 sec Adv rcvd 377 Bad pkts rcvd 0 Adv sent 0 Gratuitous ARP sent 0 Virtual MAC address 00 00 5e 00 01 0a Virtual IP address 20 1 1 100 Authentication none Dell show vrrp vrf vrf2 port channel 1 Port channel 1 IPv4 VRID 1 Version 2 Net 10 1 1 1 VRF 2 vrf2 State Master Priority 100 Master 10 ...

Страница 1233: ...te from the example to your CLI Be sure you make the necessary changes to support your own IP addresses interfaces names and so on NOTE In a VRRP or VRRPv3 group if two routers come up with the same priority and another router already has MASTER status the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address Router 2 R2 conf interface tengigab...

Страница 1234: ...local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0 Adv sent 135 Virtual MAC address 00 00 5e 00 02 0a Virtual IP address 1 10 fe80 10 NOTE Although R2 and R3 have the same default priority 100 R2 is elected master in the VRRPv3 group because the Tengigabitethernet 1 1 interface has a higher IPv6 address than the Tengi...

Страница 1235: ...pkts rcvd 0 Adv sent 120 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 10 1 1 255 fe80 255 Dell Dell show vrrp vrf vrf1 vlan 400 Vlan 400 IPv6 VRID 255 Version 3 Net fe80 201 e8ff fe8a e9ed VRF 1 vrf1 State Master Priority 200 Master fe80 201 e8ff fe8a e9ed local Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 0 Bad pkts rcvd 0...

Страница 1236: ...l 1 Port channel 1 IPv6 VRID 255 Version 3 Net fe80 201 e8ff fe8a fd76 VRF 2 vrf2 State Backup Priority 90 Master fe80 201 e8ff fe8a e9ed Hold Down 0 centisec Preempt TRUE AdvInt 100 centisec Accept Mode FALSE Master AdvInt 100 centisec Adv rcvd 548 Bad pkts rcvd 0 Adv sent 0 Virtual MAC address 00 00 5e 00 02 ff Virtual IP address 10 1 1 255 fe80 255 Virtual Router Redundancy Protocol VRRP 1236 ...

Страница 1237: ...nts on the board are put into Loopback mode and test packets are transmitted through those components Level 2 diagnostics also perform snake tests using virtual local area network VLAN configurations Important Points to Remember You can only perform offline diagnostics on an offline standalone unit or offline member unit of a stack of three or more You cannot perform diagnostics on the management ...

Страница 1238: ...T 6 DA_DIAG_DONE Diags finished on stack unit 0 Dell 00 09 42 Diagnostic test results are stored on file flash TestReport SU 0 txt Diags completed Rebooting the system now Mar 12 10 40 35 S6000 0 DIAGAGT 6 DA_DIAG_DONE Diags finished on stack unit 1 Diagnostic results are printed to a file in the flash using the filename format TestReport SU stack unit id txt Log messages differ somewhat when diag...

Страница 1239: ... unit will be pulled out of the stack for diagnostic execution Proceed with Diags confirm yes no yes Warning diagnostic execution will cause multiple link flaps on the peer side advisable to shut directly connected ports Proceed with Diags confirm yes no yes Dell 00 03 13 S25P 2 DIAGAGT 6 DA_DIAG_STARTED Starting diags on stack unit 2 00 03 13 Approximate time to complete these Diags 6 Min 00 03 1...

Страница 1240: ...t 1 001 Psu Power Good Test PASS Test 1 Psu Power Good Test FAIL diagS4810ChkPsuPresence 625 ERROR Psu 0 is not present Test 2 000 Fan Psu Status test NOT PRESENT Test 2 001 Fan Psu Status test PASS Test 2 Fan Psu Status Test FAIL Test 3 000 Fan board presence Test PASS Test 3 001 Fan board presence Test PASS Test 3 Fan Board Presence Test PASS Test 4 000 Board Fan Status Test PASS Test 4 001 Boar...

Страница 1241: ...ing the show file command from the flash TRACE_LOG_DIR directory On a Standby unit you can reach the TRACE_LOG_DIR files only by using the show file command from the flash TRACE_LOG_DIR directory NOTE Non management member units do not support this functionality Last Restart Reason If the system restarts for some reason automatically or manually the show system command output includes the reason f...

