Page 1 Dell Configuration Guide for the S4820T System 9.8(0.0)
Page 2 WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright, 2009 – 2015 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell and the Dell logo are trademarks of Dell Inc.
Page 3: Table Of Contents
Contents 1 About this Guide....................36 ..............................36 Audience ............................36 Conventions ..........................37 Related Documents 2 Configuration Fundamentals................38 ......................38 Accessing the Command Line ............................38 CLI Modes ........................40 Navigating CLI Modes ..........................44 The do Command ...........................45 Undoing Commands ............................ 45 Obtaining Help .......................
Page 4 ..........61 Enabling Software Features on Devices Using a Command Option ........................62 View Command History ......................62 Upgrading Dell Networking OS ......................62 Using HTTP for File Transfers ..................63 Using Hashes to Validate Software Images 4 Management......................65 ....................... 65 Configuring Privilege Levels ....................65...
Page 5 ....................84 Configuring FTP Client Parameters ............................. 85 Terminal Lines ..............85 Denying and Permitting Access to a Terminal Line ..............86 Configuring Login Authentication for Terminal Lines ..................87 Setting Time Out of EXEC Privilege Mode ................88 Using Telnet to get to Another Network Device ......................89 Lock CONFIGURATION Mode ..................89...
Page 6 8 Access Control Lists (ACLs)................130 ......................131 IP Access Control Lists (ACLs) ..........................132 CAM Usage ................133 Implementing ACLs on Dell Networking OS ........................134 IP Fragment Handling ....................... 134 IP Fragments ACL Examples ....................... 135 Layer 4 ACL Rules Examples ......................
Page 7 ................145 Applying Egress Layer 3 ACLs (Control-Plane) ............................145 IP Prefix Lists ...................... 146 Implementation Information ..................146 Configuration Task List for Prefix Lists ..........................150 ACL Resequencing .................... 151 Resequencing an ACL or Prefix List ............................152 Route Maps .......................153 Implementation Information ......................153 Important Points to Remember...
Page 8 ............................207 AS Path ............................. 207 Next Hop ..........................208 Multiprotocol BGP ..................208 Implement BGP with Dell Networking OS ...................208 Additional Path (Add-Path) Support ..............209 Advertise IGP Cost as MED for Redistributed Routes ..............210 Ignore Router-ID for Some Best-Path Calculations .......................
Page 9 ....................241 Changing the NEXT_HOP Attribute ....................241 Changing the WEIGHT Attribute ........................242 Enabling Multipath ........................242 Filtering BGP Routes ..................244 Filtering BGP Routes Using Route Maps ..............244 Filtering BGP Routes Using AS-PATH Information .....................245 Configuring BGP Route Reflectors ........................246 Aggregating Routes ....................
Page 10 .......................284 Priority-Based Flow Control ..................... 285 Enhanced Transmission Selection ..............286 Data Center Bridging Exchange Protocol (DCBx) ..................287 Data Center Bridging in a Traffic Flow ......................287 Enabling Data Center Bridging .......................288 DCB Maps and its Attributes ..................289 Data Center Bridging: Default Configuration ..................290 Configuring Priority-Based Flow Control .....................
Page 11 ..............328 PFC and ETS Configuration Command Examples ............... 328 QoS dot1p Traffic Classification and Queue Assignment ..................330 Configuring the Dynamic Buffer Method 14 Dynamic Host Configuration Protocol (DHCP)........332 ....................332 DHCP Packet Format and Options ....................334 Assign an IP Address using DHCP ......................
Page 12 ....................358 Creating an ECMP Group Bundle ..................358 Modifying the ECMP Group Threshold 16 FCoE Transit....................360 ......................360 Fibre Channel over Ethernet ..............360 Ensure Robustness in a Converged Ethernet Network ....................362 FIP Snooping on Ethernet Bridges ......................364 FIP Snooping in a Switch Stack ...........................364 Using FIP Snooping...
Page 13 Component Redundancy ........................397 RPM Redundancy ................399 Automatic and Manual Stack Unit Failover ..........400 Support for RPM Redundancy by Dell Networking OS Version ............ 400 Synchronization between Management and Standby Units ....................400 Configuring RPM Redundancy ......................402 Online Insertion and Removal ...................
Page 14 ..........................413 Configure IGMP ....................... 413 Related Configuration Tasks ....................414 Viewing IGMP Enabled Interfaces ........................414 Selecting an IGMP Version ........................415 Viewing IGMP Groups ..........................415 Adjusting Timers ..................415 Adjusting Query and Response Timers .....................416 Enabling IGMP Immediate-Leave ..........................416 IGMP Snooping ................417 IGMP Snooping Implementation Information...
Page 15 ......................436 Egress Interface Selection (EIS) ....................436 Important Points to Remember ........................... 436 Configuring EIS ........................437 Management Interfaces ..................437 Configuring Management Interfaces ...............439 Configuring Management Interfaces on the S-Series ..........................440 VLAN Interfaces .........................440 Loopback Interfaces ........................... 441 Null Interfaces ........................
Page 16 .......................465 Enabling Pause Frames ..................466 Configure the MTU Size on an Interface ............................467 Port-Pipes ..................467 Auto-Negotiation on Ethernet Interfaces .............467 Setting the Speed and Duplex Mode of Ethernet Interfaces ....................469 Set Auto-Negotiation Options ..................... 470 View Advanced Interface Information ..................471 Configuring the Interface Sampling Size ..........................
Page 17 IPv6 Headers ........................501 IPv6 Header Fields ......................503 Extension Header Fields ...........................504 Addressing ..................505 Implementing IPv6 with Dell Networking OS .............................. 507 ICMPv6 ......................... 508 Path MTU Discovery ........................508 IPv6 Neighbor Discovery ................. 509 IPv6 Neighbor Discovery of MTU Packets ..................
Page 18 Information Monitored in iSCSI Traffic Flows ..........526 Detection and Auto-Configuration for Dell EqualLogic Arrays ..........526 Configuring Detection and Ports for Dell Compellent Arrays ........527 Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer ..................527 Enable and Disable iSCSI Optimization ....................
Page 19 ....................556 Leaks from One Level to Another ........................557 Sample Configurations 28 Link Aggregation Control Protocol (LACP)..........560 ..................560 Introduction to Dynamic LAGs and LACP ....................560 Important Points to Remember ..........................561 LACP Modes ....................561 Configuring LACP Commands ........................
Page 20 30 Link Layer Discovery Protocol (LLDP)............590 .........................590 802.1AB (LLDP) Overview ........................590 Protocol Data Units ............................ 591 Optional TLVs ........................592 Management TLVs ......................594 TIA-1057 (LLDP-MED) Overview .....................594 TIA Organizationally Specific TLVs ..........................599 Configure LLDP ...................... 599 Related Configuration Tasks ....................
Page 21 Adding and Removing Interfaces ..................649 Creating Multiple Spanning Tree Instances ....................650 Influencing MSTP Root Selection ...............651 Interoperate with Non-Dell Networking OS Bridges ..................651 Changing the Region Name or Revision ......................652 Modifying Global Parameters ....................653 Modifying the Interface Parameters ........................654...
Page 22 ................688 Designated and Backup Designated Routers ....................688 Link-State Advertisements (LSAs) ......................690 Router Priority and Cost ......................691 OSPF with Dell Networking OS ...........................691 Graceful Restart ..................692 Fast Convergence (OSPFv2, IPv4 Only) ....................693 Multi-Process OSPFv2 with VRF ..................693 RFC-2328 Compliant OSPF Flooding ........................694...
Page 23 OSPFv3 Authentication Using IPsec ......................726 Troubleshooting OSPFv3 37 Policy-based Routing (PBR)................. 728 ............................728 Overview ............. 729 Implementing Policy-based Routing with Dell Networking OS ................730 Configuration Task List for Policy-based Routing ......................730 PBR Exceptions (Permit) ........................731 Create a Redirect List ......................731...
Page 24 Configuring the Encapsulated Remote Port Mirroring ............764 Changes to Default BehaviorConfiguration steps for ERPM ................766 ERPM Behavior on a typical Dell Networking OS ..........766 Decapsulation of ERPM packets at the Destination IP/ Analyzer 41 Private VLANs (PVLAN).................. 768 ........................768 Private VLAN Concepts ....................769...
Page 25 ................... 783 Modifying Interface PVST+ Parameters ........................784 Configuring an EdgePort ....................785 PVST+ in Multi-Vendor Networks ....................785 Enabling PVST+ Extend System ID ......................786 PVST+ Sample Configurations 43 Quality of Service (QoS)................788 ......................790 Implementation Information ....................... 791 Port-Based QoS Configurations ................
Page 26 ......................825 Implementation Information ....................... 825 Configuration Information ....................... 825 Configuration Task List ......................833 RIP Configuration Example 45 Remote Monitoring (RMON)................839 ......................839 Implementation Information ..........................839 Fault Recovery ......................840 Setting the rmon Alarm ...................... 841 Configuring an RMON Event ................... 842 Configuring RMON Collection Statistics ................842 Configuring the RMON Collection History...
Page 27 ..................... 901 Enable VLAN-Stacking for a VLAN ..........901 Configuring the Protocol Type Value for the Outer VLAN Tag ............902 Configuring Dell Networking OS Options for Trunk Ports ......................903 Debugging VLAN Stacking .................903 VLAN Stacking in Multi-Vendor Networks ..................907 VLAN Stacking Packet Drop Precedence ......................907...
Page 28 ...................909 Dynamic Mode CoS for VLAN Stacking ..................910 Mapping C-Tag to S-Tag dot1p Values .......................911 Layer 2 Protocol Tunneling ...................... 913 Implementation Information ..................914 Enabling Layer 2 Protocol Tunneling ..............914 Specifying a Destination MAC Address for BPDUs ......................914 Setting Rate-Limit BPDUs ..................
Page 29 ....................933 Enabling a Subset of SNMP Traps ..............935 Enabling an SNMP Agent to Notify Syslog Server Failure .................... 936 Copy Configuration Files Using SNMP ..................... 938 Copying a Configuration File ..................939 Copying Configuration Files via SNMP ............939 Copying the Startup-Config Files to the Running-Config ............
Page 30 ........................ 968 Split an S-Series Stack .................... 968 S-Series Stacking Configuration Tasks ..............969 Assigning Unit Numbers to Units in an S-Series Stack ..............969 Creating a Virtual Stack Unit on an S-Series Stack ............... 969 Displaying Information about an S-Series Stack ..........972 Influencing Management Unit Selection on an S-Series Stack ................
Page 31 Disabling NTP on an Interface ..............1003 Configuring a Source IP Address for NTP Packets ....................1004 Configuring NTP Authentication ....................1007 Dell Networking OS Time and Date ......................1007 Configuration Task List ............. 1007 Setting the Time and Date for the Switch Software Clock ........................1007 Setting the Timezone ......................1008...
Page 32 .......................... 1028 Port-Based VLANs .........................1029 VLANs and Port Tagging ........................1029 Configuration Task List ....................1029 Creating a Port-Based VLAN ....................1030 Assigning Interfaces to a VLAN ....................1032 Moving Untagged Interfaces ...................1033 Assigning an IP Address to a VLAN ......................1033 Configuring Native VLANs ..................1034 Enabling Null VLAN as the Default VLAN...
Page 33 ........................1073 Troubleshooting VLT ..................1074 Reconfiguring Stacked Switches as VLT ....................1075 Specifying VLT Nodes in a PVLAN ................1076 Association of VLTi as a Member of a PVLAN ..............1076 MAC Synchronization for VLT Nodes in a PVLAN ..............1077 PVLAN Operations When One VLT Peer is Down ..............
Page 34 .............. 1110 Configuring Route Leaking without Filtering Criteria ................. 1113 Configuring Route Leaking with Filtering 63 Virtual Router Redundancy Protocol (VRRP).......... 1116 ..........................1116 VRRP Overview ...........................1117 VRRP Benefits ........................1117 VRRP Implementation .........................1118 VRRP Configuration ......................1118 Configuration Task List ....................1128 Setting VRRP Initialization Delay .....................1129...
Page 35 ......................1167 General IPv4 Protocols ......................1168 General IPv6 Protocols ....................1168 Border Gateway Protocol (BGP) ....................1169 Open Shortest Path First (OSPF) ............... 1170 Intermediate System to Intermediate System (IS-IS) ..................1170 Routing Information Protocol (RIP) ............................. 1171 Multicast ....................... 1171 Network Management ............................1178 MIB Location...
Page 36: About This Guide
This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. The S4820T platform is available with Dell Networking OS version 8.3.19.0 and beyond. The S4820T platform is available with Dell Networking OS version 8.3.19.0 and beyond. S4820T stacking is supported with Dell Networking OS version 8.3.19.0 and beyond.
Page 37: Related Documents
Related Documents For more information about the Dell Networking switches, refer to the following documents: • Dell Networking OS Command Reference • Installing the System • Dell Quick Start Guide • Dell Networking OS Release Notes About this Guide...
Page 38: Configuration Fundamentals
In Dell Networking OS, after you enable a command, it is entered into the running configuration file. You can view the current configuration for the whole system or for a particular CLI mode. To save the current configuration, copy the running configuration to another location.
Page 39 Security chapter. The Dell Networking OS CLI is divided into three major mode levels: • EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information.
Page 40: Navigating Cli Modes
Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level.
Page 41 CLI Command Mode Prompt Access Command CONFIGURATION • From EXEC privilege mode, Dell(conf)# enter the configure command. • From every mode except EXEC and EXEC Privilege, enter the exit command. NOTE: Access all of the following modes from CONFIGURATION mode.
Page 42 Per-VLAN SPANNING TREE Plus Dell(config-pvst)# protocol spanning-tree pvst PREFIX-LIST Dell(conf-nprefixl)# ip prefix-list RAPID SPANNING TREE Dell(config-rstp)# protocol spanning-tree rstp REDIRECT Dell(conf-redirect-list)# ip redirect-list ROUTE-MAP Dell(config-route-map)# route-map ROUTER BGP Dell(conf-router_bgp)# router bgp BGP ADDRESS-FAMILY Dell(conf-router_bgp_af)# address-family {ipv4 (for IPv4) multicast | ipv6 unicast}...
Page 43 CLI Command Mode Prompt Access Command LLDP Dell(conf-lldp)# or protocol lldp (CONFIGURATION or INTERFACE Dell(conf-if—interface- Modes) lldp)# LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE line console orline vty Dell(config-line-console) or Dell(config-line-vty) MONITOR SESSION Dell(conf-mon-sess- monitor session sessionID)# OPENFLOW INSTANCE...
Page 44: The Do Command
INTERFACE, SPANNING TREE, and so on.) without having to return to EXEC mode by preceding the EXEC mode command with the do command. The following example shows the output of the do command. Dell(conf)#do show system brief Stack MAC : 00:01:e8:00:66:64 Reload-Type...
Page 45: Undoing Commands
For example, to delete an IP address configured on an interface, use the no ip address ip-address command. NOTE: Use the help or ? command as described in Obtaining Help. Example of Viewing Disabled Commands Dell(conf)#interface tengigabitethernet 4/17 Dell(conf-if-te-4/17)#ip address 192.168.10.1/24 Dell(conf-if-te-4/17)#show config interface TenGigabitEthernet 4/17 ip address 192.168.10.1/24 no shutdown...
Page 46: Entering And Editing Commands
Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands. • The CLI is not case-sensitive. • You can enter partial CLI keywords. – Enter the minimum number of letters to uniquely identify a command. For example, you cannot enter cl as a partial keyword because both the clock and class-map commands begin with the letters “cl.”...
Page 47: Command History
Dell(conf)#do show system brief | grep 0 not present NOTE: Dell Networking OS accepts a space or no space before and after the pipe. To filter a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks.
Page 48 The save command copies the output to a file for future reference. NOTE: You can filter a single command output multiple times. The save option must be the last option entered. For example: Dell# command | grep regular-expression | except regular-expression | grep other-regular-expression | find regular-expression | save.
Page 49: Multiple Users In Configuration Mode
Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode. A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the connection was established.
Page 50: Getting Started
When you power up the chassis, the system performs a power-on self test (POST) during which the line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking Operating System (OS). Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
Page 51: Accessing The Cli Interface And Running Scripts Using Ssh
SSH for secure, protected communication with the device. You can open an SSH session and run commands or script files. This method of connectivity is supported with S4810, S4048–ON, S3048–ON, S4820T, and Z9000 switches and provides a reliable, safe communication mechanism. Getting Started...
Page 52: Entering Cli Commands Using An Ssh Connection
Entering CLI commands Using an SSH Connection You can run CLI commands by entering any one of the following syntax to connect to a switch using the preconfigured user credentials using SSH: ssh username@hostname echo | ssh admin@hostname The SSH server transmits the terminal commands to the CLI shell and the results are displayed on the screen non-interactively.
Page 53: Default Configuration
A version of Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured when you power up for the first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
Page 54: Configure A Management Route
– encryption-type: specifies how you are inputting the password, is 0 by default, and is not required. 0 is for inputting the password in clear text. 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Getting Started...
Page 55: Configuring The Enable Password
To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location. • To copy a remote file to Dell Networking system, combine the file-origin syntax for a remote file location with the file-destination syntax for a local file location. Getting Started...
Page 56: Mounting An Nfs File System
27952672 bytes successfully copied Example of Importing a File to the Local System core1#$//copy ftp://myusername:[email protected]//Dell/ Dell-EF-8.2.1.0.bin flash:// Destination file name [Dell-EF-8.2.1.0.bin.bin]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 26292881 bytes successfully copied Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands.
Page 57 • When copying to a server, you can only use a hostname if a domain name server (DNS) server is configured. Example of Copying a File to current File System Dell#copy tftp://10.16.127.35/mashutosh/dv-maa-s4810-test nfsmount:// Destination file name [dv-maa-s4810-test]: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!.! 44250499 bytes successfully copied Dell# Dell#copy ftp://10.16.127.35 nfsmount:...
Page 58: Save The Running-Configuration
225 bytes successfully copied Dell# Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration. The commands in this section follow the same format as those commands in the Copy Files to and from the System section but use the filenames startup-configuration and running-configuration.
Page 59: Configure The Overload Bit For A Startup Scenario
Configure the Overload Bit for a Startup Scenario For information about setting the router overload bit for a specific period of time after a switch reload is implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell Networking OS Command Line Reference Guide.
Page 60: Managing The File System
Dell# Managing the File System The Dell Networking system can use the internal Flash, external Flash, or remote devices to store files. The system stores files on the internal Flash by default but can be configured to store files elsewhere.
Page 61: Enabling Software Features On Devices Using A Command Option
Option This capability to activate software applications or components on a device using a command is supported on the S4810, S4820T, and S6000, platforms. Starting with Release 9.4(0.0), you can enable or disable specific software functionalities or applications that need to run on a device by using a command attribute in the CLI interface. This capability enables effective, streamlined management and administration of applications and utilities that run on a device.
Page 62: View Command History
[12/5 10:57:13]: CMD-(CLI):boot system rpm0 primary flash://FTOS- CB-1.1.1.2E2.bin Upgrading Dell Networking OS NOTE: To upgrade Dell Networking Operating System (OS), refer to the Release Notes for the version you want to load on the system. Using HTTP for File Transfers Stating with Release 9.3(0.1), you can use HTTP to copy files or configuration details to a remote server.
Page 63: Using Hashes To Validate Software Images
The published hash for that file is displayed next to the software image file on the iSupport page. Go on to the Dell Networking system and copy the software image to the flash drive, using the copy command. Getting Started...
Page 64 • hash-value: (Optional). Specify the relevant hash published on i-Support. • img-file: Enter the name of the Dell Networking software image file to validate Examples: Without Entering the Hash Value for Verification Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin MD5 hash for FTOS-SE-9.5.0.0.bin: 275ceb73a4f3118e1d6bcf7d75753459 SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin...
Page 65: Management
Management This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1.
Page 66: Moving A Command From Exec Privilege Mode To Exec Mode
Moving a Command from EXEC Privilege Mode to EXEC Mode To move a command from EXEC Privilege to EXEC mode for a privilege level, use the privilege exec command from CONFIGURATION mode. In the command, specify the privilege level of the user or terminal line and specify all keywords in the command to which you want to allow access.
Page 67 CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level {command ||...|| command} Example of EXEC Privilege Commands Dell(conf)#do show run priv privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence...
Page 68: Applying A Privilege Level To A Username
NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: Management...
Page 69: Audit And Security Logs
• the internal buffer • console and terminal lines • any configured syslog servers To disable logging, use the following commands. • Disable all logging except on the console. CONFIGURATION mode no logging on • Disable logging to the logging buffer. CONFIGURATION mode no logging buffer •...
Page 70 For information about the logging extended command, see Enabling Audit and Security Logs Dell#show logging auditlog May 12 12:20:25: Dell#: %CLI-6-logging extended by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98) May 12 12:20:42: Dell#: %CLI-6-service timestamps log datetime by admin from vty0 (10.14.1.98)
Page 71: Configuring Logging Format
Example of the clear logging auditlog Command Dell# clear logging auditlog Configuring Logging Format To display syslog messages in a RFC 3164 or RFC 5424 format, use the logging version [0 | 1} command in CONFIGURATION mode.
Page 72 %TSM-6-SFM_DISCOVERY: Found SFM 1 %TSM-6-SFM_DISCOVERY: Found SFM 2 %TSM-6-SFM_DISCOVERY: Found SFM 3 %TSM-6-SFM_DISCOVERY: Found SFM 4 %TSM-6-SFM_DISCOVERY: Found SFM 5 %TSM-6-SFM_DISCOVERY: Found SFM 6 %TSM-6-SFM_DISCOVERY: Found SFM 7 %TSM-6-SFM_SWITCHFAB_STATE: Switch Fabric: UP %TSM-6-SFM_DISCOVERY: Found SFM 8 %TSM-6-SFM_DISCOVERY: Found 9 SFMs %CHMGR-5-CHECKIN: Checkin from line card 5 (type EX1YB, 1 ports) %TSM-6-PORT_CONFIG: Port link status for LC 5 =>...
Page 73: Setting Up A Secure Connection To A Syslog Server
To configure a secure connection from the switch to the syslog server: On the switch, enable the SSH server Dell(conf)#ip ssh server enable On the syslog server, create a reverse SSH tunnel from the syslog server to FTOS switch, using following syntax: ssh -R ::...
Page 74: Log Messages In The Internal Buffer
Configure logging to a local host. locahost is “127.0.0.1” or “::1”. If you do not, the system displays an error when you attempt to enable role-based only AAA authorization. Dell(conf)# logging localhost tcp port Dell(conf)#logging 127.0.0.1 tcp 5140 Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
Page 75: Sending System Messages To A Syslog Server
In the previous lines, local7 is the logging facility level and debugging is the severity level. Track Login Activity Dell Networking OS enables you to track the login activity of users and view the successful and unsuccessful login events. When you log in using the console or VTY line, the system displays the last successful login details of the current user and the number of unsuccessful login attempts since your last successful login to the system.
Page 76: Configuring Login Activity Tracking
The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics command.
Page 77: Limit Concurrent Login Sessions
------------------------------------------------------------------ Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, auxiliary, and console lines. You can also clear any of your existing sessions when you reach the maximum permitted number of concurrent sessions.
Page 78: Enabling The System To Clear Existing Sessions
Example of Configuring Concurrent Session Limit The following example limits the permitted number of concurrent login sessions to 4. Dell(config)#login concurrent-session limit 4 Enabling the System to Clear Existing Sessions To enable the system to clear existing login sessions, follow this procedure: •...
Page 79: Changing System Logging Settings
Specify the size of the logging buffer. CONFIGURATION mode logging buffered size NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. •...
Page 80: Display The Logging Buffer And The Logging Configuration
EXEC privilege mode. When RBAC is enabled, the security logs are filtered based on the user roles. Only the security administrator and system administrator can view the security logs. Example of the show logging Command Dell#show logging syslog logging: enabled Console logging: level Debugging Monitor logging: level Debugging...
Page 81 – uucp (UNIX to UNIX copy protocol) Example of the show running-config logging Command To view nondefault settings, use the show running-config logging command in EXEC mode. Dell#show running-config logging logging buffered 524288 debugging service timestamps log datetime msec service timestamps debug datetime msec...
Page 82: Synchronizing Log Messages
Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
Page 83: File Transfer Services
File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces.
Page 84: Configuring Ftp Server Parameters
Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. • Specify the directory for users using FTP to reach the system. CONFIGURATION mode ftp-server topdir dir The default is the internal flash directory.
Page 85: Terminal Lines
(VTYs) connect you through Telnet to the system. The auxiliary line (aux) connects secondary devices such as modems. Denying and Permitting Access to a Terminal Line Dell Networking recommends applying only standard access control lists (ACLs) to deny and permit access to VTY lines. •...
Page 86: Configuring Login Authentication For Terminal Lines
Dell Networking OS Behavior: Prior to Dell Networking OS version 7.4.2.0, in order to deny access on a VTY line, apply an ACL and accounting, authentication and authorization (AAA) to the line. Then users are denied access only after they enter a username and password.
Page 87: Setting Time Out Of Exec Privilege Mode
Dell(config-line-vty)# Setting Time Out of EXEC Privilege Mode EXEC time-out is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set time out, use the following commands.
Page 88: Using Telnet To Get To Another Network Device
EXEC Privilege telnet [ip-address] If you do not enter an IP address, Dell Networking OS enters a Telnet dialog that prompts you for one. Enter an IPv4 address in dotted decimal format (A.B.C.D). Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported.
Page 89: Lock Configuration Mode
Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message You can set two types of lockst: auto and manual.
Page 90: Recovering From A Forgotten Password
Recovering from a Forgotten Password If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter. Use the following commands if you forget your password. Log onto the system using the console.
Page 91: Recovering From A Forgotten Enable Password
Recovering from a Failed Start A system that does not start correctly might be attempting to boot from a corrupted Dell Networking OS image or from a mis-specified location. In this case, you can restart the system and interrupt the boot process to point the system to another boot location.
Page 92: Restoring The Factory Default Settings
After the restore is complete, the units power cycle immediately. The following example illustrates the restore factory-defaults command to restore the factory default settings. Dell#restore factory-defaults stack-unit 0 nvram *********************************************************************** Warning - Restoring factory defaults will delete the existing persistent settings (stacking, fanout, etc.) After restoration the unit(s) will be powercycled immediately.
Page 93: Restoring Factory Default Environment Variables
Hit any key to abort the boot process. You enter uBoot immediately, the => prompt indicates success. (during bootup) press any key Assign the new location to the Dell Networking OS image it uses when the system reloads. uBoot mode => setenv primary_boot f10boot Boot variable (f10boot) can take the following values: •...
Page 94 • flash1 — to boot from flash partition B. • tftp://server-ip/image-file-name — to boot from the network. Assign an IP address to the Management Ethernet interface. uBoot mode => setenv ipaddr ip_address For example, 10.16.150.105. => setenv netmask mask For example, 255.255.0.0. Assign an IP address as the default gateway for the system.
Page 95: 802.1Ag
802.1ag Ethernet operations, administration, and maintenance (OAM) are a set of tools used to install, monitor, troubleshoot, and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: • Service layer OAM — IEEE 802.1ag connectivity fault management (CFM) •...
Page 96: Maintenance Domains
In addition to providing end-to-end OAM in native Layer 2 Ethernet Service Provider/Metro networks, you can also use CFM to manage and troubleshoot any Layer 2 network including enterprise, datacenter, and cluster networks. Maintenance Domains Connectivity fault management (CFM) divides a network into hierarchical maintenance domains, as shown in the following illustration.
Page 97: Maintenance End Points
There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP — monitors the forwarding path internal to a bridge on the customer or provider edge. On Dell Networking systems, the internal forwarding path is effectively the switch fabric and forwarding engine. •...
Page 98: Implementation Information
Figure 4. Maintenance End Points Implementation Information Because the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configuring the CFM To configure the CFM, follow these steps: Configure the ecfmacl CAM region using the cam-acl command.
Page 99: Enabling Ethernet Cfm
The range is from 0 to 7. Display maintenance domain information. EXEC Privilege mode show ethernet cfm domain [name | brief] Example of Viewing Configured Maintenance Domains Dell# show ethernet cfm domain Domain Name: customer Level: 7 Total Service: 1 Services...
Page 100: Creating A Maintenance Association
There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP — monitors the forwarding path internal to a bridge on the customer or provider edge. On Dell Networking systems, the internal forwarding path is effectively the switch fabric and forwarding engine. •...
Page 101: Creating A Maintenance Intermediate Point
[mep | mip] Dell#show ethernet cfm maintenance-points local mep --------------------------------------------------------------- MPID Domain Name Level Type Port CCM-Status MA Name VLAN ---------------------------------------------------------------- cfm0 Te 4/10 Enabled test0 DOWN 00:01:e8:59:23:45 cfm1 Te 4/10 Enabled test1 DOWN 00:01:e8:59:23:45...
Page 102: Continuity Check Messages
| expired | waiting] • Display the MIP Database. EXEC Privilege mode show ethernet cfm mipdb Example of Displaying the MEP Database Dell#show ethernet cfm maintenance-points remote detail MAC Address: 00:01:e8:58:68:78 Domain Name: cfm0 MA Name: test0 Level: 7 VLAN: 10...
Page 103: Enabling Ccm
MEPs and MIPs filter CCMs from higher and lower domain levels as described in the following table. Table 6. Continuity Check Message Processing Frames at Frames from UP-MEP Action Down-MEP Action MIP Action Less than my level Bridge-relay side or Drop Drop Drop...
Page 104: Enabling Cross-Checking
Enabling Cross-Checking To enable cross-checking, use the following commands. Enable cross-checking. ETHERNET CFM mode mep cross-check enable The default is Disabled. Start the cross-check operation for an MEP ETHERNET CFM mode mep cross-check mep-id Configure the amount of time the system waits for a remote MEP to come up before the cross- check operation is started.
Page 105: Caching Link Trace
Figure 5. MPLS Core Link trace messages carry a unicast target address (the MAC address of an MIP or MEP) inside a multicast frame. The destination group address is based on the MD level of the transmitting MEP (01:80:C2:00:00:3[8 to F]). The MPs on the path to the target MAC address reply to the LTM with an LTR, and relays the LTM towards the target MAC until the target MAC is reached or TTL equals 0.
Page 106: Enabling Cfm Snmp Traps
Delete all Link Trace Cache entries. EXEC Privilege mode clear ethernet cfm traceroute-cache Example of Viewing the Link Trace Cache Dell#show ethernet cfm traceroute-cache Traceroute to 00:01:e8:52:4a:f8 on Domain Customer2, Level 7, MA name Test2 with VLAN 2 ------------------------------------------------------------------------------ Hops Host...
Page 107: Displaying Ethernet Cfm Statistics
To enable CFM SNMP traps, use the following command. • Enable SNMP trap messages for Ethernet CFM. CONFIGURATION mode snmp-server enable traps ecfm Example of Viewing CFM SNMP Trap Information Dell#show ethernet cfm maintenance-points local mep -------------------------------------------------------------------- MPID Domain Name Level Type...
Page 108 Received: 0 Rcvd Out Of Order: 0 Received Bad MSDU: 0 Transmitted: Example of viewing CFM statistics by port. Dell#show ethernet cfm port-statistics interface TenGigabitEthernet 1/5 Port statistics for port: Te 1/5 ================================== RX Statistics ============= Total CFM Pkts 75394 CCM Pkts 75394...
Page 109 (typically RADIUS) using a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP-over-Ethernet (EAPOL) to communicate with the end-user device and EAP-over- RADIUS to communicate with the server.
Page 110: 802.1X
It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator. •...
Page 111 The supplicant responds with its identity in an EAP Response Identity frame. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server. The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests that the supplicant prove that it is who it claims to be, using a specified method (an EAP- Method).
Page 112: Eap Over Radius
The Type value for EAP messages is 79. Figure 9. EAP Over RADIUS RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server.
Page 113: Important Points To Remember
• Configuring an Authentication-Fail VLAN Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
Page 114: Enabling 802.1X
Enabling 802.1X Enable 802.1X globally. Figure 10. 802.1X Enabled Enable 802.1X globally. CONFIGURATION mode dot1x authentication Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication 802.1X...
Page 115: Configuring Request Identity Re-Transmissions
Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication [output omitted]...
Page 116: Configuring A Quiet Period After A Failed Authentication
NOTE: There are several reasons why the supplicant might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP Request Identity frame.
Page 117: Forcibly Authorizing Or Unauthorizing A Port
• after 90 seconds and a maximum of 10 times for an unresponsive supplicant • re-transmits an EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. FTOS(conf-if-range-Te-2/1)#dot1x tx-period 90 FTOS(conf-if-range-Te-2/1)#dot1x max-eap-req 10 FTOS(conf-if-range-Te-2/1)#dot1x quiet-period 120 FTOS#show dot1x interface TenGigabitEthernet 2/1 802.1x information on Te 2/1:...
Page 118: Re-Authenticating A Port
The bold line shows the new port-control state. Dell(conf-if-Te-1/1)#dot1x port-control force-authorized Dell(conf-if-Te-1/1)#show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status: Enable Port Control: FORCE_AUTHORIZED Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Tx Period:...
Page 119: Configuring Timeouts
The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period. Dell(conf-if-Te-1/1)#dot1x reauthentication interval 7200 Dell(conf-if-Te-1/1)#dot1x reauth-max 10 Dell(conf-if-Te-1/1)#do show dot1x interface TenGigabitEthernet 1/1 802.1x information on Te 1/1: ----------------------------- Dot1x Status: Enable Port Control:...
Page 120: Configuring Dynamic Vlan Assignment With Port Authentication
The RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using Tunnel-Private-Group-ID The illustration shows the configuration on the Dell Networking system before connecting the end user device in black and blue text, and after connecting the device in red text. The blue text corresponds to the preceding numbered steps on dynamic VLAN assignment with 802.1X.
Page 121: Guest And Authentication-Fail Vlans
Authentication). Guest and Authentication-Fail VLANs Typically, the authenticator (the Dell system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured or the VLAN that the authentication server indicates in the authentication data.
Page 122: Configuring A Guest Vlan
INTERFACE mode. View your configuration using the show config command from INTERFACE mode or using the show dot1x interface command from EXEC Privilege mode. Example of Viewing Guest VLAN Configuration Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1))#show config interface TenGigabitEthernet 2/1 switchport...
Page 123 Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown...
Page 124: Access Control List (Acl) Vlan Groups And Content Addressable Memory (Cam)
Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This chapter describes the access control list (ACL) virtual local area network (VLAN) group and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs To minimize the number of entries in CAM, enable and configure the ACL CAM feature.
Page 125: Guidelines For Configuring Acl Vlan Groups
After these verification steps are performed, the ACL manager considers the command valid and sends the information to the ACL agent on the line card. The ACL manager notifies the ACL agent in the following cases: • A VLAN member is added or removed from a group and previously associated VLANs exist in the group.
Page 126: Configuring Acl Vlan Groups And Configuring Fp Blocks For Vlan Parameters
{VLAN-range} Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name. CONFIGURATION (conf-acl-vl-grp) mode show acl-vlan-group {group name | detail} Dell#show acl-vlan-group detail Group Name : TestGroupSeventeenTwenty Egress IP Acl : Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)
Page 127: Configuring Fp Blocks For Vlan Parameters
Allocate the number of FP blocks for ACL VLAN optimization. CONFIGURATION mode cam-acl-vlan vlanaclopt <0-2> View the number of FP blocks that is allocated for the different VLAN services. EXEC Privilege mode Dell#show cam-usage switch Stackunit|Portpipe| CAM Partition | Total CAM Used CAM |Available CAM...
Page 128: Viewing Cam Usage
262141 262127 | IN-L3-SysFlow 2878 2834 --More-- The following output displays CAM space usage when you configure Layer 2 and Layer 3 ACLs: Dell#show cam-usage acl Linecard|Portpipe| CAM Partition | Total CAM Used CAM |Available CAM ========|========|=================|=============|=============|============ | IN-L2 ACL...
Page 129: Allocating Fp Blocks For Vlan Processes
7152 7152 | IN-L2 FIB 32768 1081 31687 | OUT-L2 ACL The following output displays CAM space usage for Layer 3 ACLs: Dell#show cam-usage router Linecard|Portpipe| CAM Partition | Total CAM Used CAM |Available CAM ========|========|=================|=============|=============|============== | IN-L3 ACL 8192...
Page 130: Access Control Lists (Acls)
Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer An ACL is essentially a filter containing some criteria to match (examine IP, transmission control protocol...
Page 131: Ip Access Control Lists (Acls)
When creating an access list, the sequence of the filters is important. You have a choice of assigning sequence numbers to the filters as you enter them, or the Dell Networking Operating System (OS) assigns numbers in the order the filters are created. The sequence numbers are listed in the display output of the show config and show ip accounting access-list commands.
Page 132: Cam Usage
Privilege mode. The following example shows the output when executing this command. The status column indicates whether you can enable the policy. Example of the Command test cam-usage Dell#test cam-usage service-policy input asd stack-unit 1 port-set 0 Stack-unit|Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status -------------------------------------------------------------------------- IPv4Flow| 232|...
Page 133: Implementing Acls On Dell Networking Os
Implementing ACLs on Dell Networking OS You can assign one IP ACL per interface with Dell Networking OS. If you do not assign an IP ACL to an interface, it is not used by the software in any other capacity.
Page 134: Ip Fragment Handling
ACL rules. The order can range from 0 to 254. Dell Networking OS writes to the CAM ACL rules with lower-order numbers (order numbers closer to 0) before rules with higher-order numbers so that packets are matched as you intended. By default, all ACL rules have an order of 255.
Page 135: Layer 4 Acl Rules Examples
In this first example, TCP packets from host 10.1.1.1 with TCP destination port equal to 24 are permitted. All others are denied. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24 Dell(conf-ext-nacl)#deny ip any any fragment Dell(conf-ext-nacl) Example of Permitting Only First Fragments and Non-Fragmented Packets from a Specified Host In the following example, the TCP packets that are first fragments or non-fragmented from host 10.1.1.1...
Page 136: Configure A Standard Ip Acl
To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL.
Page 137: Configuring A Standard Ip Acl Filter
To delete a filter, use the no seq sequence-number command in IP ACCESS LIST mode. If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of 5.
Page 138: Configure An Extended Ip Acl
To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. The following examples shows how to view a standard ACL filter sequence for an interface. Dell#show ip accounting access example interface gig 4/12 Extended IP access list example seq 15 deny udp any any eq 111...
Page 139 In the example, filter 15 was configured before filter 5, but the show config command displays the filters in the correct order. Dell(config-ext-nacl)#seq 15 deny ip host 112.45.0.0 any log Dell(config-ext-nacl)#seq 5 permit tcp 12.1.3.45 0.0.255.255 any Dell(config-ext-nacl)#show confi ip access-list extended dilling seq 5 permit tcp 12.1.0.0 0.0.255.255 any...
Page 140: Configuring Filters Without A Sequence Number
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five.
Page 141: Configure Layer 2 And Layer 3 Acls
When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When Dell Networking OS switches the packets, first the L3 ACL filters them, then the L2 ACL filters them. •...
Page 142: Applying An Ip Acl
To view which IP ACL is applied to an interface, use the show config command in INTERFACE mode, or use the show running-config command in EXEC mode. Example of Viewing ACLs Applied to an Interface Dell(conf-if)#show conf interface TenGigabitEthernet 1/1 ip address 10.2.1.100 255.255.255.0...
Page 143: Counting Acl Hits
To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command. Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te1/1)#ip access-group abcd in Dell(conf-if-te1/1)#show config tengigabitethernet 1/1 no ip address...
Page 144: Configure Egress Acls
Dell(conf-if-te1/1/1)#end Dell#configure terminal Dell(conf)#ip access-list extended abcd Dell(config-ext-nacl)#permit tcp any any Dell(config-ext-nacl)#deny icmp any any Dell(config-ext-nacl)#permit 1.1.1.2 Dell(config-ext-nacl)#end Dell#show ip accounting access-list Extended Ingress IP access list abcd on tengigabitethernet 1/1/1 seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1.1.1.2...
Page 145: Applying Egress Layer 3 Acls (Control-Plane)
10 deny icmp any any seq 15 permit 1.1.1.2 Dell#configure terminal Dell(conf)#interface te 1/2 Dell(conf-if-te-1/2)#ip vrf forwarding blue Dell(conf-if-te-1/2)#show config interface TenGigabitEthernet 1/2 ip vrf forwarding blue no ip address shutdown Dell(conf-if-te-1/2)# Dell(conf-if-te-1/2)# Dell(conf-if-te-1/2)#end Dell# Applying Egress Layer 3 ACLs (Control-Plane) By default, packets originated from the system are not filtered by egress ACLs.
Page 146: Implementation Information
The following list includes the configuration tasks for prefix lists, as described in the following sections. • Configuring a prefix list • Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Access Control Lists (ACLs)
Page 147 To delete a filter, use the no seq sequence-number command in PREFIX LIST mode. If you are creating a standard prefix list with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The Dell Networking OS assigns filters in multiples of five.
Page 148 (0 to 32). Example of Creating a Filter with Dell Networking OS-Assigned Sequence Numbers The example shows a prefix list in which the sequence numbers were assigned by the software. The filters were assigned sequence numbers based on the order in which they were configured (for example, the first filter was given the lowest sequence number).
Page 149 The following example shows the show ip prefix-list detail command. Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0) seq 6 deny 2.1.0.0/16 ge 23 (hit count: 0)
Page 150: Acl Resequencing
Dell(conf-router_rip)#show config router rip distribute-list prefix juba out network 10.0.0.0 Dell(conf-router_rip)#router ospf 34 Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode.
Page 151: Resequencing An Acl Or Prefix List
The example shows the resequencing of an IPv4 access-list beginning with the number 2 and incrementing by 2. Dell(config-ext-nacl)# show config ip access-list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1.1.1.1 seq 5 permit ip any host 1.1.1.1...
Page 152: Route Maps
10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.4 Dell# end Dell# resequence access-list ipv4 test 2 2 Dell# show running-config acl ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1...
Page 153: Implementation Information
Implementation Information The Dell Networking OS implementation of route maps allows route maps with the no match or no set commands. When there is no match command, all traffic matches the route map and the set command applies.
Page 154 You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. Dell Networking OS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, such as redistribute, traffic passes through all instances of that route map until a match is found.
Page 155 In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement. If there is a match anywhere, the route is permitted.
Page 156: Configuring Match Routes
Configuring Match Routes To configure match criterion for a route map, use the following commands. • Match routes with the same AS-PATH numbers. CONFIG-ROUTE-MAP mode match as-path as-path-name • Match routes with COMMUNITY list attributes in their path. CONFIG-ROUTE-MAP mode match community community-list-name [exact] •...
Page 157: Configuring Set Conditions
• Match routes with a specific value. CONFIG-ROUTE-MAP mode match metric metric-value • Match BGP routes based on the ORIGIN attribute. CONFIG-ROUTE-MAP mode match origin {egp | igp | incomplete} • Match routes specified as internal or external to OSPF, ISIS level-1, ISIS level-2, or locally generated. CONFIG-ROUTE-MAP mode match route-type {external [type-1 | type-2] | internal | level-1 | level-2 | local }...
Page 158: Configure A Route Map For Route Redistribution
Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins.
Page 159: Configure A Route Map For Route Tagging
Example of Calling a Route Map to Redistribute Specified Routes router ospf 34 default-information originate metric-type 1 redistribute static metric 20 metric-type 2 tag 0 route-map staticospf route-map staticospf permit 10 match interface TenGigabitEthernet 1/1 match metric 255 set level backbone Configure a Route Map for Route Tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol.
Page 160: Logging Of Acl Processes
You can enable logging separately for each of these FP entries, which relate to each of the ACL entries configured in an ACL. Dell Networking OS saves a table that maps each ACL entry that matches the ACL name on the received packet, sequence number of the rule, and the interface index in the database.
Page 161: Guidelines For Configuring Acl Logging
(in the next interval) is generated for that ACL entry. Guidelines for Configuring ACL Logging This functionality is supported on the S4820T platform. Keep the following points in mind when you configure logging of ACL activities: •...
Page 162: Flow-Based Monitoring Support For Acls
[log [interval minutes]] Flow-Based Monitoring Support for ACLs Flow-based monitoring is supported on the S4820T platform. Flow-based monitoring conserves bandwidth by monitoring only the specified traffic instead of all traffic on the interface. It is available for Layer 2 and Layer 3 ingress traffic. You can specify traffic using standard or extended access-lists.
Page 163: Behavior Of Flow-Based Monitoring
The show monitor session session-id command has been enhanced to display the Type field in the output, which indicates whether a particular session is enabled for flow-monitoring. Example Output of the show Command Dell(conf-mon-sess-0)#do show monitor session 0 SessID Source...
Page 164: Enabling Flow-Based Monitoring
Layer 3 ingress and egress traffic. You can specify traffic using standard or extended access-lists. Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define access-list rules that include the keyword monitor. Dell Networking OS only considers port monitoring traffic that matches rules with the keyword monitor. CONFIGURATION mode ip access-list...
Page 165 Dell(config-ext-nacl)#seq 15 deny udp any any count bytes Dell(config-ext-nacl)#seq 20 deny tcp any any count bytes Dell(config-ext-nacl)#exit Dell(conf)#interface TenGigabitEthernet 1/1 Dell(conf-if-te-1/1)#ip access-group testflow in Dell(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ip address 10.11.1.254/24 ip access-group testflow in shutdown Dell(conf-if-te-1/1)#exit Dell(conf)#do show ip accounting access-list testflow...
Page 166: Bidirectional Forwarding Detection (Bfd)
BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, BFD agents maintain sessions that reside on the line card, which frees resources on the route processor module (RPM). Only session state changes are reported to the BFD Manager (on the RPM), which in turn notifies the routing protocols that are registered with it.
Page 167: Bfd Packet Format
receiving interface is faulty). The BFD manager notifies the routing protocols that are registered with it (clients) that the forwarding path is down and a link state change is triggered in all protocols. NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client.
Page 168 Required Min Echo The minimum rate at which the local system would like to receive echo packets. NOTE: Dell Networking OS does not currently support the echo function. Authentication An optional method for authenticating control packets.
Page 169: Bfd Sessions
Demand mode initiator. Either system (but not both) can request Demand mode at any time. NOTE: Dell Networking OS supports Asynchronous mode only. A session can have four states: Administratively Down, Down, Init, and Up.
Page 170: Session State Changes
The active system receives the response from the passive system and changes its session state to Up. It then sends a control packet indicating this state change. This is the third and final part of the handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated.
Page 171: Important Points To Remember
Important Points to Remember • On the S4820T platform, Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4.
Page 172: Configure Bfd For Physical Ports
• Configure BFD for Static Routes • Configure BFD for OSPF • Configure BFD for OSPFv3 • Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only.
Page 173 Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 15. Establishing a BFD Session on Physical Ports Enter interface mode.
Page 174 2.2.2.2 on interface Te 4/24 (diag: 0) Viewing Physical Port Session Parameters BFD sessions are configured with default intervals and a default role (active). Dell Networking recommends maintaining the default values. To view session parameters, use the show bfd neighbors detail command.
Page 175: Configure Bfd For Static Routes
Number of packets sent to neighbor: 4093 Number of state changes: 1 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 7 Disabling and Re-Enabling BFD BFD is enabled on all interfaces by default, though sessions are not created unless explicitly configured. If you disable BFD, all of the sessions on that interface are placed in an Administratively Down state ( the first message example), and the remote systems are notified of the session state change (the second message example).
Page 176 Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 16. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes...
Page 177: Configure Bfd For Ospf
• Change parameters for all static route sessions. CONFIGURATION mode ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information Disabling BFD for Static Routes If you disable BFD, all static route BFD sessions are torn down.
Page 178 Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state.
Page 179 ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS...
Page 180: Configure Bfd For Ospfv3
• Disable BFD sessions with all OSPF neighbors. ROUTER-OSPF mode no bfd all-neighbors • Disable BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Configuring BFD for OSPFv3 is a two-step process: Enable BFD globally.
Page 181: Configure Bfd For Is-Is
To view session parameters, use the show bfd neighbors detail command, as shown in the example in Displaying BFD for BGP Information. • Change parameters for all OSPFv3 sessions. ROUTER-OSPFv3 mode bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] •...
Page 182 Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 18. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands.
Page 183 The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors - Active session role Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.2 2.2.2.1 Te 2/1...
Page 184: Configure Bfd For Bgp
INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces.
Page 185 Figure 19. Establishing Sessions with BGP Neighbors The sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command). • By establishing a BFD session with a specified BGP neighbor (the neighbor {ip-address | peer- group-name} bfd command) BFD packets originating from a router are assigned to the highest priority egress queue to minimize transmission delays.
Page 186 typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. Enable BFD globally. CONFIGURATION mode bfd enable Specify the AS number and enter ROUTER BGP configuration mode. CONFIGURATION mode router bgp as-number Add a BGP neighbor or peer group in a remote AS.
Page 187 • Disable a BFD for BGP session with a specified neighbor. ROUTER BGP mode neighbor {ip-address | peer-group-name} bfd disable • Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode).
Page 188 EXEC Privilege mode show ip bgp neighbors [ip-address] Examples of the BFD show Commands The following example shows verifying a BGP configuration. R2# show running-config bgp router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown...
Page 189 Statistics: Number of packets received from neighbor: 4762 Number of packets sent to neighbor: 4490 Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34...
Page 190 De-registration : 0 Init Down Admin Down The following example shows viewing BFD summary information. The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory...
Page 191: Configure Bfd For Vrrp
Prefixes accepted 0 (consume 0 bytes), withdrawn 0 by peer, martian prefixes ignored 0 Prefixes advertised 0, denied 0, withdrawn 0 from peer Connections established 1; dropped 0 Last reset never Local host: 2.2.2.3, Local port: 63805 Foreign host: 2.2.2.2, Foreign port: 179 E1200i_ExaScale# R2# show ip bgp neighbors 2.2.2.3 BGP neighbor is 2.2.2.3, remote AS 1, external link...
Page 192 Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 20. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. •...
Page 193 The bold line shows that VRRP BFD sessions are enabled. Dell(conf-if-te-4/25)#vrrp bfd all-neighbors Dell(conf-if-te-4/25)#do show bfd neighbor - Active session role Ad Dn - Admin Down - CLI - ISIS - OSPF - Static Route (RTM) - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.5.1...
Page 194: Configuring Protocol Liveness
INTERFACE mode vrrp bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] • Change parameters for a particular VRRP session. INTERFACE mode vrrp bfd neighbor ip-address interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the example in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors command example in Displaying BFD for BGP...
Page 195: Troubleshooting Bfd
Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in hexadecimal format, use the following command. • Examine control packet field values. CONFIGURATION mode debug bfd detail •...
Page 196 The output for the debug bfd event command is the same as the log messages that appear on the console by default. Bidirectional Forwarding Detection (BFD)
Page 197: Border Gateway Protocol Ipv4 (Bgpv4)
Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS).
Page 198 Figure 21. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easily detected and discarded.
Page 199: Sessions And Peers
Figure 22. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers.
Page 200: Establish A Session
Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established.
Page 201: Route Reflectors
Route Reflectors Route reflectors reorganize the iBGP core into a hierarchy and allow some route advertisement rules. NOTE: Do not use route reflectors (RRs) in the forwarding path. In iBGP, hierarchal RRs maintaining forwarding plane RRs could create routing loops. Route reflection divides iBGP peers into two groups: client peers and nonclient peers.
Page 202: Bgp Attributes
In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
Page 203 NOTE: The bgp bestpath as-path multipath-relax command is disabled by default, preventing BGP from load-balancing a learned route across two or more eBGP peers. To enable load-balancing across different eBGP peers, enable the bgp bestpath as-path multipath- relax command. A system error results if you configure the bgp bestpath as-path ignore command and the bgp bestpath as-path multipath-relax command at the same time.
Page 204: Weight
Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. Dell Networking OS deems the paths as equal and does not perform steps 9 through 11, if the following criteria is met: the IBGP multipath or EBGP multipath are configured (the maximum-path command).
Page 205: Local Preference
Local Preference Local preference (LOCAL_PREF) represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route. Local preference (LOCAL_PREF) is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria.
Page 206: Origin
connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50. This sets up a path preference through the OC3 link. The MEDs are advertised to AS100 routers so they know which is the preferred path.
Page 207: As Path
In Dell Networking OS, these origin codes appear as shown in the following example. The question mark (?) indicates an origin code of INCOMPLETE (shown in bold). The lower case letter (i) indicates an origin code of IGP (shown in bold).
Page 208: Multiprotocol Bgp
BGP routes into BGP. Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones.
Page 209: Advertise Igp Cost As Med For Redistributed Routes
For some peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. Dell Networking OS supports configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost.
Page 210: Ignore Router-Id For Some Best-Path Calculations
If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported. ASPLAIN is the method Dell Networking OS has used for all previous Dell Networking OS versions. ASPLAIN remains the default method with Dell Networking OS. With the ASPLAIN notation, a 32-bit binary AS number is translated into a decimal value.
Page 211 1.10. Dynamic AS Number Notation Application Dell Networking OS applies the ASN notation type change dynamically to the running-config statements. When you apply or change an asnotation, the type selected is reflected immediately in the running- configuration and the show commands (refer to the following two examples).
Page 212: As Number Migration
Dell(conf-router_bgp)#do sho ip bgp BGP table version is 34558, local router ID is 172.30.1.57 Example of the Running Configuration When AS Notation is Disabled AS NOTATION DISABLED Dell(conf-router_bgp)#no bgp asnotation Dell(conf-router_bgp)#sho conf router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 ...
Page 213 Figure 27. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the “no prepend” option, the Local-AS does not prepend to the updates received from the eBGP peer.
Page 214: Bgp4 Management Information Base (Mib)
(SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell website. NOTE: For the Force10-BGP4-V2-MIB and other MIB documentation, refer to the Dell iSupport web page. Important Points to Remember •...
Page 215: Configuration Information
To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5.
Page 216: Enabling Bgp
By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled. To enable a neighbor or peer group, enter the neighbor {ip-address | peer-group-name} no shutdown command.
Page 217 of the interface directly connected to the router. First, the BGP process determines if all internal BGP peers are reachable, then it determines which peers outside the AS are reachable. NOTE: Sample Configurations for enabling BGP routers are found at the end of this chapter. Assign an AS number and enter ROUTER BGP mode.
Page 218 Enable the BGP neighbor. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} no shutdown Examples of the show ip bgp Commands NOTE: When you change the configuration of a BGP neighbor, always reset it by entering the clear ip bgp * command in EXEC Privilege mode. To view the BGP configuration, enter show config in CONFIGURATION ROUTER BGP mode.
Page 219 For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID.
Page 220: Configuring As4 Number Representations
Term Description ASPLAIN the method Dell Networking OS used for all previous Dell Networking OS versions. It remains the default method with Dell Networking OS. With the ASPLAIN notation, a 32–bit binary AS number is translated into a decimal value.
Page 221 CONFIG-ROUTER-BGP mode bgp asnotation asplain NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. • Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot • Enable ASDOT+ AS Number representation.
Page 222: Configuring Peer Groups
neighbor 172.30.1.250 no shutdown 5332332 9911991 65057 18508 12182 7018 46164 i Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy.
Page 223 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold). Dell(conf-router_bgp)#neighbor zanzibar no shutdown Dell(conf-router_bgp)#show config router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes...
Page 224: Configuring Bgp Fast Fall-Over
ESTABLISHED state move to the IDLE state. To view the status of peer groups, use the show ip bgp peer-group command in EXEC Privilege mode, as shown in the following example. Dell>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4...
Page 225 To verify that you enabled fast fall-over on a particular BGP neighbor, use the show ip bgp neighbors command. Because fast fall-over is disabled by default, it appears only if it has been enabled (shown in bold). Dell#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.5...
Page 226: Configuring Passive Peering
When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor. To work around this, change the BGP configuration or change the order of the peer group configuration.
Page 227: Maintaining Existing As Numbers During An As Migration
Enter the limit keyword to restrict the number of sessions accepted. Assign a subnet to the peer group. CONFIG-ROUTER-BGP mode neighbor peer-group-name subnet subnet-number mask The peer group responds to OPEN messages sent on this subnet. Enable the peer group. CONFIG-ROUTER-BGP mode neighbor peer-group-name no shutdown Create and specify a remote peer for BGP neighbor.
Page 228: Allowing An As Number To Appear In Its Own As Path
router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 local-as 6500 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123...
Page 229: Enabling Graceful Restart
Speeds convergence by advertising a special update packet known as an end-of-RIB marker. This marker indicates the peer has been updated with all routes in the local RIB. If you configure your system to do so, Dell Networking OS can perform the following actions during a hot failover: •...
Page 230: Enabling Neighbor Graceful Restart
BGP graceful restart is active only when the neighbor becomes established. Otherwise, it is disabled. Graceful-restart applies to all neighbors with established adjacency. With the graceful restart feature, Dell Networking OS enables the receiving/restarting mode by default. In Receiver-Only mode, graceful restart saves the advertised routes of peers that support this capability when they restart.
Page 231: Filtering On An As-Path Attribute
Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode. Dell#show ip bgp paths Total 30655 Paths Border Gateway Protocol IPv4 (BGPv4)
Page 232: Regular Expressions As Filters
For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in Dell Networking OS. Regular Expression Definition ^ (caret) Matches the beginning of the input string.
Page 233 Dell(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#neigh 10.155.15.2 filter-list 1 in Dell(conf-router_bgp)#ex Dell(conf)#ip as-path access-list Eagle Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in...
Page 234: Redistributing Routes
– map-name: name of a configured route map. Enabling Additional Paths The add-path feature is disabled by default. NOTE: Dell Networking OS recommends not using multipath and add path simultaneously in a route reflector. To allow multiple paths sent to peers, use the following commands.
Page 235: Configuring Ip Community Lists
One attribute you can manipulate is the COMMUNITY attribute. This attribute is an optional attribute that is defined for a group of destinations. In Dell Networking OS, you can assign a COMMUNITY attribute to BGP routers by using an IP community list. After you create an IP community list, you can apply routing decisions to all routers meeting the criteria in the IP community list.
Page 236: Configuring An Ip Extended Community List
To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
Page 237: Filtering Routes With Community Lists
To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode. Dell#show ip community-lists ip community-list standard 1 deny 701:20 deny 702:20...
Page 238: Manipulating The Community Attribute
In addition to permitting or denying routes based on the values of the COMMUNITY attributes, you can manipulate the COMMUNITY attribute value and send the COMMUNITY attribute with the route information. By default, Dell Networking OS does not send the COMMUNITY attribute. To send the COMMUNITY attribute to BGP neighbors, use the following command. •...
Page 239 To view BGP routes matching a certain community number or a pre-defined BGP community, use the show ip bgp community command in EXEC Privilege mode. Dell>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal...
Page 240: Changing Med Attributes
Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands. • Enable MED comparison in the paths from neighbors with different ASs.
Page 241: Changing The Next_Hop Attribute
Return to CONFIGURATION mode. CONFIG-ROUTE-MAP mode exit Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number Apply the route map to the neighbor or peer group’s incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode.
Page 242: Enabling Multipath