Страница 1242: ...U must process View the modular packet buffers details per stack unit and the mode of allocation EXEC Privilege mode show hardware stack unit 1 6 buffer total buffer View the modular packet buffers details per unit and the mode of allocation EXEC Privilege mode show hardware stack unit 1 6 buffer unit 0 1 total buffer View the forwarding plane statistics containing the packet buffer usage per port...

Страница 1243: ... replication View the internal statistics for each port pipe unit on per port basis EXEC Privilege mode show hardware stack unit 1 6 unit 0 1 port stats detail View the stack unit internal registers for each port pipe EXEC Privilege mode show hardware stack unit 1 6 unit 0 1 register View the tables from the bShell through the CLI without going into the bShell EXEC Privilege mode show hardware sta...

Страница 1244: ...52 Temp High Warning threshold 70 000C QSFP 52 Voltage High Warning threshold 3 465V QSFP 52 Bias High Warning threshold 9 500mA QSFP 52 RX Power High Warning threshold 1 738mW QSFP 52 Temp Low Warning threshold 0 000C QSFP 52 Voltage Low Warning threshold 3 135V QSFP 52 Bias Low Warning threshold 1 000mA QSFP 52 RX Power Low Warning threshold 0 112mW QSFP 52 Temperature 30 602C QSFP 52 Voltage 3 ...

Страница 1245: ... 2 Check air flow through the system Ensure that the air ducts are clean and that all fans are working correctly 3 After the software has determined that the temperature levels are within normal limits you can re power the card safely To bring back the line card online use the power on command in EXEC mode In addition to control airflow for adequate system cooling Dell Networking requires that you...

Страница 1246: ...TxPower OID displays the transmitting power of the connected optics Temperature 1 3 6 1 4 1 6027 3 10 1 2 5 1 7 chSysPortXfpRecvTemp OID displays the temperature of the connected optics NOTE These OIDs only generate if you enable the enable optic info update interval is enabled command Hardware MIB Buffer Statistics 1 3 6 1 4 1 6027 3 27 1 4 dellNetFpPacketBufferTable View the modular packet buffe...

Страница 1247: ...edicated buffer this pool is reserved memory that other interfaces cannot use on the same ASIC or by other queues on the same interface This buffer is always allocated and no dynamic re carving takes place based on changes in interface status Dedicated buffers introduce a trade off They provide each interface with a guaranteed minimum buffer to prevent an overused and congested interface from star...

Страница 1248: ...tem performance The default values work for most cases As a guideline consider tuning buffers if traffic is bursty and coming from several interfaces In this case Reduce the dedicated buffer on all queues interfaces Increase the dynamic buffer on all interfaces Increase the cell pointers on a queue that you are expecting will receive the largest number of packets To define change and apply buffers...

Страница 1249: ...mory this allocation is called oversubscription If you choose to oversubscribe the dynamic allocation a burst of traffic on one interface might prevent other interfaces from receiving the configured dynamic allocation which causes packet loss You cannot allocate more than the available memory for the dedicated buffers If the system determines that the sum of the configured dedicated buffers alloca...

Страница 1250: ... ip address mtu 9216 switchport no shutdown buffer policy myfsbufferprofile The following example shows viewing the default buffer profile on an interface Dell show buffer profile detail interface tengigabitethernet 1 10 Interface Te 1 10 Buffer profile fsqueue fp Dynamic buffer 1256 00 Kilobytes Queue Dedicated Buffer Buffer Packets Kilobytes 0 3 00 256 1 3 00 256 2 3 00 256 3 3 00 256 4 3 00 256...

Страница 1251: ...lays Error User defined buffer profile already applied Failed to apply global pre defined buffer profile Please remove all user defined buffer profiles Similarly when you configure buffer profile global you cannot not apply a buffer profile on any single interface A message similar to the following displays Error Global pre defined buffer profile already applied Failed to apply user defined buffer...

Страница 1252: ...ac eg acl in acl stack unit stack unit number port set 0 pipeline 0 3 show hardware ip qos stack unit stack unit number port set 0 show hardware system flow layer2 stack unit stack unit number port set 0 counters pipeline 0 3 show hardware drops interface interface show hardware buffer stats snapshot resource interface interface show hardware buffer inteface interface priority group id all queue i...