AS-Path ACLs filter routes based on the ASN. Route maps can filter and set conditions, change attributes, and assign update policies. NOTE: Dell Networking OS supports up to 255 characters in a set community statement inside a route map.
Page 243 To filter routes using prefix lists, use the following commands. Create a prefix list and assign it a name. CONFIGURATION mode ip prefix-list prefix-name Create multiple prefix list filters with a deny or permit action. CONFIG-PREFIX LIST mode seq sequence-number {deny | permit} {any | ip-prefix [ge | le] } •...
Page 244: Filtering Bgp Routes Using Route Maps
Filtering BGP Routes Using Route Maps To filter routes using a route map, use these commands. Create a route map and assign it a name. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] Create multiple route map filters with a match or set action. CONFIG-ROUTE-MAP mode {match | set} For information about configuring route maps, refer to...
Page 245: Configuring Bgp Route Reflectors
BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. NOTE: Dell Networking recommends not using multipath and add path simultaneously in a route reflector. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information.
Page 246: Aggregating Routes
BGP mode or the show running-config bgp in EXEC Privilege mode. Aggregating Routes Dell Networking OS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active.
Page 247: Enabling Route Flap Dampening
When that penalty value reaches a configured limit, the route is not advertised, even if the route is up. In Dell Networking OS, that penalty value is 1024. As time passes and the route does not flap, the penalty value decrements or is decayed. However, if the route flaps again, it is assigned another penalty.
Page 248 – regexp regular-expression: enter a regular express to match on. By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival. You can change the path selection method to non- deterministic, that is, paths are compared in the order in which they arrived (starting with the most recent).
Page 249 Value to start suppressing a route (default = 2000) Dell(conf-router_bgp)#bgp dampening 2 2000 3000 ? <1-255> Maximum duration to suppress a stable route (default = 60) Dell(conf-router_bgp)#bgp dampening 2 2000 3000 10 ? route-map Route-map to specify criteria for dampening ...
Page 250: Changing Bgp Timers
Changing BGP Timers To configure BGP timers, use either or both of the following commands. Timer values configured with the neighbor timers command override the timer values configured with the timers bgp command. When two neighbors, configured with different keepalive and holdtime values, negotiate for new values, the resulting values are as follows: •...
Page 251: Route Map Continue
When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates. Dell>router bgp 100 neighbor 10.108.1.1 remote-as 200 neighbor 10.108.1.1 soft-reconfiguration inbound...
Page 252: Enabling Mbgp Configurations
The routes associated with multicast routing are used by the protocol independent multicast (PIM) to build data distribution trees. Dell Networking OS MBGP is implemented per RFC 1858. You can enable the MBGP feature per router and/or per peer/peer-group.
Page 253: Bgp Regular Expression Optimization
Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command. For a detailed description of the MBGP commands, refer to the Dell Networking OS Command Line Interface Reference Guide.
Page 254: Storing Last And Bad Pdus
Storing Last and Bad PDUs Dell Networking OS stores the last notification sent/received and the last bad protocol data unit (PDU) received on a per peer basis. The last bad PDU is the one that causes a notification to be issued.
Page 255: Capturing Pdus
To change the maximum buffer size, use the capture bgp-pdu max-buffer-size command. To view the captured PDUs, use the show capture bgp-pdu neighbor command. Dell#show capture bgp-pdu neighbor 20.20.20.2 Incoming packet capture enabled for BGP neighbor 20.20.20.2 Available buffer size 40958758, 26 packet(s) captured using 680 bytes...
Page 256: Pdu Counters
313511 0 00:12:46 207896 PDU Counters Dell Networking OS supports additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the show ip bgp neighbor command. Border Gateway Protocol IPv4 (BGPv4)
Page 257: Sample Configurations
Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI.
Page 258 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.21/24 R1(conf-if-te-1/21)#no shutdown R1(conf-if-te-1/21)#show config interface TengigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown R1(conf-if-te-1/21)#int te 1/31 R1(conf-if-te-1/31)#ip address 10.0.3.31/24 R1(conf-if-te-1/31)#no shutdown R1(conf-if-te-1/31)#show config interface TengigabitEthernet 1/31 ip address 10.0.3.31/24 no shutdown R1(conf-if-te-1/31)#router bgp 99 R1(conf-router_bgp)#network 192.168.128.0/24 R1(conf-router_bgp)#neighbor 192.168.128.2 remote 99...
Page 259 R2(conf-if-te-2/31)#router bgp 99 R2(conf-router_bgp)#network 192.168.128.0/24 R2(conf-router_bgp)#neighbor 192.168.128.1 remote 99 R2(conf-router_bgp)#neighbor 192.168.128.1 no shut R2(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 R2(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R2(conf-router_bgp)#neighbor 192.168.128.3 no shut R2(conf-router_bgp)#neighbor 192.168.128.3 update loop 0 R2(conf-router_bgp)#show config router bgp 99 bgp router-id 192.168.128.2 network 192.168.128.0/24 Example of Enabling BGP (Router 3) R3# conf R3(conf)#...
Page 260 R1(conf-router_bgp)# neighbor 192.168.128.2 peer-group AAA R1(conf-router_bgp)# neighbor 192.168.128.3 peer-group BBB R1(conf-router_bgp)# R1(conf-router_bgp)#show config router bgp 99 network 192.168.128.0/24 neighbor AAA peer-group neighbor AAA no shutdown neighbor BBB peer-group neighbor BBB no shutdown neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 peer-group AAA neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100...
Page 261 20 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Example of Enabling Peer Groups (Router 2) R2#conf R2(conf)#router bgp 99 R2(conf-router_bgp)# neighbor CCC peer-group R2(conf-router_bgp)# neighbor CC no shutdown R2(conf-router_bgp)# neighbor BBB peer-group R2(conf-router_bgp)# neighbor BBB no shutdown R2(conf-router_bgp)# neighbor 192.168.128.1 peer AAA...
Page 262 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory 2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.1 99 93 99 1 0 (0) 00:00:15 1 192.168.128.2 99 122 120 1 0 (0) 00:00:11 1...
Page 263: Content Addressable Memory (Cam)
Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies.
Page 264 CAM carving to allocate the maximum number of NLB entries, Dell Networking recommends you to use a maximum of 64 NLB ARP entries. The following additional CAM allocation settings are supported on the S6000, S4810, S4820T, or S6000– ON platforms only.
Page 265: Test Cam Usage
Privilege mode. The Status column in the command output indicates whether or not you can enable the policy. Example of the test cam-usage Command Dell#test cam-usage service-policy input test-cam-usage stack-unit 2 po 0 Stack-Unit| Portpipe|CAM Partition|Available CAM|Estimated CAM per Port|Status --------------------------------------------------------------------------------...
Page 266: View Cam Profiles
NOTE: If you select the CAM profile from CONFIGURATION mode, the output of this command does not reflect any changes until you save the running-configuration and reload the chassis. Example of show running-config cam-profile Command Dell#show running-config cam-profile cam-profile default microcode default Dell# View CAM-ACL Settings The show cam-acl command shows the cam-acl setting that will be loaded after the next reload.
Page 267 The default values for the show cam-acl command are: Dell#show cam-acl -- Chassis Cam ACL -- Current Settings(in block sizes) 1 block = 128 entries...
Page 268: View Cam Usage
View CAM Usage View the amount of CAM space available, used, and remaining in each ACL partition using the show cam-usage command from EXEC Privilege mode. Example of the show cam-usage Command Dell#show cam-usage Stackunit|Portpipe| CAM Partition | Total CAM Used CAM...
Page 269: Cam Optimization
If three resets do not bring up the card, or if the system is running an Dell Networking OS version prior to version 6.3.1.1, the system displays an error message. In this case, manually adjust the CAM configuration on the card to match the system configuration.
Page 270 Allocate more entries in the IPv4Flow region to QoS. Dell Networking OS supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service-policy command provides this test framework. For more information, refer to Pre-Calculating Available QoS CAM Space.
Page 271: Control Plane Policing (Copp)
Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level. CoPP increases security on the system by protecting the routing processor from unnecessary or DoS traffic, giving priority to important control plane and management traffic.
Page 272: Configure Control Plane Policing
Figure 30. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The system can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied.
Page 273: Configuring Copp For Protocols
same queue. If you are not aware of the incoming protocol traffic rate, you cannot set the required queue rate limit value. You must complete queue bandwidth tuning carefully because the system cannot open up to handle any rate, including traffic coming at the line rate. CoPP policies are assigned on a per-protocol or a per-queue basis, and are assigned in CONTROL- PLANE mode to each port-pipe.
Page 274 Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit The following example shows creating the QoS input policy. Dell(conf)#qos-policy-in rate_limit_200k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 200 40 peak 500 40 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_400k cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 400 50 peak 600 50 Dell(conf-in-qos-policy-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_500k cpu-qos...
Page 275: Configuring Copp For Cpu Queues
CONTROL-PLANE mode service-policy rate-limit-cpu-queues name Examples of Configuring CoPP for CPU Queues The following example shows creating the QoS policy. Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Control Plane Policing (CoPP)
Page 276: Copp For Ospfv3 Packets
However there are about 20 well known protocol streams that have to share these 4 CMIC queues. Before 9.4.(0.0)Dell Networking OS used only 8 queues most of the queues are shared to multiple protocols. So, increasing the number of CMIC queues will reduce the contention among the protocols for the queue bandwidth.
Page 277 reach slave unit’s CMIC via queues 0 – 7 will take same queues 0 – 7 on the back-plane ports while traversing across units and finally on the master CMIC, they are queued on the same queues 0 – 7. In this case, the queue (4 –...
Page 278 – Distribute ICMPv6 NA/RA packets to Q6. FP is installed for all Front panel ports. NDP Packets Neighbor discovery protocol has 4 types of packets NS, NA, RA, RS. These packets need to be taken to CPU for neighbor discovery. •...
Page 279: Configuring Copp For Ospfv3
Configuring CoPP for OSPFv3 You can create an IPv6 ACL for control-plane traffic policing for OSPFv3, in addition to the CoPP support for VRRPv3, BGPv6, and ICMPv6. This functionality is supported on the S4810, S4820T, S6000, MXL, and Control Plane Policing (CoPP)
Page 280: Show Commands
Create a QoS input policy for the router and assign the policing. CONFIGURATION mode Dell(conf)#qos-policy-input ospfv3_rate cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 1500 16 peak 1500 16 Create a QoS class map to differentiate the control-plane traffic and assign to the ACL. CONFIGURATION mode...
Page 281 Dell# Example of Viewing Queue Mapping To view the queue mapping for each configured protocol, use the show ip protocol-queue- mapping command. Dell#show ip protocol-queue-mapping Protocol Src-Port Dst-Port TcpFlag Queue EgPort Rate (kbps) -------- -------- -------- ------- ----- ------ -----------...
Page 282 Dell# Control Plane Policing (CoPP)
Page 283: Data Center Bridging (Dcb)
DCB-enabled network is required in a data center. The Dell Networking switches that support a unified fabric and consolidate multiple network infrastructures use a single input/output (I/O) device called a converged network adapter (CNA).
Page 284: Priority-Based Flow Control
• Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. Priority-Based Flow Control In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to congestion.
Page 285: Enhanced Transmission Selection
FCoE converged traffic with priority 3. • iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation.
Page 286: Data Center Bridging Exchange Protocol (Dcbx)
Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.1p priorities that have: – PFC enabled or disabled –...
Page 287: Data Center Bridging In A Traffic Flow
DCBx requires the link layer discovery protocol (LLDP) to provide the path to exchange DCB parameters with peer devices. Exchanged parameters are sent in organizationally specific TLVs in LLDP data units. The following LLDP TLVs are supported for DCB parameter exchange: PFC Configuration TLV and Application Priority Configuration TLV.
Page 288: Dcb Maps And Its Attributes
NOTE: To save the pfc buffering configuration changes, save the configuration and reboot the system. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For more information, refer to Ethernet Pause Frames.
Page 289: Data Center Bridging: Default Configuration
The default dot1p priority-queue assignments are applied as follows: NOTE: Although, each port on the S4810, S4820T, and S5000 devices support 8 QoS queues, you can configure only 4 QoS queues (0-3) to manage data traffic. The remaining 4 queues (4-7) are reserved for control traffic.
Page 290: Configuring Priority-Based Flow Control
2 maps to dot1p priority 4; priority group 4 maps to dot1p priorities 5, 6, and 7. Dell Networking OS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBx starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE, and CIN versions of PFC Type, Length, Value (TLV) are supported.
Page 291: Configuring Lossless Queues
Refer the following configuration for queue to dot1p mapping: NOTE: Although, each port on the S4810, S4820T, and S5000 devices support 8 QoS queues, you can configure only 4 QoS queues (0-3) to manage data traffic. The remaining 4 queues (4-7) are reserved for control traffic.
Page 292: Configuring Pfc In A Dcb Map
Configuring PFC in a DCB Map An S4820T switch supports the use of a DCB map in which you configure priority-based flow control (PFC) setting. To configure PFC parameters, you must apply a DCB map on an S4820T interface. This functionality is supported on the S4820T platform.
Page 293: Pfc Prerequisites And Restrictions
In a switch stack, configure all stacked ports with the same PFC configuration. • Dell Networking OS allows you to change the default dot1p priority-queue assignments only if the change satisfies the following requirements in DCB maps already applied to S6000 interfaces: •...
Page 294: Applying A Dcb Map On A Port
INTERFACE dcb-map name configure it with the PFC and ETS settings in the map; for example: Dell# interface tengigabitEthernet 1/1 Dell(config-if-te-1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port. You cannot apply a DCB map on an interface...
Page 295: Configuring Lossless Queuesexample
If the traffic congestion is on PORT B , Egress DROP is on PORT A or C, as the PFC is not enabled on PORT B. Refer the following configuration for queue to dot1p mapping: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 -> On ingress interfaces[Port A and C] we used the PFC on priority level.
Page 296: Priority-Based Flow Control Using Dynamic Buffer Method
Priority-Based Flow Control Using Dynamic Buffer Method Priority-based flow control using dynamic buffer spaces is supported on the S4820T platform. In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to congestion.
Page 297: Pause And Resume Of Traffic
By default the total available buffer for PFC is 6.6 MB and when you configure dynamic ingress buffering, a minimum of least 52 KB per queue is used when all ports are congested. By default, the system enables a maximum of two lossless queues on the S4820T platform. Data Center Bridging (DCB)
Page 298: Behavior Of Tagged Packets
This default behavior is impacted if you modify the total buffer available for PFC or assign static buffer configurations to the individual PFC queues. Behavior of Tagged Packets The below is example for enabling PFC for priority 2 for tagged packets. Priority (Packet Dot1p) 2 will be mapped to PG6 on PRIO2PG setting.
Page 299: Using Pfc To Manage Converged Ethernet Traffic
NOTE: Although, each port on the S4810, S4820T, and S5000 devices support 8 QoS queues, you can configure only 4 QoS queues (0-3)to manage data traffic. The remaining 4 queues (4-7) are reserved for control traffic. Table 15. Internal- priority Queue Dot1p->Queue Mapping Configuration is retained at the default value.
Page 300: Ets Prerequisites And Restrictions
ETS Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure ETS bandwidth allocation or queue scheduling. • Configuring ETS bandwidth allocation or a queue scheduler for dot1p priorities in a priority group is applicable if the DCBx version used on a port is CIN (refer to Configuring DCBx).
Page 301: Ets Operation With Dcbx
2 maps to dot1p priority 4; priority group 4 maps to dot1p priorities 5, 6, and 7. Dell Networking OS Behavior: A priority group consists of 802.1p priority values that are grouped for similar bandwidth allocation and scheduling, and that share latency and loss requirements. All 802.1p priorities mapped to the same queue must be in the same priority group.
Page 302: Configuring Bandwidth Allocation For Dcbx Cin
QoS OUTPUT POLICY mode Dell(conf-if-te-0/1)#exit Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Data Center Bridging (DCB)
Page 303: Configuring Ets In A Dcb Map
An S4820T switch supports the use of a DCB map in which you configure enhanced transmission selection (ETS) setting. To configure ETS parameters, you must apply a DCB map on an S4820T interface. This functionality is supported on the S4820T platform.
Page 304: Hierarchical Scheduling In Ets Output Policies
ETS Prerequisites and Restrictions On an S6000 switch, ETS is enabled by default on Ethernet ports with equal bandwidth assigned to each 802.1p priority. You can change the default ETS configuration only by using a DCB map. The following prerequisites and restrictions apply when you configure ETS bandwidth allocation or strict- priority queuing in a DCB map: •...
Page 305: Using Ets To Manage Converged Ethernet Traffic
You can apply DCB policies with PFC and ETS configurations to all stacked ports in a switch stack or on a stacked switch. To apply DCB policies in a switch stack, follow this step. NOTE: Use only 40G ports as stacking ports when you enable DCB. S4820T does not support DCB when you use 10GBaseT ports as stacking ports. •...
Page 306: Configure A Dcbx Operation
Configure a DCBx Operation DCB devices use data center bridging exchange protocol (DCBx) to exchange configuration information with directly connected peers using the link layer discovery protocol (LLDP) protocol. DCBx can detect the misconfiguration of a peer DCB device, and optionally, configure peer DCB devices with DCB feature settings to ensure consistent operation in a data center network.
Page 307 • If the peer configuration received is compatible with the internally propagated port configuration, the link with the DCBx peer is enabled. • If the received peer configuration is not compatible with the currently configured port configuration, the link with the DCBx peer port is disabled and a syslog message for an incompatible configuration is generated.
Page 308: Dcb Configuration Exchange
On a DCBx port in a manual role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled. When making a configuration change to a DCBx port in a Manual role, Dell Networking recommends shutting down the interface using the shutdown command, change the configuration, then re-activate the interface using the no shutdown command.
Page 309: Propagation Of Dcb Information
keeps the peer link up and continues to exchange DCBx packets. If a compatible peer configuration is later received, DCBx is enabled on the port. • If there is no configuration source, a port may elect itself as the configuration source. A port may become the configuration source if the following conditions exist: –...
Page 310: Dcbx Example
The internal ports (ports 1-32) connected to the 10GbE backplane are configured as auto-downstream ports. On the S4820T, PFC and ETS use DCBx to exchange link-level configuration with DCBx peer devices. Figure 33. DCBx Sample Topology Data Center Bridging (DCB)
Page 311: Dcbx Prerequisites And Restrictions
DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, enable LLDP in both Send (TX) and Receive (RX) mode (the protocol lldp mode command; refer to the example in CONFIGURATION versus INTERFACE Configurations in the Link Layer Discovery Protocol (LLDP)
Page 312 • auto-upstream: configures the port to receive a peer configuration. The configuration source is elected from auto-upstream ports. • auto-downstream: configures the port to accept the internally propagated DCB configuration from a configuration source. • config-source: configures the port to serve as the configuration source on the switch. •...
Page 313 configure Enter LLDP Configuration mode to enable DCBx operation. CONFIGURATION mode [no] protocol lldp Configure the DCBx version used on all interfaces not already configured to exchange DCB information. PROTOCOL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.5} •...
Page 314 [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x10.
Page 315: Verifying The Dcb Configuration
– mgmt: enables traces for DCBx management frames. – resource: enables traces for DCBx system resource frames. – sem: enables traces for the DCBx state machine. – tlv: enables traces for DCBx TLVs. Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 16.
Page 316 PG:1 TSA:ETS BW:50 PFC:ON Priorities:3 4 The following example shows the show interfaces pfc summary command. Dell# show interfaces tengigabitethernet 1/4 pfc summary Interface TenGigabitEthernet 1/4 Admin mode is on Admin is enabled Remote is enabled, Priority list is 4...
Page 317 Admin is enabled Remote is enabled Remote Willing Status is enabled Local is enabled Oper status is recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quanta Application Priority TLV Parameters : -------------------------------------- FCOE TLV Tx Status is disabled...
Page 318 PFC TLV Statistics: Pause Rx pkts Number of PFC pause frames received The following example shows the show interface pfc statistics command. Dell#show interfaces te 1/1 pfc statistics Interface TenGigabitEthernet 1/1 Priority Received PFC Frames Transmitted PFC Frames -------- ------------------- ----------------------...
Page 319 The following example shows the show interface ets summary command. Dell(conf-qos-policy-out-ets)#do sho int te 1/3 ets su Interface TenGigabitEthernet 1/3 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : ------------------...
Page 320 0T LIVnput Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts, 0 Error Traffic Class Pkts The following example shows the show interface ets detail command. Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8...
Page 321 Priority# Bandwidth TSA Remote Parameters: ------------------- Remote is disabled Local Parameters : ------------------ Local is enabled TC-grp Priority# Bandwidth 0,1,2,3,4,5,6,7 100% Priority# Bandwidth Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts, 0 Error Traffic Class TLV...
Page 322 Number of ETS Error Configuration TLVs received. The following example shows the show stack-unit all stack-ports all pfc details command. Dell(conf)# show stack-unit all stack-ports all pfc details stack unit 0 stack-port all Admin mode is On Admin is enabled, Priority list is 4-5...
Page 323 0 Pause Tx pkts, 0 Pause Rx pkts The following example shows the show stack-unit all stack-ports all ets details command. Dell(conf)# show stack-unit all stack-ports all ets details Stack unit 0 stack port all Max Supported TC Groups is 4...
Page 324 1 Input ETS Reco TLV pkts, 1 Output ETS Reco TLV pkts, 0 Error ETS Reco TLV Pkts The following example shows the show interface DCBx detail command (legacy CEE). Dell(conf-if-te-1/17-lldp)#do sho int te 1/14 dc d E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled...
Page 325 Table 19. Command Description show interface DCBx detail Field Description Interface Interface type with chassis slot and port number. Port-Role Configured DCBx port role: auto-upstream, auto- downstream, config-source, or manual. DCBx Operational Status Operational status (enabled or disabled) used to elect a configuration source and internally propagate a DCB configuration.
Page 326: Sample Dcb Configuration
Field Description Total DCBx Frames received Number of DCBx frames received from remote peer port. Total DCBx Frame errors Number of DCBx frames with errors received. Total DCBx Frames unrecognized Number of unrecognizable DCBx frames received. Sample DCB Configuration The following shows examples of using PFC and ETS to manage your data center traffic. In the following example: •...
Page 327 Figure 34. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
Page 328: Pfc And Ets Configuration Command Examples
The following examples show PFC and ETS configuration commands to manage your data center traffic. Enabling DCB Dell(conf)#dcb enable Configure DCB map and enable PFC, and ETS Dell(conf)# service-class dynamic dot1p Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)# service-class dynamic dot1p Apply DCB map to relevant interface...
Page 329 NOTE: Although, each port on the S4810, S4820T, and S5000 devices support 8 QoS queues, you can configure only 4 QoS queues (0-3) to manage data traffic. The remaining 4 queues (4-7) are reserved for control traffic.
Page 330: Configuring The Dynamic Buffer Method
Configuring the Dynamic Buffer Method Priority-based flow control using dynamic buffer spaces is supported on the S4820T platform. To configure the dynamic buffer capability, perform the following steps: Enable the DCB application. By default, DCB is enabled and link-level flow control is disabled on all interfaces.
Page 331 Assign the DCB policy to the DCB buffer threshold profile on interfaces. This setting takes precedence over the default buffer-threshold setting. INTERFACE mode (conf-if-te) dcb-policy buffer-threshold buffer-threshold Configuring Global total buffer size on stack ports. CONFIGURATION mode dcb pfc-total-buffer-size buffer-size stack-unit all port-set {port-pipe | all} Port-set number range is from 0 to 3.
Page 332: Dynamic Host Configuration Protocol (Dhcp)
Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators. DHCP relieves network administrators of manually configuring hosts, which can be a tedious and error- prone process when hosts often join, leave, and change locations on the network and it reclaims IP addresses that are no longer in use to prevent address exhaustion.
Page 333 The following table lists common DHCP options. Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Option 6 Server Specifies the domain name servers (DNSs) that are available to the client.
Page 334: Assign An Ip Address Using Dhcp
Option Number and Description Vendor Class Option 60 Identifer Identifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Option 82 Snooping Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database.
Page 335: Implementation Information
(VLAN) and then attempt to apply an access list to the VLAN, Dell Networking OS displays the first line in the following message. If you first apply an ACL to a VLAN and then attempt enable IP source address validation on one of its member ports, Dell Networking OS displays the second line in the following message.
Page 336: Configure The System To Be A Dhcp Server
Configure the System to be a DHCP Server A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient. The following table lists the key responsibilities of DHCP servers.
Page 337 DHCP mode show config After an IP address is leased to a client, only that client may release the address. Dell Networking OS performs a IP + MAC source address validation to ensure that no client can release another clients address.
Page 338: Specifying A Default Gateway
DHCP default-router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS. Using DNS for Address Resolution A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses.
Page 339: Creating Manual Binding Entries
NOTE: Dell Networking OS does not prevent you from using a network IP as a host IP; be sure to not use a network IP as a host IP.
Page 340: Configure The System To Be A Relay Agent
You can configure an interface on the Dell Networking system to relay the DHCP messages to a specific DHCP server using the ip helper-address dhcp-address command from INTERFACE mode, as shown in the following illustration.
Page 341 Figure 37. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int tengigabitethernet 1/3 TenGigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24 Broadcast address is 10.11.0.255 Address determined by user input...
Page 342: Configure The System To Be A Dhcp Client
To re-enable Jumpstart mode for the next reload, enter the reload-type jump-start command. DHCP Client Operation with Other Features The DHCP client operates with other Dell Networking OS features, as the following describes. Stacking The DHCP client daemon runs only on the master unit and handles all DHCP packet transactions. It periodically synchronizes the lease file with the standby unit.
Page 343: Dhcp Client On A Management Interface
Virtual Link Trunking (VLT) A DHCP client is not supported on VLT interfaces. VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel (LAG) interfaces as on a physical interface. DHCP Snooping A DHCP client can run on a switch simultaneously with the DHCP snooping feature as follows: •...
Page 344: Configure The System For User Port Stacking (Option 230)
remove the statically configured IP route using the no ip route command, the management route is reinstalled. Manually delete management routes added by the DHCP client. • To reinstall management routes added by the DHCP client that is removed or replaced by the same statically configured management routes, release the DHCP IP address and renew it on the management interface.
Page 345: Dhcp Snooping
Remote ID This identifies the host from which the message is received. The value of this sub- option is the MAC address of the relay agent that adds Option 82. The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the server. The server can use this information to: •...
Page 346 OS version 8.2.1.0 extends DHCP snooping to Layer 2 and you do not have to enable relay agent to snoop on Layer 2 interfaces. Dell Networking OS Behavior: Binding table entries are deleted when a lease expires or when the relay agent encounters a DHCPRELEASE. Line cards maintain a list of snooped VLANs. When the binding table is exhausted, DHCP packets are dropped on snooped VLANs, while these packets are forwarded across non-snooped VLANs.
Page 347 Delete all of the entries in the binding table. EXEC Privilege mode clear ipv6 dhcp snooping binding Dell# clear ipv6 dhcp snooping? binding Clear the snooping binding database Displaying the Contents of the Binding Table To display the contents of the binding table, use the following command.
Page 348 Example of the show ipv6 dhcp snooping binding Command View the DHCP snooping statistics with the show ipv6 dhcp snooping command. Dell#show ipv6 dhcp snooping binding Codes : S - Static D – Dynamic IPv6 Address...
Page 349: Drop Dhcp Packets On Snooped Vlans Only
To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Dell#show ip dhcp snooping binding Codes : S - Static D - Dynamic...
Page 350: Configuring Dynamic Arp Inspection
address and the client’s IP address. The gateway then thinks that the attacker is the client and forwards all packets addressed to the client to it. As a result, the attacker is able to sniff all packets to and from the client.
Page 351: Statistics Command
Specify an interface as trusted so that ARPs are not validated against the binding table. INTERFACE mode arp inspection-trust Dell Networking OS Behavior: Introduced in Dell Networking OS version 8.2.1.0, DAI was available for Layer 3 only. However, Dell Networking OS version 8.2.1.1 extends DAI to Layer 2. Dynamic Host Configuration Protocol (DHCP)
Page 352: Source Address Validation
Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 21. Three Types of Source Address Validation Source Address Validation Description IP Source Address Validation Prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP binding table.
Page 353: Dhcp Mac Source Address Validation
DHCP MAC source address validation (SAV) validates a DHCP packet’s source hardware address against the client hardware address field (CHADDR) in the payload. Dell Networking OS ensures that the packet’s source MAC address is checked against the CHADDR field in the DHCP header only for packets from snooped VLANs.
Page 354: Viewing The Number Of Sav Dropped Packets
Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface. To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-address-validation [interface] command in EXEC Privilege mode.
Page 355: Equal Cost Multi-Path (Ecmp)
0 lag checksum 0 nh-ecmp checksum 0 Dell Networking OS Behavior: In the Dell Networking OS versions prior to 8.2.1.2, the ExaScale default hash-algorithm is 0. Beginning with Dell Networking OS version 8.2.1.2, the default hash-algorithm is 24.
Page 356: Configuring The Hash Algorithm Seed
This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops. Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same. When configured, the same seed is set for ECMP, LAG, and NH, and is used for incoming traffic only.
Page 357: Managing Ecmp Group Paths
These two ecmp-groups are not related in any way. Example of Viewing Link Bundle Monitoring Dell# show link-bundle-distribution ecmp-group 1 Link-bundle trigger threshold - 60 ECMP bundle - 1 Utilization[In Percent] - 44 Alarm State - Active...
Page 358: Creating An Ecmp Group Bundle
Creating an ECMP Group Bundle Within each ECMP group, you can specify an interface. If you enable monitoring for the ECMP group, utilization calculation performs when the average utilization of the link-bundle (as opposed to a single link within the bundle) exceeds 60%. Create a user-defined ECMP group bundle.
Page 359 You can configure ecmp-group with id 2 for link bundle monitoring. This ecmp-group is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way. Dell(conf-ecmp-group-5)#show config ecmp-group 5 interface tengigabitethernet 1/2...
Page 360: Fcoe Transit
The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a S4820T switch stack. Fibre Channel over Ethernet FCoE provides a converged Ethernet network that allows the combination of storage-area network (SAN) and LAN traffic on a Layer 2 link by encapsulating Fibre Channel data into Ethernet frames.
Page 361 • Allow transit Ethernet bridges to efficiently monitor FIP frames passing between FCoE end-devices and an FCF. To dynamically configure ACLs on the bridge to only permit traffic authorized by the FCF, use the FIP snooping data. FIP enables FCoE devices to discover one another, initialize and maintain virtual links over an Ethernet network, and access storage devices in a storage area network (SAN).
Page 362: Fip Snooping On Ethernet Bridges
Figure 38. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF.
Page 363 The top-of-rack (ToR) switch operates as an FCF for FCoE traffic. Converged LAN and SAN traffic is transmitted between the ToR switch and an S4820T switch. The switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the FCF switch.
Page 364: Fip Snooping In A Switch Stack
Example. Statistical information is available for FIP Snooping-related information. For available commands, refer to the FCoE Transit chapter in the Dell Networking OS Command Line Reference Guide. FIP Snooping Prerequisites Before you enable FCoE transit and configure FIP snooping on a switch, ensure that certain conditions are met.
Page 365: Important Points To Remember
You must apply the CAM-ACL space for the FCoE region before enabling the FIP-Snooping feature. If you do not apply CAM-ACL space, the following error message is displayed: Dell(conf)#feature fip-snooping % Error: Cannot enable fip snooping. CAM Region not allocated for Fcoe.
Page 366: Enabling The Fcoe Transit Feature
VmanQos VmanDualQos EcfmAcl FcoeAcl iscsiOptAcl ipv4pbr vrfv4Acl Openflow fedgovacl nlbclusteracl: st-sjc-s5000-29# Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configure FIP Snooping.
Page 367: Configure A Port For A Bridge-To-Bridge Link
Configure a Port for a Bridge-to-Bridge Link If a switch port is connected to another FIP snooping bridge, configure the FCoE-Trusted Port mode for bridge-bridge links. Initially, all FCoE traffic is blocked. Only FIP frames with the ALL_FCF_MAC and ALL_ENODE_MAC values in their headers are allowed to pass.
Page 368: Fip Snooping Restrictions
FIP Snooping Restrictions The following restrictions apply when you configure FIP snooping. • The maximum number of FCoE VLANs supported on the switch is eight. • The maximum number of FIP snooping sessions supported per ENode server is 32. To increase the maximum number of sessions to 64, use the fip-snooping max-sessions-per-enodemac command.
Page 369: Displaying Fip Snooping Information
NOTE: To disable the FCoE transit feature or FIP snooping on VLANs, use the no version of a command; for example, no feature fip-snooping or no fip-snooping enable. Displaying FIP Snooping Information Use the following show commands to display information on FIP snooping, . Table 24.
Page 370 Worldwide port name of the CNA port. Port WWNN Worldwide node name of the CNA port. The following example shows the show fip-snooping config command. Dell# show fip-snooping config FIP Snooping Feature enabled Status: Enabled FIP Snooping Global enabled Status: Enabled Global FC-MAP Value: 0X0EFC00...
Page 371 Fibre Channel session ID assigned by the FCF. The following example shows the show fip-snooping statistics interface vlan command (VLAN and port). Dell# show fip-snooping statistics interface vlan 100 Number of Vlan Requests Number of Vlan Notifications Number of Multicast Discovery Solicits...
Page 372 Number of FCF Discovery Timeouts Number of VN Port Session Timeouts Number of Session failures due to Hardware Config :0 Dell(conf)# Dell# show fip-snooping statistics int tengigabitethernet 1/11 Number of Vlan Requests Number of Vlan Notifications Number of Multicast Discovery Solicits...
Page 373 Table 28. Command Descriptions show fip-snooping statistics Field Description Number of VLAN Requests Number of FIP-snooped VLAN request frames received on the interface. Number of VLAN Notifications Number of FIP-snooped VLAN notification frames received on the interface. Number of Multicast Discovery Solicits Number of FIP-snooped multicast discovery solicit frames received on the interface.
Page 374 Number of Session failures due to Hardware Number of session failures due to hardware Config configuration that occurred on the interface. The following example shows the show fip-snooping system command. Dell# show fip-snooping system Global Mode : Enabled FCOE VLAN List (Operational) : 1, 100 FCFs...
Page 375: Fcoe Transit Configuration Example
FCoE VLAN enabled for FIP snooping. Example of Enabling the FIP Snooping Feature on the Switch (FIP Snooping Bridge) Dell(conf)# feature fip-snooping Example of Enabling FIP Snooping on the FCoE VLAN Dell(conf)# interface vlan 10 Dell(conf-if-vl-10)# fip-snooping enable FCoE Transit...
Page 376 Example of Enabling an FC-MAP Value on a VLAN Dell(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01 NOTE: Configuring an FC-MAP value is only required if you do not use the default FC-MAP value (0x0EFC00). Example of Configuring the ENode Server-Facing Port Dell(conf)# interface tengigabitethernet 1/1...
Page 377: Fips Cryptography
FIPS Cryptography This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.
Page 378: Enabling Fips Mode
Enabling FIPS Mode To enable or disable FIPS mode, use the console port. Secure the host attached to the console port against unauthorized access. Any attempts to enable or disable FIPS mode from a virtual terminal session are denied. When you enable FIPS mode, the following actions are taken: •...
Page 379: Monitoring Fips Mode Status
For more information, refer to the SSH Server and SCP Commands section in the Security chapter of the Dell Networking OS Command Line Reference Guide. Monitoring FIPS Mode Status To view the status of the current FIPS mode (enabled/disabled), use the following commands.
Page 380 • FIPS mode disables. • The SSH server re-enables. • The Telnet server re-enables (if it is present in the configuration). • New 1024–bit RSA and RSA1 host key-pairs are created. To disable FIPS mode, use the following command. • To disable FIPS mode from a console port.
Page 381: Force10 Resilient Ring Protocol (Frrp)
Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) may require 4 to 5 seconds to reconverge.
Page 382: Ring Status
A virtual LAN (VLAN) is configured on all node ports in the ring. All ring ports must be members of the Member VLAN and the Control VLAN. The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring.
Page 383: Multiple Frrp Rings
unblocks the previously blocked ring ports on the newly restored port. Then the Transit node returns to the Normal state. Multiple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system. More than the recommended number of rings may cause interface instability.
Page 384: Important Frrp Concepts
Important FRRP Concepts The following table lists some important FRRP concepts. Concept Explanation Ring ID Each ring has a unique 8-bit ring ID through which the ring is identified (for example, FRRP 101 and FRRP 202, as shown in the illustration in Member VLAN Spanning Two Rings Connected by One Switch.
Page 385: Implementing Frrp
• FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP.
Page 386: Creating The Frrp Group
• Viewing the FRRP Information Creating the FRRP Group Create the FRRP group on each switch in the ring. To create the FRRP group, use the command. • Create the FRRP group with this Ring ID. CONFIGURATION mode protocol frrp ring-id Ring ID: the range is from 1 to 255.
Page 387: Configuring And Adding The Member Vlans
Assign the Primary and Secondary ports and the control VLAN for the ports on the ring. CONFIG-FRRP mode. interface primary interface slot/port secondary int slot/port control-vlan vlan id Interface: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.
Page 388: Setting The Frrp Timers
VLAN ID: the range is from 1 to 4094. Tag the specified interface or range of interfaces to this VLAN. CONFIG-INT-VLAN mode. tagged interface slot/port {range} Interface: • Slot/Port: Slot and Port ID for the interface. Range is entered Slot/Port-PortSlot/Port. •...
Page 389: Clearing The Frrp Counters
CONFIG-FRRP mode. timer {hello-interval|dead-interval} milliseconds – Hello-Interval: the range is from 50 to 2000, in increments of 50 (default is 500). – Dead-Interval: the range is from 50 to 6000, in increments of 50 (default is 1500). Clearing the FRRP Counters To clear the FRRP counters, use one of the following commands.
Page 390: Troubleshooting Frrp
Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be Members of the same control VLAN. • There can be only one Master node for any FRRP group. •...
Page 391 no shutdown interface TenGigabitEthernet 2/31 no ip address switchport no shutdown interface Vlan 101 no ip address tagged TenGigabitEthernet 2/14,31 no shutdown interface Vlan 201 no ip address tagged TenGigabitEthernet 2/14,31 no shutdown protocol frrp 101 interface primary TenGigabitEthernet 2/14 secondary TenGigabitEthernet 2/31 control-vlan 101 member-vlan 201 mode transit...
Page 392: Garp Vlan Registration Protocol (Gvrp)
GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP) is supported on Dell Networking OS. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches.
Page 393: Configure Gvrp
GVRP information exchanged. In the following example, that type of port is referred to as a VLAN trunk port, but it is not necessary to specifically identify to the Dell Networking OS that the port is a trunk port.
Page 394: Related Configuration Tasks
To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command.
Page 395: Configure Gvrp Registration
The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The Dell Networking OS default is 10000ms. GARP VLAN Registration Protocol (GVRP)
Page 396: Rpm Redundancy
LeaveAll Timer 5000 Dell(conf)# Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. RPM Redundancy The current version of Dell Networking OS supports 1+1 hitless route processor module (RPM) redundancy.
Page 397: High Availability (Ha)
Dell Networking systems eliminate single points of failure by providing dedicated or load-balanced redundancy for each component. RPM Redundancy The current version of Dell Networking OS supports 1+1 hitless route processor module (RPM) redundancy. The primary RPM performs all routing, switching, and control operations while the standby RPM monitors the primary RPM.
Page 398 CONFIGURATION mode. Version Compatibility Between RPMs In general, the two RPMs should have the same Dell Networking OS version. However, Dell Networking OS tolerates some degree of difference between the two versions, as described in the following table. To...
Page 399: Automatic And Manual Stack Unit Failover
Automatic and Manual Stack Unit Failover Stack unit failover is the process of the standby unit becoming a management unit. Dell Networking OS fails over to the standby stack unit when: Communication is lost between the standby and primary stack unit.
Page 400: Support For Rpm Redundancy By Dell Networking Os Version
Dell# Support for RPM Redundancy by Dell Networking OS Version Dell Networking OS supports increasing levels of RPM redundancy (warm and hot) as described in the table below. Table 31. Support for RPM Redundancy by Dell Networking OS Version...
Page 401 Specifying an Auto-Failover Limit When a non-recoverable fatal error is detected, an automatic failover occurs. However, Dell Networking OS is configured to auto-failover only three times within any 60 minute period. You may specify a different auto-failover count. To re-enable the auto-failover-limit with its default parameters, use the redundancy auto-failover- limit command without parameters.
Page 402: Online Insertion And Removal
Linecard Online Insertion and Removal RPM Online Insertion and Removal Dell Networking systems are functional with only one RPM. If you insert a second RPM, it comes online as the standby RPM. To see SFM status information, use the show sfm all command.
Page 403: Linecard Online Insertion And Removal
Linecard Online Insertion and Removal Dell Networking OS detects the line card type when you insert a line card into a online chassis. Dell Networking OS writes the line card type to the running-config and maintains this information as a logical configuration if you remove the card (or the card fails).
Page 404: Hitless Behavior
Hitless Behavior Hitless behavior is supported only on the S4820T platform. Hitless is a protocol-based system behavior that makes a stack unit failover on the local system transparent to remote systems. The system synchronizes protocol information on the Management and Standby stack units such that, in the event of a stack unit failover, it is not necessary to notify the remote systems of a local state change.
Page 405: Software Resiliency
If any health checks on the stack unit fail, the Dell Networking OS fails over to standby stack unit. If any health checks on a line card fail, Dell Networking OS resets the card to bring it back to the correct state.
Page 406: Hot-Lock Behavior
Event messages provide system administrators diagnostics and auditing information. Dell Networking OS sends event messages to the internal buffer, all terminal lines, the console, and optionally to a syslog server. For more information about event messages and configurable options, refer to Management.
Page 407: Enabling Process Restartability
For a dual-RPMs system, restarting a process also precludes launching the failover process on the primary and standby RPMs. Recovery is attempted first locally on the primary RPM, which involves less CPU overhead, increasing the systems availability for other activities. However, in both single and dual-RPM systems, even when you configure process restart, the coredump portion of failover is still executed.
Page 408: Internet Group Management Protocol (Igmp)
3376, respectively. • Dell Networking OS does not support IGMP version 3 and versions 1 or 2 on the same subnet. • IGMP on Dell Networking OS supports 95 interfaces on S4810 and S4820 and an unlimited number of groups on all other platforms.
Page 409 an IGMP message to its IGMP Querier. The querier is the router that surveys a subnet for multicast receivers and processes survey responses to populate the multicast routing table. IGMP messages are encapsulated in IP packets, as shown in the following illustration. Figure 42.
Page 410: Igmp Version 3
The querier sends a Group-Specific Query to determine whether there are any remaining hosts in the group. There must be at least one receiver in a group on a subnet for a router to forward multicast traffic for that group to the subnet. Any remaining hosts respond to the query according to the delay timer mechanism (refer to Adjusting Query and Response Timers).
Page 411 Figure 44. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
Page 412 Figure 45. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary.
Page 413: Configure Igmp
Figure 46. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. Enable multicast routing using the ip multicast-routing command. Enable a multicast routing protocol. Related Configuration Tasks • Viewing IGMP Enabled Interfaces • Selecting an IGMP Version •...
Page 414: Viewing Igmp Enabled Interfaces
Dell# Selecting an IGMP Version Dell Networking OS enables IGMP version 2 by default, which supports version 1 and 2 hosts, but is not compatible with version 3 on the same subnet. If hosts require IGMP version 3, you can switch to IGMP version 3.
Page 415: Viewing Igmp Groups
View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell# show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface...
Page 416: Enabling Igmp Immediate-Leave
to the initial query before sending a second one is the last member query interval (LMQI). The switch waits one LMQI after the second query before removing the group from the state table. • Adjust the period between queries. INTERFACE mode ip igmp query-interval •...
Page 417: Igmp Snooping Implementation Information
If IGMP snooping is enabled on a PIM-enabled VLAN interface, data packets using the router as an Layer 2 hop may be dropped. To avoid this scenario, Dell Networking recommends that users enable IGMP snooping on server-facing end-point VLANs only.
Page 418: Disabling Multicast Flooding
• View the configuration. INTERFACE VLAN mode show config Example of Configuration Output After Removing a Group-Port Association Dell(conf-if-vl-100)#show config interface Vlan 100 no ip address ip igmp snooping fast-leave shutdown Dell(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN.
Page 419: Fast Convergence After Mstp Topology Changes
The following describes the fast convergence feature. When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
Page 420: Protocol Separation
The management EIS feature is applicable only for the out-of-band (OOB) management port. References in this section to the management default route or static route denote the routes configured using the management route command. The management default route can be either configured statically or returned dynamically by the DHCP client.
Page 421: Enabling And Disabling Management Egress Interface Selection
Application Name Port Number Client Server 20/21 Supported Supported Syslog Supported Telnet Supported Supported TFTP Supported Radius 1812,1813 Supported Tacacs Supported HTTP 80 for httpd Supported 443 for secure httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application If you configure a source interface is for any EIS management application, EIS might not coexist with that interface and the behavior is undefined in such a case.
Page 422: Handling Of Management Route Configuration
• Applications can be configured or unconfigured as management applications using the application or no application command. All configured applications are considered as management applications and the rest of them as non-management applications. • All the management routes (connected, static and default) are duplicated and added to the management EIS routing table.
Page 423: Handling Of Switch-Initiated Traffic
• In the netstat output, the prefix “mgmt” is added to routes in the EIS table so that the user can distinguish between routes in the EIS Routing table and default routing table. • If the management port IP address is removed, the corresponding connected route is removed from both the EIS routing table and default routing table.
Page 424: Handling Of Switch-Destined Traffic
The fallback route between the management and data networks is used in such a case. At any given time, end users can access Dell Networking OS applications using either ip1 or ip2. Return traffic for such end-user-originated sessions destined to management port ip1 is handled using the EIS route lookup.
Page 425: Mapping Of Management Applications And Traffic Type
Mapping of Management Applications and Traffic Type The following table summarizes the behavior of applications for various types of traffic when the management egress interface selection feature is enabled. Table 33. Mapping of Management Applications and Traffic Type Traffic type / Switch initiated traffic Switch-destined traffic Transit Traffic...
Page 426: Behavior Of Various Applications For Switch-Initiated Traffic
This phenomenon occurs where traffic is originating from the switch. Management Applications (Applications that are configured as management applications): The management port is an egress port for management applications. If the management port is down or the destination is not reachable through the management port (next hop ARP is not resolved, and so on), and if the destination is reachable through a data port, then the management application traffic is sent out through the front-end data port.
Page 427: Behavior Of Various Applications For Switch-Destined Traffic
Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled telnet EIS Behavior Default Behavior tftp EIS Behavior Default Behavior icmp (ping and traceroute) EIS Behavior for ICMP Default Behavior Behavior of Various Applications for Switch-Destined Traffic This section describes the different system behaviors that occur when traffic is terminated on the switch. Traffic has not originated from the switch and is not transiting the switch.
Page 428: Interworking Of Eis With Various Applications
To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address.
Page 429: Interfaces
Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). • 10 Gigabit Ethernet / 40 Gigabit Ethernet interfaces are supported on the S4820T platform. Basic Interface Configuration •...
Page 430: Interface Types
If you configured a port channel interface, this command lists the interfaces configured in the port channel. NOTE: To end output from the system, such as the output from the show interfaces command, enter CTRL+C and Dell Networking OS returns to the command prompt. Interfaces...
Page 431 Examples of the show Commands The following example shows the configuration and status information for one interface. Dell#show interfaces tengigabitethernet 1/1 TenGigabitEthernet 1/1 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:05:f3:6a Current address is 00:01:e8:05:f3:6a Pluggable media present, XFP type is 10GBASE-LR.
Page 432: Enabling A Physical Interface
INTERFACE mode, use the exit command or end command. You cannot delete a physical interface. Physical Interfaces The Management Ethernet interface is a single RJ-45 Fast Ethernet port on each unit of the S4820T The interface provides dedicated management access to the system.
Page 433: Configuration Task List For Physical Interfaces
• Clearing Interface Counters Overview of Layer Modes On all systems running Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode.
Page 434: Configuring Layer 2 (Data Link) Mode
To set Layer 2 data transmissions through an individual interface, use the following command. • Enable Layer 2 data transmissions through an individual interface. INTERFACE mode switchport Example of a Basic Layer 2 Interface Configuration Dell(conf-if)#show config interface Port-channel 1 no ip address switchport no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands.
Page 435: Configuring Layer 3 (Interface) Mode
Information. To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode. Dell>show ip int vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49.1/24 Interfaces...
Page 436: Egress Interface Selection (Eis)
Broadcast address is 1.1.49.255 Address determined by config file MTU is 1554 bytes Inbound access list is not set Proxy ARP is enabled Split Horizon is enabled Poison Reverse is disabled ICMP redirects are not sent ICMP unreachables are not sent Egress Interface Selection (EIS) EIS allows you to isolate the management and front-end port domains by preventing switch-initiated traffic routing between the two domains.
Page 437: Management Interfaces
The dedicated Management interface provides management access to the system. You can configure this interface with Dell Networking OS, but the configuration options on this interface are limited. You cannot configure Gateway addresses and IP addresses if it appears in the main routing table of Dell Networking OS.
Page 438 – must not match the virtual IP address and must not be in the same subnet as the virtual IP. Dell#show interfaces managementethernet 1/1 ManagementEthernet 1/1 is up, line protocol is up Hardware is DellForce10Eth, address is 00:01:e8:a0:bf:f3 Current address is 00:01:e8:a0:bf:f3...
Page 439: Configuring Management Interfaces On The S-Series
To display the routing table, use the show ip route command in EXEC Privilege mode. Dell#show int TenGigabitEthernet 1/1 TenGigabitEthernet 1/1 is up, line protocol is up Description: This is the Managment Interface...
Page 440: Vlan Interfaces
NOTE: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol.
Page 441: Null Interfaces
To configure, view, or delete a Loopback interface, use the following commands. • Enter a number as the Loopback interface. CONFIGURATION mode interface loopback number The range is from 0 to 16383. • View Loopback interface configurations. EXEC mode show interface loopback number •...
Page 442: Port Channel Definition And Standards
There are 128 port-channels with 16 members per channel. As soon as you configure a port channel, Dell Networking OS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel.
Page 443: 10/100/1000 Mbps Interfaces In Port Channels
Dell Networking OS determines if the first interface specified (TenGig 1/1) is up. After it is up, the common speed of the port channel is 1000 Mb/s. Dell Networking OS disables those interfaces configured with speed 10000 Mb/s or whose speed is 10000 Mb/s as a result of auto- negotiation.
Page 444: Creating A Port Channel
NOTE: Port channels can contain a mix of Gigabit Ethernet and 10/100/1000 Ethernet interfaces, but Dell Networking OS disables the interfaces that are not the same speed of the first channel member in the port channel (refer to 10/100/1000 Mbps Interfaces in Port Channels).
Page 445 Examples of the show interfaces port-channel Commands To view the port channel’s status and channel members in a tabular format, use the show interfaces port-channel brief command in EXEC Privilege mode, as shown in the following example. Dell#show int port brief LAG Mode Status Uptime Ports...
Page 446: Reassigning An Interface To A New Port Channel
When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief command indicates the primary port.
Page 447: Configuring The Minimum Oper Up Links In A Port Channel
Dell(conf-if-po-4)#no chann tengi 1/8 Dell(conf-if-po-4)#int port 3 Dell(conf-if-po-3)#channel tengi 1/8 Dell(conf-if-po-3)#sho conf interface Port-channel 3 no ip address channel-member TenGigabitEthernet 1/8 shutdown Dell(conf-if-po-3)# Configuring the Minimum Oper Up Links in a Port Channel You can configure the minimum links in a port channel (LAG) that must be in “oper up” status to consider the port channel to be in “oper up”...
Page 448: Assigning An Ip Address To A Port Channel
When you disable a port channel, all interfaces within the port channel are operationally down also. Load Balancing Through Port Channels Dell Networking OS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among Equal Cost Multi-path (ECMP) paths and LAG members. The distribution is based on a flow, except for packet-based hashing.
Page 449: Load-Balancing Method
Dell Networking OS allows you to modify the hashing algorithms used for flows and for fragments. The load-balance and hash-algorithm commands are available for modifying the distribution algorithms.
Page 450 [ecmp{crc16|crc16cc|crc32LSB|crc32MSB|crc-upper|dest-ip|lsb| xor1|xor2|xor4|xor8|xor16}] Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh-ecmp checksum 26 Dell(conf)# The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crc- lower. This command takes the lower 32 bits of the hash key to compute the egress port. Other options for ECMP hash-algorithms are: •...
Page 451: Bulk Configuration
Bulk Configuration Bulk configuration allows you to determine if interfaces are present for physical interfaces or configured for logical interfaces. Interface Range An interface range is a set of interfaces to which other commands may be applied and may be created if there is at least one valid interface within the range.
Page 452 The following is an example showing how duplicate entries are omitted from the interface-range prompt. Example of the Interface-Range Prompt for Duplicate Interfaces Dell(conf)#interface range vlan 1 , vlan 1 , vlan 3 , vlan 3 Dell(conf-if-range-vl-1,vl-3)# Dell(conf)#interface range tengigabitethernet 2/1 - 23 , tengigabitethernet 2/1...
Page 453: Defining Interface Range Macros
The following example shows how to use commas to add VLAN and port-channel interfaces to the range. Example of Adding VLAN and Port-Channel Interface Ranges Dell(config-if-range-te-1/1-2)# interface range Vlan 2 – 100 , Port 1 – 25 Dell(config-if-range-te-1/1-2-so-5/1-vl-2-100-po-1-25)# no shutdown Defining Interface Range Macros You can define an interface-range macro to automatically select a range of interfaces for configuration.
Page 454: Monitoring And Maintaining Interfaces
— Page down • q — Quit Dell#monitor interface Te 3/1 Dell uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.: 2s Interface: Te 3/1, Disabled, Link is Down, Linespeed is 1000 Mbit Traffic statistics: Current...
Page 455: Maintenance Using Tdr
Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs. TDR sends a signal onto the physical cable and examines the reflection of the signal that returns.
Page 456: Splitting Qsfp Ports To Sfp+ Ports
Splitting a 40G port into four 10G ports is supported on standalone and stacked units. • You cannot use split ports as stack-link to stack a S4820T system. To verify port splitting, use the show system stack-unit 0 fanout {count | configure} command.
Page 457: Important Points To Remember
Similarly, you can enable the fan-out mode to configure the QSFP port on a device to act as an SFP or SFP+ port. As the QSA enables a QSFP or QSFP+ port to be used as an SFP or SFP+ port, Dell Networking OS does not immediately detect the QSA after you insert it into a QSFP port cage.
Page 458 NOTE: In the following show interfaces tengigbitethernet commands, the ports 1,2, and 3 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is inserted into these ports.
Page 459 5,6, and 7 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is inserted into these ports. This is a software limitation for this release.
Page 460 Dell#show interfaces fortyGigE 0/12 transceiver QSFP 0 Serial ID Base Fields QSFP 0 Id = 0x0d QSFP 0 Ext Id = 0x00 QSFP 0 Connector = 0x23 QSFP 0 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00...
Page 461 NOTE: In the following show inventory media command output, the port numbers 1, 2, 3, 5, 6, and 7 ports are actually inactive. However, Dell Networking OS still shows that optical cables are inserted into these ports. This is a software limitation for this release.
Page 462: Link Dampening
Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes. Every time an interface changes a state or flaps, routing protocols are notified of the status of the routes that are affected by the change in state. These protocols go through the momentous task of re- converging.
Page 463 The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, Dell Networking OS divides the packet into fragments no bigger than the size set in the ip mtu command.
Page 464: Link Bundle Monitoring
Using Ethernet Pause Frames for Flow Control Ethernet pause frames and threshold settings are supported on the Dell Networking OS. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it.
Page 465: Enabling Pause Frames
As a workaround, apply the new settings, execute shut then no shut on the interface, and then check the running-config of the port. NOTE: If you disable rx flow control, Dell Networking recommends rebooting the system. The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes.
Page 466: Configure The Mtu Size On An Interface
1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The MTU range is from 592 to 12000, with a default of 1500. IP MTU automatically configures. The following table lists the various Layer 2 overheads found in Dell Networking OS and the number of bytes.
Page 467: Port-Pipes
Port-Pipes A port pipe is a Dell Networking-specific term for the hardware path that packets follow through a system. Port pipes travel through a collection of circuits (ASICs) built into line cards and RPMs on which various processing events for the packets occur. One or two port pipes process traffic for a given set of physical interfaces or a port-set.
Page 468 NOTE: The show interfaces status command displays link status, but not administrative status. For both link and administrative status, use the show ip interface [interface | brief | linecard slot-number] [configuration] command. Dell#show interfaces status Port Description Status Speed Duplex Vlan...
Page 469: Set Auto-Negotiation Options
Dell(conf-if-te-1/1-autoneg)# For details about the speed, duplex, and negotiation auto commands, refer to the Interfaces chapter of the Dell Networking OS Command Reference Guide. Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command.
Page 470: View Advanced Interface Information
Dell#show ip interface stack-unit 1 configured Dell#show ip interface tengigabitEthernet 1 configured Dell#show ip interface br configured Dell#show ip interface br stack-unit 1 configured Dell#show ip interface br tengigabitEthernet 1 configured Dell#show running-config interfaces configured Dell#show running-config interface tengigabitEthernet 1 configured In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information.
Page 471: Configuring The Interface Sampling Size
Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 1d23h40m Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#rate-interval 100 Dell#show interfaces TenGigabitEthernet 1/1 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:01:9e:d9...
Page 472: Dynamic Counters
Dynamic Counters By default, counting is enabled for IPFLOW, IPACL, L2ACL, L2FIB. For the remaining applications, Dell Networking OS automatically turns on counting when you enable the application, and is turned off when you disable the application. NOTE: If you enable more than four counter-dependent applications on a port pipe, there is an impact on line rate performance.
Page 473: Enhanced Validation Of Interface Ranges
– (OPTIONAL) To clear unknown source address (SA) drop counters when you configure the MAC learning limit on the interface, enter the keywords learning-limit. Example of the clear counters Command When you enter this command, confirm that you want Dell Networking OS to clear the interface counters for that interface. Dell#clear counters te 1/1...
Page 474 2.1.1.1/16 switchport shut shut shut shut shut shut Dell# show running-config Dell# show running-config compressed interface TenGigabitEthernet 1/1 interface TenGigabitEthernet 1/1 no ip address no ip address switchport switchport shutdown shutdown interface TenGigabitEthernet 1/2 Interface group TenGigabitEthernet 1/2 –...
Page 475 interface TenGigabitEthernet 1/4 interface group Vlan 2 , Vlan 100 no ip address no ip address shutdown no shutdown interface TenGigabitEthernet 1/10 interface group Vlan 3 – 5 no ip address tagged te 1/1 shutdown no ip address shutdown interface TenGigabitEthernet 1/34 ip address 2.1.1.1/16 interface Vlan 1000 shutdown...
Page 476 Copy one file, after optimizing and reducing the size of the configuration file, to another location. Dell Networking OS supports IPv4 and IPv6 addressing for FTP, TFTP, and SCP (in the hostip field).
Page 477: Internet Protocol Security (Ipsec)
Internet Protocol Security (IPSec) IPSec is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and file transfer protocols (FTPs). It supports two operational modes: Transport and Tunnel.
Page 478: Configuring Ipsec
Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. Define the transform set. CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 esp- encryption des Define the crypto policy. CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXform-set session-key inbound esp 256 auth ...
Page 479: Ipv4 Routing
For more information about IP addressing, refer to RFC 791, Internet Protocol. Implementation Information In Dell Networking OS, you can configure any IP address as a static route except IP addresses already assigned to interfaces. NOTE: Dell Networking OS supports 31-bit subnet masks (/31, or 255.255.255.254) as defined by RFC 3021.
Page 480: Configuration Tasks For Ip Addresses
[VLAN] or port channel) interfaces to enable IP communication between the system and hosts connected to that interface. In Dell Networking OS, you can assign one primary address and up to 255 secondary IP addresses to each interface. Enter the keyword interface then the type of interface and slot/port information.
Page 481: Configuring Static Routes
– tag tag-value: the range is from 1 to 4294967295. (optional) Example of the show ip route static Command To view the configured routes, use the show ip route static command. Dell#show ip route static Destination Gateway Dist/Metric Last Change...
Page 482 6.1.20.2, Te 5/1 00:02:30 S 6.1.2.17/32 via 6.1.20.2, Te 5/1 00:02:30 S 11.1.1.0/24 Direct, Nu 0 00:02:30 Direct, Lo 0 --More-- Dell#show ip route static Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------- S 2.1.2.0/24 Direct, Nu 0 00:02:30 S 6.1.2.0/24...
Page 483: Configure Static Routes For The Management Interface
Direct, Lo 0 --More-- Dell Networking OS installs a next hop that is on the directly connected subnet of current IP address on the interface (for example, if interface TenGigabitEthernet 1/1 is on 172.31.5.0 subnet, Dell Networking OS installs the static route).
Page 484: Using The Configured Source Ip Address In Icmp Messages
Using the Configured Source IP Address in ICMP Messages This feature is supported on the S4820T platform. ICMP error or unreachable messages are now sent with the configured IP address of the source interface instead of the front-end port IP address as the source IP address. Enable the generation of ICMP unreachable messages through the ip unreachable command in Interface mode.
Page 485: Configuring The Duration To Establish A Tcp Connection