Страница 1253: ...COS1 0 HOL DROPS on COS2 0 HOL DROPS on COS3 0 HOL DROPS on COS4 0 HOL DROPS on COS5 0 HOL DROPS on COS6 0 HOL DROPS on COS7 0 HOL DROPS on COS8 0 HOL DROPS on COS9 0 HOL DROPS on COS10 0 HOL DROPS on COS11 0 HOL DROPS on COS12 0 HOL DROPS on COS13 0 HOL DROPS on COS14 0 HOL DROPS on COS15 0 HOL DROPS on COS16 0 HOL DROPS on COS17 0 TxPurge CellErr 0 Aged Drops 0 Egress MAC counters Egress FCS Dro...

Страница 1254: ...0 0 3 3 0 0 0 0 0 4 4 0 0 0 0 0 5 5 0 0 0 0 0 6 6 0 0 0 0 0 7 7 0 0 0 0 0 8 8 0 0 0 0 0 9 9 0 0 0 0 0 10 10 0 0 0 0 0 11 11 0 0 0 0 0 12 12 0 0 0 0 0 13 13 0 0 0 0 0 14 14 0 0 0 0 0 15 15 0 0 0 0 0 16 16 0 0 0 0 0 17 17 2144854 0 124904297 0 0 18 18 0 0 0 0 0 19 19 0 0 0 0 0 20 20 0 0 0 0 0 21 21 0 0 0 0 0 22 22 0 0 0 0 0 23 23 0 0 0 0 0 24 24 0 0 0 0 0 25 25 0 0 0 0 0 26 26 0 0 0 0 0 27 27 0 0 0 ...

Страница 1255: ...0 0 0 0 0 40 40 0 0 0 0 0 41 41 0 0 0 0 0 42 42 0 0 0 0 0 43 43 0 0 0 0 0 44 44 0 0 0 0 0 45 45 0 0 0 0 0 46 46 0 0 0 0 0 47 47 0 0 0 0 0 48 48 0 0 0 0 0 49 49 0 0 0 0 0 49 50 0 0 0 0 0 49 51 0 0 0 0 0 49 52 0 0 0 0 0 52 61 0 0 0 0 0 52 62 0 0 0 0 0 52 63 0 0 0 0 0 52 64 0 0 0 0 0 53 65 0 0 0 0 0 53 66 0 0 0 0 0 53 67 0 0 0 0 0 53 68 0 0 0 Debugging and Diagnostics 1255 ...

Страница 1256: ...ics on a per queue basis The objective is to see whether CPU bound traffic is internal so called party bus or IPC traffic or network control traffic which the CPU must process Example of Viewing Dataplane Statistics Dell show hardware stack unit 1 cpu data plane statistics bc pci driver statistics for device rxHandle 773 noMhdr 0 noMbuf 0 noClus 0 recvd 773 dropped 0 recvToNet 773 rxError 0 rxFwdE...

Страница 1257: ...s 78 over 1023 byte pkts 0 Multicasts 5 Broadcasts 0 runts 0 giants 0 throttles 0 CRC 0 overrun 0 discarded Output Statistics 1649714 packets 1948622676 bytes 0 underruns 0 64 byte pkts 27234 over 64 byte pkts 107970 over 127 byte pkts 34 over 255 byte pkts 504838 over 511 byte pkts 1009638 over 1023 byte pkts 0 Multicasts 0 Broadcasts 1649714 Unicasts 0 throttles 0 discarded 0 collisions Rate inf...

Страница 1258: ...e counter 0 RX Double VLAN tag frame counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 46 TX 64 to 127 Byte Frame Counter 0 TX 128 to 255 Byte Frame Counter 0 TX 256 to 511 Byte Frame Counter 0 TX 512 to 1023 Byte Frame Counter 0 TX 1024 to 1518 Byte Frame Counter 0 TX 1519 to 1522 Byte Good VLAN Frame Counter 0 TX 1519 to 2047 Byte Frame Cou...

Страница 1259: ...unter 0 RX Double VLAN tag frame counter 0 RX RUNT frame counter 0 RX Fragment counter 0 RX VLAN tagged packets 0 TX 64 Byte Frame Counter 0 TX 64 to 127 Byte Frame Counter 0 TX 128 to 255 Byte Frame Counter 0 TX 256 to 511 Byte Frame Counter 0 TX 512 to 1023 Byte Frame Counter 0 TX 1024 to 1518 Byte Frame Counter 0 TX 1519 to 1522 Byte Good VLAN Frame Counter 0 TX 1519 to 2047 Byte Frame Counter ...