Dell>show ip tcp reduced-syn-ack-wait Enabling Directed Broadcast By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive directed broadcasts, use the following command.
Page 486: Resolution Of Host Names
The order you entered the servers determines the order of their use. Example of the show hosts Command To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set...
Page 487: Specifying The Local System Domain And A List Of Domains
Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches the host table first to resolve the partial domain.
Page 488: Arp
For more information about ARP, refer to RFC 826, An Ethernet Address Resolution Protocol. In Dell Networking OS, Proxy ARP enables hosts with knowledge of the network to accept and forward packets from hosts that contain no knowledge of the network. Proxy ARP makes it possible for hosts to be ignorant of the network, including subnetting.
Page 489: Configuring Static Arp Entries
These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command. To view the static entries in the ARP cache, use the show arp static command in EXEC privilege mode. Dell#show arp Protocol Address Age(min) Hardware Address...
Page 490: Clearing Arp Cache
Gratuitous ARP can mean an ARP request or reply. In the context of ARP learning via gratuitous ARP on Dell Networking OS, the gratuitous ARP is a request. A gratuitous ARP request is an ARP request that is not needed according to the ARP specification, but one that hosts may send to: •...
Page 491: Enabling Arp Learning Via Gratuitous Arp
ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address.
Page 492: Configuring Arp Retries
Configuring ARP Retries In Dell Networking OS versions prior to 8.3.1.0, the number of ARP retries is set to five and is not configurable. After five retries, Dell Networking OS backs off for 20 seconds before it sends a new request.
Page 493: Icmp
The following lists the configuration tasks for ICMP. • Enabling ICMP Unreachable Messages For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled.
Page 494: Important Points To Remember
To enable UDP helper, use the following command. • Enable UPD helper. ip udp-helper udp-ports Example of Enabling UDP Helper and Using the UDP Helper show Command Dell(conf-if-te-1/1)#ip udp-helper udp-port 1000 Dell(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 ip address 2.1.1.1/24 ip udp-helper udp-port 1000...
Page 495: Configurations Using Udp Helper
UDP Helper with No Configured Broadcast Addresses UDP Helper with Broadcast-All Addresses When the destination IP address of an incoming packet is the IP broadcast address, Dell Networking OS rewrites the address to match the configured broadcast address. In the following illustration: Packet 1 is dropped at ingress if you did not configure UDP helper address.
Page 496: Udp Helper With Subnet Broadcast Addresses
If you enabled UDP helper, the system changes the destination IP address to the configured broadcast address 1.1.255.255 and forwards the packet to VLAN 100. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured.
Page 497: Udp Helper With Configured Broadcast Addresses
UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101.
Page 498: Troubleshooting Udp Helper
To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Te 5/1 with IP DA (0xffffffff) will be sent on Te 5/2 Te 5/3 Vlan 3 01:44:54: Pkt rcvd on Te 7/1 is handed over for DHCP processing.
Page 499: Ipv6 Routing
Implementing IPv6 with Dell Networking NOTE: Even though Dell Networking OS listens to all ports, you can only use the ports starting from 1024 for IPv6 traffic. Ports from 0 to 1023 are reserved for internal use and you cannot use them for IPv6 traffic.
Page 500: Ipv6 Headers
(DHCP) servers via stateful auto-configuration. NOTE: Dell Networking OS provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS). By default, RA response messages are sent when an RS message is received.
Page 501: Ipv6 Header Fields
IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 52. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling.
Page 502 Next Header (8 bits) The Next Header field identifies the next header’s type. If an Extension header is used, this field contains the type of Extension header (as shown in the following table). If the next header is a transmission control protocol (TCP) or user datagram protocol (UDP) header, the value in this field is the same as for IPv4.
Page 503: Extension Header Fields
Destination Address (128 bits) The Destination Address field contains the intended recipient’s IPv6 address. This can be either the ultimate destination or the address of the next hop router. Extension Header Fields Extension headers are used only when necessary. Due to the streamlined nature of the IPv6 header, adding extension headers do not severely impact performance.
Page 504: Addressing
Discard the packet and send an ICMP Parameter Problem, Code 2 message to the packet’s Source IP Address only if the Destination IP Address is not a multicast address. The second byte contains the Option Data Length. The third byte specifies whether the information can change en route to the destination. The value is 1 if it can change;...
Page 505: Implementing Ipv6 With Dell Networking Os
Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform.
Page 506 Dell Networking OS Documentation and Functionality Release Introduction Chapter Location S4820T Route redistribution 8.3.19 OSPF, IS-IS, and IPv6 BGP chapters in the Dell Networking OS Command Line Reference Guide. Multiprotocol BGP 8.3.19 IPv6 BGP in the Dell extensions for IPv6 Networking OS Command Line Reference Guide.
Page 507: Icmpv6
ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 4443.
Page 508: Path Mtu Discovery
The Dell Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages. Path MTU Discovery Path MTU, in accordance with RFC 1981, defines the largest packet size that can traverse a transmission path without suffering fragmentation. Path MTU for IPv6 uses ICMPv6 Type-2 messages to discover the largest MTU along the path from source to destination and avoid the need to fragment the packet.
Page 509: Ipv6 Neighbor Discovery Of Mtu Packets
With ARP, each node broadcasts ARP requests on the entire link. This approach causes unnecessary processing by uninterested nodes. With NDP, each node sends a request only to the intended destination via a multicast address with the unicast address used as the last 24 bits. Other hosts on the link do not participate in the process, greatly increasing network bandwidth efficiency.
Page 510: Configuring The Ipv6 Recursive Dns Server
Dell(conf-if-te-1/1)#do debug ipv6 nd tengigabitethernet 1/1 ICMPv6 Neighbor Discovery packet debugging is on for tengigabitethernet 1/1 Dell(conf-if-te-1/1)#00:13:02 : : cp-ICMPV6-ND: Sending RA on Te 1/1 current hop limit=64, flags: M-, O-, router lifetime=1800 sec, reachable time=0 ms, retransmit time=0 ms...
Page 511: Displaying Ipv6 Rdnss Information
The following example displays IPv6 RDNSS information. The output in the last 3 lines indicates that the IPv6 RDNSS was correctly configured on interface te 1/1. Dell#show ipv6 interface te 1/1 TenGigabitEthernet 1/1 is up, line protocol is up IPV6 is enabled...
Page 512: Secure Shell (Ssh) Over An Ipv6 Transport
SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide. Configuration Tasks for IPv6 The following are configuration tasks for the IPv6 protocol.
Page 513: Assigning An Ipv6 Address To An Interface
Assigning an IPv6 Address to an Interface Essentially, IPv6 is enabled in Dell Networking OS simply by assigning IPv6 addresses to individual router interfaces. You can use IPv6 and IPv4 together on a system, but be sure to differentiate that usage carefully.
Page 514: Configuring Telnet With Ipv6
– For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Configuring Telnet with IPv6 The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router.
Page 515: Showing Ipv6 Information
View specific IPv6 configuration with the following commands. • List the IPv6 show options. EXEC mode or EXEC Privileged mode show ipv6 ? Example of show ipv6 Command Options Dell#show ipv6 ? accounting IPv6 accounting information IPv6 CAM Entries IPv6 FIB Entries interface...
Page 516: Showing Ipv6 Routes
– For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Example of the show ipv6 interface Command Dell#show ipv6 int ManagementEthernet 1/1 ManagementEthernet 1/1 is up, line protocol is up IPV6 is enabled Stateless address autoconfiguration is enabled...
Page 517: Showing The Running-Configuration For An Interface
– To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command. Dell#show ipv6 route summary Route Source Active Routes Non-active Routes connected 5 0...
Page 518: Clearing Ipv6 Routes
– For the Management interface on the stack-unit, enter the keyword ManagementEthernet then the slot/port information. The slot range is from 0 to 1. The port range is 0. Example of the show running-config interface Command Dell#show run int Te 2/2 interface TenGigabitEthernet 2/2 no ip address...
Page 519 Define the role of the device attached to the port. POLICY LIST CONFIGURATION mode device-role {host | router} Use the keyword host to set the device role as host. Use the keyword router to set the device role as router. Set the hop count limit.
Page 520: Configuring Ipv6 Ra Guard On An Interface
The retransmission time range is from 100 to 4,294,967,295 milliseconds. 15. Display the configurations applied on the RA guard policy mode. POLICY LIST CONFIGURATION mode show config Example of the show config Command Dell(conf-ra_guard_policy_list)#show config ipv6 nd ra-guard policy test device-role router hop-limit maximum 251 mtu 1350...
Page 521: Monitoring Ipv6 Ra Guard
[interface_type slot/port | count value] The count range is from 1 to 65534. The default is infinity. For a complete listing of all commands related to IPv6 RA Guard, refer to Dell Networking OS Command Line Reference Guide.
Page 522: Iscsi Optimization
Dell’s iSCSI storage arrays and triggers a self-configuration of several key network configurations that enables optimization of the network for better storage traffic throughput. iSCSI is disabled by default on the S4820T platform and is not supported on the Z9000 platform.
Page 523 • Automatic configuration of switch ports after detection of storage arrays. • If you configure flow-control, iSCSI uses the current configuration. If you do not configure flow- control, iSCSI auto-configures flow control settings so that receive-only is enabled and transmit-only is disabled.
Page 524: Monitoring Iscsi Traffic Flows
Figure 55. iSCSI Optimization Example Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets. When you enable iSCSI optimization, by default the switch identifies IP packets to or from these ports as iSCSI traffic.
Page 525: Application Of Quality Of Service To Iscsi Traffic Flows
4, use the CoS dot1p- priority command (refer to QoS dot1p Traffic Classification and Queue Assignment). Dell Networking recommends setting the CoS dot1p priority-queue to 0 (zero). You can configure whether iSCSI frames are re-marked to contain the configured VLAN priority tag or IP DSCP when forwarded through the switch.
Page 526: Detection And Auto-Configuration For Dell Equallogic Arrays
Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic flows. The switch uses the link layer discovery protocol (LLDP) to discover Dell EqualLogic devices on the network. LLDP is enabled by default. For more information about LLDP, refer to...
Page 527: Synchronizing Iscsi Sessions Learned On Vlt-Lags With Vlt-Peer
The command configures a port for the best iSCSI traffic conditions. The following message displays the first time you use the iscsi profile-compellent command to configure a port connected to a Dell Compellent storage array and describes the configuration changes that are automatically performed:...
Page 528: Default Iscsi Optimization Values
Table 35. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Disabled on the S4810 and S4820T. iSCSI CoS mode (802.1p priority queue mapping) dot1p priority 4 without the remark setting when you enable iSCSI. If you do not enable iSCSI, this feature is disabled.
Page 529: Iscsi Optimization Prerequisites
Parameter Default Value iSCSI session monitoring Disabled. The CAM allocation for iSCSI is set to zero (0). iSCSI Optimization Prerequisites The following are iSCSI optimization prerequisites. • iSCSI optimization requires LLDP on the switch. LLDP is enabled by default (refer to Link Layer Discovery Protocol (LLDP)).
Page 530 EXEC Privilege mode write memory Reload the switch. EXEC Privilege mode reload After the switch is reloaded, DCB/ DCBx and iSCSI monitoring are enabled. (Optional) Configure the iSCSI target ports and optionally the IP addresses on which iSCSI communication is monitored. CONFIGURATION mode [no] iscsi target port tcp-port-1 [tcp-port-2...tcp-port-16] [ip-address address]...
Page 531: Displaying Iscsi Optimization Information
ID. show iscsi sessions detailed [session isid] • Display all globally configured non-default iSCSI settings in the current Dell Networking OS session. show run iscsi Examples of the show iscsi Commands The following example shows the show iscsi command.
Page 532 Session 0: -------------------------------------------------------------------------------- ---- Target: iqn.2001-05.com.equallogic:0-8a0906-0f60c2002-0360018428d48c94-iom011 iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 The following example shows the show iscsi session detailed command. VLT PEER1 Dell# show iscsi session detailed Session 0: ------------------------------------------------------------ Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 33345 10.10.0.101 3260 0...
Page 533: Intermediate System To Intermediate System
IS-IS is supported on the S4820T with Dell Networking OS 8.3(19.0). • • The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. • The IS-IS protocol standards are listed in the Standards Compliance chapter.
Page 534: Multi-Topology Is-Is
IS area address, system ID, and N-selector. The last byte is the N-selector. All routers within an area have the same area portion. Level 1 routers route based on the system address portion of the address, while the Level 2 routers route based on the area address. The NET length is variable, with a maximum of 20 bytes and a minimum of 8 bytes.
Page 535: Transition Mode
Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multi- topology. A router operating in multi-topology mode does not recognize the ability of the single- topology mode router to support IPv6 traffic, which leads to holes in the IPv6 topology. While in Transition mode, both types of TLVs (single-topology and multi-topology) are sent in LSPs for all configured IPv6 addresses, but the router continues to operate in single-topology mode (that is, the topological restrictions of the single-topology mode remain in effect).
Page 536: Timers
By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing; however, the ISO NET format is supported for addressing.
Page 537: Configuration Information
• Advertises IPv6 information in the PDUs. • Processes IPv6 information received in the PDUs. • Computes routes to IPv6 destinations. • Downloads IPv6 routes to the RTM for installing in the FIB. • Accepts external IPv6 information and advertises this information in the PDUs. The following table lists the default IS-IS values.
Page 538 • Changing the IS-Type • Controlling Routing Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address.
Page 539 ROUTER ISIS mode. To view the IS-IS configuration, enter the show isis protocol command in EXEC Privilege mode or the show config command in ROUTER ISIS mode. Dell#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 540 IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: •...
Page 541 spf-interval [level-l | level-2 | interval] [initial_wait_interval [second_wait_interval]] Use this command for IPv6 route computation only when you enable multi-topology. If using single- topology mode, to apply to both IPv4 and IPv6 route computations, use the spf-interval command in CONFIG ROUTER ISIS mode. Implement a wide metric-style globally.
Page 542 LSP. The 'overload' bit is an indication to the receiving router that database synchronization did not complete at the restarting router. To view all graceful restart-related configurations, use the show isis graceful-restart detail command in EXEC Privilege mode. Dell#show isis graceful-restart detail Configured Timer Value ====================== Graceful Restart...
Page 543 Dell# To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode. Dell#show isis interface TenGigabitEthernet 1/34 TenGigabitEthernet 1/34 is up, line protocol is up MTU 1497, Encapsulation SAP...
Page 544 16,777,215. Dell Networking OS supports five different metric styles: narrow, wide, transition, narrow transition, and wide transition. By default, Dell Networking OS generates and receives narrow metric values. Matrixes or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the metric style of the IS-IS process.
Page 545 To view which metric types are generated and received, use the show isis protocol command in EXEC Privilege mode. The IS-IS matrixes settings are in bold. Example of Viewing IS-IS Metric Types Dell#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001...
Page 546: Configuring The Distance Of A Route
– default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. The range is from 0 to 16777215 if the metric style is wide or wide transition. • Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | level-2] –...
Page 547 The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level. To view the Link State databases, use the show isis database command. Dell#show isis database IS-IS Level-1 Link State Database LSPID...
Page 548 Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS.
Page 549: Redistributing Ipv4 Routes
Applying IPv6 Routes To apply prefix lists to incoming or outgoing IPv6 routes, use the following commands. NOTE: These commands apply to IPv6 IS-IS only. To apply prefix lists to IPv4 routes, use ROUTER ISIS mode, previously shown. • Apply a configured prefix list to all incoming IPv6 IS-IS routes. ROUTER ISIS-AF IPV6 mode distribute-list prefix-list-name in [interface] Enter the type of interface and slot/port information:...
Page 550: Redistributing Ipv6 Routes
• Include BGP, directly connected, RIP, or user-configured (static) routes in IS-IS. ROUTER ISIS mode redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: –...
Page 551: Configuring Authentication Passwords
redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: – process-id: the range is from 1 to 65535. – level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. –...
Page 552: Setting The Overload Bit
Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system.
Page 553 – interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. Dell Networking OS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
Page 554: Is-Is Metric Styles
The following sections provide additional information about the IS-IS metric styles. • Configuring the IS-IS Metric Style • Configure Metric Values Dell Networking OS supports the following IS-IS metric styles: • narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) •...
Page 555 Table 38. Metric Value When the Metric Style Changes Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide narrow default value (10) if the original value is greater than 63. A message is sent to the console. wide transition truncated value (the truncated value appears in the LSP only).
Page 556: Leaks From One Level To Another
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide transition narrow transition default value (10) if the original value is greater than 63. A message is sent to the console. wide transition transition truncated value (the truncated value appears in the LSP only). The original isis metric value is displayed in the show config and show running-config...
Page 557: Sample Configurations
The following example shows the response from the router: Dell#clear isis * % ISIS not enabled. Dell#clear isis 9999 * You can configure IPv6 IS-IS routes in one of the following three different methods: • Congruent Topology — You must configure both IPv4 and IPv6 addresses on the interface. Enable the ip router isis and ipv6 router isis commands on the interface.
Page 558 TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17...
Page 559 34.0000.0000.AAAA.00 address-family ipv6 unicast multi-topology exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config router isis net 34.0000.0000.AAAA.00 address-family ipv6 unicast multi-topology transition exit-address-family...
Page 560: Link Aggregation Control Protocol (Lacp)
Link aggregation control protocol (LACP) is supported on Dell Networking OS. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic.
Page 561: Lacp Modes
You can configure a maximum of 128 port-channels with up to 16 members per channel. LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state.
Page 562: Lacp Configuration Tasks
LAG interfaces. • Create a dynamic port channel (LAG). CONFIGURATION mode interface port-channel • Create a dynamic port channel (LAG). CONFIGURATION mode switchport Example of Configuring a LAG Interface Dell(conf)#interface port-channel 32 Dell(conf-if-po-32)#no shutdown Dell(conf-if-po-32)#switchport Link Aggregation Control Protocol (LACP)
Page 563: Configuring The Lag Interfaces As Dynamic
Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface Gigabitethernet 3/15 Dell(conf-if-gi-3/15)#no shutdown Dell(conf-if-gi-3/15)#port-channel-protocol lacp Dell(conf-if-gi-3/15-lacp)#port-channel 32 mode active Dell(conf)#interface Gigabitethernet 3/16 Dell(conf-if-gi-3/16)#no shutdown Dell(conf-if-gi-3/16)#port-channel-protocol lacp Dell(conf-if-gi-3/16-lacp)#port-channel 32 mode active Dell(conf)#interface Gigabitethernet 4/15 Dell(conf-if-gi-4/15)#no shutdown...
Page 564: Monitoring And Debugging Lacp
CONFIG-INT-PO mode lacp long-timeout Example of the lacp long-timeout and show lacp Commands Dell(conf)# interface port-channel 32 Dell(conf-if-po-32)#no shutdown Dell(conf-if-po-32)#switchport Dell(conf-if-po-32)#lacp long-timeout Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.45a5...
Page 565: Configuring Shared Lag State Tracking
Figure 58. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking.
Page 566: Important Points About Shared Lag State Tracking
2d1h45m: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Po 2 To view the status of a failover group member, use the show interface port-channel command. Dell#show interface port-channel 2 Port-channel 2 is up, line protocol is down (Failover-group 1 is down)
Page 567: Lacp Basic Configuration Example
• You can configure shared LAG state tracking on one side of a link or on both sides. • If a LAG that is part of a failover group is deleted, the failover group is deleted. • If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology.
Page 568 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10000 Mbit, Mode full duplex, Slave Flowcontrol rx on tx on ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:02:11 Queueing strategy: fifo Input statistics: 132 packets, 163668 bytes 0 Vlans...
Page 569 Figure 62. Inspecting Configuration of LAG 10 on ALPHA Link Aggregation Control Protocol (LACP)
Page 570 Figure 63. Verifying LAG 10 Status on ALPHA Using the show lacp Command Summary of the LAG Configuration on Alpha Alpha(conf-if-po-10)#int gig 2/31 Alpha(conf-if-gi-2/31)#no ip address Alpha(conf-if-gi-2/31)#no switchport Alpha(conf-if-gi-2/31)#shutdown Alpha(conf-if-gi-2/31)#port-channel-protocol lacp Alpha(conf-if-gi-2/31-lacp)#port-channel 10 mode active Alpha(conf-if-gi-2/31-lacp)#no shut Alpha(conf-if-gi-2/31)#show config interface GigabitEthernet 2/31 no ip address port-channel-protocol LACP port-channel 10 mode active...
Page 571 interface GigabitEthernet 2/31 no ip address Summary of the LAG Configuration on Bravo Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config interface Port-channel 10 no ip address switchport no shutdown Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/21)#port-channel-protocol lacp...
Page 572 Figure 64. Inspecting a LAG Port on BRAVO Using the show interface Command Link Aggregation Control Protocol (LACP)
Page 573 Figure 65. Inspecting LAG 10 Using the show interfaces port-channel Command Link Aggregation Control Protocol (LACP)
Page 574 Figure 66. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection.
Page 575: Layer 2
Layer 2 Layer 2 features are supported on Dell Networking OS. Manage the MAC Address Table Dell Networking OS provides the following management activities for the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries •...
Page 576: Configuring A Static Mac Address
CONFIGURATION mode mac-address-table aging-time seconds The range is from 10 to 1000000. Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. •...
Page 577: Setting The Mac Learning Limit
Entries created before this option is set are not affected. Dell Networking OS Behavior: If you do not configure the dynamic option, the systems do not detect station moves in which a MAC address learned off of a MAC-limited port is learned on another port on same line card.
Page 578: Mac Learning-Limit Mac-Address-Sticky
EXEC Privilege mode show mac learning-limit Dell Networking OS Behavior: The systems do not generate a station-move violation log entry for physical interfaces or port-channels when you configure mac learning-limit or when you configure mac learning-limit station-move-violation log. Dell Networking OS detects a station-move...
Page 579: Learning Limit Violation Actions
Dell(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 no ip address switchport mac learning-limit 1 dynamic no-station-move...
Page 580: Recovering From Learning Limit And Station Move Violations
• Display a list of all of the interfaces configured with MAC learning limit or station move violation. CONFIGURATION mode show mac learning-limit violate-action NOTE: When the MAC learning limit (MLL) is configured as no-station-move, the MLL will be processed as static entries internally. For static entries, the MAC address will be installed in all port-pipes, irrespective of the VLAN membership.
Page 581 (in the previous example, this location is Port 0/5 of the switch). To ensure that the MAC address is disassociated with one port and re-associated with another port in the ARP table, configure the mac- address-table station-move refresh-arp command on the Dell Networking switch at the time that NIC teaming is being configured on the server.
Page 582: Configure Redundant Pairs
Down state until the primary fails, at which point it transitions to Up state. If the primary interface fails, and later comes up, it becomes the backup interface for the redundant pair. Dell Networking OS supports Gigabit, 10 Gigabit, and 40-Gigabit interfaces as backup interfaces.
Page 583: Important Points About Configuring Redundant Pairs
Up state. If the primary interface fails and later comes back up, it remains as the backup interface for the redundant pair. Dell Networking OS supports only Gigabit, 10 Gigabit, and 40-Gigabit ports and port channels as primary/ backup interfaces in redundant pairs. (A port channel is also referred to as a link aggregation group (LAG).
Page 584 TenGigabitEthernet 3/41 unassigned NO Manual administratively down down TenGigabitEthernet 3/42 unassigned YES Manual up [output omitted] Example of Configuring Redundant Pairs on a Port-Channel ( S4820T) Dell#show interfaces port-channel brief Codes: L - LACP Port-channel Mode Status Uptime Ports 00:08:33...
Page 585: Far-End Failure Detection
Far-End Failure Detection FEFD is a protocol that senses remote data link errors in a network. FEFD responds by sending a unidirectional report that triggers an echoed response after a specified time interval. You can enable FEFD globally or locally on an interface basis. Disabling the global FEFD configuration does not disable the interface configuration.
Page 586 FEFD enabled ports are subject to an 8 to 10 second delay during an RPM failover before becoming operational. • You can enable FEFD globally or on a per-interface basis. Interface FEFD configurations override global FEFD configurations. • Dell Networking OS supports FEFD on physical Ethernet interfaces only, excluding the management interface. Layer 2...
Page 587: Configuring Fefd
Te 1/3 Normal 3 Admin Shutdown Te 1/4 Normal 3 Admin Shutdown Dell#show run fefd fefd-global mode normal fefd-global interval 3 Enabling FEFD on an Interface To enable, change, or disable FEFD on an interface, use the following commands. •...
Page 588: Debugging Fefd
TenGigabitEthernet 1/1 no ip address switchport fefd mode normal no shutdown Dell(conf-if-te-1/1)#do show fefd | grep 1/1 Te 1/1 Normal Unknown Debugging FEFD To debug FEFD, use the first command. To provide output for each packet transmission over the FEFD enabled connection, use the second command.
Page 589 2w1d22h: %RPM0-P:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Te 1/1 Dell(conf-if-te-1/1)#2w1d22h : FEFD state on Te 1/1 changed from ANY to Unknown 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 1/1 2w1d22h: %RPM0-P:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 4/1...
Page 590: Link Layer Discovery Protocol (Lldp)
Link Layer Discovery Protocol (LLDP) The link layer discovery protocol (LLDP) is supported on Dell Networking OS. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Page 591: Optional Tlvs
IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 72. LLDPDU Frame Optional TLVs The Dell Networking OS supports these optional TLVs: management TLVs, IEEE 802.1 and 802.3 organizationally specific TLVs, and TIA-1057 organizationally specific TLVs. Link Layer Discovery Protocol (LLDP)
Page 592: Management Tlvs
Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs.
Page 593 This TLV is not available in the Dell Networking OS implementation of LLDP, but is available and mandatory (non-configurable) in the LLDP-MED implementation.
Page 594: Tia-1057 (Lldp-Med) Overview
• LLDP-MED Network Connectivity Device — any device that provides access to an IEEE 802 LAN to an LLDP-MED endpoint device and supports IEEE 802.1AB (LLDP) and TIA-1057 (LLDP-MED). The Dell Networking system is an LLDP-MED network connectivity device. Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability •...
Page 595 Inventory Management Implementation of this TLVs set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. Dell Networking OS does not currently support these TLVs. Inventory — Hardware Indicates the hardware Revision revision of the LLDP- MED device.
Page 596 LLDP-MED capability (as shown in the following table). • The possible values of the LLDP-MED device type are shown in the following. The Dell Networking system is a network connectivity device, which is Type 4. When you enable LLDP-MED in Dell Networking OS (using the advertise med command), the system begins transmitting this TLV.
Page 597 An integer represents the application type (the Type integer shown in the following table), which indicates a device function for which a unique network policy is defined. An individual LLDP-MED network policy TLV is generated for each application type that you specify with the Dell Networking OS CLI (Advertising TLVs).
Page 598 • Power Type — there are two possible power types: power source entity (PSE) or power device (PD). The Dell Networking system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification. •...
Page 599: Configure Lldp
Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000.
Page 600: Enabling Lldp
LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuration Negate a command or set its defaults show Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/3 Dell(conf-if-te-1/3)#protocol lldp Dell(conf-if-te-1/3-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol on this interface...
Page 601 • If you configure an interface, only the interface sends LLDPDUs with the specified TLVs. • If you configure LLDP both globally and at interface level, the interface level configuration overrides the global configuration. To advertise TLVs, use the following commands. Enter LLDP mode.
Page 602: Viewing The Lldp Configuration
Dell(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description hello 10 no disable Dell(conf-lldp)# Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/31 Dell(conf-if-te-1/31)#show config interface TenGigabitEthernet 1/31 no ip address switchport no shutdown Dell(conf-if-te-1/31)#protocol lldp Dell(conf-if-te-1/31-lldp)#show config protocol lldp...
Page 603: Viewing Information Advertised By Adjacent Lldp Agents
Information valid for next 120 seconds Time since last information change of this neighbor: 01:50:16 Remote MTU: 1554 Remote System Desc: Dell Networks Real Time Operating System Software Dell Operating System Version: 1.0. Dell Application Software Version: 9.4.0.0. Copyright (c) 1999-2014...
Page 604: Configuring Lldpdu Intervals
R1(conf-lldp)# Configuring Transmit and Receive Mode After you enable LLDP, Dell Networking systems transmit and receive LLDPDUs by default. To configure the system to transmit or receive only and return to the default, use the following commands. •...
Page 605: Configuring A Time To Live
• Receive only. CONFIGURATION mode or INTERFACE mode mode rx • Return to the default setting. CONFIGURATION mode or INTERFACE mode no mode Example of Configuring a Single Mode R1(conf)#protocol lldp R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ?
Page 606: Debugging Lldp
Example of the multiplier Command to Configure Time to Live R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#multiplier ? <2-10> Multiplier (default=4) R1(conf-lldp)#multiplier 5 R1(conf-lldp)#show config protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description multiplier 5...
Page 607: Relevant Management Objects
Figure 78. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on the local agent •...
Page 608 Table 48. LLDP Configuration MIB Objects MIB Object LLDP Variable LLDP MIB Object Description Category LLDP adminStatus lldpPortConfigAdminStatus Whether you enable the Configuration local LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplie Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received...
Page 609 MIB Object LLDP Variable LLDP MIB Object Description Category statsTLVsUnrecognizedTota lldpStatsRxPortTLVsUnreco Total number of all TLVs the gnizedTotal local agent does not recognize. Table 49. LLDP System MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object Chassis ID chassis ID subtype Local lldpLocChassisIdSub...
Page 610 TLV Type TLV Name TLV Variable System LLDP MIB Object Remote lldpRemManAddrSu btype management Local lldpLocManAddr address Remote lldpRemManAddr interface numbering Local lldpLocManAddrIfSu subtype btype Remote lldpRemManAddrIfS ubtype interface number Local lldpLocManAddrIfId Remote lldpRemManAddrIfId Local lldpLocManAddrOID Remote lldpRemManAddrOI Table 50. LLDP 802.1 Organizationally specific TLV MIB Objects TLV Type TLV Name TLV Variable...
Page 611 TLV Type TLV Name TLV Variable System LLDP MIB Object Remote lldpXdot1RemVlanN VLAN name Local lldpXdot1LocVlanNa Remote lldpXdot1RemVlanN Table 51. LLDP-MED System MIB Objects TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object lldpXMedPortCapSu LLDP-MED LLDP-MED Local pported Capabilities Capabilities lldpXMedPortConfig TLVsTx Enable...
Page 612 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object L2 Priority Local lldpXMedLocMediaP olicyPriority Remote lldpXMedRemMedia PolicyPriority DSCP Value Local lldpXMedLocMediaP olicyDscp Remote lldpXMedRemMedia PolicyDscp Location Identifier Location Data Local lldpXMedLocLocatio Format nSubtype Remote lldpXMedRemLocati onSubtype Location ID Data Local lldpXMedLocLocatio nInfo...
Page 613 TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object lldpXMedLocXPoEPS Power Value Local EPortPowerAv lldpXMedLocXPoEP DPowerReq lldpXMedRemXPoEP Remote SEPowerAv lldpXMedRemXPoEP DPowerReq Link Layer Discovery Protocol (LLDP)
Page 614: Microsoft Network Load Balancing
Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
Page 615: Nlb Multicast Mode Scenario
If the active server sends a reply, the Dell switch learns the active server’s MAC address. If all servers reply, the switch registers only the last received ARP reply, and the switch learns one server’s actual MAC address;...
Page 616: Enable And Disable Vlan Flooding
Enable and Disable VLAN Flooding • The older ARP entries are overwritten whenever newer NLB entries are learned. • All ARP entries, learned after you enable VLAN flooding, are deleted when you disable VLAN flooding, and RP2 triggers an ARP resolution. Disable VLAN flooding with the no ip vlan-flooding command.
Page 617 mac-address-table static multicast-mac-address vlan vlan-id output-range interface Microsoft Network Load Balancing...
Page 618: Multicast Source Discovery Protocol (Msdp)
Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Page 619 Figure 79. Multicast Source Discovery Protocol (MSDP) RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected.
Page 620: Anycast Rp
New sources register with the backup RP. Receivers join toward the new RP and connectivity is maintained. Implementation Information The Dell Networking OS implementation of MSDP is in accordance with RFC 3618 and Anycast RP is in accordance with RFC 3446. Configure Multicast Source Discovery Protocol Configuring MSDP is a four-step process.
Page 621: Related Configuration Tasks
Related Configuration Tasks The following lists related MSDP configuration tasks. • Enable MSDP • Manage the Source-Active Cache • Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active Cache • Preventing MSDP from Caching a Local Source •...
Page 622 Figure 81. Configuring Interfaces for MSDP Multicast Source Discovery Protocol (MSDP)
Page 623 Figure 82. Configuring OSPF and BGP for MSDP Multicast Source Discovery Protocol (MSDP)
Page 624 Figure 83. Configuring PIM in Multiple Routing Domains Multicast Source Discovery Protocol (MSDP)
Page 625: Enable Msdp
Figure 84. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. Enable MSDP. CONFIGURATION mode ip multicast-msdp Peer PIM systems in different administrative domains. CONFIGURATION mode Multicast Source Discovery Protocol (MSDP)
Page 626: Manage The Source-Active Cache
ip msdp peer connect-source Examples of Configuring and Viewing MSDP R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr Local Addr State Source Up/Down Description To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache).
Page 627: Limiting The Source-Active Cache
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries.
Page 628 • In Scenario 4, RP1 has a default peer plus an access list. The list permits RP4 so the RPF check is disregarded for active sources from it, but RP5 (and all others because of the implicit deny all) are subject to the RPF check and fail, so those active sources are rejected.
Page 629 Figure 86. MSDP Default Peer, Scenario 2 Multicast Source Discovery Protocol (MSDP)
Page 630 Figure 87. MSDP Default Peer, Scenario 3 Multicast Source Discovery Protocol (MSDP)
Page 631: Specifying Source-Active Messages
Figure 88. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the peer accepts all sources that peer advertises.
Page 632: Limiting The Source-Active Messages From A Peer
Example of the ip msdp default-peer Command and Viewing Denied Sources Dell(conf)#ip msdp peer 10.0.50.2 connect-source Vlan 50 Dell(conf)#ip msdp default-peer 10.0.50.2 list fifty Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries...
Page 633: Preventing Msdp From Caching A Remote Source
CONFIGURATION mode ip msdp redistribute list Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache. To apply the redistribute filter to entries already present in the SA cache, first clear the SA cache.
Page 634: Preventing Msdp From Advertising A Local Source
ip access-list extended myremotefilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 R3_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.0.0.1 10.11.4.2 192.168.0.1 192.168.0.1 00:03:59 R3_E600(conf)#do show ip msdp sa-cache R3_E600(conf)# R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.0(639) Connect Source: Lo 0...
Page 635: Logging Changes In Peership States
To display the configured SA filters for a peer, use the show ip msdp peer command from EXEC Privilege mode. Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a Peership...
Page 636: Clearing Peer Statistics
Clearing Peer Statistics To clear the peer statistics, use the following command. • Reset the TCP connection to the peer and clear all peer statistics. CONFIGURATION mode clear ip msdp peer peer-address Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.3(639) Connect Source: Lo 0...
Page 637: Msdp With Anycast Rp
03:17:10 : MSDP-0: Peer 192.168.0.3, rcvd Keepalive msg 03:17:27 : MSDP-0: Peer 192.168.0.3, sent Source Active msg Input (S,G) filter: none Output (S,G) filter: none MSDP with Anycast RP Anycast RP uses MSDP with PIM-SM to allow more than one active group to use RP mapping. PIM-SM allows only active groups to use RP mapping, which has several implications: •...
Page 638: Configuring Anycast Rp
Figure 89. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback Make this address the RP for the group.
Page 639: Reducing Source-Active Message Flooding
In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address. CONFIGURATION mode interface loopback Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect-source.
Page 640 ip address 10.11.2.1/24 no shutdown interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown interface Loopback 1 ip address 192.168.0.11/32 no shutdown router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.11/32 area 0...
Page 641 redistribute static redistribute connected redistribute bgp 100 router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.11 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.11 ip msdp originator-id Loopback 1 ip route 192.168.0.3/32 10.11.0.32...
Page 642: Msdp Sample Configurations
ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 ip multicast-routing interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0...
Page 643 ip address 10.11.3.1/24 no shutdown interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0...
Page 644 ip route 192.168.0.3/32 10.11.0.32 ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 ip multicast-routing interface TenGigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown interface ManagementEthernet 1/1 ip address 10.11.80.3/24 no shutdown interface Loopback 0 ip pim sparse-mode...
Page 645 ip address 192.168.0.4/32 no shutdown router ospf 1 network 10.11.5.0/24 area 0 network 10.11.6.0/24 area 0 network 192.168.0.4/32 area 0 ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 Multicast Source Discovery Protocol (MSDP)
Page 646: Multiple Spanning Tree Protocol (Mstp)
Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) is supported on Dell Networking OS. Protocol Overview MSTP — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
Page 647: Spanning Tree Variations
Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 52. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w...
Page 648: Enable Multiple Spanning Tree Globally
Enable MSTP. PROTOCOL MSTP mode no disable Example of Verifying MSTP is Enabled To verify that MSTP is enabled, use the show config command in PROTOCOL MSTP mode. Dell(conf)#protocol spanning-tree mstp Dell(config-mstp)#show config protocol spanning-tree mstp no disable Dell# Adding and Removing Interfaces To add and remove interfaces, use the following commands.
Page 649: Creating Multiple Spanning Tree Instances
All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode. Dell(conf-mstp)#name my-mstp-region Dell(conf-mstp)#exit Dell(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID 1 100...
Page 650: Influencing Mstp Root Selection
Designated port id is 128.374, designated path cost 20000 Number of transitions to forwarding state 1 BPDU (MRecords): sent 93671, received 46843 The port is not in the Edge port mode Port 384 (TenGigabitEthernet 1/31) is alternate Discarding Port path cost 20000, Port priority 128, Port Identifier 128.384 Designated root has priority 32768, address 0001.e806.953e Designated bridge has priority 32768, address 0001.e809.c24a Designated port id is 128.384, designated path cost 20000...
Page 651: Interoperate With Non-Dell Networking Os Bridges
Dell Networking OS supports only one MSTP region. A region is a combination of three unique qualities: • Name is a mnemonic string you assign to the region. The default region name on Dell Networking OS is null. • Revision is a 2-byte number. The default revision number on Dell Networking OS is 0.
Page 652: Modifying Global Parameters
• Max-hops — the maximum number of hops a BPDU can travel before a receiving switch discards it. NOTE: Dell Networking recommends that only experienced network administrators change MSTP parameters. Poorly planned modification of MSTP parameters can negatively affect network performance.
Page 653: Modifying The Interface Parameters
Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode. Dell(conf-mstp)#forward-delay 16 Dell(conf-mstp)#exit Dell(conf)#do show running-config spanning-tree mstp protocol spanning-tree mstp no disable name my-mstp-region MSTI 1 VLAN 100...
Page 654: Configuring An Edgeport
Enable EdgePort on an interface. INTERFACE mode spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: – If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Page 655: Flush Mac Addresses After A Topology Change
Dell(conf-if-te-3/11)# Flush MAC Addresses after a Topology Change Dell Networking OS has an optimized MAC address flush mechanism for RSTP, MSTP, and PVST+ that flushes addresses only when necessary, which allows for faster convergence during topology changes. However, you may activate the flushing mechanism defined by 802.1Q-2003 using the tc-flush- standard command, which flushes MAC addresses after every topology change notification.
Page 656: Router 1 Running-Configurationrouter 2 Running-Configurationrouter 3 Running-Configurationsftos Example Running-Configuration
Figure 91. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. Assign Layer-2 interfaces to the MSTP topology. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
Page 657 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. Assign Layer-2 interfaces to the MSTP topology. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
Page 658 name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 (Step 2) interface TenGigabitEthernet 3/11 no ip address switchport no shutdown interface TenGigabitEthernet 3/21 no ip address switchport no shutdown (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 3/11,21 no shutdown interface Vlan 200...
Page 659: Debugging And Verifying Mstp Configurations
(Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. •...
Page 660 – Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp protocol spanning-tree mstp name Tahiti...
Page 661 INST 2: Flags: 0x70, Reg Root: 32768:0001.e8d5.cbbd, Int Root Cost Brg/Port Prio: 32768/128, Rem Hops: 20 Multiple Spanning Tree Protocol (MSTP)
Page 662: Multicast Features
Implementation Information Because protocol control traffic in the Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, the Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic.
Page 663: Multicast Policies
Limiting the Number of Multicast Routes When the total number of multicast routes on a system limit is reached, the Dell Networking OS does not process any IGMP or multicast listener discovery protocol (MLD) joins to PIM — though it still processes leave messages —...
Page 664 Dell Networking OS Behavior: Do not enter the ip igmp access-group command before creating the access-list. If you do, after entering your first deny rule, Dell Networking OS clears the multicast routing table and re-learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists.
Page 665 Figure 92. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 54. Preventing a Host from Joining a Group — Description Location Description • Interface TenGigabitEthernet 1/21 1/21 •...
Page 666 Location Description • ip address 10.11.13.1/24 • no shutdown • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown •...
Page 667 Preventing a PIM Router from Forming an Adjacency To prevent a router from participating in PIM (for example, to configure stub multicast routing), use the following command. • Prevent a router from participating in PIM. INTERFACE mode ip pim neighbor-filter Preventing a Source from Registering with the RP To prevent the PIM source DR from sending register packets to RP for the specified multicast source and group, use the following command.
Page 668 Figure 93. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 55. Preventing a Source from Transmitting to a Group — Description Location Description • Interface TenGigabitEthernet 1/21 1/21 •...
Page 669 Location Description • ip address 10.11.13.1/24 • no shutdown • Interface TenGigabitEthernet 2/1 • ip pim sparse-mode • ip address 10.11.1.1/24 • no shutdown • Interface TenGigabitEthernet 2/11 2/11 • ip pim sparse-mode • ip address 10.11.12.2/24 • no shutdown •...
Page 670 To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
Page 671: Object Tracking
Object Tracking IPv4/IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking Operating System (OS) client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes.
Page 672: Track Layer 2 Interfaces
Figure 94. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. •...
Page 673: Track Ipv4 And Ipv6 Routes
• The Layer 3 status of an interface goes DOWN when its Layer 2 status goes down or the IP address is removed from the routing table. Track IPv4 and IPv6 Routes You can create an object that tracks an IPv4 or IPv6 route entry in the routing table. Specify a tracked route by its IPv4/IPv6 address and prefix-length, and optionally, by a virtual routing and forwarding (VRF) instance name if the route to be tracked is part of a VRF.
Page 674: Set Tracking Delays
For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. • The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes.
Page 675: Tracking A Layer 2 Interface
For a complete listing of all commands related to object tracking, refer to the Dell Networking OS Command Line Interface Reference Guide. Tracking a Layer 2 Interface You can create an object that tracks the line-protocol state of a Layer 2 interface and monitors its operational status (UP or DOWN).
Page 676: Tracking A Layer 3 Interface
Example of Configuring Object Tracking Dell(conf)#track 100 interface tengigabitethernet 7/1 line-protocol Dell(conf-track-100)#delay up 20 Dell(conf-track-100)#description San Jose data center Dell(conf-track-100)#end Dell#show track 100 Track 100 Interface TenGigabitEthernet 7/1 line-protocol Description: San Jose data center Tracking a Layer 3 Interface You can create an object that tracks the routing status of an IPv4 or IPv6 Layer 3 interface.
Page 677: Track An Ipv4/Ipv6 Route
(Optional) Display the tracking configuration and the tracked object’s status. EXEC Privilege mode show track object-id Example of Configuring Object Tracking (IPv4 Interface) Example of Configuring Object Tracking (IPv6 Interface) Dell(conf)#track 101 interface tengigabitethernet 7/2 ip routing Dell(conf-track-101)#delay up 20 Dell(conf-track-101)#description NYC metro Dell(conf-track-101)#end Dell#show track 101...
Page 678 – For OSPF, you can set the resolution in the range from 1 to 1592, where the default is 1. – The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes.
Page 679 IP route 10.0.0.0/8 reachability Reachability is Down (route not in route table) 2 changes, last change 00:02:49 Tracked by: Dell#configure Dell(conf)#track 4 ip route 3.1.1.0/24 reachability vrf vrf1 Dell(conf)#track 105 ipv6 route 1234::/64 reachability Dell(conf-track-105)#delay down 5 Dell(conf-track-105)#description Headquarters Dell(conf-track-105)#end...
Page 680 Tracking a Metric Threshold Use the following commands to configure object tracking on the metric threshold of an IPv4 or IPv6 route. To remove object tracking, use the no track object-id command. (Optional) Reconfigure the default resolution value used by the specified protocol to scale the metric for IPv4 or IPv6 routes.
Page 681: Displaying Tracked Objects
EXEC Privilege mode show track object-id Example of the track ip route metric threshold Command Example of the track ipv6 route metric threshold Command Dell(conf)#track 6 ip route 2.1.1.0/24 metric threshold Dell(conf-track-6)#delay down 20 Dell(conf-track-6)#delay up 20 Dell(conf-track-6)#description track ip route metric...
Page 682 IP Route Resolution ISIS OSPF IPv6 Route Resolution ISIS Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 1/4...
Page 683 track 4 interface TenGigabitEthernet 1/4 ip routing track 5 ip route 192.168.0.0/24 reachability vrf red Object Tracking...
Page 684: Open Shortest Path First (Ospfv2 And Ospfv3)
Open Shortest Path First (OSPFv2 and OSPFv3) Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS).
Page 685: Area Types
You can divide an AS into a number of areas, which are groups of contiguous networks and attached hosts. Routers with multiple interfaces can participate in multiple areas. These routers, called area border routers (ABRs), maintain separate databases for each area. Areas are a logical grouping of OSPF routers identified by an integer or dotted-decimal number.
Page 686: Networks And Neighbors
AS information from the backbone or other areas. However, a virtual link can traverse it. • Totally stubby areas are referred to as no summary areas in the Dell Networking OS. Networks and Neighbors As a link-state protocol, OSPF sends routing information to other OSPF routers concerning the state of the links between them.
Page 687 Figure 96. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Open Shortest Path First (OSPFv2 and OSPFv3)
Page 688: Designated And Backup Designated Routers
These router designations are not the same ad the router IDs described earlier. The DRs and BDRs are configurable in Dell Networking OS. If you do not define DR or BDR in Dell Networking OS, the system assigns them. OSPF looks at the priority of the routers on the segment to determine which routers are the DR and BDR.
Page 689 • Type 1: Router LSA — The router lists links to other routers or networks in the same area. Type 1 LSAs are flooded across their own area only. The link-state ID of the Type 1 LSA is the originating router ID. •...
Page 690: Router Priority And Cost
When you configure the LSA throttle timers, syslog messages appear, indicating the interval times, as shown below for the transmit timer (45000ms) and arrival timer (1000ms). Mar 15 09:46:00: %STKUNIT0-M:CP %OSPF-4-LSA_BACKOFF: OSPF Process 10,Router lsa 2.2.2.2 router-id 2.2.2.2 is backed off to transmit after 45000ms Mar 15 09:46:06: %STKUNIT0-M:CP %OSPF-4-LSA_BACKOFF: OSPF Process 10,Router lsa 3.3.3.3 rtrid 3.3.3.3 received before 1000ms time NOTE: The sequence numbers are reset when previously cleared routes that are waiting for the LSA...
Page 691: Ospf With Dell Networking Os
OSPF with Dell Networking OS Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within that 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes. Dell Networking OS version 9.4(0.0) and later support only one OSPFv2 process per VRF. Dell Networking OS version 9.7(0.0) and later support OSPFv3 in VRF.
Page 692: Fast Convergence (Ospfv2, Ipv4 Only)
Fast convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. Dell Networking OS allows you to accept and originate LSAa as soon as they are available to speed up route information propagation.
Page 693: Multi-Process Ospfv2 With Vrf
Enabling RFC-2328 Compliant OSPF Flooding To enable OSPF flooding, use the following command. When you enable this command, it configures Dell Networking OS to flood LSAs on all interfaces. • Enable RFC 2328 flooding.
Page 694: Ospf Ack Packing
In Dell Networking OS, the OSPF dead interval value is, by default, set to 40 seconds, and is independent of the OSPF hello interval. Configuring a hello interval does not change the dead interval in Dell Networking OS.
Page 695: Configuration Information
In the following example, the dead interval is set at 4x the hello interval (shown in bold). Dell (conf-if-te-2/2)#ip ospf dead-interval 20 Dell (conf-if-te-2/2)#do show ip os int tengigabitethernet 1/3 TenGigabitEthernet 2/2 is up, line protocol is up Internet Address 20.0.0.1/24, Area 0 Process ID 10, Router ID 1.1.1.2, Network Type BROADCAST, Cost: 1...
Page 696 Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#end Dell# For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback). By default, OSPF, similar to all routing protocols, is disabled.
Page 697 In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address. However, Dell Networking recommends using the IP address as the router ID for easier management and troubleshooting. Optional process-id commands are also described.
Page 698 Enabling Multi-Process OSPF (OSPFv2, IPv4 Only) Multi-process OSPF allows multiple OSPFv2 processes on a single router. For more information, refer to Multi-Process OSPF (OSPFv2, IPv4 Only) When configuring a single OSPF process, follow the same steps previously described. Repeat them as often as necessary for the desired number of processes.
Page 699 Dell(conf-router_ospf-1)#network 20.20.20.20/24 area 2 Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out to all physical interfaces assigned an IP address that is a subset of a network on which OSPF is enabled.
Page 700 Example of Viewing Active Interfaces and Assigned Areas Dell>show ip ospf 1 interface TenGigabitEthernet 1/17 is up, line protocol is up Internet Address 10.2.2.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.1.2.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 11.1.2.1, Interface address 10.2.2.1...
Page 701 Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database- summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area ID Router Network S-Net S-ASBR Type-7 Subtotal 2.2.2.2...
Page 702 When you configure a passive interface, the show ip ospf process-id interface command adds the words passive interface to indicate that the hello packets are not transmitted on that interface (shown in bold). Dell#show ip ospf 34 int TenGigabitEthernet 1/1 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10...
Page 703 Dell# Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors.
Page 704 • Change the cost associated with OSPF traffic on the interface. CONFIG-INTERFACE mode ip ospf cost – cost: The range is from 1 to 65535 (the default depends on the interface speed). • Change the time interval the router waits before declaring a neighbor dead. CONFIG-INTERFACE mode ip ospf dead-interval seconds –...
Page 705 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface TenGigabitEthernet 1/1 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 45 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.2.100...
Page 706 Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • grace period — the length of time the graceful restart process can last before OSPF terminates it.
Page 707 After you enable restart mode the router advertises the neighbor as fully adjacent during a restart. For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to the following.
Page 708 Example of Viewing OSPF Configuration after Redistributing Routes To view the current OSPF configuration, use the show running-config ospf command in EXEC mode or the show config command in ROUTER OSPF mode. Dell(conf-router_ospf)#show config Open Shortest Path First (OSPFv2 and OSPFv3)
Page 709 10.1.2.32 0.0.0.255 area 2.2.2.2 network 10.1.3.24 0.0.0.255 area 3.3.3.3 distribute-list dilling in Dell(conf-router_ospf)# Troubleshooting OSPFv2 Use the information in this section to troubleshoot OSPFv2 operation on the switch. Be sure to check the following, as these questions represent typical issues that interrupt an OSPFv2 process.
Page 710: Sample Configurations For Ospfv2
– packet: view OSPF packet information. – spf: view SPF information. – database-timers rate-limit: view the LSAs currently in the queue. Example of Viewing OSPF Configuration Dell#show run ospf router ospf 4 router-id 4.4.4.4 network 4.4.4.0/28 area 1 ipv6 router ospf 999 default-information originate always router-id 10.10.10.10...
Page 711: Ospf Area 0 - Te 1/1 And 1/2
Figure 98. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 — Te 1/1 and 1/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 interface TenGigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown interface TenGigabitEthernet 1/2 ip address 10.2.12.2/24 no shutdown...
Page 712: Ospf Area 0 - Te 2/1 And 2/2
OSPF Area 0 — Te 2/1 and 2/2 router ospf 22222 network 192.168.100.0/24 area 0 network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0 interface Loopback 20 ip address 192.168.100.20/24 no shutdown interface TenGigabitEthernet 2/1 ip address 10.2.21.2/24 no shutdown interface TenGigabitEthernet 2/2 ip address 10.2.22.2/24 no shutdown Configuration Task List for OSPFv3 (OSPF for IPv6)
Page 713: Enabling Ipv6 Unicast Routing
Example Dell#conf Dell(conf)#ipv6 router ospf 1 Dell(conf-ipv6-router_ospf)#timer spf 2 5 Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#show config ipv6 router ospf 1 timers spf 2 5 Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#end Dell# Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following command. • Enable IPv6 unicast routing globally.
Page 714: Assigning Ospfv3 Process Id And Router Id Globally
• Assign the OSPFv3 process and an OSPFv3 area to this interface. CONF-INT-type slot/port mode ipv6 ospf process-id area area-id – process-id: the process ID number assigned. – area-id: the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands.
Page 715: Configuring Stub Areas
– number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id vrf {vrf-name} • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf [vrf vrf-name] process Configuring Stub Areas To configure IPv6 stub areas, use the following command.
Page 716: Redistributing Routes
– tag tag-value: The range is from 0 to 4294967295. Configuring a Default Route To generate a default external route into the OSPFv3 routing domain, configure Dell Networking OS. To specify the information for the default route, use the following command.
Page 717 period command. The grace period is the time that the OSPFv3 neighbors continue to advertise the restarting router as though it is fully adjacent. When you enable graceful restart (restarting role), an OSPFv3 restarting expects its OSPFv3 neighbors to help when it restarts by not advertising the broken link.
Page 718 30.1.1.0/24 area 0 ipv6 router ospf 1 log-adjacency-changes graceful-restart grace-period 180 The following example shows the show ipv6 ospf database database-summary command. Dell#show ipv6 ospf database database-summary OSPFv3 Router with ID (200.1.1.1) (Process ID 1) Process 1 database summary Type Count/Status...
Page 719: Ospfv3 Authentication Using Ipsec
ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
Page 720 between the two mechanisms is the extent of the coverage. ESP only protects IP header fields if they are encapsulated by ESP. You decide the set of IPsec protocols that are employed for authentication and encryption and the ways in which they are employed. When you correctly implement and deploy IPsec, it does not adversely affect users or hosts.
Page 721 – Configuring IPsec Authentication on an Interface – Configuring IPsec Encryption on an Interface – Configuring IPsec Authentication for an OSPFv3 Area – Configuring IPsec Encryption for an OSPFv3 Area – Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands.
Page 722 NOTE: When you configure encryption using the ipv6 ospf encryption ipsec command, you enable both IPsec encryption and authentication. However, when you enable authentication on an interface using the ipv6 ospf authentication ipsec command, you do not enable encryption at the same time. The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router.
Page 723 The security policy index (SPI) value must be unique to one IPSec security policy (authentication or encryption) on the router. Configure the same authentication policy (the same SPI and key) on each interface in an OPSFv3 link. If you have enabled IPSec encryption in an OSPFv3 area using the area encryption command, you cannot use the area authentication command in the area at the same time.
Page 724 • Enable IPsec encryption for OSPFv3 packets in an area. CONF-IPV6-ROUTER-OSPF mode area area-id encryption ipsec spi number esp encryption-algorithm [key- encryption-type] key authentication-algorithm [key-authentication-type] key – area area-id: specifies the area for which OSPFv3 traffic is to be encrypted. For area-id, enter a number or an IPv6 prefix.
Page 725 Transform set : esp-128-aes esp-sha1-hmac The following example shows the show crypto ipsec sa ipv6 command. Dell#show crypto ipsec sa ipv6 Interface: TenGigabitEthernet 1/1 Link Local address: fe80::201:e8ff:fe40:4d10 IPSecv6 policy name: OSPFv3-1-500 Open Shortest Path First (OSPFv2 and OSPFv3)
Page 726: Troubleshooting Ospfv3
inbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE inbound esp sas...
Page 727 • show ipv6 interfaces • show ipv6 protocols • debug ipv6 ospf events and/or packets • show ipv6 neighbors • show ipv6 routes Viewing Summary Information To get general route, configuration, links status, and debug information, use the following commands. •...
Page 728: Policy-Based Routing (Pbr)
Policy-based Routing (PBR) Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router normally decides where to forward the packet based on the destination address in the packet, which is used to look up an entry in a routing table. However, in some cases, there may be a need to forward the packet based on other criteria: size, source, protocol type, destination, and so forth.
Page 729: Implementing Policy-Based Routing With Dell Networking Os
• If the specified next-hops are not reachable, the normal routing table is used to forward the traffic. • Dell Networking OS supports multiple next-hop entries in the redirect lists. • Redirect-lists are applied at Ingress. PBR with Redirect-to-Tunnel Option: The user can provide a tunnel id for a redirect rule.
Page 730: Configuration Task List For Policy-Based Routing
Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Because the order of rules is important, ensure that you configure any necessary sequence numbers.
Page 731: Create A Redirect List
16 characters. To delete the redirect list, use the no ip redirect-list command. The following example creates a redirect list by the name of xyz. Dell(conf)#ip redirect-list ? WORD Redirect-list name (max 16 chars) Dell(conf)#ip redirect-list xyz Create a Rule for a Redirect-list To set the rules for the redirect list, use the following command.
Page 732 Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 ? Mask A.B.C.D or /nn Mask in dotted decimal or in slash format Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 ? Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 77.1.1.1 /32 Dell(conf-redirect-list)#do show ip redirect-list IP redirect-list xyz: Defined as: seq 5 redirect 3.3.3.3 ip host 222.1.1.1 host 77.1.1.1...
Page 733: Apply A Redirect-List To An Interface Using A Redirect-Group
15 redirect 10.1.1.3 ip 20.1.1.0/25 any seq 20 redirect 10.1.1.3 ip 20.1.1.0/24 any Dell(conf-redirect-list)# NOTE: Starting with the Dell Networking OS version 9.4(0.0), the use of multiple recursive routes with the same source-address and destination-address combination in a redirect policy on an router.
Page 734: Show Redirect List Configuration
Dell(conf-if-te-1/2)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration, use the following commands.
Page 735: Sample Configuration
Example: Showing CAM PBR Configuration Dell#show cam pbr stack-unit 1 port-set 0 TCP Flag: Bit 5 - URG, Bit 4 - ACK, Bit 3 - PSH, Bit 2 - RST, Bit 1 - SYN,...
Page 736: Redirect-List Gold
examples to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so forth. The Redirect-List GOLD defined in this example creates the following rules: • description Route Gold traffic to the DS3 •...
Page 737 222.22.2.0/24 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 tcp any any Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect 42.1.1.2 track 3 udp any host 144.144.144.144 Dell(conf-redirect-list)#redirect 43.1.1.2 track 4 ip host 7.7.7.7 host 144.144.144.144 Dell(conf-redirect-list)#end Verify the Status of the Track Objects (Up/Down):...
Page 738 Dell(conf)#interface tunnel 2 Dell(conf-if-tu-2)#tunnel destination 441:10::2 Dell(conf-if-tu-2)#tunnel source 441:10::1 Dell(conf-if-tu-2)#tunnel mode ipv6 Dell(conf-if-tu-2)#tunnel keepalive 601:10::2 Dell(conf-if-tu-2)#ipv6 address 601:10::1/64 Dell(conf-if-tu-2)#no shutdown Dell(conf-if-tu-2)#end Dell# Create Track Objects to track the Tunnel Interfaces: Dell#configure terminal Dell(conf)#track 1 interface tunnel 1 ip routing Policy-based Routing (PBR)
Page 739 Create a Redirect-list with Track Objects pertaining to Tunnel Interfaces: Dell#configure terminal Dell(conf)#ip redirect-list explicit_tunnel Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24 Dell(conf-redirect-list)#redirect tunnel 1 track 1 tcp any any Dell(conf-redirect-list)#redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144 Dell(conf-redirect-list)#redirect tunnel 2 track 2 tcp 155.55.2.0/24 222.22.2.0/24...
Page 740: Pim Sparse-Mode (Pim-Sm)
The SPT-Threshold is zero, which means that the last-hop designated router (DR) joins the shortest path tree (SPT) to the source after receiving the first multicast packet. • Dell Networking OS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. •...
Page 741: Refuse Multicast Traffic
Prune message. Dell Networking OS Behavior: When the router creates an SPT to the source, there are then two paths between the receiver and the source, the SPT and the RPT. Until the router can prune itself from the RPT, the receiver receives duplicate multicast packets which may cause disruption.
Page 742: Configuring Pim-Sm
tree switchover latency by copying and forwarding the first (S,G) packet received on the SPT to the PIM task immediately upon arrival. The arrival of the (S,G) packet confirms for PIM that the SPT is created, and that it can prune itself from the shared tree. Important Point to Remember If you use a Loopback interface with a /32 mask as the RP, you must enable PIM Sparse-mode on the interface.
Page 743: Configuring S,G Expiry Timers
Examples of Viewing PIM-SM Information To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface Ver/ Query Mode Count Intvl Prio 165.87.34.5 Te 1/10 v2/S 165.87.34.5...
Page 744: Configuring A Static Rendezvous Point
10 permit ip any 232.1.1.0/24 seq 15 permit ip 100.1.0.0/16 any Dell(config-ext-nacl)#exit Dell(conf)#ip pim sparse-mode sg-expiry-timer 1800 sg-list SGtimer To display the expiry time configuration, use the show running-configuration [acl | pim] command from EXEC Privilege mode. Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree;...
Page 745: Overriding Bootstrap Router Updates
226.1.1.1 165.87.50.5 To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode. Dell#show ip pim rp mapping PIM Group-to-RP Mappings Group(s): 224.0.0.0/4, Static RP: 165.87.50.5, v2 Configuring a Designated Router Multiple PIM-SM routers might be connected to a single local area network (LAN) segment.
Page 746: Creating Multicast Boundaries And Domains
• Change the interval at which a router sends hello messages. INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs).
Page 747: Pim Source-Specific Mode (Pim-Ssm)
SPT. PIM-SSM uses IGMPv3. Because receivers subscribe to a source and group, the RP and shared tree is unnecessary; only SPTs are used. On Dell Networking systems, it is possible to use PIM-SM with IGMPv3 to achieve the same result, but PIM-SSM eliminates the unnecessary protocol overhead.
Page 748: Configure Pim-Smm
Configure PIM-SMM Configuring PIM-SSM is a two-step process. Configure PIM-SMM. Enable PIM-SSM for a range of addresses. Related Configuration Tasks • Use PIM-SSM with IGMP Version 2 Hosts Enabling PIM-SSM To enable PIM-SSM, follow these steps. Create an ACL that uses permit rules to specify what range of addresses should use SSM. CONFIGURATION mode ip access-list standard name Enter the ip pim ssm-range command and specify the ACL you created.