Страница 1260: ...X Oversized Frame Counter 0 RX Jabber Frame Counter 0 RX VLAN Tag Frame Counter 0 RX Double VLAN Tag Frame Counter 0 RX RUNT Frame Counter 0 RX Fragment Counter 0 RX VLAN Tagged Packets 0 RX Ingress Dropped Packet 0 RX MTU Check Error Frame Counter 0 RX PFC Frame Priority 0 0 RX PFC Frame Priority 1 0 RX PFC Frame Priority 2 0 RX PFC Frame Priority 3 0 RX PFC Frame Priority 4 0 RX PFC Frame Priori...

Страница 1261: ... member or standby unit crashes the mini core file gets uploaded to master unit When the master unit crashes the mini core file is uploaded to new master The panic string contains key information regarding the crash Several panic string types exist and they are displayed in regular English text to enable easier understanding of the crash cause Example of Application Mini Core Dump Listings Dell di...

Страница 1262: ...y specifying the snap length to capture the file headers only The tcpdump command has a finite run process When you enable the tcpdump command it runs until the capture duration timer and or the packet count counter threshold is met If you do not set a threshold the system uses a default of a 5 minute capture duration and or a single 1k file as the stopping point for the dump You can use the captu...

Страница 1263: ...o related RFCs Topics IEEE Compliance RFC and I D Compliance MIB Location IEEE Compliance The following is a list of IEEE compliance 802 1AB LLDP 802 1D Bridging STP 802 1p L2 Prioritization 802 1Q VLAN Tagging Double VLAN Tagging GVRP 802 1s MSTP 802 1w RSTP 802 1X Network Access Control Port Authentication 802 3ab Gigabit Ethernet 1000BASE T 802 3ac Frame Extensions for VLAN Tagging 802 3ad Link...

Страница 1264: ...ing table lists the Dell Networking OS support per platform for general internet protocols Table 103 General Internet Protocols RFC Full Name Z Series S Series 768 User Datagram Protocol 7 6 1 793 Transmission Control Protocol 7 6 1 854 Telnet Protocol Specification 7 6 1 959 File Transfer Protocol FTP 7 6 1 1321 The MD5 Message Digest Algorithm 7 6 1 1350 The TFTP Protocol Revision 2 7 6 1 1661 T...

Страница 1265: ...tion General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols Table 104 General IPv4 Protocols R F C Full Name Z Series S Series 7 9 1 Internet Protocol 7 6 1 7 9 2 Internet Control Message Protocol 7 6 1 8 2 6 An Ethernet Address Resolution Protocol 7 6 1 1 0 2 7 Using ARP to Implement Transparent Subnet Gateways 7 6 1 1 0 3 5 DOMAIN ...

Страница 1266: ...tation and Analysis 7 6 1 1 5 1 9 Classless Inter Domain Routing CIDR an Address Assignment and Aggregation Strategy 7 6 1 1 5 4 2 Clarifications and Extensions for the Bootstrap Protocol 7 6 1 1 8 1 2 Requirements for IP Version 4 Routers 7 6 1 2 1 3 1 Dynamic Host Configuration Protocol 7 6 1 2 3 3 8 Virtual Router Redundancy Protocol VRRP 7 6 1 3 0 Using 31 Bit Prefixes on IPv4 7 7 1 Standards ...

Страница 1267: ...of the Tiny Fragment Attack 7 6 1 General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols Table 105 General IPv6 Protocols RF C Full Name Z Series S Series 18 86 DNS Extensions to support IP version 6 7 8 1 19 81 Pa rtia l Path MTU Discovery for IP version 6 7 8 1 24 60 Internet Protocol Version 6 IPv6 Specificatio n 7 8 1 Standards C...

Страница 1268: ... 271 1 IPv6 Router Alert Option 8 3 12 0 35 87 IPv6 Global Unicast Address Format 7 8 1 40 07 IPv6 Scoped Address Architecture 8 3 12 0 42 91 Internet Protocol Version 6 IPv6 Addressing Architecture 7 8 1 44 43 Internet Control Message Protocol ICMPv6 for the IPv6 Specificatio n 7 8 1 48 61 Neighbor Discovery for IPv6 8 3 12 0 48 62 IPv6 Stateless Address 8 3 12 0 Standards Compliance 1268 ...