Page 749: Configuring Pim-Ssm With Igmpv2
• When an SSM map is in place and Dell Networking OS cannot find any matching access lists for a group, it continues to create (*,G) entries because there is an implicit deny for unspecified groups in the ACL. •...
Page 750 Interface TenGigabitEthernet 0/10 Group 225.1.1.1 Uptime 00:03:01 Expires 00:02:09 Router mode INCLUDE Last reporter 165.87.34.100 Group source list Source address Expires 165.87.32.21 Never R1(conf)#do show run pim ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ip access-list standard map seq 5 permit host 239.0.0.2 ip access-list standard ssm...
Page 751 10.11.5.2 00:00:05 00:02:04 Member Ports: Te 1/2/1 PIM Source-Specific Mode (PIM-SSM)
Page 752: Port Monitoring
In general, a monitoring port should have no ip address and no shutdown as the only configuration; Dell Networking OS permits a limited set of commands for monitoring ports. You can display these commands using the ? command. A monitoring port also may not be a member of a VLAN.
Page 753: Port Monitoring
Port Monitoring The S4820T supports multiple source-destination statements in a single monitor session. The maximum number of source ports that can be supported in a session is 128. The maximum number of destination ports that can be supported is 4 per port pipe.
Page 754: Configuring Port Monitoring
Figure 99. Port Monitoring Configurations on the S-Series Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs.
Page 755 To display information on currently configured port-monitoring sessions, use the show monitor session command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#$source ten 1/1 dest ten 1/2 dir rx Dell(conf-mon-sess-0)#show c monitor session 0 source TenGigabitEthernet 1/1 destination TenGigabitEthernet 1/2 direction rx...
Page 756: Enabling Flow-Based Monitoring
Enable flow-based monitoring for a monitoring session. MONITOR SESSION mode flow-based enable Define in access-list rules that include the keyword monitor. For port monitoring, Dell Networking OS only considers traffic matching rules with the keyword monitor. CONFIGURATION mode ip access-list...
Page 757: Remote Port Mirroring
Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#flow-based enable Dell(conf)#ip access-list ext testflow Dell(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor Dell(config-ext-nacl)#seq 10 permit ip 102.1.1.0/24 any count bytes monitor Dell(config-ext-nacl)#seq 15 deny udp any any count bytes Dell(config-ext-nacl)#seq 20 deny tcp any any count bytes...
Page 758: Remote Port Mirroring Example
Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN. Monitored links are configured in two source sessions shown with orange and green circles. Each source session uses a separate reserved VLAN to transmit mirrored packets (mirrored source-session traffic is shown with an orange or green circle with a blue border).
Page 759 destination switches), and a destination session (destination ports connected to analyzers on destination switches). Configuration Notes When you configure remote port mirroring, the following conditions apply: • You can configure any switch in the network with source ports and destination ports, and allow it to function in an intermediate transport session for a reserved VLAN at the same time for multiple remote-port mirroring sessions.
Page 760: Displaying Remote-Port Mirroring Configurations
Port-channel 10 destination remote-vlan 300 direction rx no disable To display the currently configured source and destination sessions for remote port mirroring on a switch, enter the show monitor session command in EXEC Privilege mode. Dell(conf)#do show monitor session SessID Source Destination...
Page 761: Configuring The Sample Remote Port Mirroring
Configuring the sample Source Remote Port Mirroring Dell(conf)#interface vlan 10 Dell(conf-if-vl-10)#mode remote-port-mirroring Dell(conf-if-vl-10)#tagged te 1/4 Dell(conf-if-vl-10)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source te 1/5 destination remote-vlan 10 dir rx Dell(conf-mon-sess-1)#no disable Dell(conf-mon-sess-1)#exit Dell(conf)#inte vlan 100 Dell(conf-if-vl-100)#tagged te 1/7 Dell(conf-if-vl-100)#exit Dell(conf)#interface vlan 20...
Page 762 Dell(conf-if-vl-20)#tagged te 1/6 Dell(conf-if-vl-20)#exit Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source vlan 100 destination remote-vlan 20 dir rx Dell(conf-mon-sess-2)#no disable Dell(conf-mon-sess-2)#flow-based enable Dell(conf-mon-sess-2)#exit Dell(conf)#mac access-list standard mac_acl Dell(config-std-macl)#permit 00:00:00:00:11:22 count monitor Dell(config-std-macl)#exit Dell(conf)#interface vlan 100 Dell(conf-if-vl-100)#mac access-group mac_acl1 in Dell(conf-if-vl-100)#exit Dell(conf)#inte te 1/30...
Page 763 Dell(conf-if-vl-20)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/3 Dell(conf-if-vl-30)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source remote-vlan 10 dest te 1/4 Dell(conf-mon-sess-1)#exit Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source remote-vlan 20 destination te 1/5 Dell(conf-mon-sess-2)#tagged destination te 0/4 Dell(conf-mon-sess-2)#exit Dell(conf)#monitor session 3 type rpm...
Page 764: Configuring The Encapsulated Remote Port Mirroring
Important: The steps to be followed for the ERPM Encapsulation : • Dell Networking OS supports ERPM Source session only. The Encapsulated packets terminate at the destination ip or at the analyzer. • Make sure that the destination ip is reachable via the configured ip route (static or dynamic) •...
Page 765 Flow 5.1.1.1 3.1.1.2 Sample example for monitoring the VLANs as source, an access list with monitor keyword in its rules needs to be attached to the vlan interface. Dell(conf)#mac access-list standard flow Dell(config-std-macl)#seq 5 permit 00:00:0a:00:00:0b count monitor Port Monitoring...
Page 766: Erpm Behavior On A Typical Dell Networking Os
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported.
Page 767 – This script erpm.zip is available for download at the following location: http:// en.community.dell.com/techcenter/networking/m/force10_networking_scripts/ 20438882.aspx – Unzip the erpm.zip and copy the erpm.py file to the Linux server.
Page 768: Private Vlans (Pvlan)
Dell Networking OS Command Line Reference Guide. Private VLANs extend the Dell Networking OS security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN). A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair.
Page 769: Using The Private Vlan Commands
• Primary VLAN — the base VLAN of a PVLAN: – A switch can have one or more primary VLANs, and it can have none. – A primary VLAN has one or more secondary VLANs. – A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch.
Page 770: Configuration Task List
VLANs are operationally up, Layer 3 traffic is still transmitted across secondary VLANs. NOTE: The outputs of the show arp and show vlan commands provide PVLAN data. For more information, refer to the Dell Networking OS Command Line Reference Guide. Configuration Task List The following sections contain the procedures that configure a private VLAN.
Page 771: Creating A Primary Vlan
“regular” ports (ports not configured as PVLAN ports) to PVLANs. The following example shows the switchport mode private-vlan command on a port and on a port channel. Dell#conf Dell(conf)#interface TenGigabitEthernet 2/1 Dell(conf-if-te-2/1)#switchport mode private-vlan promiscuous Dell(conf)#interface TenGigabitEthernet 2/2 Dell(conf-if-te-2/2)#switchport mode private-vlan host Dell(conf)#interface TenGigabitEthernet 2/3 Dell(conf-if-te-2/3)#switchport mode private-vlan trunk...
Page 772: Creating A Community Vlan
INTERFACE VLAN mode no shutdown Set the PVLAN mode of the selected VLAN to primary. INTERFACE VLAN mode private-vlan mode primary Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be: •...
Page 773: Creating An Isolated Vlan
interface vlan vlan-id Enable the VLAN. INTERFACE VLAN mode no shutdown Set the PVLAN mode of the selected VLAN to community. INTERFACE VLAN mode private-vlan mode community Add one or more host ports to the VLAN. INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited (slot/ port,port,port) or hyphenated (slot/ port-port).
Page 774: Private Vlan Configuration Example
Dell#conf Dell(conf)# interface vlan 10 Dell(conf-vlan-10)# private-vlan mode primary Dell(conf-vlan-10)# private-vlan mapping secondary-vlan 100-101 Dell(conf-vlan-10)# untagged Te 2/1 Dell(conf-vlan-10)# tagged Te 2/3 Dell(conf)# interface vlan 101 Dell(conf-vlan-101)# private-vlan mode community Dell(conf-vlan-101)# untagged Te 2/10 Dell(conf)# interface vlan 100 Dell(conf-vlan-100)# private-vlan mode isolated...
Page 775: Inspecting The Private Vlan Configuration
• Te 1/25 is configured as a PVLAN trunk port, also assigned to the primary VLAN 4000. • Te 1/24 and Te 1/47 are configured as host ports and assigned to the isolated VLAN, VLAN 4003. • Te 4/1 and Te 23 are configured as host ports and assigned to the community VLAN, VLAN 4001. •...
Page 776 This command is specific to the PVLAN feature. For more information, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. • Display the configured PVLANs or interfaces that are part of a PVLAN. show vlan private-vlan [community | interface | isolated | primary | primary_vlan | interface interface] This command is specific to the PVLAN feature.
Page 777 The following example shows viewing a private VLAN configuration. interface TenGigabitEthernet 1/3 no ip address switchport switchport mode private-vlan promiscuous no shutdown interface TenGigabitEthernet 1/4 no ip address switchport switchport mode private-vlan host no shutdown interface TenGigabitEthernet 1/5 no ip address switchport switchport mode private-vlan host no shutdown...
Page 778: Per-Vlan Spanning Tree Plus (Pvst+)
For more information about spanning tree, refer to the Spanning Tree Protocol (STP) chapter. Figure 102. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Per-VLAN Spanning Tree Plus (PVST+)
Page 779: Implementation Information
The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multivendor network, verify that the costs are values you intended.
Page 780: Enabling Pvst
Enabling PVST+ When you enable PVST+, Dell Networking OS instantiates STP on each active VLAN. Enter PVST context. PROTOCOL PVST mode protocol spanning-tree pvst Enable PVST+. PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands.
Page 781 Figure 103. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority.
Page 782: Modifying Global Pvst+ Parameters
• Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. Per-VLAN Spanning Tree Plus (PVST+)
Page 783: Modifying Interface Pvst+ Parameters
NOTE: The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs. Other implementations use IEEE 802.1w costs as the default costs. If you are using Dell Networking systems in a multi-vendor network, verify that the costs are values you intended.
Page 784: Configuring An Edgeport
[bpduguard | shutdown-on-violation] The EdgePort status of each interface is given in the output of the show spanning-tree pvst command, as previously shown. Dell Networking OS Behavior: Regarding the bpduguard shutdown-on-violation command behavior: • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware.
Page 785: Pvst+ In Multi-Vendor Networks
PVST+ to avoid potential misconfigurations. If you enable PVST+ on the Dell Networking switch in this network, P1 and P2 receive BPDUs from each other. Ordinarily, the Bridge ID in the frame matches the Root ID, a loop is detected, and the rules of convergence require that P2 move to blocking state because it has the lowest port ID.
Page 786: Pvst+ Sample Configurations
Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.73f7...
Page 787 switchport no shutdown interface Vlan 100 no ip address tagged TenGigabitEthernet 2/12,32 no shutdown interface Vlan 200 no ip address tagged TenGigabitEthernet 2/12,32 no shutdown interface Vlan 300 no ip address tagged TenGigabitEthernet 2/12,32 no shutdown protocol spanning-tree pvst no disable vlan 200 bridge-priority 4096 Example of PVST+ Configuration (R3) interface TenGigabitEthernet 3/12...
Page 788: Quality Of Service (Qos)
Quality of service (QoS) is supported on Dell Networking OS. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 58. Dell Networking Operating System (OS) Support for Port-Based, Policy-Based Features Feature Direction Port-Based QoS Configurations...
Page 789 Feature Direction Configure a Scheduler to Queue Egress Specify WRED Drop Precedence Egress Create Policy Maps Ingress + Egress Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress...
Page 790: Implementation Information
Figure 105. Dell Networking QoS Architecture Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication. It also implements these Internet Engineering Task Force (IETF) documents: • RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers •...
Page 791: Port-Based Qos Configurations
Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value.
Page 792: Configuring Port-Based Rate Policing
VLAN is 0. Dell Networking OS Behavior: Hybrid ports can receive untagged, tagged, and priority tagged frames. The rate metering calculation might be inaccurate for untagged ports because an internal assumption is made that all frames are treated as tagged.
Page 793: Configuring Port-Based Rate Shaping
Configuring Port-Based Rate Shaping Dell Networking OS Behavior: Rate shaping is effectively rate limiting because of its smaller buffer size. Rate shaping on tagged ports is slightly greater than the configured rate and rate shaping on untagged ports is slightly less than configured rate.
Page 794: Policy-Based Qos Configurations
Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them.
Page 795 CLASS MAP mode match {ip | ipv6 | ip-any} After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL. Link the class-map to a queue.
Page 796 CLASS MAP mode match mac After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five access-lists. Match-all class-maps allow only one. You can match against only one VLAN ID.
Page 797 To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification.
Page 798: Create A Qos Policy
Matched Packets value shown in the show qos statistics command is reset. NOTE: To avoid issues misconfiguration causes, Dell Networking recommends configuring either DCBX or Egress QoS features, but not both simultaneously. If you enable both DCBX and Egress QoS at the same time, the DCBX configuration is applied and unexpected behavior occurs on the Egress QoS.
Page 799 Creating an Input QoS Policy To create an input QoS policy, use the following steps. Create a Layer 3 input QoS policy. CONFIGURATION mode qos-policy-input Create a Layer 2 input QoS policy by specifying the keyword layer2 after the qos-policy-input command.
Page 800: Create Policy Maps
Configuring Policy-Based Rate Shaping To configure policy-based rate shaping, use the following command. • Configure rate shape egress traffic. QOS-POLICY-OUT mode rate-shape Allocating Bandwidth to Queue Schedule packets for egress based on Deficit Round Robin (DRR). These strategies both offer a guaranteed data rate.
Page 801 qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP values.
Page 802 Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature. The following table specifies the queue to which the classified traffic is sent based on the dot1p value.
Page 803 • If you apply a service policy that contains an ACL to more than one interface, Dell Networking OS uses ACL optimization to conserve CAM space. The ACL optimization behavior detects when an ACL exists in the CAM rather than writing it to the CAM multiple times.
Page 804: Dscp Color Maps
policy-map-output After you create an output policy map, do one or more of the following: Applying an Output QoS Policy to a Queue Specifying an Aggregate QoS Policy Applying an Output Policy Map to an Interface Apply the policy map to an interface. Applying an Output QoS Policy to a Queue To apply an output QoS policy to a queue, use the following command.
Page 805 1/11. Create the DSCP color map profile, bat-enclave-map, with a yellow drop precedence , and set the DSCP values to 9,10,11,13,15,16 Dell(conf)# qos dscp-color-map bat-enclave-map Dell(conf-dscp-color-map)# dscp yellow 9,10,11,13,15,16 Dell (conf-dscp-color-map)# exit Assign the color map, bat-enclave-map to interface te 1/11 .
Page 806 TE 1/10 mapONE TE 1/11 mapTWO Display summary information about a color policy for a specific interface. Dell# show qos dscp-color-policy summary tengigabitethernet 1/10 Interface dscp-color-map TE 1/10 mapONE Display detailed information about a color policy for a specific interface...
Page 807: Enabling Qos Rate Adjustment
Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields. These fields are overhead; only the fields from MAC destination address to the CRC are used for forwarding and are included in these rate metering calculations.
Page 808: Weighted Random Early Detection
Weighted Random Early Detection The WRED congestion avoidance mechanism drops packets to prevent buffering resources from being consumed. Traffic is a mixture of various kinds of packets. The rate at which some types of packets arrive might be greater than others. In this case, the space on the buffer and traffic manager (BTM) (ingress or egress) can be consumed by only one or a few types of traffic, leaving no space for other types.
Page 809: Creating Wred Profiles
Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it. DSCP is a 6–bit field. Dell Networking uses the first three bits (LSB) of this field (DP) to determine the drop precedence.
Page 810: Displaying Wred Drop Statistics
Displaying WRED Drop Statistics To display WRED drop statistics, use the following command. • Display the number of packets Dell Networking OS the WRED profile drops. EXEC Privilege mode show qos statistics wred-profile Example of the show qos statistics wred-profile Command...
Page 811: Pre-Calculating Available Qos Cam Space
Pre-Calculating Available QoS CAM Space Before Dell Networking OS version 7.3.1, there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable; from 1 to 16 entries might be used per rule depending upon its complexity).
Page 812: Configuring Weights And Ecn For Wred
• Verify that there are enough available CAM entries. test cam-usage Example of the test cam-usage Command Dell# test cam-usage service-policy input pmap_l2 port-set 0 Port-pipe | CAM Partition | Available CAM | Estimated CAM | Status ===================================================================== L2ACL Allowed(2)
Page 813: Global Service Pools With Wred And Ecn Settings
S4820T platform support four global service-pools in the egress direction. Two service pools are used– one for loss-based queues and the other for lossless (priority-based flow control (PFC)) queues.
Page 814: Configuring Wred And Ecn Attributes
Configure a WRED profile, and specify the threshold and maximum drop rate. WRED mode Dell(conf-wred) #wred—profile thresh-1 Dell(conf-wred) #threshold min 100 max 200 max-drop-rate 40 Configure another WRED profile, and specify the threshold and maximum drop rate. WRED mode Quality of Service (QoS)
Page 815: Guidelines For Configuring Ecn For Classifying And Color-Marking Packets
Dell(conf-wred) #threshold min 300 max 400 max-drop-rate 80 Create a global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. S4820T platform supports four global service-pools in the egress direction.
Page 816: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Multiple Traffic Class
Consider the example where there are no different traffic classes that is all the packets are egressing on the default ‘queue0’. Dell Networking OS can be configured as below to mark the non-ecn packets as yellow packets. ip access-list standard ecn_0...
Page 817 This way the entire 8-bit ToS field of the IPv4 header shall be used to classify traffic. The Dell Networking OS Release 9.3(0.0) supports the following QOS actions in the ingress policy based QOS: Rate Policing...
Page 818: Sample Configuration To Mark Non-Ecn Packets As "Yellow" With Single Traffic Class
‘yellow’ alone will be provided. By default Dell Networking OS drops all the ‘RED’ or ‘violate’ packets. The following combination of marking actions to be specified match sequence of the class-map command: •...
Page 819: Applying Layer 2 Match Criteria On A Layer 3 Interface
ip access-list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 class-map match-any class_dscp_40 match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40 class-map match-any class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets:...
Page 820: Applying Dscp And Vlan Match Criteria On A Service Queue
Apply the Layer 2 policy on a Layer 3 interface. INTERFACE mode Dell(conf-if-fo-1/4)# service-policy input l2p layer2 Applying DSCP and VLAN Match Criteria on a Service Queue You can configure Layer 3 class maps which contain both a Layer 3 Differentiated Services Code Point (DSCP) and IP VLAN IDs as match criteria to filter incoming packets on a service queue on the switch.
Page 821: Enabling Buffer Statistics Tracking
Dell(conf)#policy-map-input pp_policmap Create a service queue to associate the class map and QoS policy map. POLICY-MAP mode Dell(conf-policy-map-in)#service-queue 0 class-map pp_classmap qos-policy pp_qospolicy Enabling Buffer Statistics Tracking You can enable the tracking of statistical values of buffer spaces at a global level. The buffer statistics tracking utility operates in the max use count mode that enables the collection of maximum values of counters.
Page 822 EXEC/EXEC Privilege mode Dell#show hardware stack-unit 1 buffer-stats-snapshot unit 3 resource interface all queue mcast 3 Unit 1 unit: 3 port: 1 (interface Fo 1/144) --------------------------------------- Q# TYPE TOTAL BUFFERED CELLS --------------------------------------- MCAST Unit 1 unit: 3 port: 5 (interface Fo 1/148)
Page 823 { id | all } | queue { ucast{id | all}{ mcast {id | all} | all} to view buffer statistics tracking resource information for a specific interface. EXEC/EXEC Privilege mode Dell# show hardware buffer-stats-snapshot resource interface fortyGigE 0/0 queue all Unit 0 unit: 0 port: 1 (interface Fo 0/0)
Page 824: Routing Information Protocol (Rip)
Routing Information Protocol (RIP) Routing information protocol (RIP) is supported on Dell Networking OS. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter.
Page 825: Ripv2
224.0.0.9. Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the defaults for RIP in Dell Networking OS.
Page 826 After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode.
Page 827 [120/1] via 29.10.10.12, 00:00:27, Fa 1/4 192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.12, 00:01:22, Fa 1/4 192.162.3.0/24 auto-summary Dell#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 1/49 2.0.0.0/8...
Page 828 A prefix list is applied to incoming or outgoing routes. Those routes must meet the conditions of the prefix list; if not, Dell Networking OS drops the route. Prefix lists are globally applied on all interfaces running RIP. Configure the prefix list in PREFIX LIST mode prior to assigning it to the RIP process.
Page 829 Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send version or the ip rip receive version commands in INTERFACE mode.
Page 830 Dell(conf-if)#ip rip receive version 2 The following example of the show ip protocols command confirms that both versions are sent out that interface. This interface no longer sends and receives the same RIP versions as Dell Networking OS does globally (shown in bold).
Page 831 Default routes are not enabled in RIP unless specified. Use the default-information originate command in ROUTER RIP mode to generate a default route into RIP. In Dell Networking OS, default routes received in RIP updates from other routes are advertised if you configure the default- information originate command.
Page 832 Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link. To manipulate RIP routes so that the routing protocol prefers a different route, manipulate the route by using the offset command.
Page 833: Rip Configuration Example
Dell#debug ip rip RIP protocol debug is ON Dell# To disable RIP, use the no debug ip rip command. RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration — Core 2 and Core 3.
Page 834 Core 2 RIP Output The examples in the section show the core 2 RIP output. Examples of the show ip Commands to View Core 2 Information • To display Core 2 RIP database, use the show ip rip database command. •...
Page 835 The following example shows the show ip protocols command to show the RIP configuration activity on Core 2. Core2#show ip protocols Routing Protocol is "RIP" Sending updates every 30 seconds, next due in 17 Invalid after 180 seconds, hold down 180, flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in effect Outgoing filter for all interfaces is...
Page 836 Examples of the show ip Commands to View Learned RIP Routes on Core 3 The following example shows the show ip rip database command to view the learned RIP routes on Core 3. Core3#show ip rip database Total number of routes in RIP database: 7 10.11.10.0/24 [120/1] via 10.11.20.2, 00:00:13, TenGigabitEthernet 3/21 10.200.10.0/24...
Page 837 TenGigabitEthernet 3/24 2 2 TenGigabitEthernet 3/23 2 2 Routing for Networks: 10.11.20.0 10.11.30.0 192.168.2.0 192.168.1.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.2 00:00:22 Distance: (default is 120) Core3# RIP Configuration Summary Examples of Viewing RIP Configuration on Core 2 and Core 3 The following example shows viewing the RIP configuration on Core 2.
Page 838 interface TenGigabitEthernet 3/5 ip address 192.168.2.1/24 no shutdown router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.168.1.0 network 192.168.2.0 Routing Information Protocol (RIP)
Page 839: Remote Monitoring (Rmon)
Remote Monitoring (RMON) Remote monitoring (RMON) is supported on Dell Networking OS. RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces.
Page 840: Setting The Rmon Alarm
The sampling process continues after the chassis returns to operation. • Platform Adaptation — RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces. Setting the rmon Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode.
Page 841: Configuring An Rmon Event
This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”. Dell(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 Remote Monitoring (RMON)
Page 842: Configuring Rmon Collection Statistics
The following command example enables the RMON statistics collection on the interface, with an ID value of 20 and an owner of john. Dell(conf-if-mgmt)#rmon collection statistics controlEntry 20 owner john Configuring the RMON Collection History To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in INTERFACE CONFIGURATION mode.
Page 843 The following command example enables an RMON MIB collection history group of statistics with an ID number of 20 and an owner of john, both the sampling interval and the number of buckets use their respective defaults. Dell(conf-if-mgmt)#rmon collection history controlEntry 20 owner john Remote Monitoring (RMON)
Page 844: Rapid Spanning Tree Protocol (Rstp)
(STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 67. Spanning Tree Variations Dell Networking OS Supports...
Page 845: Important Points To Remember
Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs.
Page 846: Enabling Rapid Spanning Tree Protocol Globally
To disable RSTP globally for all Layer 2 interfaces, enter the disable command from PROTOCOL SPANNING TREE RSTP mode. To verify that RSTP is enabled, use the show config command from PROTOCOL SPANNING TREE RSTP mode. The bold line indicates that RSTP is enabled. Dell(conf-rstp)#show config protocol spanning-tree rstp no disable Dell(conf-rstp)#...
Page 847 If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4...
Page 848: Adding And Removing Interfaces
The port is not in the Edge port mode Port 379 (TenGigabitEthernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.379, designated path cost 0 Number of transitions to forwarding state 1 BPDU : sent 121, received 5...
Page 849: Modifying Global Parameters
Max-age — the length of time the bridge maintains configuration information before it refreshes that information by recomputing the RST topology. NOTE: Dell Networking recommends that only experienced network administrators change the Rapid Spanning Tree group parameters. Poorly planned modification of the RSTP parameters can negatively affect network performance.
Page 850: Enabling Snmp Traps For Root Elections And Topology Changes
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. • Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40.
Page 851: Enabling Snmp Traps For Root Elections And Topology Changes
A console message appears when a new root bridge has been assigned. The following example example shows the console message after the bridge-priority command is used to make R2 the root bridge (shown in bold). Dell(conf-rstp)#bridge-priority 4096 04:27:59: %RPM0-P:RP2 %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge 4096:0001.e80b.88bd Old Root: 32768:0001.e801.cbb4 New Root: 4096:0001.e80b.88bd Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
Page 852: Configuring Fast Hellos For Link State Detection
To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE mode. In the following example, the bold line indicates that the interface is in EdgePort mode.
Page 853 PROTOCOL RSTP mode hello-time milli-second interval The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e811.2233...
Page 854: Software-Defined Networking (Sdn)
Software-Defined Networking (SDN) Dell Networking operating software supports Software-Defined Networking (SDN). For more information, refer to the SDN Deployment Guide. Software-Defined Networking (SDN)
Page 855: Security
Security features are supported on Dell Networking OS. This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide.
Page 856 – tacacs+: designate the security service. Currently, Dell Networking OS supports only TACACS+. Suppressing AAA Accounting for Null Username Sessions When you activate AAA accounting, the Dell Networking OS software issues accounting records for all users on the system, including users whose username string is NULL because of protocol translation.
Page 857: Aaa Authentication
(AAA) to help secure networks against unauthorized access. In the Dell Networking implementation, the Dell Networking system acts as a RADIUS or TACACS+ client and sends authentication requests to a central remote authentication dial-in service (RADIUS) or Terminal access controller access control system plus (TACACS+) server that contains all user authentication and network service access information.
Page 858: Configuration Task List For Aaa Authentication
If the first method list does not respond or returns an error, Dell Networking OS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, Dell Networking OS does not apply the next method list.
Page 859 To view the configuration, use the show config command in LINE mode or the show running- config in EXEC Privilege mode. NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH).
Page 860: Obscuring Passwords And Keys
Dell(config-line-vty)# enable authentication mymethodlist Server-Side Configuration • TACACS+ — When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then sends a second packet with just the password. The TACACS server must have an entry for username $enable$.
Page 861: Aaa Authorization
Every command in Dell Networking OS is assigned a privilege level of 0, 1, or 15. You can configure up to 16 privilege levels in Dell Networking OS. Dell Networking OS is pre-configured with three privilege levels and you can configure 13 more.
Page 862: Configuration Task List For Privilege Levels
You can configure passwords to control access to the box and assign different privilege levels to users. Dell Networking OS supports the use of passwords when you log in to the system and when you enter the enable command. If you move between privilege levels, you are prompted for a password if you move to a higher privilege level.
Page 863 EXEC Privilege mode. In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered Dell Networking OS, you can enter the enable 15 command to access and configure all CLIs. Configuring Custom Privilege Levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels.
Page 864 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. • command: an Dell Networking OS CLI keyword (up to five keywords allowed). • reset: return the command to its default privilege mode.
Page 865 In CONFIGURATION mode, john can access only the snmp-server commands. apollo% telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'. Login: john Password: Dell#show priv Current privilege level is 8 Dell#? configure Configuring from terminal disable Turn off privileged commands...
Page 866 • Set a user’s security level. EXEC Privilege mode enable or enable privilege-level If you do not enter a privilege level, Dell Networking OS sets it to 15 by default. • Move to a lower privilege level. EXEC Privilege mode disable level-number –...
Page 867: Radius
This protocol transmits authentication, authorization, and configuration information between a central RADIUS server and a RADIUS client (the Dell Networking system). The system sends user information to the RADIUS server and requests authentication of the user and password. The RADIUS server returns one of the following responses: •...
Page 868: Configuration Task List For Radius
Setting Global Communication Parameters for all RADIUS Server Hosts (optional) • Monitoring RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Security...
Page 869 NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication. However, if you have configured RADIUS authorization and have not configured authentication, a message is logged stating this. During authorization, the next method in the list (if present) is used, or if another method is not present, an error is reported.
Page 870 To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If you configure multiple RADIUS server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured. When Dell Networking OS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response.
Page 871: Tacacs
Choosing TACACS+ as the Authentication Method • Monitoring TACACS+ • TACACS+ Remote Authentication • Specifying a TACACS+ Server Host For a complete listing of all commands related to TACACS+, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Security...
Page 872 For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method. In the following example, the TACACS+ is incorrect, but the user is still authenticated by the secondary method.
Page 873: Tacacs+ Remote Authentication
Dell(conf)#do show run tacacs+ tacacs-server key 7 d05206c308f4d35b tacacs-server host 10.10.10.10 timeout 1 Dell(conf)#tacacs-server key angeline Dell(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on vty0 (10.11.9.209) %RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0 ( 10.11.9.209 ) %RPM0-P:CP %SEC-5-LOGOUT: Exec session is terminated for user admin on line vty0 (10.11.9.209)
Page 874: Command Authorization
Example of Connecting with a TACACS+ Server Host To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple times. If you configure multiple TACACS+ server hosts, Dell Networking OS attempts to connect with them in the order in which they were configured.
Page 875: Protection From Tcp Tiny And Overlapping Fragment Attacks
Secure shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. Dell Networking OS is compatible with SSH versions 1.5 and 2, in both the client and server modes. SSH sessions are encrypted and use authentication. SSH is enabled by default.
Page 876: Using Scp With Ssh To Copy A Software Image
To remove the generated RSA host keys and zeroize the key storage location, use the crypto key zeroize rsa command in CONFIGURATION mode. Dell(conf)#crypto key zeroize rsa Configuring When to Re-generate an SSH Key You can configure the time-based or volume-based rekey threshold for an SSH session. If both threshold types are configured, the session rekeys when either one of the thresholds is reached.
Page 877: Configuring The Ssh Server Key Exchange Algorithm
The default is 1024 megabytes. Examples The following example configures the time-based rekey threshold for an SSH session to 30 minutes. Dell(conf)#ip ssh rekey time 30 The following example configures the volume-based rekey threshold for an SSH session to 4096 megabytes.
Page 878: Configuring The Ssh Server Cipher List
Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm list. Dell(conf)# ip ssh server mac hmac-sha1-96 Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION mode.
Page 879: Secure Shell Authentication
Secure Shell (SSH) is enabled by default using the SSH Password Authentication method. Enabling SSH Authentication by Password Authenticate an SSH client by prompting for a password when attempting to connect to the Dell Networking system. This setup is the simplest method of authentication and uses SSH version 1.
Page 880 Create a list of IP addresses and usernames that are permitted to SSH in a file called rhosts. Refer to the second example. Copy the file shosts and rhosts to the Dell Networking system. Disable password authentication and RSA authentication, if configured...
Page 881: Troubleshooting Ssh
No username set for this term. Enable host-based authentication on the server (Dell Networking system) and the client (Unix machine). The following message appears if you attempt to log in via SSH and host-based is disabled on the client.
Page 882: Telnet
Dell(conf)#ip telnet server enable Dell(conf)#no ip telnet server enable VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These depend on which authentication scheme you use — line, local, or remote. Table 69. VTY Access...
Page 883: Vty Line Remote Authentication And Authorization
Dell Networking OS can assign different access classes to different users by username. Until users attempt to log in, Dell Networking OS does not know if they will be assigned a VTY line. This means that incoming users always see a login prompt even if you have excluded them from the VTY line with a deny- all access class.
Page 884: Vty Mac-Sa Filter Support
(same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address.
Page 885: Overview Of Rbac
Each user can be assigned only a single role. Many users can have the same role. The Dell Networking OS supports the constrained RBAC model. With a constrained RBAC model, you can inherit permissions when you create a new user role, restrict or add commands a user can enter and the actions the user can perform.
Page 886 When you enable role-based only AAA authorization using the aaa authorization role-only command in Configuration mode, the Dell Networking OS checks to ensure that you do not lock yourself out and that the user authentication is available for all terminal lines.
Page 887 To enable role-based only AAA authorization: Dell(conf)#aaa authorization role-only System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles.
Page 888: User Roles
CONFIGURATION mode userrole name [inherit existing-role-name] Verify that the new user role has inherited the security administrator permissions. Dell(conf)#do show userroles EXEC Privilege mode After you create a user role, configure permissions for the new user role. See Modifying Command Permissions for Roles.
Page 889 Create a new user role, myrole and inherit security administrator permissions. Dell(conf)#userrole myrole inherit secadmin Verify that the user role, myrole, has inherited the security administrator permissions. The output highlighted in bold indicates that the user role has successfully inherited the security administrator permissions.
Page 890 Role access: secadmin,sysadmin, which means the netadmin cannot access the show users command. Dell(conf)#role exec deleterole netadmin show users Dell#show role mode exec show users Role access: secadmin,sysadmin Example: Allow Security Administrator to Configure Spanning Tree The following example allows the security administrator (secadmin) to configure the spanning tree protocol.
Page 891: Aaa Authentication And Authorization For Roles
Example The following example creates a user name that is authenticated based on a user role. Dell (conf) #username john password 0 password role secadmin The following example deletes a user role. NOTE: If you already have a user ID that exists with a privilege level, you can add the user role to...
Page 892 This section contains the following AAA Authentication and Authorization for Roles configuration tasks: • Configuring AAA Authentication for Roles • Configuring AAA Authorization for Roles • Configuring TACACS+ and RADIUS VSA Attributes for RBAC Configure AAA Authentication for Roles Authentication services verify the user ID and password combination. Users with defined roles and users with privileges are authenticated with the same mechanism.
Page 893 You can further restrict users’ permissions, using the aaa authorization command command in CONFIGURATION mode. aaa authorization command {method-list-name | default} method [… method4] Examples of Applying a Method List The following configuration example applies a method list: TACACS+, RADIUS and local: radius-server host 10.16.150.203 key ...
Page 894: Role Accounting
The following example configures an AV pair which allows a user to login from a network access server with a privilege level of 15, to have access to EXEC commands. The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl= where number is a value between 0 and 15.
Page 895 The following example shows you how to configure AAA accounting to monitor commands executed by the users who have a secadmin user role. Dell(conf)#aaa accounting command role secadmin default start-stop tacacs+ Applying an Accounting Method to a Role To apply an accounting method list to a role executed by a user with that user role, use the accounting command in LINE mode.
Page 896: Display Information About User Roles
Line Configuration mode route-map Route map configuration mode router Router configuration mode Dell#show role mode configure username Role access: sysadmin Dell##show role mode configure password-attributes Role access: secadmin,sysadmin Dell#show role mode configure interface Role access: netadmin, sysadmin Dell#show role mode configure line...
Page 897 If the role is not defined, the system displays "unassigned" . Example of Displaying Information About Users Logged into the Switch Dell#show users Authorization Mode: role or privilege...
Page 898: Service Provider Bridging
Service Provider Bridging Service provider bridging is supported on Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks. It enables service providers to use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider.
Page 899: Important Points To Remember
Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN. • You cannot ping across the trunk port link if one or both of the systems is an S4820T . • This limitation becomes relevant if you enable the port as a multi-purpose port (carrying single- tagged and double-tagged traffic).
Page 900: Configure Vlan Stacking
Enabling VLAN-Stacking for a VLAN. Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Dell Networking OS Options for Trunk Ports • Debugging VLAN Stacking • VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands.
Page 901: Enable Vlan-Stacking For A Vlan
The default is 9100. To display the S-Tag TPID for a VLAN, use the show running-config command from EXEC privilege mode. Dell Networking OS displays the S-Tag TPID only if it is a non-default value. Service Provider Bridging...
Page 902: Configuring Dell Networking Os Options For Trunk Ports
Configuring Dell Networking OS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic. You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port.
Page 903: Debugging Vlan Stacking
While 802.1Q requires that the inner tag TPID is 0x8100, it does not require a specific value for the outer tag TPID. Systems may use any 2-byte value; Dell Networking OS uses 0x9100 (shown in the following) while non-Dell Networking systems might use a different value.
Page 904 You can configure the first 8 bits of the TPID using the vlan-stack protocol-type command. The TPID is global. Ingress frames that do not match the system TPID are treated as untagged. This rule applies for both the outer tag TPID of a double-tagged frame and the TPID of a single-tagged frame. For example, if you configure TPID 0x9100, the system treats 0x8100 and untagged traffic the same and maps both types to the default VLAN, as shown by the frame originating from Building C.
Page 905 Figure 112. Single and Double-Tag First-byte TPID Match Service Provider Bridging...
Page 906 Figure 113. Single and Double-Tag TPID Mismatch The following table details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with the S-Series. Table 70. Behaviors for Mismatched TPID Network Incoming System TPID Match Type Pre-Version Version Position Packet TPID 8.2.1.0 8.2.1.0+...
Page 907: Vlan Stacking Packet Drop Precedence
Network Incoming System TPID Match Type Pre-Version Version Position Packet TPID 8.2.1.0 8.2.1.0+ 0x8100 single-tag switch to VLAN switch to VLAN match 0x81XY single-tag first- switch to VLAN switch to byte match default VLAN Core untagged 0xUVWX — switch to switch to default VLAN default VLAN...
Page 908: Honoring The Incoming Dei Value
By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an Dell Networking OS drop precedence. Precedence can have one of three colors.
Page 909: Dynamic Mode Cos For Vlan Stacking
{green | yellow} {0 | 1} Example of Viewing DEI-Marking Configuration To display the DEI-marking configuration, use the show interface dei-mark [interface slot/ port | linecard number port-set number] in EXEC Privilege mode. Dell#show interface dei-mark Default CFI/DEI Marking: 0 Interface Drop precedence CFI/DEI --------------------------------...
Page 910: Mapping C-Tag To S-Tag Dot1P Values
Dell Networking OS Behavior: For Option A shown in the previous illustration, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration.
Page 911: Layer 2 Protocol Tunneling
CONFIGURATION mode cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number {vman-qos | vman-qos-dual- fp} number • vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. This method requires half as many CAM entries as vman-qos-dual-fp.
Page 912 MAC address rewritten to the original MAC address and forwarded to the opposing network region (shown in the following illustration). Dell Networking OS Behavior: In Dell Networking OS versions prior to 8.2.1.0, the MAC address that Dell Networking systems use to overwrite the Bridge Group Address on ingress was non-configurable. The value of the L2PT MAC address was the Dell Networking-unique MAC address, 01-01-e8-00-00-00.
Page 913: Implementation Information
Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge.
Page 914: Enabling Layer 2 Protocol Tunneling
Specifying a Destination MAC Address for BPDUs By default, Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command.
Page 915: Debugging Layer 2 Protocol Tunneling
Reload the system. EXEC Privilege mode reload Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command.
Page 916: Sflow
Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe. If you do not enable sFlow on any port specifically, the global sampling rate is downloaded to that port and is to calculate the port-pipe’s lowest sampling rate.
Page 917: Important Points To Remember
Configuration and EIS modes respectively. • Dell Networking OS exports all sFlow packets to the collector. A small sampling rate can equate to many exported packets. A backoff mechanism is automatically applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect.
Page 918: Enabling And Disabling Sflow On An Interface
Te 1/1: configured rate 16384, actual rate 16384 Dell# If you did not enable any extended information, the show output displays the following (shown in bold). Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 20...
Page 919 Collector IP addr: 100.1.1.12, Agent IP addr: 100.1.1.1, UDP port: 6343 VRF: Default 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected Example of viewing the sflow max-header-size extended on an Interface Mode Dell#show sflow interface tengigabitethernet 1/1 Te 1/1 sFlow type :Ingress Configured sampling rate :16384...
Page 920: Sflow Show Commands
Show Commands Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Globally • Displaying Show sFlow on an Interface • Displaying Show sFlow on a Line Card Displaying Show sFlow Global To view sFlow statistics, use the following command.
Page 921: Displaying Show Sflow On A Stack-Unit
:16384 Counter polling interval Extended max header size :128 Samples rcvd from h/w The following example shows the show running-config interface command. Dell#show running-config interface tengigabitethernet 1/16 interface TenGigabitEthernet 1/16 no ip address mtu 9252 ip mtu 9234 switchport sflow ingress-enable...
Page 922: Changing The Polling Intervals
Changing the Polling Intervals The sflow polling-interval command configures the polling interval for an interface in the maximum number of seconds between successive samples of counters sent to the collector. This command changes the global default counter polling (20 seconds) interval. You can configure an interface to use a different polling interval.
Page 923: Important Points To Remember
• To export extended-gateway data, BGP must learn the IP destination address. • If the IP destination address is not learned via BGP the Dell Networking system does not export extended-gateway data. • If the IP source address is learned via IGP, srcAS and srcPeerAS are zero.
Page 924 Exported src_as and connected/IGP src_peer_as are zero because there is no AS information for IGP. — — Prior to Dell static/ Networking OS connected/IGP Exported Exported version 7.8.1.0, extended gateway data is not exported because IP DA is not learned via BGP.
Page 925: Simple Network Management Protocol (Snmp)
The following describes SNMP implementation information. • Dell Networking OS supports SNMP version 1 as defined by RFC 1155, 1157, and 1212, SNMP version 2c as defined by RFC 1901, and SNMP version 3 as defined by RFC 2571. •...
Page 926 AES-CFB 128 encryption algorithm needs to be used. Dell(conf)#snmp-server user snmpguy snmpmon 3 auth sha AArt61wq priv aes128 jntRR59a In this example, for a specified user and a group, the AES128-CFB algorithm, the authentication password to enable the server to receive packets from the host, and the privacy password to encode the message contents are configured.
Page 927: Configuration Task List For Snmp
NOTE: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these configurations use SNMP version 2c.
Page 928: Creating A Community
Dell Networking OS enables SNMP automatically when you create an SNMP community and displays the following message. You must specify whether members of the community may only retrieve values (read), or retrieve and alter values (read-write).
Page 929 Use the SNMPv3 authNoPriv Security Level noauth Use the SNMPv3 noAuthNoPriv Security Level priv Use the SNMPv3 authPriv Security Level Dell(conf)#snmp-server host 1.1.1.1 traps {oid tree} version 3 noauth ? WORD SNMPv3 user name Simple Network Management Protocol (SNMP)
Page 930: Reading Managed Object Values
You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that defines values representing a type of internet address. These values display for ipAddressTable objects using the snmpwalk command.
Page 931: Configuring Contact And Location Information Using Snmp
You may use up to 55 characters. The default is None. • (From a Dell Networking system) Identify the physical location of the system (for example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1). CONFIGURATION mode snmp-server location text You may use up to 55 characters.
Page 932: Subscribing To Managed Object Value Updates Using Snmp
Subscribing to Managed Object Value Updates using SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system.
Page 933: Enabling A Subset Of Snmp Traps
PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command.
Page 934 MAJOR_TEMP: Major alarm: chassis temperature high (%s temperature reaches or exceeds threshold of %dC) MAJOR_TEMP_CLR: Major alarm cleared: chassis temperature lower (%s %d temperature is within threshold of %dC) envmon fan FAN_TRAY_BAD: Major alarm: fantray %d is missing or down FAN_TRAY_OK: Major alarm cleared: fan tray %d present FAN_BAD: Minor alarm: some fans in fan tray %d are down FAN_OK: Minor alarm cleared: all fans in fan tray %d are good...
Page 935: Enabling An Snmp Agent To Notify Syslog Server Failure
%RPM0-P:CP %SNMP-4-RMON_FALLING_THRESHOLD: STACKUNIT0 falling threshold alarm from SNMP OID %RPM0-P:CP %SNMP-4-RMON_HC_RISING_THRESHOLD: STACKUNIT0 high-capacity rising threshold alarm from SNMP OID Enabling an SNMP Agent to Notify Syslog Server Failure You can configure a network device to send an SNMP trap in the event of an audit processing failure due to connectivity issues with the syslog server.
Page 936: Copy Configuration Files Using Snmp
• copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses. The examples in this section use IPv4 addresses;...
Page 937 • copySourceFileType is set to running- config or startup- config, copySrcFileName is not required. 1 = Dell Networking OS copyDestFileType Specifies the type of file file 1.3.6.1.4.1.6027.3.5.1.1.1. to copy to. • 2 = running-config copySourceFileType is running-config or...
Page 938: Copying A Configuration File
CONFIGURATION mode snmp-server community community-name rw Copy the f10-copy-config.mib MIB from the Dell iSupport web page to the server to which you are copying the configuration file. On the server, use the snmpset command as shown in the following example.
Page 939: Copying Configuration Files Via Snmp
• the server OS is UNIX • you are using SNMP version 2c • the community name is public • the file f10-copy-config.mib is in the current directory or in the snmpset tool path Copying Configuration Files via SNMP To copy the running-config to the startup-config from the UNIX machine, use the following command. •...
Page 940: Copying The Startup-Config Files To The Server Via Ftp
SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.2.8 = INTEGER: 3 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.5.8 = INTEGER: 2 Copying the Startup-Config Files to the Server via FTP To copy the startup-config to the server via FTP from the UNIX machine, use the following command. Copy the startup-config to the server via FTP from the UNIX machine. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address copySrcFileType.index i 2 copyDestFileName.index s filepath/filename copyDestFileLocation.index i 4 copyServerAddress.index a server-ip-address...
Page 941: Copy A Binary File To The Startup-Configuration
Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP.
Page 942: Obtaining A Value For Mib Objects
MIB Object Values Description 6 = timeout 7 = unknown copyEntryRowStatus Row status Specifies the state of the 1.3.6.1.4.1.6027.3.5.1.1.1. copy operation. Uses 1.15 CreateAndGo when you are performing the copy. The state is set to active when the copy is completed.
Page 943: Mib Support To Display The Available Memory Size On Flash
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory.
Page 944: Viewing The Software Core Files Generated By The System
MIB Object Description chSysCoresTimeCreated 1.3.6.1.4.1.6027.3.10.1.2.10.1.3 Contains the time at which core files are created. chSysCoresStackUnitNumber 1.3.6.1.4.1.6027.3.10.1.2.10.1.4 Contains information that includes which stack unit or processor the core file was originated from. chSysCoresProcess 1.3.6.1.4.1.6027.3.10.1.2.10.1.5 Contains information that includes the process names that generated each core file.
Page 945: Creating A Vlan
MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto Displaying the Ports in a VLAN Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command. Examples of Viewing VLAN Ports Using SNMP The following example shows viewing the VLAN interface index number using SNMP.
Page 946 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 The table that the Dell Networking system sends in response to the snmpget request is a table that contains hexadecimal (hex) pairs, each pair representing a group of eight ports.
Page 947: Add Tagged And Untagged Ports To A Vlan
Add Tagged and Untagged Ports to a VLAN The value dot1qVlanStaticEgressPorts object is an array of all VLAN members. The dot1qVlanStaticUntaggedPorts object is an array of only untagged VLAN members. All VLAN members that are not in dot1qVlanStaticUntaggedPorts are tagged. •...
Page 948: Managing Overload On Startup
To enable and disable a port using SNMP, use the following commands. Create an SNMP community on the Dell system. CONFIGURATION mode snmp-server community From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. EXEC Privilege mode show interface Or, from the management system, use the snmpwwalk command to identify the interface index.
Page 949: Fetch Dynamic Mac Entries Using Snmp
Choose integer 1 to change the admin status to Up, or 2 to change the admin status to Down. Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs.
Page 950: Deriving Interface Indices
The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface. Dell Networking OS converts this binary index number to decimal, and displays it in the output of the show interface command.
Page 951: Monitor Port-Channels
Flash Partition B. The system image can also be retrieved by performing an SNMP walk on the following OID: MIB Object is chSysSwModuleTable and the OID is 1.3.6.1.4.1.6027.3.10.1.2.8. Dell#show interface Tengigabitethernet 1/21 TenGigabitEthernet 1/21 is up, line protocol is up Monitor Port-Channels To check the status of a Layer 2 port-channel, use f10LinkAggMib (.1.3.6.1.4.1.6027.3.2).
Page 952 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.6.1 = STRING: "Gi 5/84 " << Channel member for Po1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.6.2 = STRING: "Gi 5/85 " << Channel member for Po2 dot3aCommonAggFdbIndex SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.1.1107755009.1 = INTEGER: 1107755009 dot3aCommonAggFdbVlanId SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.2.1107755009.1 = INTEGER: 1 dot3aCommonAggFdbTagConfig SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.3.1107755009.1 = INTEGER: 2 (Tagged 1 or Untagged 2) dot3aCommonAggFdbStatus SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.4.1107755009.1 = INTEGER: 1 <<...
Page 953: Troubleshooting Snmp Operation
Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior. • When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the output for echo replies may be incorrectly displayed.
Page 954: Stacking
Stacking Stacking is supported on the S4820T platform with the Dell Networking OS version 8.3.19.0 and newer. NOTE: The S4820T commands accept Unit ID numbers 0-11, though The S4820T supports stacking up to six units with Dell Networking OS version 8.3.19.0.
Page 955: Stack Master Election
Stack. It is possible to reset individual units to force them to give up the management role or reload the whole stack from the CLI to ensure a fully synchronized bootup. Example of Viewing Stack Members Dell#show system brief Stack MAC : 00:01:e8:8c:53:32 Reload Type : normal-reload [Next boot : normal-reload]...
Page 956: Virtual Ip
The virtual IP address is used to log in to the current master unit of the stack. Both IPv4 and IPv6 addresses are supported as virtual IPs. Use the following command to configure a virtual IP: Dell(conf)#virtual-ip {ip-address | ipv6–address | dhcp} Failover Roles If the stack master fails (for example, is powered off), it is removed from the stack topology.
Page 957 3w1d14h: %STKUNIT1-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 present 3w1d14h: %STKUNIT1-M:CP %CHMGR-5-CHECKIN: Checkin from Stack unit 2 (type S4820T , 52 ports) 3w1d14h: %S4820T %CHMGR-0-PS_UP: Power supply 0 in unit 2 is up 3w1d14h: %STKUNIT1-M:CP %CHMGR-5-STACKUNITUP: Stack unit 2 is up Stack#show system brief...
Page 958: Stacking Lag
Stacking LAG When multiple links are used between stack units, Dell Networking OS automatically bundles them in a stacking LAG to provide aggregated throughput and redundancy. The stacking LAG is established automatically and transparently by Dell Networking OS (without user configuration) after peering is detected and behaves as follows: •...
Page 959: High Availability On S-Series Stacks
In such an event, or when the master unit is removed, the standby unit becomes the stack manager and Dell Networking OS elects a new standby unit. Dell Networking OS resets the failed master unit: after online, it becomes a member unit; the remaining members remain online.
Page 960: Management Access On S-Series Stacks
• You may stack up to six S4820T systems. • The S4820T cannot be stacked with other system types. • You cannot enable stacking and virtual link trunking (VLT) simultaneously on the device. To convert a stacked unit to VLT, refer to Reconfiguring Stacked Switches as VLT.
Page 961: S-Series Stacking Installation Tasks
• Stacking on the device is accomplished through front-end user ports on the chassis. • All stack units must have the same version of Dell Networking OS. S-Series Stacking Installation Tasks The following are the S-Series stacking installation tasks. •...
Page 962 • If the new unit is running an Dell Networking OS version prior to 8.3.10.x , the unit is put into a card problem state, Dell Networking OS is not upgraded, and a syslog message is raised. The unit must be upgraded to Dell Networking OS version 8.3.12.0 before you can proceed.
Page 963 Reload the switch. EXEC Privilege mode reload Dell Networking OS automatically assigns a number to the new unit and adds it as member switch in the stack. The new unit synchronizes its running and startup configurations with the stack. After the units are reloaded, the system reboots. The units come up in a stack after the reboot completes.
Page 964 When the stack-group configuration is complete, the system prints a syslog for reload. Dell#configure Dell(conf)#stack-unit 4 stack-group 13 Dell(conf)#02:39:12: %STKUNIT4-M:CP %IFMGR-6-STACK_PORTS_ADDED: Ports Fo 4/52 have been configured as stacking ports. Please save and reload for config to take effect Dell(conf)#stack-unit 4 stack-group 14...
Page 965: Add Units To An Existing S-Series Stack
If you are adding units to an existing stack, you can either: • allow Dell Networking OS to automatically assign the new unit a position in the stack, or • manually determine each units position in the stack by configuring each unit to correspond with the stack before connecting it.
Page 966 Connect the new unit to the stack using stacking cables. Example of Adding a Stack Unit with a Conflicting Stack Number (Before and After) The following example shows adding a stack unit with a conflicting stack number (before). Dell#show system brief Stack MAC : 00:01:e8:8a:df:e6 Reload Type : normal-reload...
Page 967 Reload the switch. EXEC Privilege mode reload Dell Networking OS automatically assigns a number to the new unit and adds it as member switch in the stack. The new unit synchronizes its running and startup configurations with the stack. Stacking...
Page 968: Split An S-Series Stack
If one of the new stacks receives the master and the standby management units, it is unaffected by the split. • If one of the new stacks receives only the master unit, that unit remains the stack manager, and Dell Networking OS elects a new standby management unit. •...
Page 969: Assigning Unit Numbers To Units In An S-Series Stack
Assigning Unit Numbers to Units in an S-Series Stack Each unit in the stack has a stack number that is either assigned by you or Dell Networking OS. Units are numbered from 0 to 11, however, you can only stack six S4820T units.Stack numbers are stored in NVRAM and are preserved upon reload.
Page 970 [status | topology] Refer to the following example. Examples of the show system Commands Display information about an S4820T stack using the show system command. The following is an example of the show system command to view the stack details. Dell#show system...
Page 971 : S4810 - 52-port GE/TE/FG (SE) Master priority : 0 Hardware Rev : 3.0 Num Ports : 64 Up Time : 57 min, 3 sec Dell Networking OS Version : 8-3-7-13 Jumbo Capable : yes POE Capable : no Burned In MAC : 00:01:e8:8a:df:bf...
Page 972: Influencing Management Unit Selection On An S-Series Stack
Influencing Management Unit Selection on an S-Series Stack Stack priority is the system variable that Dell Networking OS uses to determine which units in the stack are the master and standby management units. If multiple units tie for highest priority, the unit with the highest MAC address prevails.
Page 973: Resetting A Unit On An S-Series Stack
EXEC Privilege mode show system stack-ports Examples of Viewing the Status for Stacked Switches The following example shows four switches stacked together with two 40G links in a ring topology. Dell#show system stack-ports Topology: Ring Interface Connection Link Speed Admin...
Page 974 3/52 5/56 4/52 6/48 4/56 4/48 Dell# The following example shows the parameters for the management unit in the stack. Dell#show system stack-unit 1 -- Unit 1 -- Unit Type : Management Unit Status : online Next Boot : online...
Page 975: Remove Units Or Front End Ports From A Stack
3/37 1/37 3/38 1/38 3/39 1/39 3/44 2/36 3/45 2/37 3/46 2/38 3/47 2/39 1/36 3/36 1/37 3/37 1/38 3/38 1/39 3/39 2/36 3/44 2/37 3/45 2/38 3/46 2/39 3/47 stack-2# Remove Units or Front End Ports from a Stack To remove units or front end ports from a stack, use the following instructions.
Page 976: Troubleshoot An S-Series Stack
10 seconds. Dell Networking OS displays console messages for the local and remote members of a flapping link, and on the primary (master) and standby management units as KERN-2-INT messages if the flapping port belongs to either of these units.
Page 977: Recover From A Card Problem State On An S-Series Stack
Recover from a Card Problem State on an S-Series Stack If a unit added to a stack has a different Dell Networking OS version, the unit does not come online and Dell Networking OS cites a card problem error. To recover, disconnect the new unit from the stack, change the Dell Networking OS version to match the stack, and then reconnect it to the stack.
Page 978 • remove the provision from the stack, then reconnect the standalone unit, or • renumber the standalone unit with another available stack number on the stack. Example of Recovering from a Card Mismatch State on an S-Series Stack (S50N and S25N) --------------------STANDALONE UNIT BEFORE--------------------- Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81...
Page 979 Member not present Member not present Stacking...
Page 980: Storm Control
Dell Networking Operating System (OS) Behavior: Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic. Dell Networking OS Behavior: The minimum number of packets per second (PPS) that storm control can limit on the device is two.
Page 981 storm control Storm Control...
Page 982: Spanning Tree Protocol (Stp)
CPU utilization and memory consumption. Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 80. Dell Networking OS Supported Spanning Tree Protocols...
Page 983: Important Points To Remember
STP is disabled by default. • The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time.
Page 984: Configuring Interfaces For Layer 2 Mode
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 120. Example of Configuring Interfaces for Layer 2 Mode To configure and enable the interfaces for Layer 2, use the following command. If the interface has been assigned an IP address, remove it.
Page 985: Enabling Spanning Tree Protocol Globally
INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config interface TenGigabitEthernet 1/1 no ip address switchport no shutdown...
Page 986 To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode. Dell(conf)#protocol spanning-tree 0 Dell(config-span)#show config protocol spanning-tree 0...
Page 987: Adding An Interface To The Spanning Tree Group
The port is not in the portfast mode To confirm that a port is participating in Spanning Tree, use the show spanning-tree 0 brief command from EXEC privilege mode. Dell#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462...
Page 988: Modifying Global Parameters
You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hello- time, and max-age and overwrites the values set on other bridges participating in STP. NOTE: Dell Networking recommends that only experienced network administrators change the spanning tree parameters. Poorly planned modification of the spanning tree parameters can negatively affect network performance.
Page 989: Modifying Interface Stp Parameters
the default is 2 seconds. • Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology). PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree 0 command from EXEC privilege mode.
Page 990: Enabling Portfast
If an edgeport does receive a BPDU, it likely means that it is connected to another part of the network, which can negatively affect the STP topology. The BPDU Guard feature blocks an edgeport after receiving a BPDU to prevent network disruptions, and Dell Networking OS displays the following message.
Page 991 The following example shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Networking system is configured with Portfast. If the switch is connected to the hub, the BPDUs that the switch generates might trigger an undesirable topology change. If you enable BPDU Guard, when the edge port receives the BPDU, the BPDU is dropped, the port is blocked, and a console message is generated.
Page 992 Figure 122. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU.
Page 993: Selecting Stp Root
Te 1/6 Root 128.263 128 20000 FWD 20000 P2P Te 1/7 ErrDis 128.264 128 20000 EDS 20000 P2P Dell(conf-if-te-1/7)#do show ip interface brief tengigabitEthernet 1/7 Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7 unassigned YES Manual up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge.
Page 994: Root Guard Scenario
network behavior. The STP root guard feature ensures that the position of the root bridge does not change. Root Guard Scenario For example, as shown in the following illustration (STP topology 1, upper left) Switch A is the root bridge in the network core.
Page 995: Configuring Root Guard
Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
Page 996: Configuring Spanning Trees As Hitless
• Configure all spanning tree types to be hitless. CONFIGURATION mode redundancy protocol xstp Example of Configuring all Spanning Tree Types to be Hitless Dell(conf)#redundancy protocol xstp Dell#show running-config redundancy redundancy protocol xstp Dell# STP Loop Guard The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault.
Page 997: Configuring Loop Guard
Configuring Loop Guard Enable STP loop guard on a per-port or per-port channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface.
Page 998: Displaying Stp Guard Configuration
BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU. • Verify the STP guard configured on port or port-channel interfaces. show spanning-tree 0 guard [interface interface] Example of Viewing STP Guard Configuration Dell#show spanning-tree 0 guard Interface Name Instance Sts Guard type...
Page 999 --------- -------- --------- ---------- Te 1/1 INCON(Root) Rootguard Te 1/2 Loopguard Te 1/3 EDS (Shut) Bpduguard Spanning Tree Protocol (STP)
Page 1000: System Time And Date
System time and date settings and the network time protocol (NTP) are supported on Dell Networking You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings.

Dell S4820T Configuration Manual

1 About this Guide

2 Configuration Fundamentals

3 Getting Started

4 Management

802.1Ag

802.1X

7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)

8 Access Control Lists (Acls)

9 Bidirectional Forwarding Detection (BFD)

10 Border Gateway Protocol Ipv4 (Bgpv4)

11 Content Addressable Memory (CAM)

12 Control Plane Policing (Copp)

13 Data Center Bridging (DCB)

Quick Links

Troubleshooting

Related Manuals for Dell S4820T

Summary of Contents for Dell S4820T