Страница 1269: ...P 4 Multiprotocol Extensions for IPv6 Inter Domain Routing 2796 BGP Route Reflection An Alternative to Full Mesh Internal BGP IBGP 7 8 1 2842 Capabilities Advertisement with BGP 4 7 8 1 2858 Multiprotocol Extensions for BGP 4 7 8 1 2918 Route Refresh Capability for BGP 4 7 8 1 3065 Autonomous System Confederations for BGP 7 8 1 4360 BGP Extended Communities Attribute 7 8 1 4893 BGP Support for Fou...

Страница 1270: ...Packets and Congestion Avoidance 7 6 1 Intermediate System to Intermediate System IS IS The following table lists the Dell Networking OS support per platform for IS IS protocol Table 108 Intermediate System to Intermediate System IS IS RFC Full Name S Series 1142 OSI IS IS Intra Domain Routing Protocol ISO DP 10589 1195 Use of OSI IS IS for Routing in TCP IP and Dual Environments 2763 Dynamic Host...

Страница 1271: ...th 02 Extended Ethernet Frame Size Support Routing Information Protocol RIP The following table lists the Dell Networking OS support per platform for RIP protocol Table 109 Routing Information Protocol RIP RFC Full Name S Series 1058 Routing Information Protocol 7 8 1 2453 RIP Version 7 8 1 4191 Default Router Preferences and More Specific Routes 8 3 12 0 Multicast The following table lists the De...

Страница 1272: ... network management protocol Table 111 Network Management RFC Full Name S4810 1155 Structure and Identification of Management Information for TCP IP based Internets 7 6 1 1156 Management Information Base for Network Management of TCP IP based internets 7 6 1 1157 A Simple Network Management Protocol SNMP 7 6 1 1212 Concise MIB Definitions 7 6 1 1215 A Convention for Defining Traps for use with the...

Страница 1273: ...ents for Internet Standard Management Framework 7 6 1 2571 An Architecture for Describing Simple Network Management Protocol SNMP Management Frameworks 7 6 1 2572 Message Processing and Dispatching for the Simple Network Management Protocol SNMP 7 6 1 2574 User based Security Model USM for version 3 of the Simple Network Management Protocol SNMPv3 7 6 1 2575 View based Access Control Model VACM fo...

Страница 1274: ... Alarm Table Event Table Log Table 7 6 1 2863 The Interfaces Group MIB 7 6 1 2865 Remote Authentication Dial In User Service RADIUS 7 6 1 3273 Remote Network Monitoring Management Information Base for High Capacity Networks 64 bits Ethernet Statistics High Capacity Table Ethernet History High Capacity Table 7 6 1 3416 Version 2 of the Protocol Operations for the Simple Network Management Protocol ...

Страница 1275: ...on Base for Intermediate System to Intermediate System IS IS isisSysObject top level scalar objects isisISAdjTable isisISAdjAreaAddrTable isisISAdjIPAddrTable isisISAdjProtSuppTable draft ietf netmod interfaces cfg 03 Defines a YANG data model for the configuration of network interfaces Used in the Programmatic Interface RESTAPI feature 9 2 0 0 IEEE 802 1AB Management Information Base module for L...

Страница 1276: ...rprise Chassis MIB FORCE10 IF EXTENSION MIB Force10 Enterprise IF Extension MIB extends the Interfaces portion of the MIB 2 RFC 1213 by providing proprietary SNMP OIDs for other counters displayed in the show interfaces output 7 6 1 FORCE10 LINKAGG MIB Force10 Enterprise Link Aggregation MIB 7 6 1 FORCE10 CHASSIS MIB Force10 E Series Enterprise Chassis MIB FORCE10 COPY CONFIG MIB Force10 File Copy...

Страница 1277: ...can obtain a list of selected MIBs and their OIDs at the following URL https www force10networks com CSPortal20 Main Login aspx Some pages of iSupport require a login To request an iSupport account go to https www force10networks com CSPortal20 AccountRequest AccountRequest aspx If you have forgotten or lost your account information contact Dell TAC for assistance Standards Compliance 1277 ...

Результаты поиска

Содержание S4048T

Отзывы:

Похожие инструкции для S4048T

Бренды по названию

Популярные бренды

Dell S4048T, Руководство по настройке

Результаты поиска

Содержание S4048T

Отзывы:

Похожие инструкции для S4048T

Бренды по названию

Популярные бренды